BSE adopts Forcepoint DLP to secure its sensitive data

Overview

BSE (formerly known as Bombay Stock Exchange Ltd.) has the unique distinction of being Asia’s first stock exchange, having been set up in 1875. Today, BSE provides an efficient and transparent market for trading in equity, currencies, debt instruments, derivatives, mutual funds. It provides a host of other services to capital market participants, including risk management, clearing, settlement, market data services and education.

Challenges

An institution like BSE, which is enlisted among the country’s most critical infrastructure by National Critical Information Infrastructure Protection Centre, is home to highly sensitive and critical corporate and trading data belonging to over 5,500 corporate houses that are listed on the exchange. These companies trust BSE with their data and the exchange can’t afford to lose any of it. Its very survival depends on maintaining the security and integrity of this sensitive data. Thus, a key responsibility for BSE is to ensure stringent round the clock monitoring of its data as well as securing it against any possible internal or external threats.

According to Shiv Kumar Pandey, Chief Information Security Officer, BSE:

“While we had invested in a solution to address these challenges, the existing controls were not sufficient to defend against advanced data theft mechanisms such as data exfiltration in the form of image and slow and low leakage.”
– Shivkumar Pandey

Meanwhile, in a bid to strengthen its security posture, the exchange was undergoing a complete revamp of all its Cyber Security systems. It had decided to replace its existing security products with new and cutting edge technology solutions. DLP being an integral part of BSE’s overall security strategy, it required to undergo a revamp too. BSE wanted a comprehensive solution that covered endpoint, network and e-mail.

Solution

After careful and stringent evaluation, BSE decided to implement Forcepoint DLP solution, providing end-to-end coverage across the entire gamut of network, end point and email to address its challenges.

The exchange found the Forcepoint DLP solution to be built on new and more robust technology with a very strong roadmap to provide both data leakage and user behavior analysis from a single solution. This feature, BSE realized, would help it move from a detection to prediction mechanism, which is critical in today’s constantly evolving threat landscape.

Forcepoint scored over the other DLP vendors in the market for its ability to offer more than 1,700+ policies based on compliance, regulation and region to deploy the DLP solution easily and to get quicker ROI. Besides, it also provides Drip DLP functionality and advanced analytics through Incidence Risk Ranking to reduce the DLP’s known problem of high number of false positives.

Forcepoint DLP also offered seamless integration with BSE’s existing software and systems, including O365, without any additional cost. The solution’s cost effectiveness is further testified by its offering inbuilt OCR functionality at no additional cost. It also provides native encryption for USB within the same solution without adding to the cost.

“Forcepoint’s advanced DLP solution could meet our technical requirements and their vision to integrate with their endpoint UEBA technology is also un-paralleled. Their advance features also help us derive more value and protect our network and users from advanced attacks.”
– Shivkumar Pandey

Besides ease of deployment and managing the operations of the solution, Forcepoint also enjoyed a reputation of reliability, which is key as BSE was looking for a vendor that it could depend on in the long term even after the implementation was done.

Results

Through stringent monitoring, strengthened by 24x7 support model with TAC available locally, the solution is helping BSE keep track of where the data is going, both inside the organization and outside.

“Being a national critical infrastructure, data loss is a major concern for BSE. Forcepoint DLP has helped us gain much better visibility and control over our data, strengthening our overall security posture.”
– Shivkumar Pandey

Being able to track data movement has helped BSE prevent any unauthorized access of data, whether accidental or malicious. When a user tries to access and copy any data that he/she is not authorized to access to any endpoint device like pen drive, external storage drive, end user laptop, etc. the system raises an email or SMS alert to the business owner as well as blocks the action considered as unauthorized or with malicious intent. Similarly, if a user tries to send any unauthorized data over email, a similar alert is generated and necessary action is taken. Thus, plugging all possible data loss points – endpoint, network and email and thwarting any possible security breach, whether from an insider or an outsider. The whole action of identifying the riskiest of incidences from the haystack of incidences generated is made possible with a rich dashboard by enabling IPR and that too without any additional cost.

“Tackling the human element within the overall security roadmap is critical for organizations in today's scenario. With their human centric approach to security, Forcepoint DLP is helping us address this key piece of our security strategy.”
– Shivkumar Pandey

Further, the higher management at BSE enjoys the flexibility to operate from anywhere and take necessary action on the DLP incidence without having to login into the DLP console through the inbuilt incident workflow management.

With multiple benefits, BSE has been able to create a truly comprehensive protection against internal as well as external security threats in today’s dynamically changing threat landscape.