April 16, 2018

Protecting federal agencies' most sensitive information just got easier

George Spencer

A Human-Centric Approach to Risk Adaptive Protection

The current cybersecurity market is oversaturated with acronyms, cryptic lingo and noise.  Government agencies are asked every day to protect critical networks with limited resources and people while government funding instability brings challenges to establishing both short and long-term plans regarding technology initiatives. Effective and seamless security solutions have never been more important given the aforementioned and the overall uptick in data breaches.

For decades, government cybersecurity has focused on locking down endpoints and perimeters, building walls and moats to protect networks and data. This task was relatively simple when all your systems were under your direct control. However, with increased reliance on operating models that embrace inter-agency connectivity, cloud and mobility, agencies no longer have direct visibility into all critical systems.

At the same time, data is accessible from anywhere, expanding the attack surface at an exponential rate and making it more difficult to identify and prevent threats. Amidst the disruption, the two constants that cybersecurity professionals can direct their focus on are people and data, and everywhere those two constants interact.

The traditional, event-centric approach is one that seeks to solve the problem with additional layers of technology. Instead, the security paradigm needs to shift from billions of events to a more manageable number—the thousands of people “on the inside” who access sensitive data (e.g., employees, contractors, constituents, hackers) whose actions, unintentional or not, may pose a security risk.

The user is the new perimeter

Forcepoint’s human-centric security approach provides visibility into human interaction with data and the context to understand the intent behind that interaction. People are creatures of habit; using the interaction context allows security to dynamically adapt and apply countermeasures as appropriate.

This Risk Adaptive Protection paradigm provides a security environment that protects users, data, networks and, ultimately, missions from unintentional or malicious compromise. It allows security professionals to cut through the noise to stop the bad and free the good.

Dynamic Data Protection - The Next Generation of DLP

Traditional data loss prevention (DLP) approaches can only stop a data exfiltration event—whether from a hostile account takeover or nefarious insider activity—by actively blocking all events that look like exfiltration, regardless of user intent. Striking the balance between the correct security policies and usability to accomplish the mission is a time consuming and manual process of system, rule and alert tuning. Forced to rely on static rules, typical DLP blocking is enforced with no understanding of the context surrounding the event. Therefore, even if the user is copying a file for appropriate agency use, they must obtain manual permissions to perform the action, slowing down operational efficiencies.

DLP is a powerful tool in the cybersecurity arsenal, but precision is key to balancing security with usability. This precision comes with the addition of user and entity behavioral analytics (UEBA) to develop context and inform user intent. By harnessing powerful analytics and insights, agencies develop the deep visibility of anomalous network, data and user behavior, and develop policies that adapt automatically to reduce alerts and increase data protections. Forcepoint is the first cyber security company to fully integrate UEBA with DLP offering a much more automated approach to protect sensitive information on agency networks. 

How Forcepoint Dynamic Data Protection Works

Forcepoint Dynamic Data Protection empowers agencies to solve the fundamental challenges of historical DLP deployments to more effectively protect sensitive information, including Controlled Unclassified Information (CUI), on-premises or in the cloud. By delivering a dynamic cybersecurity approach with intelligent analytics, unified policy and orchestration, the integration of Forcepoint DLP and Forcepoint UEBA provides an end-to-end, human-centric architecture with built-in monitoring and enforcement controls. Forcepoint Dynamic Data Protection dynamically protects data based on the calculated behavioral risk level of users and the value of the data, dramatically reducing the quantity of alerts requiring investigation. This not only amplifies coverage, it provides the means to better understand risky behavior and automate policies.

For example, should an account associated with a low risk level suddenly begin performing abnormal actions (e.g., downloading large quantities of files in the middle of the night), the system will take all the context into account (e.g., badge entry logs do not show building entry, VPN access logs do not show a login event) to automatically change the account security profile. Integrating with additional external data sources, such as a SIEM, increase the robustness of risk adaptive protection contextual models.

Analytics models watch an account’s behavior over time to establish baselines. With baselines in place, the models use advanced techniques like machine learning to look for potential early indicators of compromise, attempts to escalate account privileges and unusual network activity. Analytics make it easy to detect when an account is collecting data from locations on the network or cloud infrastructure that have never been visited before (Figure 1).

Figure 1: Risk Level Assignment

Detecting early indicators, particularly during off hours when there may not be staff available to monitor DLP alerts, is key to identifying high-risk activity scenarios to escalate risk levels and security policy enforcement mechanisms. When an account risk level rises, the associated security policies within DLP are also elevated to prevent the loss of sensitive data.

With easy to configure tools, administrators can define specific actions (e.g., allow upload to a cloud app, account lockdown, network location access prevention) associated with each risk level (Figure 2).

Figure 2: System Action Assignment by Risk Level



Forcepoint Dynamic Data Protection presents a highly effective approach to managing and monitoring an agency’s current data loss prevention program. It represents the ideal starting point for agencies beginning a data loss prevention initiative.

Forcepoint's human-centric cybersecurity approach comes from decades of experience in military and high-assurance mission environments analyzing the behavioral rhythms of enterprise users on managed and unmanaged corporate networks. Forcepoint’s intelligent systems apply a range of security countermeasures to address risk. Leveraging this experience, Forcepoint delivers Risk-Adaptive Protection that is uniquely suited to protect government data, including Controlled Unclassified Information (CUI), wherever it resides, with solutions scaled to support your security program.

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.