Lightning in a bottle: introducing Dynamic Data Protection
We’ve spent some time recently sharing news about Forcepoint’s innovations in DLP, including the integration of DLP with CASB, tailoring our options to better meet a variety of customer needs and how we’re listening to our customers when they tell us that they need more than traditional DLP to deliver better data protection.
Human-centric cybersecurity adapts protection for users and data by understanding the behavior and interactions between identities, systems and data. Since the acquisition of RedOwl in August 2017, we’ve been marching down two different (albeit connected) paths with our analytics capabilities. The first is tactical and the second is strategic. First, we wanted to ensure that we stayed on the innovation path with Forcepoint UEBA, ensuring the on-time release of sought-after features like the Entity Timeline, which allows an investigator the ability to reconstruct the series of events resulting in an elevated risk score. Second, and more importantly, we wanted to ensure that the analytics capability we acquired could be leveraged to make the entire portfolio “smart.” It’s one thing to say it, but another thing to actually build it. We’re reaching one of those inflection points where we believe we’ve captured lightning in a bottle and we couldn’t be happier to share it with you.
Most, if not every, DLP solution in the market today blocks or allows data actions based on a static set of policies. Think of it as a light switch: it’s either on or off. These conditions can include “a user tries to copy a file to USB” or “a user tries to send an email to an external source.” When this condition is encountered, the system offers a binary response. The action plans are as sophisticated as “Allow” or “Block.” There is no mechanism to provide exceptions. This lack of flexibility leads to both frustrated users and overwhelmed administrators. When users get frustrated, they find ways around the security controls. When administrators get overwhelmed, they either turn off the rules or lose faith in the technology. We need a solution that doesn’t operate like a static switch but instead acts like a dimmer – something which can effectively operate in the middle ground.
To that end, we’re thrilled to announce the availability of Forcepoint Dynamic Data Protection, which brings to market an evolutionary new method to solve customers’ data security needs. Forcepoint Dynamic Data Protection provides the ability to monitor and enforce controls dynamically, protecting data based on the calculated behavioral risk level of users and the value of data accessed.
Dynamic Data Protection:
- Has a closed loop system which gathers data from the endpoint
- Takes that data and processes it against behavioral models through an analytics module
- Thereby producing an individualized risk-score, which is assigned to the user
- That individual risk score correlates to a risk level of 1-5.
- Unique data protection action plans can be applied to these different risk levels and customers who own Forcepoint’s DLP Suite with DLP Cloud Applications will be able to enforce policy across the endpoint, web, email and sanctioned SaaS channels.
- Over time, the individual risk scores can be driven up and down by changes in human behavior
- The security adapts to the risk levels without the need for human intervention.
This is one of the first times that artificial intelligence and machine learning are being used to automate policy enforcement with the goal of reducing the quantity of alerts that require investigation. Using the previous example, this means that for a specific event a user with a low risk score may be allowed to copy to USB, a user with a mid-level risk score may be allowed to copy to USB, but the files will be encrypted, and a user with a high risk score may have that same action blocked. While this is only one use case for one policy, the amount of flexibility provided as part of this capability is immense.
When it comes to data, the primary goal for any security organization is to keep it safe. Keeping users from being frustrated and administrators from being overwhelmed are secondary goals. We don’t want security departments to have to make that compromise. Only Forcepoint empowers these organizations to better understand risky behavior and automate the policy enforcement. We want to improve efficacy while both allowing low-risk users the freedom to go about their business unimpeded while keeping a better watch on those with a higher risk score – all without putting the burden on the administrator.
At RSAC this week? Come talk to us in Booth N-3525 to learn more about Risk-Adaptive Security and Dynamic Data Protection.