Forcepoint is a global cybersecurity leader for user and data protection. Solutions. Jawad Toukna, who has been heading sales and operations as the Director of Regional Sales for the MENA region at Forcepoint for over 10 years, elaborates on Forcepoint’s behavior-based solutions that adapt to risk in real-time and are delivered through a converged security platform
Please discuss how a SASE approach towards cybersecurity is quite critical and unique to ensure better security in the multi-cloud era?
The Coronavirus pandemics forced a mass shift toward supporting large groups of remote workers, creating a scenario where organisations need to focus on protecting data and users in a hybrid IT ecosystem. Since users can now access data from anywhere and from any device, it has given rise to a new category, an age our Chief Product Officer – Nico Popp calls as ‘the unbound enterprise’.
Securing the unbound enterprise is about protecting users and data in a distributed and diverse environment, one that bridges traditional on-premises infrastructures, including the home office, to multi-cloud and multi-SaaS ones.
At Forcepoint, we understand the transformation our customers currently face. And, we are committed to helping our customers meet their mass telework security needs. What enterprises’ require is a tight integration of capabilities that cross traditional product boundaries to solve today’s pressing security problems, such as delivered through a Gartner’s Secure Access Service Edge (SASE) architecture approach.
Do your solutions cover both on-premise as well as cloud-based applications?
Yes, gone are the days when work was confined within the four walls of any organisation. Even before the pandemic, enterprises moved towards employing a hybrid IT architecture that split IT functions between on-premise and cloud platforms. Forcepoint’s on-premise appliances provide high-capacity throughput for large offices while the cloud secures smaller satellite offices, mobile users and lately remote workers.
Your three pivots of cloud security seem to be around data protection, insider threat and network security – please elaborate regarding this?
Enterprises should focus more on detecting and preventing potential breaches rather than cleaning up after a breach has already occurred. Forcepoint’s range of cybersecurity solutions helps in securing organisations from cyber threats by identifying and preventing breaches before they occur.
Traditional security tends to take an outside-in approach, starting with the perimeter and building layers of security toward the data, all to keep the bad guys out. As many companies started to realize during the Sunburst attack—that’s an approach that falls short. So why not take an inside-out approach instead? Attempts to rein in users and data tend to be counterproductive because they usually cost organizations dearly, both in terms of production and overall efficiency. A user and data-centric security approach no longer starts with where they reside. No longer tethered to a fixed network, unbound employees become liberated from hardware infrastructure limitations of the past.
When it comes to network security, nowadays it’s all about protecting the distributed network. We need to look at enterprise-class SD-WAN, advanced intrusion prevention, and seamless integration with the cloud-based SASE security we discuss above.
No matter how robust security strategies are, data breaches will continue to happen. As users continue to work remotely, they’ll continue to introduce new security risks. The cybersecurity path forward requires a deeper analysis of behaviors. The first step is establishing a behavior baseline at the individual level. What constitutes normal behavior? What behavior is unusual? Bad actors impersonate our employees to access and steal our data. Taking a closer look at how users interact with data no matter where it resides will help move the unbound enterprise left of breach. The deep understanding of behavior and risk creates a shift in security strategy—one where policies no longer have to be binary but instead, automatically personalized to the user.
How is SASE redefining security as we know it, and how does your approach stand out?
Gartner’s SASE (Secure Access Service Edge) architecture can help organisations safely connect their users to the data, applications, and resources they need to be productive in a rapidly changing world. SASE brings the network and its security back to where applications and data really are: the cloud. It is geared towards platform-based solutions that unify web, network, and app security.
Gartner has recognised Forcepoint as a representative vendor within the emerging SASE market. Forcpoint’s network and data protection solutions implement the SASE model, weaving together advanced security capabilities such as firewalling, intrusion prevention, web content inspection, malware scanning, URL filtering, application access, and more into a single, unified cloud service. This converged approach eliminates gaps and redundancies to stop attackers from breaking into an enterprise from the internet, web content, or cloud apps—consistently, no matter where people work.
Discuss some key features of your CASB solution?
In past years, control over data was tight, but with the introduction of the cloud and mobile workers, that’s no longer the case.
You need visibility into cloud usage, including who uses which apps, their departments, locations, and devices used. Our CASB solution provides the visibility and control needed to keep data safe as it moves into the cloud, and it does this in three ways:
- Discovery: providing a global view of all cloud apps being accessed by end users. It enables enterprises to see important metrics like traffic volume, hours of use, number of accounts and number of apps added over a given period of time.
- Risk Assessment: Our built-in use and entity behaviour analytics functionality identifies anomalies or high risk activities based on a continuously updated behaviour risk score.
- Protection and Control: Enterprises will be able to automatically enforce policies and protect against credential miss use and malicious insider acts. This will enable identification of user activities on unmanaged devices accessing unsanctioned cloud applications, which is a hot bed for risk.
How is your Continuous Zero Trust security different from a traditional approach to zero trust security?
Zero Trust is one of the hottest topics in cybersecurity. Forrester predicts that Zero Trust architectures will grow 200% in 2021. Forcepoint combines the best of both worlds by putting SASE and Zero Trust together to create the Zero Trust Network Access (ZTNA) – a cloud-based architecture for more efficiently and more securely protecting people and data no matter where they are.
Delivered as a cloud-based service such as Forcepoint’s Private Access, ZTNA systems tailor each user’s access to just the specific applications they need. Everything else on the internal network remains hidden. This approach makes it possible for networking teams to provide remote access to line-of-business applications while security teams retain the visibility and control, they need to keep the enterprise safe.
Discuss key details of the insider threat management program?
Unfortunately, malicious outsiders aren’t the only ones organisations should be on the lookout for. The truth remains that people are the largest threat in any business. According to Varonis, a third of all data breaches in 2018 involved internal actors, and In 2019, on average, every employee had access to 17 million files and 1.21 million folders.
Traditional insider threat solutions were designed for the traditional infrastructure-centric security. A combination of SASE and Zero Trust provides the security team with the ability to respond to insider risks in real time, achieved by feeding further user activity signals from endpoint monitoring and access control systems, along with the signals from the SASE environment, into the insider threat analytics.
Discuss your focus in the Middle East region and the company’s growth/ performance regionally last year in the face of COVID-19 disruptions?
The Middle East remains an important market for Forcepoint the adoption . The region is one of the highest growing regions globally due to its focus on digitalisation, even prior to the pandemic. Forcepoint has registered a double digit growth in the market and will continue to invest in the region. We are serving customer demand as a trusted adviser leading cybersecurity solutions in the region.
The pandemic meant that customers needed to pivot to remote working and we were privileged to be able to support them with their network security (SD-WAN, VPN, NGFW) as well as data security needs (CASB, DLP) during this difficult time.
Looking ahead, we see more positive moves for customers and prospects as digital transformation continues apace. We expect to see growth in many industries, particularly but not limited to healthcare ,Government, financial services, infrastructure, telecoms, business services.