Intelligent CIO Logo
AnalysisBlogsEnterprise SecurityTop Stories

Rethinking data security with a risk adaptive approach

Rethinking data security with a risk adaptive approach

Businessman on blurred background using digital padlock to secure his datas 3D rendering

Christo van Staden, Forcepoint Regional Manager for Sub-Saharan Africa, says the two megatrends of cloud-based applications and mobile devices have been a boon for company productivity, agility, and innovation.

The mobile-cloud combo empowers employees to work and be productive literally anywhere. However, the mobile-cloud era has created a conundrum for cybersecurity teams.

If we look at how cybersecurity has traditionally been approached up to this point, it’s centred on threat-centric responses. You built a wall around your perimeter, controlled access in and out of that wall and when something bad happened, you responded. That was effectively your defence and it was relatively easy to implement.

The traditional perimeter has dissolved, primarily because of two changes within the enterprise – the rise of the mobile employee and the wide scale adoption of cloud services. By the same token, cyber activity once easy to define as ‘good’ or ‘bad’ has become nebulous.

This poses a crushing problem to threat-centric security, whose static policies are forced to make decisions about cyber activity with no insight into its broader context. The result is a disproportionate number of flagged activities, overwhelming security teams who have no way to understand the ones most worthy of investigation.

Let’s give an example of how this works in the real world. Imagine an individual – Kate. She is a research chemist who will be giving a presentation to senior leadership. She wants to copy her slides to a USB stick. However, using traditional DLP products, this action would be blocked while yet another alert is sent to IT. The impact of actions like this is that users like Kate will become frustrated and find other, more risky ways to solve their problems.

We can thus see how today’s data protection options are limiting. Static, threat-centric policies that block or allow access to data were only really acceptable when everyone worked within a perimeter.

However, there is a new paradigm. Instead of trying to extend the traditional, event-centric approach by adding more layers or crunching more data, we need a paradigm shift that places human behaviour at the centre of cybersecurity.

Cybersecurity professionals need to focus on two constants – people and data – and where the two come together to conduct business. It’s much easier to classify an action once you understand why someone took the action. This is at the core of increasing the efficacy of security organisations.

By harnessing capability through the power of human-centric behaviour analytics that understand interactions with data across users, machines and accounts, security professionals can gain intelligent context to speed up decision-making.

Forcepoint recently launched its risk-adaptive protection solution, offering the industry’s first automated enforcement capability that dynamically adapts. Forcepoint Dynamic Data protection significantly reduces time to discovery, holistic forensic investigations and alert burdens caused by false positives, allowing security professionals to quickly respond to risk while maintaining optimum business efficiencies.

The system works by integrating behaviour-centric analytics with data protection tools allowing security teams to identify high-risk activity and automate policies to protect data in near real-time, providing the highest security with the greatest end-user productivity.

At the forefront of delivering adaptive security, behaviour-centric analytics ingests data from traditional security systems and non-traditional data sources and then combines them for a richer picture of context around the end users within an organisation.

By fusing data from traditional security systems and output from data loss prevention with that of other organisational sources (e.g. HR, travel logs, email and chat communication), teams get a more informed contextual picture on behaviour to quickly identify anomalies within that picture.

Using this context, analytics directs enforcement toolsets to adapt policies automatically based on changes in risk levels, providing risk-adaptive security to organisations. Risk-adaptive security automatically responds to risk and adapts policies down to an individual user level – controlling data and access on-premises, on endpoints and in the cloud.

Dynamic data protection delivers a system for identifying and investigating entities that post potential risk to critical data and assets. It dynamically applies monitoring and enforcement controls to protect assets based on risk level of actors and the value of data.

The product orchestrates risk insights with adaptive enforcement to remove the need for human intervention. By using Dynamic Data Protection, organisations can solve the fundamental challenges of traditional DLP deployments and more effectively protect sensitive information, including regulated data sources and PII.

When it comes to data, the primary goal for any security organisation is to keep it safe. Keeping users from being frustrated and administrators from being overwhelmed are secondary goals.  We don’t want security departments to have to make that compromise.

Only Forcepoint empowers these organisations to better understand risky behaviour and automate the policy enforcement.  We want to improve efficacy while both allowing low-risk users the freedom to go about their business unimpeded while keeping a better watch on those with a higher risk score – all without putting the burden on the administrator.