SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Interview: Forcepoint defines data & user protection for the cloud era
Wed, 22nd Jul 2020
FYI, this story is more than a year old

Data protection and user protection must be a core part of any organisation's security strategy. There are several ways to achieve similar outcomes – and not all of them are equal.

We spoke to Forcepoint's Asia Pacific strategic business director Nick Savvides about data and user protection, and how cloud-managed security can help organisations meet their cybersecurity needs.

Savvides is the driving force behind the company's mission to understand what tomorrow's problems are for organisations. Forcepoint builds the technologies organisations need, and keeps ahead of what cybercriminals, the industry, and what customers are doing.

Savvides describes this process as a cycle of continuous feedback that ensures Forcepoint is building what organisations need to protect themselves.

“Data is the constant no matter what happens in computing, and no matter how we have changed. From the early days of centralised computing to distributed systems, virtualisation and cloud, data has always been constant.

“However, a lot of organisations have looked at this as a fundamental technology problem. They thought that technology will protect data, and strict user controls will force people to work within a defined box that they believed would protect data.

When you add digital transformation, remote working, and the shift to the cloud to the mix, these have changed the way data is used, shared, and created.

Data protection - out with the old, in with the new

Savvides says the old models of data protection don't work anymore, particularly when there are more risks than ever – and not just terms of cyber threats. Organisations are constantly changing.

An organisation plans its goals and how it will achieve them but if security is an afterthought, it means they will face trouble down the track. Additionally, one of the biggest mistakes organisations make is thinking their old ways will protect their data.

“Security needs to come in earlier in the process, and it needs to be recognised as a business problem – not an IT problem. Once you are digitally transformed, once you have moved to the cloud, and once you've enabled remote working, your business doesn't look anything like it did 10 years ago. Cybersecurity is foundational to the success of a business,” says Savvides.

Data protection goes hand in hand with user protection, although there are key differences that require user protection to be approached in different ways.

Risk adaptive security enhances user protection

“Organisations are good at protecting users and systems against threats. There are always going to be software vulnerabilities and zero days. But users are being compromised," says Savvides.

“No matter what happens, a genuine user needs to interact with data. There will always be at least one authorised user that needs access. So when we think of user protection, it's about how to protect that user and their credentials from being used in a bad way.

Savvides explains common security threats such as impersonation attempts, which happens when attackers try to hijack a session and steal a user's credentials to impersonate that genuine user. Users can also get into all kinds of trouble – through mistakes or through intention, credentials can be given away or stolen, insider threats can leak data, and sometimes people just do the wrong thing.

Savvides says adaptive risk modelling provides much more than standard security tools like Identity and access management (IAM) and User and Entity Behaviour Analytics (UEBA).

“Organisations can move away from reactionary steps like detecting an incident after it has happened. Forcepoint focuses on prediction and controls to prevent incidents before they happen.

“That's the power of modern user protection: the ability to understand not just when someone is violating the rules, but also when someone's behaviour indicates that they are likely to break the rules.

This can all be done in a privacy-preserving way that assesses users based on machine learning and risk signals.

“A system or machine learning model is the only thing that knows what has happened. And the way that the machine interprets it, you can do it in a privacy-preserving way where it doesn't collect that information and storing it. It's simply observing things that happen, and then dynamically moving a risk score up and down,” says Savvides.

“For example, a customer in a sales/CRM role could be accessing sales records more than they usually would. Is this cause for concern? Other indicators can explain a bigger picture. What is that user's sentiment? Have they been complaining to their colleagues on chat about their workplace? Have they changed their status on LinkedIn to be 'open to new opportunities'? Have they been tried to violate company data policy by copying records to a USB drive?

“If we see how a user behaves and what they do, then the behaviour becomes more predictable. For example, a user is behaving in a way that we know is consistent with something bad that is going to happen,” says Savvides.

Predictive modelling also eliminates the need to define actions for every possible scenario.

“Organisations set up a few rules, and you have risk adaptive responses that kind of take care of themselves. It's a much more effective outlook.

With risk adaptive responses, Forcepoint is taking technologies that will be fundamental for future security needs, such as zero-trust network access and data loss prevention technologies, and intertwining behavioural analytics.

Data - user protection across legacy systems

Some organisations may rely on legacy systems and applications that generate data while the rest of the business is transforming. Savvides says organisations shouldn't throw out their older security models and tools for legacy environments just yet.

He describes this as dual speed technology innovation – a large organisation has many legacy apps and will migrate these over time. Meanwhile, businesses are building new tools and applications as part of their modern environments to serve customers. Converged security should be able to manage both of these environments – legacy and cloud-optimised – at the same time.

Forcepoint's converged offerings are ready for modern applications. They are cloud-ready, cloud-enabled and cloud-native, but they also understand those hybrid legacy environments.

Savvides says these technologies protect data at the network level and at the user level, covering network processes and endpoints.

He adds that technologies such as zero-trust network access will help to bridge the gap between legacy applications and modernisation because it can allow for a cloud security stack and modern controls in front of legacy applications.

“When that happens, you start to unify what you are doing and get unified visibility. That visibility is absolutely key.

To find out more about Forcepoint's data and user protection offerings, click here.