NEW RISK POLICIES
AS THE CHIEF digital information officer (CIO) of Forcepoint, a global human-centric cyber-security company, I get exposed daily to vendors trying to sell me a multitude of technologies. Some come from across the country, while others sit just a few offices away in the same building.
While I have, of course, implemented many Forcepoint solutions, there is nothing compelling me to do so. I have the freedom to choose the technologies that work best for my environment and protect the company.
My chief information security officer (Ciso) and I often have conversations around the types of technology we want to bring in, and one of the most important things we look for are products and solutions that help me do more with less, and that offer superior effectiveness and efficacy.
As with many other organisations of our size, scaling internal security analysts to match the rate of growing threats, while not compromising the speed of resolution, is a challenge.
Any security solution that can help to separate the signal from the noise – either by reducing the number of alerts or helping the analysts to focus on investigations – that’s what I want to prioritise.
When the product team at Forcepoint started sharing this concept of Dynamic Data Protection and how it could start to transform security postures, it piqued my interest, and we stayed close to the solution. As the team got closer to bringing this capability to market, I jumped at the opportunity to be Customer Zero. The prospect of using analytics to establish intent and help inform enforcement was something that hit on all my priorities.
I was delighted to be able to share our story recently at the RSA Conference in San Francisco in a talk titled Extending Behavioural Insights into Risk-Adaptive Protection and Enforcement, and I’ve captured some
We’re still pretty early on in our deployment, but indicators show that we’re scratching the surface of unlocking the potential of this capability.
employee population – who seemed very receptive. Trust is key for the success of a human-centric security programme, and transparency goes a long way.
The next step was to identify the risk policies we wanted to move from being static to dynamic and risk-adaptive. We have chosen to migrate many of our policies to the new framework, but don’t necessarily want to make them all variable related to the risk level of the individual. There are many policies related to compliance regulations, such as General Data Protection Regulation, and sensitive data that we want to ensure will be blocked from data exfiltration.
For those policies, we will select an action plan that “blocks all”, regardless of risk score. We believe these account for about half the existing policies. For the remainder, we believe additional context can help inform the enforcement, and we can add more granularity around the action plans. Our criteria includes conditions where we believe having more information about the behaviour of the