“As more of our applications and data have moved to the cloud, a new approach had to be developed to address the security considerations. The differing approaches of heavy on-premises security, with separate cloud specific technologies, worked for a while, but has proven to be complicated, expensive and difficult. One of the leading models developed to address this is Gartner’s Secure Access Service Edge, SASE,” says Nick Savvides, Strategic Business Director, APAC, Forcepoint, in an exclusive interview with CIO Axis.
1-How will the cybersecurity sector look in a post-COVID-19 world? What do you expect to be different when it comes to cybersecurity and hiring in a post-COVID-19 world?
Nick Savvides- COVID-19 brought in an overnight digital transformation and made the concept of remote-work mainstream. Businesses are compressed and brought forward years of digtial transformation in their response to COVID and these new methods of operation will stay with us. Furthermore, post-COVID remote-working won’t go away completely, with flexible arrangements likely to stay with us.
From a security perspective, this means we are looking at challenging times ahead. A change of this level opens up a great opportunity for cybercriminals. Not only do cybercriminals exploit change for their benefit but a rapid change works in their favor as it often introduces confusion. It introduces exceptions. Cybercriminals have already moved in to capitalize on this situation. To combat this, organisations require a change of perspective as their existing models of security don’t particularly apply well to the future of computing. Digitally transformed businesses with their technology led focus, combined with remote-work have challenged the fundamental models used in our cyber-security practices, from the concepts of permitter based security all the way to the operational aspections. No longer do we have the comfort putting a perimeter around the data center, building, infrastructure, and then by default having a perimeter around data and the user.
Forcepoint has very strong products in the areas of Data Loss Prevention (DLP), Cloud Access Security Broker (CASB),User Activity Monitoring, Insider Threat Management along with more traditional permitter controls such as Next-Generation Firewalls (NGFW) and Secure Web Gateway (SWG). While these technologies are great in their own right, they also need to change to better address the new digital reality, so we are pivoting these capabilities into new converged platform, delivered from the cloud for the cloud and digtal era.
Key concepts here that are driving our vision, are Secure Access Service Edge (SASE), Zero-Trust and more uniquely to Forcepoint, BehaviourUnderstanding. With this converged model, we can deliver the security services at the near (data centre) and far (cloud) edges without diluting the protections offered.
With COVID-19 and digital transformation, remote work is here to stay; according to a recent Gartner report, about 48% of employees will continue to work remotely some or all of the time post COVID-19. Organisations will have to become flexible to provide security to all their people, irrespective of their chosen place of work.
2. How did you ensure corporate networks remained secure when there are mass layoffs across several businesses due to COVID-19? Is it a truism that disgruntled employees are the biggest reasons for insider attacks?
Nick Savvides – The question here believes the new reality, as corporate networks are not as relevant anymore due to the cloud, significant amounts of corporate data exists outside those networks. Furthermore, network security doesn’t really deal with malicious authorized access, with this being the realm of Insider Threat Management and User Activity Monitoring, and it is for this reason, that we are ensuring we build these capabilities into our converged platform.
It’s more about securing the data and the interfaces and interaction points between the user and the data. This is extremely apparent when you consider insider threat actors are responsible for 30% of all data breaches; 17% of all sensitive files are accessible to every employee; and most insider threat incidents (62%) stemfrom careless user actions that inadvertently cause security breaches or even as a result of compromised access. Let me clarify here – a threat actor does not necessarily have to be a current employee or officer in the organisation, or at least appear to be. They could be a consultant, former employee, business partner, board member, or a hacker who has obtained the login credentials of one of these individuals. This emphasies that organisations require not just excellent visibility but also the ability to gain insights into their data movement in order to prevent breaches due to insider threats.
In addition to this the cognitive behavior of people who are more likely to make mistakes when they work under pressure. This pressure could come from the threat of redundancy, or simply the stress of working from home in a pandemic, often while caring for others. Whatever the stress, if we understand how people interact with critical data under normal circumstances, we can spot when these change and adapt our security systems to match: raising the risk profile on an automated yet individual basis and taking different actions to protect data.
A human-centric approach to cybersecurity shifts the focus from responding toevents and alerts, to understanding people and their behaviors. Policy-centricdata protection solutions are unable to understand the context around events inorder to determine intent and proactively surface risk in changing, often remotework environments. They tend to require explicit rules and policies for every possible scenario, which is impossible to ever achieve.
Forcepoint’s Dynamic User Protection(DUP) changes this approach by putting people atthe center of the security model. DUP empowers analysts to focus their resourceson the highest-risk users by providing meaningful visibility into how users areinteracting with data, and dynamically adjusting data protection policies basedon the signals that indicate risk (Indicator of Behaviors) to stop data theft and loss before it happens.
3-Why is the SASE approach being talked about so much these days?
Nick Savvides- As more of our applications and data have moved to the cloud, a new approach had to be developed to address the security considerations. The differing approaches of heavy on-premises security, with separate cloud specific technologies, worked for a while, but has proven to be complicated, expensive and difficult.
One of the leading models developed to address this is Gartner’s Secure Access Service Edge, SASE. It is an architecture that places a converged security stack in the cloud to sit between users and their applications,unifiying the security outcomes and ensuring the same level protection to the users and data no matter where either of them are located.
It is geared towards platform-based solutions that unify web, network, and app security. A converged approach eliminates gaps and redundancies to stop attackers from breaking into your enterprise from the internet, web content, or cloud apps—consistently, no matter where your people work.
SASE provides support to the ever-growing number of users who access cloud applications from outside the corporate network by directly connecting them to the cloud. Data flow for cloud applications no longer needs to be redirected through a central data center or separate security stack. It is all converged into a single platform.
Companies can modernize their networks and incorporate local internet breakouts and adopt anSD-WAN approach for their network architecture, simulteously reducing costs while improving user experience.
Beyond the improvement of security controls, adopting SASE principles further simplifies and scales operations by converging operations and amangement into single source.
While many think of SASE as pre-integrated capabilities or modules in the cloud, I think of this differently. Rather than a platform of modules, I prefer to think of SASE as a platform of outcomes.
For example rather than having Secure Web Gateway, Data Loss Prevention, Firewall-As-A-Service, and Cloud-Access-Security Broker as modules. It makes more sense to think of SASE delivering the outcomes of secure web and application access, with advanced user, data and network protection.
From Forcepoint’s perspective this isn’t enough, which is why we are extending this even further by coverging into the SASE model, Insider Threat Management and User-Activity-Monitoring, to make Forcepoint’s SASE platform truly risk adaptive.
4-Gartner defined SASE. How should companies approach their implementation?
Nick Savvides – Security that used to be delivered via a patchwork of point products is following apps, data, and people into the cloud in Gartner’s Secure Access Service Edge (SASE) approach.In most organisations, the key audiences for SASE solutions can be broken into two camps: network security buyers and data security buyers. Network security buyers are concerned with challenges like securely keeping remote workers productive and safely adding new branch offices to the network. Data security buyers are interested in goals like improving data loss prevention to protect against external attacks and internal threats that can lead to breaches, as well as complying with governmental regulations and industry standards.
Each part of an organisation approaches SASE in its own way. To develop your SASE roadmap and identify the correct people to involve first, determine whether securing network connectivity or protecting data is your greatest need. SASE can be applied to many issues; you may find it easiest to start with one issue and work your way through larger initiatives as needed.
Solutions like Forcepoint Dynamic Edge Protection (DEP) implement the SASE model, weaving together advanced security capabilities such as firewalling, intrusion prevention, web content inspection, malware scanning, URL filtering, application access, and more into a single, unified cloud service. This converged approach eliminates gaps and redundancies to stop attackers from breaking into an enterprise from the internet, web content, or cloud apps—consistently, no matter where people work.
5-How does moving left of breach help reducing the risk of cyber threats?
Nick Savvides- Data breaches can cripple businesses. While it’s true the financial implications tend to be significant—both in terms of revenue loss and potential fines—breaches often cut deeper, especially when they result in loss of critical intellectual property.
Just like perimeter controls help in preventing compromises, fixed rule Data Loss Prevention technologies help in preventing data breaches, we know both still occur. This is what gave rise to the dection and response technologies and methologies.
Today, most organisations cyber-security practices are still in the detect-respond era, where we make an assumption the organisation is compromised and we must detect and respond to this as quickly as possible. The response to a data breach that wasn’t blocked by a rule starts after it’s been detected, and unfortunately that detection is mostly provided by a 3rd party notification. Nearly all of that work is manual, and in nearly all cases of the recovery leads to more rules.
In a “shift-left” scenario, rather than waiting for breach to occur and the responding to it, we predict that a breach may occur, and automatically move to prevent it. This work is nearly all automatic and instead of leading to manual recovery and more rules, it leads to fewer breaches and priortitised investigations. This frees up staff to focus on keeping the organisation safe rather than on cleaning up and recovering from a loss event.
This is only possible because we now have the ability, using data science and machine learning, to process and understand so many signals and inputs that we can predict accurately when a breach is likely to occur.To do this accurately the signals processed must be both security and non-security signals, as this allows context to be applied to every decision, vastly improving it’s accuracy.
Then there’s this new challenge few could have anticipated—a large-scale disruption to the way we do business. The sudden, massive demand for secure remote workforce solutions woke up the organisations to a new reality. And this massive disruption has taken place while organisations are at various stages in their digital transformation efforts. Many organisations have accelerated their digital transformation plans in response.
That’s where Forcepoint comes in. Our range of cybersecurity solutions help in securing organisations from cyber theats by identifying and preventing breaches before they occur.
Forcepoint Dynamic Edge Protection(DEP) gives a true SASE and Zero Trust Protection. DEP manages access to web, cloud, and internal applications while protecting against advanced threats and data theft.Your people can work anywhere, safely and efficiently, keeping threats out and sensitive data in.
Forcepoint Dynamic Data Protection (DDP) builds on award-winning enterprise DLP and offers individualized adaptive data policies, delivering cloud-hosted behavioral analytics. Risk changes over time depending on behaviour, so the user acting in ways against set policies would receive a series of warnings before eventually finding highly risky behavior blocked and stopped.
Forcepoint Dynamic User Protection (DUP) uses Indicators of Behavior (IOBs) to monitor and analyzes user activities to mitigate risk at the earliest point of detection. DUP is able to gain meaningful visibility into user interactions with critical data and detect risk “left of loss” with comprehensive risk scoring.