Forcepoint uses AI, ML, analytics to keep organisations unbugged by cyber threats

Cybersecurity or cyber attack is a chicken or egg first parody. The one that can only be elucidated by cutting edge technology, right implementation and a human centric approach. With threats revving up at a rapid pace, it is quiet unsettling for organisations, big and small, but there are also definite ways of not giving in to the bad actors, believe experts. Kevin Isaac, Chief Revenue Officer, Forcepoint talks at length to Express Computer about cybersecurity, threats, the human element and much more. Edited excerpts.

Is cybersecurity becoming an important discussion at the board room level? Also, what according to you would be the trends in cybersecurity going forward?

Talking about the trends globally, in cyber, human is at the core of the network. The focus of RSA security convention in 2020 is going to be exactly this – the human.

Referring to the user, I always try to compare it to the application layer of the firewall and that way we are no longer talking about layer 7 of the firewall, we are talking about layer 8 and that is the human. Cybersecurity is also focused on data, it is an asset for companies. Today data being the new oil, the intersection between humans, human behaviour and data is the new horizon for cybersecurity. That is where we are seeing the trends moving globally and companies trying to find a way to manage that new reality.

At a macro level, in cybersecurity, we are seeing a move to analytics with Machine Learning (ML) dominating the larger part of the discussion. Today we prefer to talk about Thick Data rather than Big Data. Thick data is the use of ML integrated with human intelligence. Forcepoint’s X-Labs builds on behavioural analytics and human behaviour, and use thick data as a tool. The market is clearly moving towards AI.

Large enterprises, including fintech companies have huge amount of data around the world are buying user behaviour analytics technology and trying to understand and provide reports to the concerned person. However, the underlying problem statement here is that they have been unable to use their technology to actively stop threats, because the report is not in real time. Therefore, the next step to ensure cyber security is to be able to integrate behaviour with security technology to actually proactively stop bad actors from intruding. Most of the companies are facing a big challenge in this area.

We are also witnessing a trend, where, CISOs are required to be a part of the boardroom more than ever before. And more members with cyber capability are being brought on board, so that they can challenge the CISO rather than just accept what he says.

Also there is a need for more sophisticated approaches for reducing risk, building capabilities around human behaviour and integrating them with the cyber. Substantial work around it is happening in the United States and in the Western Europe at the moment.

Delving deep into the human centric approach, can you broadly explain what does it really mean in relation to data?

Fundamentally, in the past, when we spoke about cybersecurity, it would mean companies adopting protective measures against cyber criminals getting into the network. But the old lifecycle of Assess, Protect, Respond, Recover – is a thing of the past now. Although hygiene in required in the environment, but the fact today is that people are already on the network and it is no longer about keeping people out, they are already inside. The threats now-a-days are different in nature and more evolved.

There three types of threats on the network. First is the accidental insider, an employee who accidentally falls prey transferring a file mistakenly, or an employee can receive a fake email, and click on it thereby giving their credentials to a hacker, and allowing them to enter the network. The second is the malicious insider – a person who has access to data and intentionally wants to harm the organisation. And then the third is the the hacker himself on the network.

Therefore, zero trust has become a very interesting subject. Zero trust is creating an environment where people cannot do anything on the network. This means people are given specific access for their job. Now, while that may be a good start, what if the person on the network is not who they say they are? Zero trust does not really work when the person is on the network, shouldn’t be there in the first place. So we have situations where through phishing, people’s identities can be compromised, and they can get access to the network, or even the two factor authentication, whereby they can spoof the access in some way and get on the network.

Equifax, Target and British Airways are all good examples where companies have spent considerably on security, but not to much avail. This is because they have not taken into account the human element – the individuals on the network- and that is because we are still operating on wrong paradigms which works around systems, processes, departments and users groups. Ideally system or network should be subservient to what people are doing.

So from the house of Forcepoint, are there some innovative technologies to tackle these issues?

We are not the only security company in the world dealing with human behaviour, but there are interesting things that makes us unique.

We are taking human behaviour and building a patent around a technology called ERS or Entity Risk Score. Entity envelopes a wide spectrum, it could be a human on the network or it could be a printer or even an air conditioning system. Remember, with Target the hackers came in through the air conditioning system and then attacked the point of sales system.

With the entity risk score we are able to apply a risk scoring mechanism to a prospect. In case of humans, it can monitor whether they are on vacation? Are they accessing the system in the right way? Which country they are in? All of these factors start to change the baseline of the risk score from zero to 100. And as one move through different thresholds, we are able to use the ERS, to dynamically change a person’s policy on the network. So at the individual level, we can change the DLP policy.

When it comes to India, what would be your broader goals, your GTM strategies?

India has been a very important market for Forcepoint and every year we have been adding people and growing our business. Earlier in India there was customer support branch in Chennai with almost 50 people but now we have expanded further to Bangalore, which houses another 140 – 150 people who are taking care of some of the customers from India, Asia Pacific and global.

In India we also have offices in Mumbai and Delhi. Since, we have invested heavily in the last 18 months, in Bangalore there will be more initiatives coming from us. It is really a great market for us to be able to invest in and benefit from. We have invested heavily in three key centres including Boston in USA for behavioural analytics; in Cork, in Ireland for dynamic Edge technology and in Bangalore for other cutting-edge technologies. We perceive these centres as being core for our future in terms of how we develop our future technologies. In terms of the market, India for us is a shining light and in Asia, India is definitely one of the key countries.


If you have an interesting article / experience / case study to share, please get in touch with us at editors@expresscomputeronline.com

AIanalyticsChief Revenue Officercyber threatsForcepointKevin IsaacML
Comments (0)
Add Comment