People are the new security perimeter - introducing Forcepoint UEBA
I’ve written recently about how cybersecurity has traditionally been all about building better walls. With workforce mobility, BYOD, and users increasingly working from home, suddenly those walls have disintegrated – and what’s left are users and data. Historically, organizations simply needed to “secure the perimeter.” But now cloud and mobility are creating a new normal, where there is no defined perimeter. Or to put it another way, people are the new perimeter.
At Forcepoint, we understand this new security perimeter as being fundamentally about people interacting with data and IP. We view people – rather than technology infrastructure – as the focal point for cybersecurity. By focusing on how, when, where and why people interact with critical data and IP, organizations can more effectively identify and address risk.
Traditional UEBA helps address this – with limitations
Observing human behavior and understanding user intent is the key to better security and protection against data and intellectual property theft. And user and entity behavior analytics (UEBA) brings user insights, in the form of anomaly detection, to traditional data dominated environments. However, traditional UEBA provides insights that go straight to the SOC. This is a good beginning, but ultimately limited given that traditional UEBA is merely focused around detection, and the speed of that detection can be too slow to actually be useful in preventing breaches and losses. When global security disasters can occur in minutes due to accidental or malicious breaches, it’s imperative that enterprises be able to directly couple insights into protection, and do so rapidly so that action can be taken before critical data is lost.
And this is why we’re thrilled to announce today our acquisition of UEBA leader RedOwl. RedOwl’s UEBA platform uniquely enables users to rapidly integrate new, complex data sources, apply powerful behavioral analytics that look at the behaviors of people and help understand intent across both security and compliance-related use cases. We’re especially excited to be joining forces, because unlike other UEBA vendors, RedOwl’s vision directly aligns with our human-centric POV. Since 2011, RedOwl has been the only UEBA that specifically monitors and provides visibility into the cyber activity of people. Like Forcepoint, RedOwl has been consistently all-in on a human-centric approach to security.
With this acquisition, we can now ingest multiple data sources –including structured and unstructured data -- whether that’s from databases, Workday (HR), Salesforce, or other widely used applications and programs, and draw correlations that legacy DLP wouldn’t let you do. With the volume of data sources we can analyze, we can build a view of what “good” and “safe” look like for both security and compliance considerations. When something falls out of that normal profile, like accessing data at odd times, or from odd locations, we can raise the awareness and automatically adapt protection to the appropriate risk level.
For example, if sensitive data is being accessed during the middle of the night, the human-centric analytics can determine whether the employee in question is on a business trip to Asia, and the access to sensitive data is just happening during her working hours while away from the office. However, maybe that employee is at home but had her credentials compromised, and there is no easy explanation for accessing information at 3:30 in the morning. With RedOwl, a customer could use employee travel status as an input source to the analytics system – providing a level of insight to know the difference between a real attack or a false alarm.
Data Loss Prevention is evolving. And the UEBA market is moving from solving insider threat-only use cases to people-centric protection for security and compliance requirements. Traditional DLP has relied on static policy alone, without consideration for risky user behaviors, in order to take action. However, by taking insights around risky behavior into consideration, policy enforcement can become risk-adaptive, taking specific actions based on the dynamic determination of risk. The RedOwl UEBA capabilities will allow Forcepoint to provide a key foundation for this new generation of risk-adaptive DLP. And with RedOwl, we can take into consideration not only cyber sources but also human-centric databases and applications. For organizations that face heavy compliance obligations, such as government or financial services, or for organizations that are focused on protecting their core intellectual property, this new era of risk-informed DLP, powered by UEBA, can offer new levels of fidelity AND usability in keeping sensitive information where it belongs.
The Future’s So Bright
Many companies solve for a specific task; Forcepoint solves for the total solution. This isn’t just big data, it’s human-behavior centric insights. And now, the time between data capture and human action can move from days to minutes. We’ll be making the newly named Forcepoint UEBA available beginning immediately, and over the coming quarters UEBA capabilities will be integrated across the company’s portfolio, as well as with customers’ existing cybersecurity technologies.
Finally, great technology is created by great people. And I’m especially excited to welcome the highly talented and dedicated team of professionals at RedOwl to the Forcepoint family. I look forward to working with them to help advance Forcepoint’s mission of protecting the Human Point.