With information now residing and being used just about everywhere, controlling how it can be used is getting evermore complex. Old approaches that statically spell out every possible combination of identity, application, location, time, device, etc. quickly become overwhelming and are impossible to manage, let alone scale. People inevitably get blocked from doing legitimate things, causing late-night fire drills that often lead to security getting disabled for everybody. Fortunately, there is a better way.

In the real world, organizations usually trust their employees to act appropriately for their jobs. Guidelines are put in place as guardrails to ensure that proper processes are followed, but people are given leeway to access and use information in a variety of ways. If somebody starts making mistakes or showing poor judgment, the rules for them are tightened. Only when people cross the line, putting the business at risk are stopped from what they are doing.

Forcepoint is the first vendor to bring this risk-based approach to the digital world to automate and personalize how security controls are applied. Instead of spelling out every combination of possible scenarios, our risk-based policies allow you to “low-risk” users broad access and then dynamically turn up logging or other monitoring for those whose actions might be deemed “medium risk” (going to sketchy websites, trying to copy lots of sensitive data at odd hours, etc.)

Severe controls, such as cutting off access or blocking the use of sensitive data can then be applied just to the people who clearly have violated the organization’s policies, perhaps even putting the organization at risk. Security is automatically enforced where it’s needed without getting in everybody else’s way. It eliminates many of the problems of false positives and alert storms that have become the ongoing nightmare of IT. In a rapidly changing world where information is flowing everywhere and people are working anywhere, this risk-adaptive approach keeps things running smoothly.

Let’s look at a few examples.

Global Investment Bank

Highly regulated industries face intense scrutiny, and this global investment bank knows that all too well. These institutions must maintain compliance with laws set forth by the Securities and Exchange Commission (SEC) and that means gaining insight into what its employees say and do.

By collecting multiple points of data exchanged throughout the organization, the company can use a variety of cybersecurity products to identify instances of insider trading. Previously, this was a manual process that became difficult to navigate as more communication channels were introduced.

Business Value: The new program, built to maintain compliance with the SEC for the business, has produced a 66 percent reduction in false-positives and saved $7 million in annual staffing costs.

Defense Contractor

Staying ahead of the competition dictates the competition in the defense and aerospace sector. The industry is built on innovation and because of that, its intellectual property and sensitive information is always under threat of being stolen.

With a 67,000 strong workforce, this defense contractor uses employee behavior to identify and isolate potential data exfiltration incidents. A variety of cybersecurity solutions enable the business to block actions that might lead to a breach, such as moving data to a flash drive.

Business Value: Protecting blueprints and source code of cutting-edge technologies is critical to the viability – and sometimes, national interest – of this defense company.

Enterprise Energy Provider

Small teams face enormous challenges when they need to safeguard the data usage across tens of thousands of employees. Needing to protect sensitive customer information and secure the grid, this enterprise energy provider turned to Forcepoint.

A variety of solutions enabled the small team to better understand the behavior of thousands of users on the network. The Proof of Concept immediately found 10 security incidents that, when investigated, identified three occasions of credential sharing and four data exfiltration attempts.

Business Value: Monitoring user activity gives the business better insight into possible data exfiltration attempts, saving time, money and reputation that it would lose or see damaged in a data breach.
 

Get Data-First SASE

Interested in learning how a data-first approach to SASE can bring immediate business value to your organization? Set up a demo with us today.

Jim Fulton