Two of the most overused sayings in IT today have to be "data is the new oil" and "people are the weakest link in the cybersecurity chain". There is, of course, a lot of truth in these sayings, and in the eyes of the cybercriminals, the easiest way to get to data, this new, highly valuable resource, is to target the human in the equation.
The problem, according to Nicolas (Nico) Fishbach, Forcepoint CTO, is that for too long, people have been focusing on responding to threats, indicators of compromise (IoC), malware, doing threat hunting, etc., with little success. "We realised a couple of years ago that there are only two constants when it comes to security. It's the data you want to protect and the users (or devices) that need access to that data to get the job done. So that's why we had this pivot in terms of focusing on what we call human behaviour or human-centric cybersecurity," he said.
Forcepoint, a company founded in 2016, was born through the acquisition and merger of several companies. Nico explained, "Cybersecurity assets from Raytheon, the acquisition of Websense (with web and email security part of their portfolio) and Stonesoft (next-gen firewall), those three components form the base of Forcepoint. And that gives you some base layer of infrastructure security."
In that same year the three companies were combined and rebranded as "Forcepoint", a few more acquisitions were made in the form of a cloud-based access broker (CASB) security product from Imperva called Skyfence, as well as RedOwl, which forms the core of the company's UEBA (User and Entity Behaviour Analytics).
The acquisitions aligned with Forcepoint's vision to build the industry's first risk adaptive protection solution, called Dynamic Data Protection, launched in April 2018. What's unique about the solution is that it works by continuously assessing the risk posed by each individual user and automatically provides proportional enforcement that can be dialled up or down.
To put it simply, it is about establishing a baseline of "normal" behaviour of each end-user in order to identify anomalies in their behaviour. By leveraging human-centric behaviour analytics, the solution is able to understand interactions with data across users, machines and accounts, resulting in more granular policy responses that can lead to more effective protection against breaches.
While Forcepoint is aiming to transform cybersecurity by focusing on understanding people's intent as they interact with critical data, Nico stressed the importance of getting the basics of infrastructure security right. That means having the proper safeguards to secure all of the organisation's digital channels, be it web, email, SaaS applications, using firewalls, CASB, and the like. Only then will the organisation be able to move up the security stack and protect its people and information.
This is because, as Nico puts it, while the risk landscape is evolving all the time, the domains are the same. Cybercrime is mainly still about stealing money or information. The good old techniques such as phishing are still very effective, the cost of entry for the bad actors to cause damage is still very low, and all too often, it is the people that get compromised.
Due to these factors, Nico said that "Most of the CISOs, Chief Risk Officers or the CIOs, realise that they need to do more. They need to be able to understand what the users are doing, especially when they interact with company data. That's where we come in with next-gen DLP and behaviour analytics to protect data anywhere on-premise, hybrid or multi-cloud setups, and also protect users as a by-product to make sure they don't get attacked or become vectors of infection."
When CSA caught up with Nico, he was actually in Kuala Lumpur during Forcepoint's annual partner conference, which provides technical training to the company's sales and systems engineers, as well as the partner technical teams. "It's about engaging with all the channel partners, and the people we work with across the region, to enable them to think differently because for many years, a lot of those companies and channel partners across the world, they've been selling point products. However, you see this switch now in the mindset of the CIOs, CISOs and Chief Risk Officers, where they want to buy outcomes," he said.
The real value that Forcepoint brings, Nico added, is that by delivering human-centric, risk adaptive protection, it makes life easier for users, reducing threat detection and response times to enable the organisation to become truly proactive in mitigating cyber risks.
He ended the interview by sharing his optimism on how this human-centred approach is picking up on a global scale and how it will be beneficial for ASEAN and APAC organisations. "So we see this [approach] picking up in various regions. In the US it's very strong. It's starting to make its way very strongly in Europe because of the GDPR, in protecting citizen's data and PII. APAC, as a whole, is a very diverse region. I think we're starting to see this kind of plane taking off, which I think is perfect timing because the local CIOs and CISOs will actually benefit from the experience we have in deploying those large-scale solutions in other regions. [Hence,] they will get something which is much better from day one."