18
Extending Behavioural Insights to drive Risk Adaptive Protection and Enforcement Peter Heim VP EMEA – UEBA
Extending Behavioural Insights to drive RiskAdaptive Protection and Enforcement
Peter HeimVP EMEA – UEBA
Copyright © 2018 Forcepoint. | 2
DIGITAL TRANSFORMATIONMEETS CYBERSECURITY
Copyright © 2018 Forcepoint. | 3
WHAT WE ARE TRYING TO SOLVE?
Protect importantdata and intellectualproperty wherever itresides, without:
Copyright © 2018 Forcepoint. | 3
Frustrating usersOverwhelming Security/IT OpsFalse positives / negatives
WHILE ENABLINGBUSINESS TO FLOW
Copyright © 2018 Forcepoint. | 4
WHY THREAT-CENTRIC ISN'T ENOUGH ANYMORE
Copyright © 2018 Forcepoint. | 4
An effective solution should cut through the noise of alerts,highlight early warning signals to prevent the loss of important data.
Dynamic Data ProtectionUEBA + DLP
RISK-ADAPTIVE
DATA-CENTRIC
UEBAForensic Analysis
INSIDER THREATConstant Monitoring
DLPBlock or Allow
CASBCloud App Security
ANTI-VIRUSFIREWALL
SECURE WEB GATEWAYNGFWEMAIL GATEWAY
THREAT-CENTRIC
Copyright © 2018 Forcepoint. | 5
AN EFFECTIVE SYSTEM An effective system cutsthrough the noise ofalerts, highlights andgradually reacts to earlywarning signals toprevent the loss ofimportant data.
Copyright © 2018 Forcepoint. | 5
DATAPEOPLEPEOPLE DATA
Understanding the intersection ofpeople, critical data and IP overnetworks and hybrid IT systems
Risk-Adaptive Protection
THE INTERSECTION OF PEOPLE AND DATA
Copyright © 2018 Forcepoint. | 6
Copyright © 2018 Forcepoint. | 7
Policy: encrypt fingerprinted filesto USB drives but allow others tobe copied.
LowRiskGroup
1
Policy: observe Kate much moreclosely with video cached on herlocal system.
MediumRiskGroup
2
Policy: observe Kate’s every user& machine detail and block all datatransfers or copies anywhere.
HighRiskGroup
3
EXAMPLE: DATA PROTECTIONTHAT IS RISK ADAPTIVE
Actions vary based on the risk levelof identities and the value of data
Copyright © 2018 Forcepoint. | 7
Copyright © 2018 Forcepoint. | 8
Cognitive Security
Human Risk Reduction
SOC 2.0
OT meets IT
DX 2.0
etc.
“”
RISK-ADAPTIVEREQUIREMENTSARE A REALITY
HOW TO REDUCE BUSINESS FRICTIONAND INCREASE TRUST
INTRODUCING A RISK-ADAPTIVEPROTECTION PROGRAM
Copyright © 2018 Forcepoint. | 10
SECURITYEFFECTIVENESS
Data-centric Risk adaptiveThreat-centric
UEBA
Anti-Virus Firewall Secure Web Gateway
NGFW Email Gateway
DLP CASB
Source:Gartner: Use a CARTAApproach to EmbraceDigital BusinessOpportunities in an Eraof Advanced Threats
WHY MATURITY IS KEY
Copyright © 2018 Forcepoint. | 10
Anti-Virus Firewall Secure Web
Gateway
NGFW Email
Gateway
DLP CASB
UEBA
BUILDING A HOLISTIC VIEWOF THE EMPLOYEE
• COMMUNICATION CHANNELS
• SYSTEM LOGS
• TRADITIONAL HR DATA
• PHYSICAL SOURCES OF DATA
Copyright © 2018 Forcepoint. | 11
Copyright © 2018 Forcepoint. | 12
01
FOUR STEPS TO ROLLING OUT RISK-ADAPTIVE PROTECTION
EstablishPrivacy Policy 02 Establish
Risk Policy
03EstablishEnforcementBaselines
LaunchRisk-AdaptiveProtection
Copyright © 2018 Forcepoint. | 12
04
Copyright © 2018 Forcepoint. | 13
Respect the privacy of employees.
Conform with privacy laws inrelevant nations.
Privacy and Security are notmutually exclusive. Involve Legaland HR.
Focus on transparentcommunications with employees.
Establish clear Workforce DefensePolicy and Procedure.
01 EstablishPrivacy Policy
Copyright © 2018 Forcepoint. | 13
Copyright © 2018 Forcepoint. | 14
02 EstablishRisk Policy
Copyright © 2018 Forcepoint. | 14
Copyright © 2018 Forcepoint. | 15
Identify specificusers to pilot
Enable audit-only rulesto fine-tune policies
Learn behavior baselinesfor 30 to 45 days
Calibrate risk policies andenforcement procedure
Copyright © 2018 Forcepoint. | 15
03EstablishEnforcementBaselines
Copyright © 2018 Forcepoint. | 16Copyright © 2018 Forcepoint. | 16
04LaunchRisk-AdaptiveProtection
= CISO + CIO/CTO + HR + DPO + Corp Comms
Copyright © 2018 Forcepoint. | 17
EMPLOYEEBOARDSECURITY/ IT TEAMS
Copyright © 2018 Forcepoint. | 17
RISK-ADAPTIVEPROTECTION BENEFITS
THANK YOU
Copyright © 2018 Forcepoint. | 18
