Forcepoint’s Human-Centric, Cloud-Delivered Cybersecurity: A New and Effective Approach to Safeguarding Your Network

TL; DR: Forcepoint is on a mission to protect intellectual property while simplifying compliance in a new reality where people make up the network perimeter. As data and applications move beyond the traditional enterprise edge into the cloud, the company is employing new models of cloud-delivered security through products like Forcepoint Dynamic Edge Protection (DEP). With a round of new product releases and events centered on the Secure Access Service Edge (SASE) model for cloud-delivered security, Forcepoint is at the forefront of security innovation.

The move to the cloud has been somewhat controversial over the last decade as businesses weigh the pros and cons of cloud-based versus on-premises infrastructure and security.

But that all changed once we entered the markedly isolated age of coronavirus — at least according to Nico Popp, Chief Product Officer at Forcepoint.

“The cloud has won,” Nico told us. “It has always made sense for security to be in the cloud, but now that everyone is working from home, it’s obvious that the datacenter is no longer the center of gravity. You must put security between users and their data, which is in the cloud. There is no other choice.”

In this new cloud-based reality, Forcepoint is focusing on emerging cybersecurity concepts such as Gartner’s Secure Access Service Edge (SASE, pronounced “sassy”). The company is leveraging this innovative and timely model through products like Forcepoint Dynamic Edge Protection (DEP).

As data and applications move beyond the traditional bounds of the enterprise into the cloud, people become the new network perimeter. In this environment, previous approaches to security can’t keep up. DEP, on the other hand, empowers security teams to deliver advanced web, network, and application security-as-a-service from the cloud to users, no matter where they are working.

Now, with a round of new product releases and events aligned with the SASE model for cloud-delivered security, Forcepoint is further positioning itself at the forefront of security innovation in these unprecedented times.

Nico told us that today’s threats are growing in sophistication and reach — and they’re especially dangerous in new and more vulnerable work-from-home setups. Forcepoint addresses these threats in multiple ways. The first step? Stopping the bad guys.

“Say Joe is working from home,” he said. “What happens is the bad guy is coming after Joe because he has no network, no IT guy. And the bad guys are really effective: We’ve seen cases where 150 people from the Chinese net army go after a single corporation. That corporation didn’t have another 150 people to protect them — and Joe at home certainly doesn’t.”

To protect such users, Nico said Forcepoint employs Threat Protection-as-a-Service (TPaaS) by combining a proxy and firewall as a gateway in the cloud. Additionally, the company offers sandbox servers for advanced malware detection protection and remote browser isolation.

Because Joe needs to access company data from home, data protection also becomes an issue. To ensure data is secure while allowing seamless network connectivity, Forcepoint leverages a unique approach to endpoint security.

“You need an endpoint to steer the traffic to the proxy,” Nico said. “But Joe doesn’t want to send his Netflix traffic to the proxy for inspection. Because the endpoint is intelligent, we can drop that traffic and only send suspicious sites for inspection, which means way less latency and a better user experience.”

After stopping the bad guys and ensuring seamless network connectivity, the user must be able to connect securely to Software-as-a-Service applications such as Office365. That’s where the Forcepoint Cloud Access Security Broker (CASB) comes in, providing complete security for all cloud applications.

“Next, we’re adding Forcepoint Private Access, which I call the little sister of CASB, later this year,” Nico said. “We need to give Joe the illusion that even the on-prem apps are now cloud applications. You don’t want to have a bifurcated user experience — you want everything in the browser. From your browser, you connect to our edge, CASB gives you secure access to the SaaS, and our private access connects you to the on-prem legacy applications.”

Since Joe is now drawing data from the application to his endpoint, Forcepoint employs Data Loss Prevention-as-a-Service. “Corporations are now going to say, ‘Joe has access to the data; what is he going to do with it?’” Nico said. “‘Is he going to print it, send it to his personal Dropbox?’ We can secure that. You should not have GDPR data that you print at home or send to your personal Dropbox.”

Nico said the final piece of the puzzle is addressing the human element via behavior analytics to identify real entity risk.

“We want to protect the company even if Joe now has a bad sentiment about the company and wants to steal information,” Nico said. “We are continuously reassessing the end user in terms of trust. If you’re risky, we’re going to limit the data you can download or we’re going to send you to remote browser isolation more often, etc.”

Ultimately, Forcepoint’s goal is to give companies the ability and peace of mind to digitize their businesses securely — all without hiring an expensive team of security and infrastructure experts.

“Security sets you free to move to a digital environment and allow people to work from home,” Nico said. “We’re that enabler — and by delivering everything as a service, we bring the expertise.”

With Forcepoint, businesses don’t have to worry about complex infrastructure or deployment. “We make sure it’s up and running, and we automate it — because it’s not your job, it’s not your core competency,” he said.

Nico told us Forcepoint takes a holistic approach to user protection that’s both user- and data-centric. That way, customers don’t have to worry about piecing together solutions from different vendors and potentially missing an important step.

“We ensure it all comes together nicely — and not that many vendors can make that claim,” he said. “You cannot protect the data unless you understand the user and their past behavior. So we’re going to focus on the user and the data, to drive security.”

Forcepoint will continue to zero in on the benefits of a SASE approach moving forward.

The company’s SASE Cybersummit 2020, which will take place on Tuesday, June 23, will bring together security providers, experts, and customers to discuss new approaches accelerating digital transformation securely.

The event will teach attendees about the significance of SASE solutions via breakout sessions discussing practical approaches to SASE, behavior-centric analytics, and data protection in multicloud environments, among other topics.

Speakers will include Ramin Besheti, Chief Product and Technology Officer at Dow Jones; Matt Moynahan, Forcepoint CEO; Sandy Carter, AWS Vice President; and Myrna Soto, Forcepoint’s Chief Strategy and Trust Officer.

In addition to the summit, Forcepoint is set to release a lineup of additional cloud-delivered cybersecurity solutions throughout the year.

“We’re launching a lot of new products around SASE,” Nico said. “This fall, we’ll release our new dynamic user protection product, which I love because the agent is less than 30 megabytes, takes less than 30 seconds to install with no reboot, no server, no database, nothing to deploy, no configuration.”

The product will enhance a company’s ability to manage internal risk by focusing on understanding the baseline behavior of users and data to deliver visibility into real-time threats on the network.

“My example is, you see an employee use LinkedIn to activate his resumé, so he’s a flight risk,” Nico said. “He’s taking a screen grab of Zoom with GDPR data, then he goes off wifi to try to move it to a USB drive. We catch that and provide an audit trail of what is done that can be used to drive security.”

This summer, the company will also introduce Cloud Security Gateway (CSG) that will deliver a single converged service featuring integrated web security, CASB, and DLP for the most pressing cloud security and access governance uses cases. Ahead we can expect to see increased availability of converged services in the marketplace, such as CSG, that will enable enterprises to cut costs, reduce complexity and decrease operational overhead while eliminating overlap between products and security teams.