Security Market Segment LS
Friday, 17 May 2019 16:15

10 things we learned from Forcepoint’s 2019 Conference

Forcepoint's 2019 conference was held in Kuala Lumpur Forcepoint's 2019 conference was held in Kuala Lumpur Nick Ross

Forcepoint held its annual APAC conference in Kuala Lumpur, Malysia this week. The network security company, which specialises in behavioural and analytics-based protection, gave industry insights, talked about forthcoming products and announced survey results in addition to interfacing with channel partners.

The most notable takeaways were as follows:

  1. Analysing user behaviour in order to identify security concerns is opening the door to identifying productivity gains according to CRO, Kevin Isaac.
  1. One trillion dollars has been spent on cyber security in the past seven years and no CSO feels any safer. Isaac said that it’s an embarrassing statistic for his industry and that the 95% failure rate of protection investment spoke for itself. He asked the rhetorical question, “When we spend the next trillion dollars, are we expecting the same result?” He also alluded to recent survey which stated that 100% of CSOs believed they are going to be victims of phishing attacks breached through phishing in the next year. He stated that security incidents in the Enterprise had increased a massive 26% in the past year despite a 9% increase in budget. He said that figures like these justify taking a different approach to security.
  1. Forcepoint approaches network security in a different way to competitors, where possible, in that it focuses on analysing user behaviour across networks and devices and creating risk scores for anomalous activity. These include flagging account logins on computers in countries where the user isn’t present, creating folders and copying significant information from network drives into it (this can demonstrate a hack in progress or be a precursor to a disgruntled employee exfiltrating data because they are about to quite the company). By looking at all areas of activity (including physical location) additional threat insights can be identified and checks or lockdowns put in place as appropriate.
  1. That while it’s known that users are commonly the weakest link in a security environment, your most valuable employees are also the ones who can (deliberately or not) cause the most catastrophic breaches. See video below.
  1. Privacy is a key issue. Monitoring behaviour of users to such a microscopic level is enough to detract employees from ever working in an organisation. Forcepoint makes a point that only the behaviours and not the content are monitored and once the insights are gained the information is destroyed. When asked how they could certify/prove such practices were actually happening (whether by openness or third-party auditing), CTO, Nico Fischbach, pointed out that no such privacy certifications existed but that the conversations were already happening within the IAPP (International Association of Privacy Professionals) because they were needed going forward.
  1. Behavioural security is not just about humans. Vulnerable IoT devices and malicious bots are proliferating but “Baselining the behaviour of a microprocessor is a lot easier than baselining the behaviour of a human.”
  1. Enterprise solutions could help children in schools. While full monitoring brought with it serious privacy issues, there was some scope for identifying the likes of vulnerable/mentally compromised children or those who might be researching a massacre materials.
  1. That many organisations aim to tick compliance boxes instead of genuinely-reducing risk. The example was given that if you went to a hospital, would you want your information simply to be compliant or genuinely secure? Isaac believes, Many CSOs aim to tick boxes to protect themselves from compliance-related prosecution and to be able to report to their superiors that official best practice had been followed.
  1. Customers hate DLP (Data Loss Prevention) solutions. It get’s installed but can’t be activated because users don’t like it. It creates friction, and stops them doing their job. Behavioural analytics is never seen and so doesn’t get in the way. One Wall Street bank was using behavioural analytics in their regulatory compliance space for traders – ingesting email, voice and chat and looking for behavioural issues to help prevent insider trading. They were catching more DLP risk and incidents there than they were with the straight DLP product because behaviour was more interesting than DLP.
  1. Zero trust security is less secure than adaptive trust. Relying on ultra-secure credentials simply doesn’t work on its own because credentials can be stolen.

The writer attended the Forcepoint conference in Malaysia as a guest of the company


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Nick Ross

Nick Ross is a veteran technology journalist who has contributed to many of Australia's top technology titles and edited several of them. He was the launch editor of the Australian Broadcasting Corporation online Technology section.


Forcepoint made a great video illustrating how your best employees can be the biggest security weakness Forcepoint



Recent Comments