Modern workforces require security solutions that not only keep the business and its data secure, but which also ‘enable’ rather than halt productivity. Mike Schuricht, VP of Product Management, Security Service Edge (SSE), Forcepoint, talks us through some of the key security challenges facing organisations and outlines how Forcepoint ONE helps to tackle these.
What security issues have evolved since the move to a hybrid and remote workforce and how does the Forcepoint ONE platform help to tackle these?
For quite some time we’ve been seeing movement to SaaS adoption, with the shift from on-premise Exchange into Microsoft 365 a big catalyst. At the same time, there has been an ongoing move to hybrid work, pushed forward by COVID.
It’s clear that looking ahead, employees will work from everywhere. That changes the dynamic from a threat perspective as employees can now access SaaS applications from unmanaged devices – something that wouldn’t happen in an office – so there are new security issues that have to be resolved.
Forcepoint ONE allows organisations to enable more ‘grey’ scenarios, rather than a black and white approach, by permitting connections that can scale out and connect to people wherever they’re at.
This global network of Forcepoint ONE utilises hyperscalers, so that it’s as close to the user as possible so they don’t experience any latency.
If, for example, an individual was looking at a presentation their boss told them about, the platform can block the ability to download the file, but users can still edit and collaborate with it.
Hybrid work is here to stay and we’re going to see more use cases emerge where organisations need security solutions that enable the business as opposed to the more Draconian allow/block scenario.
How does Forcepoint ONE provide seamless protection against today’s most advanced threats?
From a threat perspective, things have changed. In a hybrid environment, if using a partner’s PC or different device, you can’t be sure that it has the required anti-virus or other security measures in place.
Forcepoint ONE combines advanced capabilities to protect against these different security threats and scenarios. We have a number of OEMs that we combine with internal technology, as well as things like signature identification. If a file is malicious, for example, it can be blocked, or if you see behaviour that’s atypical you can block and control it. We also have the ability to add on capabilities like Machine Learning-based zero-day threat prevention.
Beyond that, there are also malicious URLs, whether sent via phishing or via someone attempting to access a site using an anonymous proxy, or a spam host. Being able to control and block those are key.
We also have a remote browser isolation – RBI – capability where perhaps a site doesn’t classify as malware but is unknown. In that scenario, you can push it through an isolation container and control what happens.
You could allow downloads, for example, but scan any files that come from an unknown site. Or perhaps use content disarm and reconstruction (CDR) technology to permit the download but strip out things that might be malicious on the fly.
One key thing is the association with the channels or paths of data that are important to protect. We need to not only consider the threats, but also what can happen from a data leakage perspective if, for example, someone accidentally dragged a file on to a personal OneDrive or email account.
This is another area that can be controlled in Forcepoint ONE, so there is a lot of flexibility offered.
Can you provide an example of how Forcepoint one has helped to transform a customer’s security posture and the benefits they have received?
It’s really the combination of the hybrid work, SaaS application enablement and being in that ‘grey’ area. Not forcing the old school block or allow scenario, but instead enabling the business.
Through technology such as CASB we can identify applications via shadow IT discovery. We can track these and decide whether there are risks associated and, if so, whether it should be blocked or allowed but brought under IT’s preview.
Forcepoint ONE allows things like discovery of an application, movement into a control plane perspective and then also from a security posture benefit perspective.
Zero Trust Network Access (ZTNA), specifically, is a way to provide access to a corporate file store or application to specific individuals. This could be a contractor or a partner that you’re working with, allowing use of that application while providing security around it.
How does Forcepoint ONE offer a simple path to a Zero Trust architecture?
The simplest path to Zero Trust is to not just permit certain things but continue to inspect them. Technology-wise, you might block a malware site straight up and not allow connectivity, or you could allow movement of data to something that is managed or maybe unknown and unsanctioned at that point in time but inspect what’s going on.
It will sit in the path of traffic for an application with a proxy – that can be a reverse proxy or agentless, for example. Configurability wise, there are also connectors into apps with APIs.
Hybrid work exacerbates the need for Zero Trust. Not only are there standard devices being used outside of the office, there are also mobiles and iPads so it’s difficult to be able to trust any of these.
If I was on a business trip, connected to Wi-Fi in a coffee shop, there is a point for exfiltration and for vulnerabilities to be exploited. This really is about knowing who the person is, allowing access to the things they’re supposed to have access to, but then controlling what they do with the data that they work with every day.
How does the platform simplify security while ensuring scalability and performance?
The platform is built out on top of different hyperscalers, such as AWS. We provide this global network of connectivity and access to applications, while still providing security and control.
There’s actually more than 300 points of presence that exist today in that network from a connectivity perspective. Because it is not built on a strict, rigid model, we can scale up and down on the fly which means there’s no need to purchase finite resources – it just happens automatically.
Similarly, if a new customer comes on board, on a shared multi-tenant service, and they have 100,000 or more users, we don’t want that to affect another customer’s ability to protect their applications.
Regardless of the other tenants that are in the environment, we’re able to provide control and that sets Forcepoint ONE apart from many other technologies in the SASE and SSE Magic QuaDrant spaces.
How do you plan to work with customers to make sure their journey to a converged security strategy is a success?
I think this is key and what differentiates Forcepoint and the platform in general. We have professional services and deployment engineers who help and guide people but what really is needed is a ‘holding your hand’ type approach.
We have common guidelines and best practices for what security you might want to apply such as controlling access to sanctioned SaaS applications but disallowing the upload of sensitive data which might be a customer list to a personal account. Blocking those threats on the fly is key.
There are many different options but the journey starts with realising what’s possible and, as I’ve outlined, there are many different options that can be enabled as it’s really flexible.
What does the future hold for Forcepoint ONE and how do you see it evolving as part of your commitment to your customers?
Forcepoint ONE was launched in February of this year. It’s built upon some technologies that have been acquired over the years and is an extension of Bitglass, which was a CASB and SSE provider, providing ZTNA and secure gateway.
Prior to that, Forcepoint had a rich portfolio and there are some other acquisitions that occurred too, constantly growing the capabilities.
When this happens, you can sometimes end up with a portfolio approach rather than a platform but with Forcepoint ONE, it is all about providing these services in a platform.
We’ve integrated everything into one place so you’re not switching between management consoles – you’re natively using one for centralised configurations, reporting and blocking threats, regardless of where your users are.
Evolution wise, we continue to see this extension of these broad capabilities and expansion inside the portfolio.Click below to share this article