A New Architecture for Data Security to Free Incident Responders from False Positives

Explore a groundbreaking approach to data security incident detection and response in this 40-minute conference talk at BSides SATX. Delve into a new architecture designed to free incident responders from the burden of false positives, particularly in the context of APIs feeding RAG and fine-tuning models in generative AI. Learn how this innovative method avoids correlation to maximize the ratio of real incidents to false positives, addressing the critical issue of high false positive rates overwhelming incident response teams. Examine the limitations of traditional security tools based on protecting the conduit, and discover how this new solution operates without relying on parameter interpretation, pattern matching, or keyword searches. Gain insights into the architecture, implementation, and trade-offs made to optimize detection of real incidents while striving for near-zero false positives.