Transcript
the company's generative AI assistant, but are concerned about data security. With Varonis for Microsoft 365 CoPilot, organizations can adopt the tool safely and securely. Let's take a look at the capabilities. On the CoPilot dashboard, you can get a real-time view of how many prompts users are making, and how many files and sensitive files are being referenced by CoPilot. CoPilot leverages the user's existing permissions to access data. So if your sensitive data is exposed org-wide to all users, it will be accessible by CoPilot as well. Further down in the CoPilot dashboard are widgets that show overexposed and sensitive data for folders, shares, sites, and more. The first step in safeguarding sensitive information from CoPilot is to remediate any overexposure. With other platforms, this is a tedious process. With Varonis, you can automate this process. Each widget with a blue shield icon has at least one associated remediation policy that can be run automatically. Click on any of the policies to see their configuration and make changes if needed. By clicking on Preview Scope, you can see how much this policy will reduce your blast radius. You can require these actions to be approved before execution and set a schedule for the policy to run. To see the full library of policies, mouse over to the briefcase icon and select Policies. Now, let's answer security team's biggest concern. What sensitive data are people getting from CoPilot? Back to the CoPilot dashboard, here we see sensitive files referenced today. Clicking on this widget gives you a log of the sensitive files gives you a log of every CoPilot event referencing sensitive data from the last 24 hours. Now, having a record of the events is useful, but to really understand what's going on, we need context. We can get that by viewing the actual conversation. To do so, click on the prompt and easily replay a user's conversation with CoPilot to see all the prompts, responses, and files referenced. What if you wanted to search for conversations asking about something specific like social security numbers? Varonis can filter conversations based on keywords or user account depending on your goal. This level of granular insights and information can be used for troubleshooting, incident response, and privacy or legal case review. Speaking of incident response, because Varonis monitors CoPilot interactions, we can also alert on suspicious CoPilot usage. The alerts dashboard provides you an overview of the top alerts, top alerted users, MITRE mappings, and more. You can view all of the alerts by clicking on the top alerted threat detection policies widget. To only view CoPilot related alerts, you can add a filter. Click on a specific alert to get an overview of the users involved, the data accessed, and see the events tied to the alert. From there, we can drill down into the actual CoPilot conversation. Varonis has introduced two new privacy features in relation to concerns about prompt auditing. The first is AI conversation auditing consent. By default, Varonis monitors metadata about CoPilot conversations, usernames, times, paths, source device, and other valuable points of reference. Customers who want conversation auditing will need to provide consent by specifically enabling this configuration. Changing this configuration can only be done by the highest Varonis role in your environment. The second privacy feature is a restricted role for viewing audited AI conversations. Only Varonis users assigned as an AI prompt auditor will be able to view the contents of CoPilot conversations. Those without the role will only see basic event metadata. Varonis is committed to helping organizations confidently adopt and use Microsoft CoPilot while ensuring their sensitive data remains secure. Schedule a demo today to discover more about Varonis for Microsoft 365 CoPilot and how it can help your organization protect data today.
