Departure Shield

A system that guards company data when employees leave. It checks work apps, files, and logins to spot risks, helping bosses keep data safe during job changes.

Comment

Inspiration

When tech employees, particularly security and software engineers, leave their jobs, they can pose significant data security risks. The Geisinger breach that occurred last November, in which a former IT employee accessed the records of 1.2 million patients after being terminated, highlights the urgent need for more effective exit management strategies.

What it does

Departure Shield monitors work tools, access logs, data transfers, and sensitive credentials like API keys and SSH keys. It assesses risks during employee transitions by analyzing Slack, Google Drive, database access, file transfers, USB activities, and web traffic. The system offers a comprehensive risk assessment for departing employees.

How we built it

We leveraged large language models (LLMs) combined with traditional APIs to create a system that analyzes various data sources and assesses potential risks during employee transitions.

Challenges we ran into

Integrating multiple AI services (OpenAI, Google Gemini, Anthropic Claude, and Perplexity) and ensuring consistent risk assessment across different data types (secrets and file transfers) while handling potential API failures and maintaining code modularity proved mildly complex.

Accomplishments that we're proud of

We've developed a risk assessment tool that analyzes both secret access and file transfer activities for departing employees. The system provides detailed risk evaluations, justifications, and suggested mitigation strategies based on various factors and AI-assisted analysis.

What we learned

The project demonstrated the potential of combining traditional risk assessment methods with AI-powered analysis to provide more comprehensive risk evaluations. It also highlighted the importance of modular design in handling different types of risk assessments and integrating multiple AI services.

What's next for Departure Shield

We aim to connect the backend risk assessment system to the frontend user interface, evaluate additional risk vectors, and implement automatic mitigation capabilities. We plan to develop real-time enforcement features and integrate with work management software like Asana and Jira to create tasks based on risk assessments. Furthermore, we will expand our use of AI by:

  1. Fine-tuning LLMs on company-specific data to improve risk analysis accuracy.
  2. Developing custom machine learning models for anomaly detection in employee behavior patterns.
  3. Implementing AI-driven predictive analytics to forecast potential risks before they occur.
  4. Using natural language processing to analyze internal communications for potential risk indicators.
  5. Exploring the use of reinforcement learning to continuously improve mitigation strategy recommendations.

Built With

  • and-material-ui.-data-is-stored-in-json-files
  • and-perplexity-apis-for-ai-powered-risk-assessment.-the-frontend-uses-javascript-with-react
  • anthropic-claude
  • google-gemini
  • javascript
  • json
  • leveraging-openai
  • material-ui
  • next.js
  • openai
  • perplexity
  • python
  • react
Share this project:

Updates