A fast-changing threat landscape has changed the cybersecurity priorities of the CISOs across all organizations. Organizations today are facing security threats not only from outsiders, but dealing with a considerable amount of insider threats as well. Preventive measures are no longer enough for organizations to fight these attacks. They need advanced solutions with dynamic protect and response mechanisms. An adaptive Security approach can help organizations assess the risks on a continuous basis and automatically implements security measures to counter the threats. In order to extend this kind of automated and risk-adaptive protection to the organizations, Forcepoint has launched a dedicated research division called X-Labs which aims to augment traditional cybersecurity solutions with behavioral analytics. Alvin Rodriguez, Senior Director, Security Strategist-APAC, Forcepoint talks more in detail.
Is there any emerging threat vector that is extremely difficult for the organizations to deal with?
In order to understand the changing threat landscape, we must look at the evolution of data. Initially, the goal of an attack was to disrupt and challenge the service that a company would give to their customers. But now, with digital transformation underway and data being the new oil, we find that the sort of threats that are coming in right now is very much focused on data exploits, data destruction, and data modification.
Although there has been a shift of focus from the assets standpoint, the tools to exploit vulnerabilities remain the same. Social engineering remains a commonly used form of attack, carried out through email, websites, downloads, spear phishing, and identity compromise. However, there is a new trend emerging that is more pervasive. The threat strategy focuses on exfiltrating data. Malicious individuals find employees who for various reasons, become accomplices. The insider threat can be caused unintentionally also, as the employees may be completely unaware that they have been compromised and have carried out activities to infiltrate into their organization.
How should organizations prepare themselves to protect themselves against these new threats?
We need to move away from the reactive mindset of cybersecurity. What we advocate for our customers is to adopt a behavior-centric analysis of their employees, to identify abnormalities in the way they carry out their day-to-day tasks. Once we identify these abnormalities, we can apply them to machine learning tools to automatically deploy the right policy to address the solution.
There is a lot of concerns about behavioral tracking. How do you help organizations deal with that problem?
The benefit of behavioral analytics is that it is able to identify abnormal behaviors across the entire business landscape, be it on-premise, or on the cloud. To understand the individual’s behavior, we ingest vast amounts of information. The concerns raised here are – how much of resources do I need to collect this data, and am I invading the individual’s privacy while doing so?
What we offer is several out-of-the-box kinds of solutions that identify the precursor of a potentially risky action that will take place. But at the same time, we give the company the latitude and flexibility to adhere to their corporate compliance and company culture.
To ensure privacy, we set governing rules that mandate all information is anonymized at the outset so that even if an employee uses the corporate assets for some personal activities, such as internet banking or transfer of data that is not related to the organization, the company does not track and monitor that, and respects the individual’s privacy. We have also encountered situations where our technology has protected the welfare of employees. For example, we had a situation in the US where an employee’s behavior raised certain red flags, and when the security rushed to the office, they found the employee on the verge of suicide. They were just in time to save that life.
You have recently launched the X-Labs division. How does it help in dealing with these new threat vectors?
Cybersecurity can be a constant game of catch-up, where as soon as you have a solution, a new threat will arise. X-Labs is a specialized research arm focused on behavioral intelligence, where we understand the behavior of users and entities. We have researchers, engineers, data scientists, psychologists and security geeks who look at the elements of human behavior so that we can identify the different characteristics of the individuals’ cyber behavior patterns.
All human beings are creatures of habit and anything that will deviate from that becomes abnormal. So, if we profile the activities of a person, we will be able to monitor the out of ordinary situations and identify the intention behind certain actions. For example, if an individual is planning an unlawful activity, their actions would lead up to the activities that are suspicious. These are the things that we can easily pick up through machine learning and then put them into a behavior pattern that raises a red flag. That is what X-Labs actually does. This helps to reinforce the organizations’ ability to track and mitigate the risks in real-time, minimize false positives, and drive the security posture that they need in today’s dynamic open environment.
What kind of organizations is using this kind of solutions currently?
The biggest segment of customers is from IT/ITes, who are far ahead in terms of using this technology, followed by banking and financial services and healthcare. An increasing number of internet frauds are being reported out of India. Public sector, as well as private sector banks, are having discussions on how they can enhance their security posture by using user and entity behavior analytics(UEBA).
Government is also becoming a big part of our business for the accelerated speed of digitization in governance and citizen services. Whether you take Digital India, Aadhar, UPI, or Bharatnet- all these are efforts from the government to digitize their services, which require them to secure their infrastructure and most importantly the data. The present government is a big proponent of cloud initiative within the country which means the data is also moving to cloud and hence, it requires security at multiple levels. We find both enterprises and government agencies are using our smart cybersecurity solutions in various smart city projects.