Sign up to save your podcasts
Or
Share Why EDR Fails at AI Security & The Rise of Endpoint Behavior Modeling
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Why EDR Fails at AI Security & The Rise of Endpoint Behavior Modeling
Is your EDR blinding you to insider threats? In this episode, Ashish is joined by Brandon Dixon (Co-Founder & CTO of Ent AI, and former Microsoft Security Copilot leader) to discuss why traditional endpoint security tools are failing in the AI era .
Brandon talks about the reality of modern "Insider Risk." Attackers are no longer relying on malware; they are "living off the land" by using legitimate enterprise software (like Zoom or Microsoft Office) to look like everyday employees . Why EDR tools can see that Zoom is running, but are completely blind to a user granting remote control to an outsider .
We also explore the explosion of Shadow AI, highlighting a real-world HIPAA violation where an HR employee tried to feed patient records into Meta AI via WhatsApp . If your SOC team is drowning in alerts from "dumb control points," this episode talks about how to move from reactive pattern matching (legacy DLP) to proactive behavioral intent modeling at the endpoint
Guest Socials - Brandon's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
-Cloud Security Podcast- Youtube
- Cloud Security Newsletter
If you are interested in AI Security, you can check out our sister podcast - AI Security Podcast
Questions asked:
(00:00) Introduction(02:50) Who is Brandon Dixon? (RiskIQ, Microsoft Copilot, Ent AI) (04:00) Redefining Insider Risk: Malice vs. Mistakes (05:10) "Living Off the Land": Why Adversaries Use Legitimate Tools (06:30) The Zoom Example: Why EDR is Blind to Remote Control Hacks (09:30) The Failure of Security Training against "Click Fix" Attacks (11:50) Case Study: A HIPAA Violation via Meta AI in WhatsApp (13:50) Why Traditional DLP Fails at Semantic Context (16:50) Local AI Usage: Why Workloads Are Returning to the Endpoint (18:50) The Problem with UEBA: Putting Anomalies in Context (22:30) Why You Can't Build This With a Data Lake (26:30) Stopping the "Trophy SOC" and Dumb Alerts (27:40) Fun Questions: Kangaroo Jerky Tasting (28:40) Hobbies & Pride: Ultramarathons and Growing Up in Baltimore (29:20) Favorite Cuisine: Burmese Food (Tea Leaf Salad)
View all episodes
By TechRiot.io
5
5656 ratings
Is your EDR blinding you to insider threats? In this episode, Ashish is joined by Brandon Dixon (Co-Founder & CTO of Ent AI, and former Microsoft Security Copilot leader) to discuss why traditional endpoint security tools are failing in the AI era .
Brandon talks about the reality of modern "Insider Risk." Attackers are no longer relying on malware; they are "living off the land" by using legitimate enterprise software (like Zoom or Microsoft Office) to look like everyday employees . Why EDR tools can see that Zoom is running, but are completely blind to a user granting remote control to an outsider .
We also explore the explosion of Shadow AI, highlighting a real-world HIPAA violation where an HR employee tried to feed patient records into Meta AI via WhatsApp . If your SOC team is drowning in alerts from "dumb control points," this episode talks about how to move from reactive pattern matching (legacy DLP) to proactive behavioral intent modeling at the endpoint
Guest Socials - Brandon's Linkedin
Podcast Twitter - @CloudSecPod
If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:
-Cloud Security Podcast- Youtube
- Cloud Security Newsletter
If you are interested in AI Security, you can check out our sister podcast - AI Security Podcast
Questions asked:
(00:00) Introduction(02:50) Who is Brandon Dixon? (RiskIQ, Microsoft Copilot, Ent AI) (04:00) Redefining Insider Risk: Malice vs. Mistakes (05:10) "Living Off the Land": Why Adversaries Use Legitimate Tools (06:30) The Zoom Example: Why EDR is Blind to Remote Control Hacks (09:30) The Failure of Security Training against "Click Fix" Attacks (11:50) Case Study: A HIPAA Violation via Meta AI in WhatsApp (13:50) Why Traditional DLP Fails at Semantic Context (16:50) Local AI Usage: Why Workloads Are Returning to the Endpoint (18:50) The Problem with UEBA: Putting Anomalies in Context (22:30) Why You Can't Build This With a Data Lake (26:30) Stopping the "Trophy SOC" and Dumb Alerts (27:40) Fun Questions: Kangaroo Jerky Tasting (28:40) Hobbies & Pride: Ultramarathons and Growing Up in Baltimore (29:20) Favorite Cuisine: Burmese Food (Tea Leaf Salad)
More shows like Cloud Security Podcast
View all
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
372 Listeners
Risky Business
371 Listeners
The Enterprise AI Show
154 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
651 Listeners
CyberWire Daily
1,028 Listeners
Darknet Diaries
8,077 Listeners
Cybersecurity Today
175 Listeners
Kubernetes Podcast from Google
180 Listeners
CISO Series Podcast
195 Listeners
Practical AI
212 Listeners
AWS Podcast
204 Listeners
Defense in Depth
73 Listeners
Cybersecurity Headlines
139 Listeners
Cloud Security Podcast by Google
40 Listeners
Risky Bulletin
45 Listeners