Forcepoint’s solutions are a case in point. The demand for organisations to understand cyber behaviours at the human point — the intersection of users, data and networks – is growing. Impersonating user behaviour is difficult and it’s easy to identify when the user’s behaviour pattern trends away from the normal: but monitoring these differentiators is difficult, and this is where AI and machine learning can play a key part.
For example, Forcepoint’s recently launched Dynamic Data Protection, the company’s first Risk-Adaptive Protection solution that adaptively shapes and enforces security policies across enterprise endpoints or devices, without requiring administrator intervention.
With human-centric behaviour-analytics at its core, Forcepoint Dynamic Data Protection applies an anonymous and continuously updated behavioural risk score to establish a baseline of “normal” behaviour of each end-user on corporate or unmanaged networks. Forcepoint’s intelligent systems, informed by the individual risk assessment, then apply a range of security countermeasures to address the identified risk. For example, Forcepoint Dynamic Data Protection can allow and monitor data access, allow access but encrypt downloads, or fully block access to sensitive files depending on the context of individual interactions with corporate data and the resulting risk score, explains Mahmoud-Samy Ibrahim, area vice president at Forcepoint, EMEA Emerging Markets.
“An organisation’s ability to automatically adapt enforcement policy to the most significant risk can mean the difference between protecting critical customer data, intellectual property and even mission success,” Ibrahim says.
Rather than focusing on traditional threat-centric approaches, Forcepoint’s human-centric approach to security delivers risk-adaptive protection, which allows enterprises to dynamically and automatically adapt enforcement based on the changing levels of risk.
“To stay ahead of the next breach, companies should focus on Risk Adaptive Protection (RAP) to recognise the context and intent of user behaviour for early and accurate threat detection. RAP delivers a better understanding of risky behaviour and can successfully automate policies to reduce the number of alerts that require investigation. RAP helps to identify unusual behaviour on the network and prevent threats before they occur,” explains Ibrahim.
“The one thing I think enterprises should do right now to improve their cybersecurity posture is to become increasingly aware of who is accessing your data and invest in systems such as risk-adaptive protection that spot unusual activities on the network. This way you can prevent the wrong people from accessing and exploiting your personal information,” he adds.
Traditional security protocols just won’t work.
Security professionals are facing a constantly moving and evolving beast as they deal with malware evolution, business change which happens at an increasing pace, legal regulations and a constantly evolving and adapting workforce. Data is the lifeblood of any organisation’s business success -- protecting critical data is now the mantra for success today, Ibrahim observes.
“With cloud, workforce mobility and BYOD, the traditional perimeter has dissolved and what’s left is users and data. The most fundamental challenge for cybersecurity rests in the ability to control data as it moves in and out of the organisation’s possession while employees seek to use it on-demand, everywhere,” he adds.
The problem is, how do you control access, visibility and enforcement when you don’t even control the IT infrastructure?
Millions and sometimes billions of events come across the SOC on a daily basis and the only practical way to deal with these is to focus on identities of users, accounts and machines and understand what’s considered normal or anomalous behaviour and activity. “Protecting data effectively requires an organisation-wide change in mindset i.e. moving from a threat-centric security approach to a human-centric one,” Ibrahim says.
“We need to understand behaviour in order, for example, to stop cybercriminals from stealing identities and impersonating authorised users on corporate networks. Understanding the context of behaviour and intent is vital and knowing the difference between what’s considered abnormal and normal activity is the key,” he adds.
The mounting interconnectedness of operational technology (OT) and IT in critical infrastructures like manufacturing and energy utilities adds another layer of uncertainty for security professionals.
“Critical or valuable data and critical infrastructures will all become a target for mass disruption, as people, devices and networks become even more connected. Consumers and enterprises can access information anywhere from any device, so it is becoming increasingly difficult to stop threats from happening,” Ibrahim observes.
Security threats show no sign of slowing down.
Forcepoint tracks trends constantly, producing an annual Predictions report and recently released its half-year scorecard to report back on trends.
The report had predicted lots of activities around privacy; indeed the first part of this year has considerable discussion around this theme, with the Facebook/Cambridge Analytica scandal throwing personal privacy and data governance into sharp focus.
“In addition, we know that traditional data leakage and ransomware will continue to be the focus for remediation and prevention, and while we’re using machine learning in our products, we’re also watching closely as artificial intelligence and the internet of things could also bring new risks in the near future,” warns Ibrahim.
“We also watch data aggregators closely as breaches on these platforms which contain information on a sales force, prospects and customers, or those which manage global marketing campaigns are a huge target,” Ibrahim observes. The Equifax breach rocked the security industry, and the full impact of this breach has not yet played out. “Attackers seek the path of least resistance, and if they can find a weak link in a system which already contains the crown jewels of personal data, they will exploit it.”
As cryptocurrencies grow in importance, including as a method of extracting revenue from cybercrime, Forcepoint predicts that the systems surrounding such currencies will increasingly come under attack. “We expect to see an increasing amount of malware targeting user credentials of cryptocurrency exchanges, and cybercriminals will turn their attention to vulnerabilities in systems relying on blockchain-based technologies,” Ibrahim says.