Why ORION Security Is Leading the DLP Reset

There's a 'DLP Reset' underway, according to new, independent cybersecurity research. Jonathan Kreiner explains how ORION Security was built to lead this transformation.

I recently co-hosted a webinar with Lawrence Pingree on what he calls The Great DLP Reset. Lawrence leads data security and AI research at Software Analyst Cyber Research (SACR), is a former Gartner analyst, and one of the most experienced independent voices in the category.

His research also validates everything that drove Nitay Milner and me to launch ORION Security. Data moves faster and further than it ever has, and ORION is built for that reality.

Lawrence calls traditional DLP a “faded, broken padlock,” and we couldn’t agree more. I once had the challenge of implementing DLP at a fast-growing software company, and I know what it feels like to constantly tune policies and still not reach prevention mode, while watching the false positives pile up.

As he said, this creates a “ticket factory.” I talk to CISOs all the time who are frustrated with their own ticket factories, with their DLP getting so stuck in the tune phase that they never reach prevention.

The Impact of AI on DLP

AI use has exploded across organizations in the past few years. Something Lawrence and I kept coming back to in the webinar is that most companies have a shadow AI problem: they don’t know what AI tools their employees use or how they use them. So they don’t know what policies to create, because you can’t write a policy for tools you can’t see.

Modern DLP manages this challenge. A good analogy is the breakthrough the security industry made with endpoint detection and response (EDR) about 10 years ago. Signature-based antivirus couldn’t catch what it didn’t already know about, and EDR changed that by evaluating behavior and context instead. Policy-based DLP has the same limitation: if there’s no policy for it, it gets through.

ORION is leading that same kind of shift, just applied to DLP.

ORION at the Forefront of the DLP Reset

Nitay and I didn’t set out to build a better version of what already existed. We wanted to rebuild the foundation. That meant moving away from the policy approach and embracing real-time, agentic DLP.

The core problem with policy-based DLP is it depends on someone having seen and defined the threat before it can be caught. A skilled security analyst doesn’t work that way. They catch incidents by understanding context: who is moving this data, what it is, where it’s going, and whether that behavior is normal for the person in that role.

Here’s what’s interesting: security analysts mark false positives all the time. The industry average is over 90%. And if a security analyst can differentiate between legitimate activity and suspicious activity using their judgment, an AI agent can be trained to do it as well, at machine speed, across every interaction simultaneously.

ORION’s proprietary AI agents analyze data in motion, evaluating every action across identity, behavior, content, lineage, and environmental context. Our system understands intent and delivers a verdict on whether an action reflects normal business activity or actual exfiltration, in real time, without requiring a policy to be written first. That includes endpoints, browsers, SaaS, email, and AI tools, including the unmanaged sessions and agentic workflows that legacy tools weren’t built to handle. There are no policies to write, tune, or maintain, because ORION learns continuously and adapts as the environment changes.

This is what the reset actually looks like.

Learning to Love DLP

One of the things Lawrence and I agreed on completely is that the future is autonomous prevention, not detection and response. The way we think about it at ORION: once we have enough confidence in an AI agent’s performance on a specific use case, and once the false positive rate is low enough, we turn it on in fully autonomous mode. It can block, redact, or quarantine without waiting for a human to approve each decision. This allows your team to focus on the cases that actually need their expertise.

AI also lets security teams do more with less. As AI agents take on the work of monitoring data movement and flagging real incidents, your team stops rewriting rules and starts working actual threats.

What Lawrence laid out in the webinar tracks with what we see every day. The future of DLP is a data control plane, unified discovery, context, real-time enforcement, and AI-driven decision-making working together toward a prevention outcome that actually works. It’s a system that runs continuously, learns the environment, and catches real incidents without someone having to babysit it.

Based on what we’re seeing from customers, including some of the largest global enterprises, we know this is possible because it’s already working.

The CISO at a large financial institution, and a valued customer, gave us the best compliment in a recent conversation: “I hated DLP before ORION.”

Do you think you could learn to love your DLP? We think so. If your team is stuck in tuning mode and ready to see what prevention actually looks like, let us show you a demo.