Forcepoint's cloud-native approach to user activity & insider threat monitoring
Forcepoint has unveiled what it is calling the industry’s first cloud-native user activity and insider threat monitoring solution delivered as a service.
Forcepoint’s new software-as-a-service (SaaS) solution, Dynamic User Protection, is the result of bringing user activity monitoring (UAM) and insider threat detection to the cloud.
With no policy configuration required, security teams can gain real-time visibility into risk behaviours that might indicate compromised or malicious users in hybrid cloud environments.
Forcepoint’s chief product officer Nico Popp says the next phase of cybersecurity requires risk management across the cloud, network, and endpoint.
The company explains that security is firstly a matter of visibility, which is something that can be appropriately managed on corporate networks, but it is a different story when people work from home. Remote working creates visibility blind spots into user activities and access to sensitive company information.
Furthermore, the majority of breaches involve human error and compromised user credentials. It is important to maintain visibility to protect the organisation from breaches, no matter where employees are.
“With Dynamic User Protection, Forcepoint is changing the rules of the cybersecurity game by delivering global enterprises the ability to automatically enforce security policy across all control points tailored to a specific end-user based on the risk they represent,” says Popp.
Dynamic User Protection delivers easy-to-deploy user activity monitoring and it also brings mainstream enterprise access to continuous risk assessment across security control points.
The solution also provides ‘risk scores’ to assist with risk assessment. These scores are based on indicators of behaviour, which feed into an analytics engine to determine the overall risk of an entity.
Indicators of behaviour provide context to risk assessments – an important part of determining true risk scores that can determine whether an entity is good or bad.
Dynamic User Protection also uses analytics data to minimise false positives and intelligently automate a policy response.
By understanding user risk in real time, security teams and enterprises can get ahead of a potential issue by prioritising risks that could indicate a future breach.
Forcepoint APAC senior director of strategic business, Nick Savvides, says, “By understanding human behaviours, we are able to proactively detect risk and secure data and intellectual property. Our industry-first cloud-native DUP solution gives security teams real-time visibility into risky behaviours within hybrid cloud environments, allowing security teams to identify potential breaches and reduce security friction.”
Enterprises can also forge ahead with implementing zero trust and CARTA frameworks. This is a major step up from traditional data loss prevention solutions, which tend to rely on audit-only deployment.
Dynamic User Protection is fast and easy to deploy with a small 30MB footprint on the endpoint that installs in under 30 seconds with no reboot required. Dynamic User Protection also uses Forcepoint’s unified agent to auto-update, meaning enterprises have an always easy-to-manage cloud-delivered UAM.
Key Dynamic User Protection features include:
- Autopilot: pre-configured user risk assessment that continuously collects, enriches and correlates events on the endpoint in order to detect anomalous behaviour
- Anomaly Detection: sets of observed data establish an entity’s baseline activity for specific applications and actions; and, observed data are analysed with the anomaly
detection engine to identify outlier behaviours and alert to real-time security risk.
- De-centralised Analytics: performed on the endpoint versus the centralised approach with traditional UAM/Insider Threat solutions
- Risk Calculation: continuous assessment of entity activity and risk impact generates a dynamic risk score that goes up and down based on the level of risk
- Risk-Adaptive Policy Enforcement: based on the risk score, risk-adaptive DLP policies automate security response based on the level of risk. Enforcement options include Audit, Block, Notify, Confirm Prompt, Encrypt and Drop Email Attachment.