Changing the security game Changing your thinking from "what" to why" John Enger Manager, Sales Engineering Copyright © Forcepoint | 1
STRONG GLOBAL FOOTPRINT
2,500 Employees 155 Countries 50 Offices 16,000 Partners Average Support CSAT 8.7- 8.9 380 Patents & Patent Applications 27 Data Centers AMERICAS
EMEA
Headquarters, Austin, TX Engineering & Operations Cloud Data Center Sales & Support
APAC
Copyright © Forcepoint | 2
RETHINK CYBERSECURITY
LOOLKOINOGKBEINYOGNDBTEEYCHONNODLOGTYECHNOLOGY
Technology alone won't create better security outcomes.
$90b estimated security spend in 2017 Technologies continue to proliferate Breaches remain frequent
< 50% of organizations truly agree that technology will drive increased security
Understanding behavior is essential, but there's been a gap in the market.
80%
<1/3
of companies believe understanding behavior is important
of companies feel they adequately understand their users' behavior
Copyright © Forcepoint | 4
PEOPLE ARE THE CONSTANT IN SECURITY
TECHNOLOGIES CHANGE
Copyright © Forcepoint | 5
UNDERSTANDING USER INTENT
Inadvertent Behaviors Poorly communicated policies and user awareness
Broken Business Process Data where it shouldn't be, not where it should be on the one
Malware Infections Phishing targets, breaches, BYOD contamination
Stolen Credentials Credential exfiltration, social engineering, device control hygiene
Rogue Employee Leaving the company, poor performance review
Criminal Actor Employees Corporate espionage, national espionage, organized crime Copyright © Forcepoint | 6
PROTECTING THE HUMAN POINT Where critical data and IP are most valuable and most vulnerable
Copyright © Forcepoint | 7
FORCEPOINT A company with a unique point of view VISION To understand the world's cyber behaviors to STOP THE BAD and FREE THE GOOD. MISSION REINVENT cybersecurity by creating uncompromising SYSTEMS that understand people's BEHAVIORS and MOTIVATIONS as they interact with data and IP EVERYWHERE.
Copyright © Forcepoint | 8
THE HUMAN POINT IS ABOUT UNDERSTANDING the rhythm of your people AND the flow of your data Copyright © Forcepoint | 9
BUT HUMANS ARE NOT LOGICAL Copyright © Forcepoint | 10
Desire lines Understand how Users want to use their Data and systems.
Copyright © Forcepoint | 11
Desire lines Understand how Users want to use their Data and systems.
Copyright © Forcepoint | 12
Desire lines Understand how Users want to use their Data and systems.
Copyright © Forcepoint | 13
FORCEPOINT'S APPROACH TO SECURITY
DATA EVERYWHERE
USERS ANYWHERE
MANY BEHAVIORS
Copyright © Forcepoint | 14
TODAY'S REALITY: THE ZERO-PERIMETER WORLD
Remote Users
Remote Users
- Significantly increased attack surface
- Lack of Visibility You cannot secure what you cannot see
- Disjointed Security Policy From one perimeter to defend to many
- Silo'd Intelligence & limited visibility to risk Unable to make informed decisions for the entire business
- Ineffective Enforcement Unable to make informed decisions for the entire business
- Compliance Things just got a lot more complicated
Copyright © Forcepoint | 15
THE HUMAN POINT IS ABOUT UNDERSTANDING the rhythm of your people AND the flow of your data Copyright © Forcepoint | 16
BENEFIT FROM THE HUMAN POINT
rhythm of your people rhythm of your people flow of your data
Visibility
Identify your data and users everywhere your people work
Control
One policy to manage data movement & access across ALL distributed systems
Risk
Consolidated view of risk that considers user actions & value of the data in addition to machine logs
Enforcement
Risk adaptive protection to act on change in human risk to critical data in real time
Compliance
Effectively enforce compliance no matter where your data resides
Copyright © Forcepoint | 17
TRUSTED INSIDERS VS. COMPROMISED USERS & ASSETS
Customer challenge: Centralized, correlated visibility to user activity Cloud apps Devices User communications HR data
Trusted Insider
Risk Management
Compromised Insider or Asset
Customer challenge: Cyber threats target the people & authorized users who access data & critical systems Mean time to detection: ~150 days
Security Operations
Pinpoint threats
Reduce signal to noise ratio
Source: Gartner, Dec. 2016
Copyright © Forcepoint | 18
Copyright © Forcepoint | 19
GDPR: EU General Data Protection Regulations CCooppyyrrigighhtt©©22001167FFoorrcceeppooinintt..AAlllrrigighhttssrreesseerrvveedd.. | 20
GENERAL DATA PROTECTION REGULATION: HOW FORCEPOINT CAN HELP
INVENTORY PERSONAL DATA
MAP, MANAGE & CONTROL PERSONAL DATA FLOWS
PREPARE TO RESPOND IN A TIMELY MANNER
72
DLP: Discover, Cloud, Endpoint
DLP: Gateway, Endpoint Web & Email Security modules
Management Consoles & Dashboards Copyright © 2017 Forcepoint. All rights reserved. | 21
The Need to Inventory Personal Data GDPR Relevance: Chapter 2 (Principles), section 3 (Rectification & Erasure) Chapter 4 (Controller & Processor), section 1 (General Obligations) Chapter 5 (Transfers of personal data to third countries or international organisations) CCooppyyrrigighhtt©©22001167FFoorrcceeppooinintt..AAlllrrigighhttssrreesseerrvveedd.. | 22
PERSONAL DATA DISCOVERY
Cloud
XXX-XXX-XXX-XXX VS. XXX-XXX-XXX-XXX XXX-XXX-XXX-XXX
Described
Learned
Database
Network Storage
Laptop Drives
DATA IS EVERYWHERE
VS. Structured Un-Structured
File Tags
VS.
XXXXXXXXXXXX----XXXXXXXXXXXXXXXXXXXXXXXX----XXXXXXXXXXXXXXXXXXXXXXXX----XXXXXXXXXXXX
Scanning
DATA IS NOT ALWAYS EASY TO FIND
INDICATORS OF THEFT DATA ISN'T JUST LOST, IT CAN BE STOLEN TOO
PRODUCTS: DISCOVER DLP & ENDPOINT DLP
Copyright © 2017 Forcepoint. All rights reserved. | 23
PRE-DEFINED POLICIES ENABLE FASTER TIME TO DEPLOY PII policies https://www.websense.com/content/support/library/data/v83/policy_classifier/data%20usage%20policies.aspx Copyright © 2017 Forcepoint. All rights reserved. | 24
DATA DISCOVERY RESULTS
Access Control
Location
Type File Properties
Copyright © 2017 Forcepoint. All rights reserved. | 25
The Need to Monitor, Manage & Control Personal Data Flows GDPR Relevance: Chapter 2 (Principles), section 3 (Rectification & Erasure) Chapter 4 (Controller & Processor), section 1 (General Obligations), section 2 (Security of personal data) Chapter 5 (Transfers of personal data to third countries or international organisations) CCooppyyrrigighhtt©©22001167FFoorrcceeppooinintt..AAlllrrigighhttssrreesseerrvveedd.. | 26
CONSIDERATIONS FOR MONITORING DATA FLOWS
IM
Active
Sync
FTP
IM Active Sync FTP
Monitor File Changes
Monitor Uploads
Storage
Printer
Web & Cloud
Network Printer
Web & Cloud
Media
Discover Cloud Use
NETWORK Data in Motion
ENDPOINT Data in Use & in Motion
CLOUD Data In Use & in Motion
PRODUCTS: GATEWAY DLP + ENCRYPTION, NETWORK DLP, ENDPOINT DLP, CLOUD DLP & CASB
Copyright © 2017 Forcepoint. All rights reserved. | 27
DLP SECURES SENSITIVE DATA IN USE & IN MOTION
Who Human Resources Customer Service Marketing Finance Accounting Sales / Marketing Legal Technical Support Engineering
What
Where
Source Code Credit Card Data Personal Data
Evernote Dropbox Business Partner
M&A Plans
Employee Salary Financial Report Customer Records
OneDrive Malicious Server Removable Media
Manufacturing Docs Research
Competitor Customer
How
Action
File Transfer
Confirm
Web
Block
Instant Messaging
Notify
Peer-to-Peer
Remove
Encrypt
Print File Copy
Quarantine Confirm
Print Screen Copy/Paste
Audit Notify Copyright © 2017 Forcepoint. All rights reserved. | 28
USE PLAIN LANGUAGE
Do not allow professors to send research data to...
(Action)
Rule Properties | Severity: (High) Action Plan: (Block_All)
(Who: From) Rule Properties | Source | Edit: Directory Entries
(How)
Rule Properties | Destinations |
R Email R Web R HTTP/HTTPS R Chat
(What) Rule Properties | Condition | Add: PreciseID FP DB Records (Who: To)
Rule Properties | Destinations |
R Email: All
R Web: All
Copyright © Forcepoint. | 29
VISIBILITY OF UNSANCTIONED CLOUD APPLICATION USAGE CASB: Identifies usage of cloud apps that can represent risk to an enterprise Copyright © 2017 Forcepoint. All rights reserved. | 30
The Need to Be Prepared to Report a Data Incident GDPR Relevance: Chapter 4 (Controller & Processor), section 2 (Security of personal data): Article 33 (Notification of a personal data breach to the supervisory authority) Article 34 (Communication of a personal data breach to the data subject) CCooppyyrrigighhtt©©22001167FFoorrcceeppooinintt..AAlllrrigighhttssrreesseerrvveedd.. | 31
INVESTIGATING A DATA BREACH Cloud
Database
Network Storage
Laptop Drives
MAKE USE OF SECURITY ANALYTICS AND RISK RANKING TO PRIORITIZATION RESPONSE PROCESS
REVIEW RESULTS TO HISTORICAL PERSONAL DATA INVENTORIES
REVIEW INCIDENTS TO PAST DATA FLOW POLICY VIOLATIONS
PRODUCTS: MANAGEMENT INFORMATION & REPORTING & RESPONSE TOOLS
Copyright © 2017 Forcepoint. All rights reserved. | 32
EXAMPLES OF REPORTS TO ASSIST WITH BREACH INVESTIGATION
Identify High Risk Users & Provide Business Context
IRR Utilizes Machine Learning and Security Analytics to cluster incidents into cases
Identify high risk data incident cases over last 24 hours
Copyright © 2017 Forcepoint. All rights reserved. | 33
INVESTIGATING A DATA INCIDENT IN FORCEPOINT MANAGER Workflow - DPO Remediate - Encrypt/Pseudonymize Escalate - Incident
Source
Channel Destination
Action
Forensics
Copyright © 2017 Forcepoint. All rights reserved. | 34
GDPR: Forcepoint Can Help
CCooppyyrrigighhtt©©22001167FFoorrcceeppooinintt..AAlllrrigighhttssrreesseerrvveedd.. | 35
PROTECT THE HUMAN POINT BY UNDERSTANDING
the rhythm of your people AND the flow of your data
VISIBILITY Know where your critical IP is & who is interacting with it everywhere
POLICY One policy to manage data movement & access across ALL distributed systems
ENFORCEMENT Risk adaptive protection to act on change in human risk to critical IP in real time
COMPLIANCE
Effectively adhere to
compliance regulations no
matter where your data
resides
36
Visibility
Users & Critical Data
Investigate & Act
Copyright © Forcepoint | 37
Tack för att ni har lyssnat PROTECTING THE HUMAN POINT.
Copyright © Forcepoint | 38
Thank you
Copyright © Forcepoint | 39