Security Market Segment LS
Friday, 17 May 2019 16:15

10 things we learned from Forcepoint’s 2019 Conference

By
Forcepoint's 2019 conference was held in Kuala Lumpur Forcepoint's 2019 conference was held in Kuala Lumpur Nick Ross

Forcepoint held its annual APAC conference in Kuala Lumpur, Malysia this week. The network security company, which specialises in behavioural and analytics-based protection, gave industry insights, talked about forthcoming products and announced survey results in addition to interfacing with channel partners.

The most notable takeaways were as follows:

  1. Analysing user behaviour in order to identify security concerns is opening the door to identifying productivity gains according to CRO, Kevin Isaac.
  1. One trillion dollars has been spent on cyber security in the past seven years and no CSO feels any safer. Isaac said that it’s an embarrassing statistic for his industry and that the 95% failure rate of protection investment spoke for itself. He asked the rhetorical question, “When we spend the next trillion dollars, are we expecting the same result?” He also alluded to recent survey which stated that 100% of CSOs believed they are going to be victims of phishing attacks breached through phishing in the next year. He stated that security incidents in the Enterprise had increased a massive 26% in the past year despite a 9% increase in budget. He said that figures like these justify taking a different approach to security.
  1. Forcepoint approaches network security in a different way to competitors, where possible, in that it focuses on analysing user behaviour across networks and devices and creating risk scores for anomalous activity. These include flagging account logins on computers in countries where the user isn’t present, creating folders and copying significant information from network drives into it (this can demonstrate a hack in progress or be a precursor to a disgruntled employee exfiltrating data because they are about to quite the company). By looking at all areas of activity (including physical location) additional threat insights can be identified and checks or lockdowns put in place as appropriate.
  1. That while it’s known that users are commonly the weakest link in a security environment, your most valuable employees are also the ones who can (deliberately or not) cause the most catastrophic breaches. See video below.
  1. Privacy is a key issue. Monitoring behaviour of users to such a microscopic level is enough to detract employees from ever working in an organisation. Forcepoint makes a point that only the behaviours and not the content are monitored and once the insights are gained the information is destroyed. When asked how they could certify/prove such practices were actually happening (whether by openness or third-party auditing), CTO, Nico Fischbach, pointed out that no such privacy certifications existed but that the conversations were already happening within the IAPP (International Association of Privacy Professionals) because they were needed going forward.
  1. Behavioural security is not just about humans. Vulnerable IoT devices and malicious bots are proliferating but “Baselining the behaviour of a microprocessor is a lot easier than baselining the behaviour of a human.”
  1. Enterprise solutions could help children in schools. While full monitoring brought with it serious privacy issues, there was some scope for identifying the likes of vulnerable/mentally compromised children or those who might be researching a massacre materials.
  1. That many organisations aim to tick compliance boxes instead of genuinely-reducing risk. The example was given that if you went to a hospital, would you want your information simply to be compliant or genuinely secure? Isaac believes, Many CSOs aim to tick boxes to protect themselves from compliance-related prosecution and to be able to report to their superiors that official best practice had been followed.
  1. Customers hate DLP (Data Loss Prevention) solutions. It get’s installed but can’t be activated because users don’t like it. It creates friction, and stops them doing their job. Behavioural analytics is never seen and so doesn’t get in the way. One Wall Street bank was using behavioural analytics in their regulatory compliance space for traders – ingesting email, voice and chat and looking for behavioural issues to help prevent insider trading. They were catching more DLP risk and incidents there than they were with the straight DLP product because behaviour was more interesting than DLP.
  1. Zero trust security is less secure than adaptive trust. Relying on ultra-secure credentials simply doesn’t work on its own because credentials can be stolen.

The writer attended the Forcepoint conference in Malaysia as a guest of the company

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Nick Ross

Nick Ross is a veteran technology journalist who has contributed to many of Australia's top technology titles and edited several of them. He was the launch editor of the Australian Broadcasting Corporation online Technology section.

Media

Forcepoint made a great video illustrating how your best employees can be the biggest security weakness Forcepoint

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments