Decoding the Digital Canvas: Safeguarding Against Visual Data Leaks - Alex Holden

all right guys uh last session of a day so uh hopefully we don't fall asleep before a long drive home um let's get started uh my name is Alex Holden I'm Chief information security officer at C security LLC out of uh Milwaukee um and my firm does mostly threat intelligence I've been doing threat intelligence for many many years uh before it was really cool um and uh been uh doing a lot of groundbreaking work over the years um one of the things right now is it's very difficult to uh fund new sources of intelligence and uh today's talk going to be uh just that is that uh I'm going to be talking about the information that seems to be in

front of us that's out there but uh we don't always associate it with um uh cyber security intelligence information leaks and um hopefully get you to think uh this Friday afternoon about uh uh interesting ways to find data uh that is probably just in front of you so I'm going to be talking about visual threat intelligence and um um going to be talking about uh finding information that's um in front of us but it's really not uh typically uh the information that would be on our networks on the dark web um wherever we look going to be text it's going to be lots of different text uh and even AI is mostly text speech uh

but uh it's not really visual cues the interesting thing that I want to tell you is that um our brain is not really rigged well for text uh I have an accent and uh my accent is um Ukrainian uh but um um it's I always get a question in what language do you think uh for many years I would uh answer like you know you really think uh contextually because like if I'm going to be thinking about uh for example communicating with my grandma uh it's never going to be um done in uh English it's going to be in the language that I talk to her uh but if I'm going to be thinking about my co-workers uh or

friends it's going to be in English because that's all the context I have my brother who is a professor in Psychology he told me that uh this is not correct he told me that we really don't think in words for the most part we think in pictures so if if each of us would think about how we got to this conference this morning this afternoon uh you don't really think in words like you know I woke up this morning walk uh down to uh breakfast got my car and drove here you really think in images it's going to be flashes of time of uh points um of your experience and that's going to be how you would perceive uh your

memories how you would uh inest information um research from uh uh 3M Corporation actually showed that uh our brain is 60,000 times faster processing images that we are processing text and uh think about speed reading and uh how cool we we can do get information so it's not really uh a picture is worth 1,000 words it's six ,000 uh but uh just to give you an idea that um we can find a lot of interesting information in visual cues I'm going to take you um probably to one of the first part practical applications of um visual data uh that um uh we had going back in 2017 in the project that we've done with Brian KBS um in uh 2017 we were

investigating a person called Marcus hutkins uh who's also known as m attch in his um uh professional years uh Marcus done a lot of good things for the cyber security Community but uh when he was uh much younger uh he was really naughty boy um meaning that uh he got himself into lots of trouble and he was actually arrested by FBI uh eventually put guilty to some things he've done in the past but the story is not about this it's about um trying to trace some of the activities and connect um threat actor and Mr hutkins in his uh former years so for example we had U uh found uh um uh YouTube channel uh of one uh

Hopkins jumins uh or frer jonkins uh sorry uh that U was supposedly associated with uh um hutkins and uh we couldn't really prove anything uh because uh you know yes it sounds like came you had a lot of uh components and he had lots of different videos we actually went through 272 hours of uh videos that he had in his uh channels channels associate was him um but this would not be possible just for somebody to watch all 272 hours of uh the videos and find a needle literal needle in a Hast stack so uh we actually got um um to parse the data in all those videos and put it in OCR and look for any

visual cues and out of that 272 hours for 3 seconds uh he actually brings in into a view this uh particular window and if you can look and I magnify it here it's still very blurry it such as as hutkins 22 hma.com which is actually the email address that he public admitted having so for 3 seconds out of 272 hours we actually got intelligence uh data that uh allow us to make uh connection and attribution which is not easy even if you really know how to pay attention to the videos but um uh these visual cues if pars correctly and now empowered by AI we can definitely make a huge difference differ so I'm going to

be talking about these type of components how we can find additional information in things that are just in front of our eyes but we don't always connect this in in images we can find lots of different things for example we are seeing an image here of ransomware uh that somebody put in a public um uh image exchange and this is something to show that this is not an image that a victim is sharing but it's a threat actor sharing that particular image uh in another um image repository we found this which is a Korean uh set of Korean sites all of them uh are vulnerable to uh SQL injection so this is output of some bad

guys uh um information other things that we actually get uh screenshots of inside view of the bad guys um interface this is a logged in account for uh I believe a lap lapsus threat actor so this is what they see when they log in uh to malicious sites not what we would see in their profile same thing we can actually use visual cues to identify abnormalities in zero day vulnerabilities we can find lots of different uh components uh and interestingly enough and um on much much serious note we actually see threat messages uh manifestos of um mentally unstable individuals who are commit great amount of harm I want to use a practical example here and that may be a little

bit disturbing to some so I do apologize but I'm going to be talking about uh situation that was um um in Chicago Illinois for Four of July of 20122 uh in a suburb cold Highland Park there was a shooting at um uh the force of Jui parade uh done by very very unstable individual I'm going to be showing you a short video and even though there is a person uh uh convicted of shooting uh there I want you to pay to visual cues around this person not uh to this person and this is in ours just after the shooting trying to find Visual cues about this person trying to identify who he is and information about it so I'm

going to show you a 10-sec video but don't look at him as much as things around him

so in this video he is simply walking around his neighborhood and uh filming himself there is some music there is a additional information uh that is relevant but I want to draw your attention to things that we've seen around it so when we start parsing the data uh visually that's available in this uh 10-second uh cut we can actually see several things first of all we're going to see a street sign uh no Outlet no no parking uh and we are also going to see actual uh name of a street um walking by the car we actually recognize a car plate and uh he's also walking by a street sign or some kind of um

election site um so this is information that we are gathering from visual cues in that short video and believe me it's all there but um it's something that uh probably would wouldn't catch your eye would not be a primary focus or maybe it's uh clear in a shot for uh a second but guess what when we are breaking down this video uh frame by frame we got dozens of frames for this type of uh information and now we are actually going to be doing some ENT we going to see the Drisco Court which is seen on uh the um uh street sign and there is one in Highland uh Park on no uh so when we

see this we can also equate this to this particular Corner uh you have to agree that uh the quality of the video is uh not there it's also different time of year we got this uh from Google Maps and this is exactly same sign same everything moving uh uh block away oh I'm sorry couple houses away we see this uh house and a car uh on the Google Maps we see this exactly same house obviously different car interestingly enough um the um shooter lived three houses away from this uh particular house so we can in very short order using these visual Clues that may be hard to catch uh if you uh intently looking at the screen

and believe me this shoter had uh number of videos this actually gives us a very good idea of his physical local uh and uh actually uh tracing down um who uh where he was at um uh that particular time while uh filming this video this gives us extra steps to investigate more information and uh definitely not nothing that was intended uh for him uh or anybody else to give away the information the idea of actually going through uh this is that uh um we have a number of challenges of finding interesting information and if you're going to be talking just about images uh you would agree that there are not many huge repositories of images that you can

easily injest and look at things you know there in search engines there are images but there's pages of them uh that you can easily access so we go out on the dark web forums we go uh data exchanges we go to social media uh many other sources to ingest all this data but we are really talking uh things uh Beyond OCR ocing is you know simple uh we uh use test uh for some of the components uh there is also uh Chinese uh OCR engine called easy OCR which actually used um to uh par this video but we are trying to use uh different kinds of AI components including computer uh Vision we also use natural

language processing in other processing engines why uh you know all this important is that um uh you would agree that in many cases even looking at the screen you would see uh different things and you can't always tell the difference between number one and letter L and capital I and stuff like that but let's actually get some intelligent things uh figured out so let's say you know on the screen there are a whole bunch of uh characters and the OCR will have problems interpreting them coming up with very funny things but um we can help OCR through AI we would say okay my name is Alex so second letter of my name is l and if you actually recognize like

you know there is a word Alex on the screen you can say recognize okay this is a common name and now I know what letter L looks like uh if there is a statement there there says I am here or something like that you know how what letter I looks like and so on so forth so you can actually figure out a difference between certain fonts or what being presented on screen and that gets down to more intelligent information about what you're seeing and how it's going to be uh processing and we are using AI to go Way Beyond uh the pattern and we can actually set what important things um uh there and what are the

threat signals versus uh just normal information I mean we all take lots of pictures we all uh take screenshots and most of them don't have anything interesting we are getting good at bluring things out uh taking certain uh pictures correctly but let's take a practical example this example I'm going to use uh from a breach uh called CA breach uh if anybody remembers this was uh uh several years ago also um actually around the Fourth of July like the the incident before but uh this was a incident where ca which is a um um uh large management uh um engine uh helping U uh different service providers to um monitor their infrastructure was used to push uh

ransomware to the clients of CA in hours after uh the breach when most of the clients were still R ring and dealing with ransomware we were actually trying to investigate if CA had any internal or external leaks and we asked computer uh our systems saying have we seen anything interesting about CA and I said yes of course we we've seen thousands actually 70,000 images with W Cass or something around Cass and we said okay that's nice you know we'll take a look at all those images when we have very much free time but let's actually see if there are any threat signals and one of these things U came up was um this image obviously it's

very difficult to see uh as an image uh but uh it actually has a word CA there so it said okay it's CA uh but the image still is the AI called it as threat I looked at it initially and I said I don't see a threat I I don't like my brain is not picking up there's so much information it's a one of that L pieces of software um you know what what's there unusual well here's something unusual uh look very carefully at the dates I mean the date format is um not not standard we have months day year uh here we got day uh something called the map and then year uh well

actually um this is um word not map but uh Mart which is Russian for March um so my my brain who which actually knows Russian and kind of says okay well I've seen these dates before does not pick up on the Threat Signal and if you go back to uh something like this it's even you know doesn't jump out to you immediately but it's there so when uh AI is looking at this like say okay I'm picking up dates in a different format and this is not an English um date uh or not in English it is in the Slavic language there are a couple other Slavic languages that would match so now we are setting parameter to

say find similar images based on this parameter and we get uh something like this uh this is a different image as you can see by a whole bunch of lines on the left uh there is no word c there whatsoever uh but it has exactly same format for the dates dates would a bit different but the form format is exactly the same it's same software same interface so AI is telling me this is similar and now I'm concentrating not on the name of a person uh that's highlighted because it's a name that sounds uh also Slavic so we look at the same repository of images that we looked at and said okay find me uh other things

now based with this name and voila we got a completely different screen uh but with uh person that is connected to ca uh and using the same name so Alexi gurovich who's actually B Russian not Russian uh was um a very naughty boy posting whole bunch of uh internal corporate images on the internet including disclosing some of the information so we try to find more information and we find this uh so this is additional information based on uh everything that we uh gathered definitely URL for internal use there is a user called K admin uh on the very top and I'm actually going to be zooming in because this is an internal development uh platform that was most likely used to

push uh to access and push out some them over but uh the uh screen here uh in in from the right top corner of that screen is K admin and you can see that there is a very faint image uh of some person obviously it's not enough to pixelate and figure out what information is there uh but with additional information that we know his name uh his company his position all of a sudden we do very basic a to find actual uh image and uh this is his LinkedIn profile as a employee still employee of uh Cass so this is something that we are going from uh uh notion that we are looking for some intelligence we

are looking at many images that we see across the internet and we are zero in on internal leaks of the data in the vake of uh major uh breach and rans OFW attack so we get down to an um individual Insider that potentially been sharing information elsewhere let's look at another example so we're not only looking by uh patterns but we are also looking by word Maps because if we for example going to look for PayPal we get to get a whole bunch of different uh terms this map was created in 2023 so you can see that 2023 is most common term that uh appears in uh the um text but and a lot of things that you're

going to see that pops up immediately like page image uh um you know lot uh purchase you know things that you would note but then you're going to see uh some the account numbers some uh some of the other information and interestingly enough you're going to see some words not in English so all of a sudden you start zeroing in on things that not you're not supposed to see that uh end up in the word map and you're going to say okay I want to get rid of common words that would be normally Associated find other using further on this uh type of example we not only going to use word PayPal but we going to use their logo

and I know it says PayPal on it but uh um the idea is that we are zeroing in on the logo rather than looking at text and then we going to say okay find me a threat against uh PayPal in this particular context so here's a good example of a screen that came up and this is entire screen uh that came up in one one of our searches um so lots of interesting things obviously it's PayPal uh there is a uh Sublime notepad there and stuff like that but let let's actually examine what this image has uh first of all uh it has um option to log into your PayPal account uh PayPal logo itself uh as I

said you know there is even a pass with the username Johnny uh in uh the um uh Sublime uh editor and we obviously seeing some information such as the HTTP username uh password and stuff like that which actually gives us a clue of uh what this data is and it's botnet data it's stolen botnet data so from the victims but can we tell more I bet when you look at uh this image you wouldn't notice one interesting thing I didn't uh AI told me that uh besides all this being available in the bottom right Corners there is actually Arabic words connecting again not a threat word but but because this is a botet FL because

it is malicious we can actually find um ethnic origin of uh that haacker who's actually showing us their screen and again it goes all the way uh toward uh finding more information because S A here uh in um the address of the file uh actually probably pointing to Saudi Arabia so this is the idea of how we can get much deeper looking at normal information say okay well you know yes it has credential stuff like that let's try to um um see if they use elsewhere and stuff like that but uh we're actually getting more intelligent by looking at images but not ourselves but actually asking AI to help us and there are different um components that we can

look and how we can identify we can set filters we can uh put tags that would use uh various dictionaries to uh help us to zero in on threats because at the end of the day you know we are trying to create a criteria that would be interesting uh to uh for us to identify a threat and we also uh using these images to sample and teach AI how to identify we for example uh currently using llama 2 uh AI uh for uh this type of processing was really getting very interesting results and very uh important components we also uh creating a positive and negative learning um uh platform because when we find an image

that would be interesting we are uh asking our analysts to app uh what they think uh was important or not important on that image so our analyst uh see an image that actually a threat image that wors processing and instead of saying okay put it further in workflow they're actually talking back to AI saying good job and next time you also look at this area and this area because they also indicators of maliciousness or if the uh image is false positive for thread data they would uh uh Circle and say okay uh because of this part of the image and this part of image it uh defines to be normal so we actually talking back to AI

we teaching AI by processing uh tens of thousands images interactively uh in help of um um to help AI grow and become smarter I'm going to also now jump from the dark web to corporate leaks because uh uh we work uh in companies a lot of us task with protecting um uh corporate infrastructures or we are often seeking threats that are out there so this is something that I call that the developers do the uh the D things um I'm not sure if any developers are in the room uh if you are Developer don't do what I'm going to show you uh if you work with developers as in a security role please make sure that your developers

don't do these type of things uh I'm going to show you a screen um and uh this is a uh an interesting screen uh that we recovered from uh normal uh internet that somebody posted it's in Russian uh it's uh from a company called megaphone which is kind of a TI equivalent in uh Russia uh and I'm going to do something that I usually don't do I'm going to show you how to exploit these things uh but don't do that um if anything uh this is a Russian company and I'm from Ukraine so I'm allowed to do that uh so uh as you can see that this is a really a screen uh with uh some the

uh developer options uh but this is a also a screen that uh points to a server in staging environment of megaphone cool but let's actually zoom in further because AI said it's not only Uh Russian uh language but it's also potential exposure data so if you actually look here there is basic authorization string put in there um basic authorization is base 64 it's not encryption it's encoding uh if you have time to type this out and uh uh put it in the basics for the coder you actually get username and password so this is uh practical example of finding thread data because um in your corporate environment somebody can be sending this screenshot to a colleague uh and this is exposes uh

the login this this person has another part is uh you know people love using this rot button uh print screen uh they use it uh very liberally they don't really understand how certain things work uh I think uh we got uh you know ways to improve How We Do print screens uh so next example is a casino we don't have casinos power in Casino they watching uh so the idea is not to hack casino but to show that uh somebody decided to show their screen uh that that's log to some kind of Casino uh some kind of information know your customer some kind of ID but there is no not no Pi or anything like that but

that's what they wanted to show somebody what they really showed is that they had had two monitors and uh when you press that print screen button on some versions of Windows you actually get this whole thing and uh you want to show this part but you're showing your entire screen and I censored quite a bit of this uh but if you look very closely on the second screen you actually get uh information about uh telegram channels that they use also logins that these people are using as well now you you can't see the passwords really well I mean you know you got usernames but passwords kind of limited but don't worry uh what you also would notice and

AI would notice much better is that uh there is a a URL which I censored but this is a full URL to open uh Google Docs that you can actually access if you want to type this out and you're going to see uh full uh document because uh uh the Force app that actually posted this also doesn't know much about uh securing uh uh Google Docs uh documents with uh passwords and allowing um sharing only to trusted individuals again a practical example of somebody hitting print screen to show a normal screen and end up showing everything that they have on the screen that's a typical type of situation and we see this happening more than often than none because uh um we

often see that uh people go onto uh virtual meetings teams Zoom whatever and uh they are starting to share the screens to show something interesting there are lots of different uh components that in play because if you do it intelligently you're going to share only the part of application that uh you want to show and in environment that you want to share with certain people um practical example from one of our clients uh on a uh board of directors meeting that was recorded on zoom and put on uh the client's website uh the notes for the meeting being kept by uh executive assistant of the CEO uh this very nice lady I'm sure uh was sharing her screen

just uh in the word document uh typing certain things but she was not sharing the word document only she shared her entire screen and in that uh Zoom recorded Zoom session uh she liberally uh switches uh back and forth between her desktop and uh her s word session uh she we see popups of emails that coming in not only to her email but uh to her uh boss's uh email as well uh she switches to her email uh Outlook um uh client at one point so uh it's only for a second but it's at 30 Fram per second that's 30 frames that we actually seeing uh in um uh when the data is passed worst thing is that at some point

she switches over to excel that actually has all her boss's passwords um that that was uh only 12 frames but it's 12 frames too many because we are definitely picked it up and told our line to take off that um video offline re-edit it and then place it back the idea is that U you know these data exposures happening all the time and they're out there uh um but I covered I think images quite a bit I want to talk about the video component uh the videos are much uh more common if you go on YouTube you go on uh viu or others you're going to see tons and tons of uh videos and unlike uh pictures uh people

want to share with you as many videos as possible and put them you know like download if you can uh they also in dark web people like to record videos to show uh certain processes social media is huge as I mentioned corporate um infrastructure is also big there is obviously Big Challenge when we talking about um uh processing uh images we can process 2 million images per hour uh in a very decent uh technical environment but when you start talking about videos at least uh some of the videos that recorded at uh 30 frames per second it means that we got 30 uh images and we got uh for every second and within an hour video we got tons and

tons of images that uh we can we need to be processing it's a single video so we actually uh dealing with a lot of images that we need to uh figure out how to deal with uh also uh when we take a picture a still picture we actually pose for it uh so you know if I want to take a picture on my screen uh and something pops up I will going to take another picture uh but when I'm taking a video whole bunch of things are happening uh there are movements there are other uh components so uh it's difficult also what would constitute a change your blinking cursor your mouse movement uh if the video has uh um not only a screen

but a person appearing on a screen uh and that person blinks it's a change and also it's very difficult to figure out the context because uh again image can tell you a full story but the video may take uh longer to figure out um what can be uh happening so from the technological perspective we start packaging data so we start uh figuring out what data kind of looks the same what data has minimal changes in Breaking this into uh package that would be like you know something around a single uh point and that allows us to examine that particular package separately from others and only detect the Deltas instead of um actually uh looking at every single image at the

same time we also um if video has audio track we are trying to get AI to summarize audio connect that with uh uh information we getting from OCR and from Ai and actually create a full story because if a person says now I'm going to be entering uh um password and they switch to a document where there is a password copy it and stuff like that if there is no label password on the screen there is a audio CU that we can be picking up and then we're connecting both uh video and audio components and it's uh much more difficult than you would think but uh one of the uh clues for packaging if you're dealing with AI

we are not always processing one image at a time we create a contact sheet of U uh 16 or 24 um uh or I'm sorry uh 16 or 64 uh images on one on page and then have ai uh scan everything because it doesn't really know if it's scanning a lot of data or not uh and we create separate areas that Define images say okay now get context for uh each particular area of the image it actually works much better and um you know instead of processing 64 images we can process one image with 64 pictures in it and we got uh almost 10 times uh Improvement the Practical side of it is that uh again you know looking at

analysis and we go on the dark web we pick up videos and we actually putting them in the queue where AI looking at those videos and says oh this is interesting this is unusual so when we actually loading a video that uh uh we found in dark web it says okay it has tax fraud St identity it has Russian language SMS fraud uh file sharing sites and Social Security number so a whole bunch of things that actually gathered from watching a five minute video and then when we start looking at particular components and say okay we want to find a um package that has Social Security numbers and all of a sudden we are actually seeing individual information

and uh AI says this is some kind of interface or some kind of uh video that shows how to uh commit tax fraud so at the end of the day when it's actually going through the video it can contextualize this information and say this is what's happening in a video and this to I said it's illegal activity rather than for example corporate data exposure which would say it's just you know something uh um uh problem had occurred and additional information is being uh disclosed um we uh like with images using uh tags for uh set by Ai and TR dictionaries uh to create different tags not only for individual images but by groups of images and

actually figuring out if the information is being disclosed good or not uh we also love uh parsing data such as uh tutorials or help desk again you know help desk folks are creating really cool um ways to help you some sometimes they record much more than need to um uh and uh in help us sometimes in the ticket there's so much information being submitted uh Beyond uh what is needed that you can gather additional information uh in Social media we seeing a lot of people doing uh very different things uh one uh component uh is uh uh really uh to find uh physical threats the physical threats uh sometimes again uh not very stable individuals post manifestos on social

media looking for attention or as a precursive to some kind of uh physical violence as they waving their Manifesto uh in front of a camera we actually able to pick up wordss in Manifesto and find uh threat triggers not only from audio but also from what they're showing if an AED customer walks over to an airline with um uh Facebook live or putting this on Twitter or something like that uh and they're showing that they're not happy they uh uh promising retribution we can actually pick up on a feed with negative statements pick up this video look at this and give a signal to Airline saying that you have unhappy customer in real time or close to real time at this

airport here's his uh or her ticket number and they they're unhappy so this is maybe a customer service situation or it can be a sure threat to safety so we are looking at this from many different ways but also we we've seen a situation where uh uh people love to uh record themselves doing normal things on Tik Tok with found uh a person uh who uh was working for insurance agency and she filmed herself pretty much 8 hours a day just working normal things um people actually watch that for some reason uh but that that's not as important as speaking up from her uh now in audio track that she was answering phone calls uh around her work and and

life insurance she was actually dealing with uh um life insurance uh claims for deceased individuals so she would be talking about account numbers um uh particular cases and stuff like that all on the live Tik Tok stream uh and she had a lot of these sessions not every day anything would be interesting but uh again it's quite easy by looking at this data to pick up actual threat signals threat actors themselves they are also uh uh tend to overshare certain things I actually um watched a video where uh threat actor was recording some kind of uh uh visual um representation of his uh uh malicious software and he was trying to sell that malicious software the interesting thing that for

about 5 seconds in the video he got a Skype phone call so Skype was open and screen uh like you minimized but uh for 5 seconds there is a phone call that's coming in from mom um it can be abbreviation but uh Skype actually shows the phone number that's calling as well uh we go uh we looked at for that number we actually found that it belongs to uh a lady uh consistent with age as a mother of a person she has only one son uh and most likely that was uh the son that was recording uh this uh particular video so he just flicked it off um you know when he saw the uh Co coming in uh but um the

information is disclosed so we now got a very good lead to know who this person is in real life uh so that's an uh another interesting component but also let's talk about uh deep fakes because uh today in our world we can actually uh deal with AI fakes and Gathering all that information uh that would make videos or pictures inconsistent uh I'm going to use uh this as a uh interesting case study to show how Russian trolls operate and how we can use this type of uh visual intelligence to identify these trops so let me switch to the screen and show you that uh this is a Reddit screen that a person uh named 12 Stella 212 uh is

posting something about uh some kind of crypto um uh component I don't even know what what this is but I want you to pay attention not to the Reddit screen itself but really look at the top part of this first of all we got her n nickname uh 12 U Stella 212 uh in top right corner uh but let's look at the top left corner and you see these two letters SP and then something in Russian and there are uh three tabs obviously one was Reddit but there are two other tabs and then let's look at the bookmarks that this person has which are you know not as important in Russian Ukrainian and English but uh this is

something they going to be static across next couple screens so I'm going to switch screens you're going to see different message on Reddit but you would notice that uh the top part didn't change so uh this SP uh you see and uh then these tabs the bookmarks are the same but the user now is 17 Slava 170 so very similar but different and this person is also posting about same crypto scheme I'm going to switch screen again now I am on YouTube and NOW pyer Boron is writing something uh about the same crypto uh component but it's the same uh computer it's the same system same bookmark same um SP and same tabs meaning that we can actually cre threat

actors across multiple accounts multiple platforms and we can understand that they actually uh doing something to uh promote certain crypto schemes and the idea is that uh we now get visibility to certain things we we couldn't before just looking at the screen you may say okay well that's uh interesting but it's not definitive somebody can post something about anything big deal but now we can see how individual changes their accounts and we can actually try to figure out the patterns of their abuse so from our perspective this is uh something that's ongoing this is something that is in front of us and the visual cues are always uh going to be bringing us more information we got

really good with our DLP with uh certain systems that would detect uh pii Phi and so on so forth but we are still struggling on identifying visual cues that again in front of us was in our corporate networks but still very well hidden because we are not looking for them so the future of this is out there and we still trying to shape that future um we from technology we need to still improve AI models to get us better understanding of these uh threats and how to escalate certain threats especially as close to real time as possible we also always looking for sources legitimate sources of information so we are able to injest data uh through many different ways in

corporate networks maybe file systems uh um slack um SharePoint and many others but the idea is that um you know you have within your uh infrastructure lots of different uh components that may contain this information and some of them may be exposing to your general user population or even to the internet much more sens of information and uh the last component is collaboration collaboration is uh very critical because uh in many cases uh we are able to defer certain findings to law enforcement others we can uh give uh um additional information uh for companies who deal with incidents with breaches and sometimes finding out breaches before they happen but within um these uh collaborative tools we always can

find certain things that may actually constitute corporate leaks individual data leaks uh where people make honest mistakes and putting their information uh for everybody to see this is all that I want to share with you today hopefully you found it interesting before the end of your day thank you

I think we have a couple minutes