Tag Archives: ForcePoint

4 Steps to Applying Zero Trust to Content Security

Posted on by
Reply

As organizations adopt zero trust architectures, there’s one key area that seems to be overlooked: the content layer. And yet, security vulnerabilities at this layer pose significant, and extremely common threats. In fact, research reveals that a large portion of companies share sensitive content with over 2,500 third parties and use multiple tools for content communications.

Given the vulnerable nature of content exchange, it’s important to extend zero trust principles right down to the emails, documents, and files that we all share every day. But there are reasons why organizations do not do this regularly. For example, enforcing access rights can be tricky, especially in large organizations or companies with significant turnover. Tracking and monitoring every file type is impossible, as is adequately classifying every type of content.

Forcepoint Kiteworks Collaboration Zero Trust Blog Embedded Image 2024

Forcepoint’s new partnership with Kiteworks, a leader in data privacy and compliance for sensitive content communications, changes everything. Together, we’ve developed the industry’s most powerful solution for true zero trust security at the content layer. It combines Forcepoint’s Content Disarm & Reconstruction (CDR) and Data Loss Prevention (DLP) solutions with Kiteworks’ Private Content Network (PCN).

This combination allows organizations to take a highly effective four-step approach to zero trust content security by:

  1. Making all content untrusted by default – Applying zero trust at the content layer entails assuming that all data is malicious until proven otherwise. Ensuring content is secure and delivered safely requires deconstructing—and reconstructing—the information that’s being sent. Forcepoint’s Zero Trust CDR extracts information from files, verifies that the information is secure, and builds new, functional files to carry the information to its ultimate destination.
  2. Enforcing least-privilege content access – Least-privilege access management is a core tenet of zero trust security; our solution extends this practice to the content layer. It applies access control for applications to all content assets and allows organizations to assess who is sending, sharing, receiving, viewing, altering, or saving content. Companies can also monitor from where and to that content is being sent.
  3. Monitoring content for potential vulnerabilities – Most organizations employ some form of network monitoring and have done so for years. Effective content monitoring employs the same principles of complete, real-time visibility and unified control. Our joint solution consolidates content communication channels for easy management and closely monitors each asset to ensure content is free of vulnerabilities.
  4. Integrating policy management tracking and controls for data loss prevention – Tracking and monitoring content collaboration and communications is essential to prevent sensitive content from falling into the wrong hands. Our solution allows organizations to discover, classify, monitor, and protect data, track and control sensitive content, and audit user behavior—mitigating data loss.

This “trust no content” approach addresses all content security gaps. It provides organizations with assurances that the content their users are reading, sharing, and using is well-protected and free of malware.

Moreover, it makes implementing and managing zero trust content security an easy, frictionless experience for both administrators and users alike. Admins have everything they need to manage content security from a central location, and users will not experience any delays or inhibitions in their ability to collaborate or communicate.

Contact a member of our team today to learn more about Forcepoint’s and Kiteworks’ new solution and schedule a demo to start taking the steps necessary to bring zero trust security to your content.

3 Cybersecurity Trends Not to Overlook in 2023

Posted on by
Reply

If 2021 was the year cybersecurity took center stage – ransomware attacks on governments surging 1,885% worldwide, an executive order requiring federal agencies to achieve zero trust security – then 2022 was the year agencies got serious about cleaning things up.

While some organizations have made more cybersecurity progress than others, virtually every agency leader understands the mission-critical importance of strong security. So, if you’re like many government decision-makers, you want to know what to keep on your cybersecurity radar for 2023.

While ransomware and zero trust will remain top of mind, you’ll want to pay close attention to these three trends in the year ahead:

  1. Synthetic identity fraud will call for innovative solutions. The anonymous nature of cyberspace makes it easy for malicious users to create fake accounts such as social media bots. At the same time, the dark web buying and selling of stolen personally identifiable information (PII) has become big business.

Now these phenomena are coming together with the rise of “synthetic identity.” Synthetic identity fraud combines multiple credentials – some real, some fake – to fabricate a new identity. Fraudsters use synthetic identities to, for example, apply for financial accounts and build a history for what looks like a legitimate identity.

That’s a problem for agencies as they move toward digital identities verified through financial records. Credential verification will involve the online review and exchange of millions of files such as passports, financial statements, and legal documents. The associated websites and content are more than likely to contain malware.

The solution? Remote browser isolation (RBI) and content disarm and reconstruction (CDR). RBI allows users to view websites in an isolated web session so that malicious code is blocked from reaching devices. CDR deconstructs and reconstructs files as they’re transmitted so that content is sanitized and malware-free.

  1. Insider risk will gain new significance. Societal currents like hyper-partisanship and online misinformation have hardened political identities, even in nonpolitical government organizations. Rapid swings from onsite work to remote work and then back to the office have disoriented and disgruntled employees. These factors are combining to create a perfect storm of insider risk.

But the definition of insider risk is changing. It’s no longer only about unauthorized system access or theft of sensitive data. It can also include negative behavior that affects workplace productivity, safety, and culture.

Such drivers are leading agencies to expand their use of user activity monitoring (UAM). Effective UAM tracks employee use of your network to look for anomalous behavior. It can be combined with behavioral analytics to establish a baseline of typical activity and assign a risk score for each user. As a user’s activity veers from baseline, their risk score increases, alerting security analysts to potential issues.

Agencies will need to build employee risk profiles legally and respectfully. But the technologies and protocols exist to ensure that UAM and behavioral analytics aren’t abused while they bring insider risk under control.

  1. Multicloud will require cybersecurity unification. An agency’s cybersecurity perimeter used to be the edge of its network. Now it’s the edge of its data. As a consequence, the concept of network-level security will fade away. Instead, security will become a matter of data access and control. Achieving that goal will require agencies to consolidate, unify, and simplify their security capabilities.

Much of this trend is being driven by the multicloud phenomenon. No organization relies on a single cloud today. Cloud now involves XaaS, or “anything as a service”: software, platforms, infrastructure and containers, plus private on-prem clouds. Multicloud is any cloud service that delivers data to an agency’s employees, contractors, or constituencies.

Agencies can no longer cost-effectively secure the data from all these cloud sources by using traditional point solutions. Instead, they need to consolidate their protections on an  all-in-one, cloud-native cybersecurity platform.

Unified security should apply to any data accessed through any website, cloud application, or on-prem application. It should also control how employees, contractors, and other stakeholders use agency-issued or personal devices so that no one can bypass security enforcement.

The emergence of synthetic identity fraud, the evolution of insider risk, and the growing prominence of multicloud are three trends that will keep cybersecurity front and center for agencies in 2023. Fortunately, innovative solutions can help organizations stay ahead of their cyber risk.

 

Visit our website to explore all of Forcepoint’s predictions for 2023.

3 Cybersecurity Trends to Consider for 2022

Posted on by
Reply

In recent years, the world of cybersecurity has been turned upside down. As government employees shifted to remote work, new vulnerabilities emerged, and bad actors continued to innovate.

Around this time last year, the Sunburst hack was discovered. Malware inserted into the software compromised a long list of organizations, including numerous federal agencies. Then, in May of 2021, hackers targeting the Colonial Pipeline shut down thousands of miles of fuel transport and demanded a significant ransom. But while these attacks made headlines, hundreds of other cyberattacks flew under the radar. In fact, according to Redscan Labs, more cyber security vulnerabilities were reported this year than ever before. 

To help prepare government employees to face new cyber challenges and the growing number of cyberattacks, here are three predictions on what’s to come in the year ahead.

Militaries will leverage cyberattacks: Earlier this year, a disruptive and high-profile ransomware attack on Colonial Pipeline halted thousands of miles of pipeline and disrupted a large part of the east coast of the United States. Going forward, I expect more nation states will look for vulnerabilities in government and critical infrastructure as an alternative to warfare, or as part of it. However, the use of cyberattacks in warfare isn’t new. For instance, in 2017, the Russian military launched a cyberattack that planted ransomware in numerous multinational corporations. Many years before that, a sophisticated computer worm called Stuxnet, reportedly a joint creation of the U.S. and Israel, destroyed nearly one-fifth of Iran’s operating centrifuges, which are used to enrich uranium for nuclear power. But in 2022 and beyond, we expect military-sponsored cyberattacks to become frequent. Kinetic efforts will be preceded by cyberattacks, similar to a naval bombardment prior to launching a beach assault in WWII.

Criminals will imitate successful hacks: Anytime a major hack makes headlines, it’s not just industry and government executives who take notice. Bad actors are paying attention too. The Sunburst attack, for instance, used highly sophisticated malware hidden inside legitimate software updates. It was an unusually complex and sophisticated attack. Once a technique is proven to work, copycat attacks will follow suit. For instance, this past summer, Irish IT solution provider, Kaseya, was hit by a similar technique; its remote-monitoring tool was infiltrated with malware, allowing attackers access to multiple end customers. As we look to next year, we can expect to see a significant rise in criminal copycats utilizing software updates to install detrimental malware.

Zero Trust becomes the only way forward: Between copycat attacks and attacks targeting critical infrastructure, it’s obvious organizations must adapt their cybersecurity postures. IT leaders may embrace a standard of 100% prevention, which will be achieved through zero-trust principles and technologies like content disarm and reconstruction (CDR). CDR intercepts documents at the network boundary, re-creates the content from scratch and eliminates any corrupted elements, and delivers them clean and safe to the intended recipient. Moving forward, cyber teams must assume everything is corrupted, sanitize it all, and ensure least privileged access. This is radical thinking, but existential threats like ransomware demand a fresh approach.

If we’ve learned anything from the cybersecurity events of 2021, it’s that the government must adapt its posture to address vulnerabilities. With the looming threat of military-sponsored cyberattacks, copycat attempts and newly developed attack methods, we must leverage these predictions to strengthen our perimeters to withstand evolving threats.

 

Visit our website to learn more about how Forcepoint can support your organization’s cybersecurity needs.

The Ongoing Quest for Cybersecurity

Posted on by
Reply

 

Government agencies were already under pressure to modernize their cybersecurity strategies before the pandemic hit, and as workplaces closed and government employees struggled to access data and systems from makeshift home offices, the cybersecurity risks grew. The use of virtual private networks in the U.S. increased to match the early spike in COVID-19 cases, rising 124% in the two weeks from March 8 to March 22, 2020, according to Statista. Around the same time, the Cybersecurity and Infrastructure Security Agency (CISA) issued an alert titled “Enterprise VPN Security,” which offered both warnings and guidance on how to handle the surge in usage. With so many employees logging in remotely, agencies found that they had to shift their focus from securing a well-defined perimeter to securing the data that fuels government operations. In a recent survey of FCW readers, protecting data topped the list of cybersecurity priorities, with 75% of respondents citing it. In response to such concerns, CISA released its Ransomware Guide in September 2020. And in May, President Joe Biden mandated that agencies adopt zero trust in his Executive Order on Improving the Nation’s Cybersecurity, and the National Security Agency released a paper a few months ahead of that mandate titled “Embracing a Zero Trust Security Model.” Read the latest insights from industry thought leaders in Carahsoft’s Innovation in Government® report on cybersecurity.

 

The Future of Cybersecurity is Autonomous

“Analysts have too much atomic data and not enough context about that data. When they don’t have the full picture, they can’t take appropriate action. Re-creating each attack by hand takes painstaking care. And though analysts often relish this challenge, there’s simply not the time to do so for every presented case. Forward-thinking organizations are using artificial intelligence/machine learning (AI/ML) capabilities to fortify user endpoints and server workloads across an array of operating systems. These automations are designed to monitor the growing number of attack vectors in real time and present the full context of an attack in an easy-to-understand view that’s modeled after a kill chain.”

Read more insights from SentinelOne’s COO, Nick Warner.

 

Tailoring Zero Trust to Individual Users

“Zero trust is an important construct for helping agencies protect their infrastructure in today’s cybersecurity landscape. It focuses on accrediting individuals and their access to government resources. Agencies should make those decisions about access based on a comprehensive understanding of users. Security policies that treat all users as equally risky can be restrictive. Such policies set the bar high and hamper employees’ ability to work, or they set the bar low, which defeats the purpose of having security. Instead, agencies should evaluate users on an individual basis by taking the time to understand what employees do and how they do it — what’s normal behavior and what’s not. Then they can assess the risk of an individual based on that context.”

Read more insights from Forcepoint’s President of Global Governments and Critical Infrastructure, Sean Berg.

 

Modernizing Security for a Mobile Workforce

“Securing data and apps begins with positively identifying the user. In government, agencies have used multifactor authentication and all kinds of certificates, but those are simple pass/fail security checks. Once users are allowed to cross the security barrier, they often have wide-ranging access to government resources. This means adversaries and malicious (or careless) insiders passing the security checks receive free rein as well. Government needs to move to a continuous authentication model, which leads to better security and a better user experience. It involves seamlessly authenticating users every step of the way — when they touch the keyboard or scroll through an app on a screen. That activity, down to the microscopic vibrations in a person’s fingertip, can be sensed and understood so that IT administrators can answer the question: Is this really the authenticated user, or is it somebody else?”

Read more insights from BlackBerry’s Chief Evangelist, Brian Robison.

 

The Dangers that Lurk in Mobile Apps

“Government employees are increasingly reliant on mobile applications to do their jobs. But without formal monitoring programs in place, agencies might be unaware of the risks inherent in commercial and government-built apps. As a result, few agencies are investing resources and time to address a serious problem. The average mobile device has 60 to 80 apps, representing a huge potential for vulnerabilities at agencies whose employees are using those devices for work. Thousands of apps could be tracking employees or intercepting data. NowSecure founder Andrew Hoog has said mobile apps are the ultimate surveillance tool, given the mix of personal and mission activities in one space.”

Read more insights from NowSecure’s Chief Mobility Officer, Brian Reed.

 

Why Data is a Critical Cybersecurity Tool

“Once agencies have gathered their data in a scalable, flexible platform, they can apply artificial intelligence to derive insights from the data. AI speeds analysis and is particularly effective when agencies move from signature-based to behavior-based threat detection. A signature-based approach is good for detecting threats we already know about, but a behavior-based AI approach can adapt to new threats by looking for anomalies such as changes in the behavior of a server or endpoint device. AI also helps with investigations by reconstructing the sequence of events that happened during an intrusion, which fuels agencies’ ability to prevent future attacks. With AI, agencies can start to apply more sophisticated algorithms in their hunt for vulnerabilities and cyber threats.”

Read more insights from Cloudera’s Principal Solutions Engineer and Cybersecurity SME Lead, Carolyn Duby.

 

IIG FCW Cybersecurity Blog Embedded Image 2021Zero Trust Data Management Foils Ransomware Attacks

“Agencies must ensure recoverability because none of these protections matter if they can’t recover data and systems that run their critical missions and operations. Agencies need to gather and protect data at the edges of their networks, in their data centers and across different clouds. And regardless of where agencies decide to store that data, they need to be able to access it instantly. Recoverability service-level agreements of minutes and hours are possible and delivered today across the whole of government and the Defense Department. Gone are the days of weeks and months to get back online.”

Read more insights from Rubrik’s Public-Sector CTO, Jeffrey Phelan.

 

Reclaiming Control over Complex IT Environments

“When employees were sitting in a government office behind a firewall, IT administrators had a clearly defined perimeter to protect. Now IT administrators are still focused on protecting the agency’s mission and assets, but the responsibility has become more difficult because they’ve lost some visibility and control over the infrastructure. In response, many organizations are moving toward strategies based on zero trust, which requires validating users and devices before they connect to government systems, or least privilege, which involves only giving employees access to the resources and applications they need to perform their jobs. Zero trust and least privilege require continuous monitoring and a risk-based approach to adding or removing authorizations.”

Read more insights from SolarWind’s Group Vice President of Product, Brandon Shopp.

 

The Role of Authentication in Data Protection

“Users who need to access low-risk applications and data — for example, publicly available product information — can use an authentication method such as one-time password tokens. But if that same user wants to access higher-value data such as corporate finance records, the required level of authentication should increase, perhaps requiring public-key infrastructure (PKI) authentication with a smartcard. The key is to manage those activities via one pane of glass or one platform that supports the entire risk-based and continuous authentication process. In the past, we’ve been able to base decisions on where users are located — for example, whether they’re accessing data from within the network or remotely via VPN — but that is no longer enough. New technology tools enable agencies to gain a deeper understanding of users’ online behavior so they can make more informed decisions about authentication.”

Read more insights from Thales TCT’s Vice President of Product Management, Bill Becker.

 

Verification and Validation to Enhance Zero Trust

“Networking teams rely on standard configurations to maintain the security policy. These standard configurations dictate connectivity and traffic flows to ensure users can access appropriate resources while preventing unauthorized access. The idea of a standard configuration seems simple, but maintaining it is extremely difficult. Validating configurations is clearly mission critical, but monitoring and validating network behavior are even more telling and help ensure that policies are not inadvertently being circumvented and that there is no unintended connectivity.”

Read more insights from Forward Networks’s Technical Solutions Architect, Kevin Kuhls.

 

Extending Zero Trust Down to the File Level

“A software-defined perimeter integrates proven, standards-based security tools to create the ideal foundation for zero trust. When used together, those two approaches give agencies the granularity to customize their security protocols. For example, the IT team could allow USB mice but not USB thumb drives that can store data, and they could block potentially unwanted applications that anti-malware engines might not identify as malicious, such as bitcoin-mining or file-sharing apps. Zero trust is a mindset rather than a specific group of tools. The National Institute of Standards and Technology’s Special Publication 800-207 on zero trust architecture advocates taking a holistic approach to authenticating devices and users and extending that attitude to agency assets, services and workflows.”

Read more insights from OPSWAT’s Senior Director of Government Sales, Michael Hylton.

 

Download the full Innovation in Government® report for more insights from these government cybersecurity leaders and additional industry research from FCW.

5 Cybersecurity Predictions for 2021

Posted on by
Reply

 

It’s not uncommon to look ahead to the year to come and predict what tech trends will define it. But considering the degree to which the pandemic upended the day-to-day work of just about all organizations in 2020, it’s almost guaranteed that cybersecurity will be top of mind for IT pros in 2021 and beyond. We’ve entered an unprecedented era of remote work, which has dramatically expanded the attack surface for bad actors. In the year to come, new threats will continue to emerge, but companies will also be working hard to secure their IT infrastructure. Here are five major trends I expect in 2021.

Data protection plays catch up

IT pros didn’t exactly have an easy task with regard to business continuity when coronavirus hit. As such, many prioritized connectivity over cybersecurity in 2020, or spun up cloud and SaaS applications without consistent cyber policies. Unfortunately, that means there’s a very real chance bad actors, whether nation states or organized criminal groups, have already infiltrated sensitive networks. Threats will continue to evolve as well; I expect to see the rise of insider-threat-as-a-service and synthetic identities, the latter of which is the fastest-growing type of financial crime in the entire country. Data protection is crucial to guard against new and existing insider threats. Only by continuously monitoring how users access and interact with data can organizations identify malicious users and compromised accounts in real time and react accordingly. In 2021 and beyond, organizations must know where their data is on a minute-by-minute basis to avoid a costly breach.

Human error hinders security

Not all cybersecurity threats are the result of malicious intent, though. The same human innovation that helped organizations survive the stress test that was 2020 will likely present cybersecurity problems in 2021—especially if companies play cybersecurity catch up by implementing additional layers of security that add friction for the user. All-or-nothing security controls may prove ineffective as people continue to work from home; employees are sure to get increasingly creative with workarounds and shortcuts that increase productivity but threaten security. As users stockpile more data, rely on more workarounds, and are desensitized to risk, organizations will have trouble maintaining visibility on their data assets. Companies in 2021 will be forced to better understand what motivates human behavior so they can implement security tools that don’t create unnecessary and dangerous friction.

Disinformation is here to stay

Another threat that I expect to continue into 2021 is disinformation, which can be weaponized against companies and countries alike. But since there is growing awareness around the pervasiveness of disinformation, I also expect to see more substantial responses in the year to come. Most Americans support greater regulation of tech monopolies like Facebook, for instance. If passed, The Honest Ads Act, would require the same transparency with regard to social media advertising as is required of traditional ads. But the government cannot tackle disinformation alone. In addition to continued awareness campaigns, I also expect to see public/private partnerships with the explicit goal of uncovering the technological innovation required to address this omnipresent issue. Disinformation becomes the new information.

Security becomes a cloud commodity

It’s not just threats that will evolve in 2021, though. Cybersecurity tools will as well. In fact, I predict the emergence of early stage “Zoom” of cybersecurity: converged, digital, cloud-delivered cybersecurity platforms.

Security platforms are becoming crucial as companies across industry pivot to the cloud in order to support a distributed workforce. I expect the cloud to become a part of cybersecurity’s DNA; security will be so ingrained in applications that people will hardly recognize it as such—making it less likely to conflict with people’s ability to do their jobs. At the same time, as security becomes a cloud commodity, IT leaders will have dramatically better visibility into where data is and whether it’s being used safely. This one will take a little longer.

Machine learning goes under the microscope

Machine learning is crucial to dealing with the evolving threat landscape. Such cutting-edge technology is required in order to make sense of a wide range of user data in real time; myriad cybersecurity systems use machine learning and artificial intelligence to make decisions about how risky a particular employee behavior is. These systems are trained on large historical data sets but can still be hindered by bias. In 2021, debates about inherent bias in machine learning will likely be center stage. I expect tighter controls about the data sets machine learning systems are trained on, in addition to seeing more algorithms combined with human intelligence and intuition.

The bottom line

The cybersecurity landscape was transformed dramatically in 2020, but that doesn’t mean more changes aren’t coming in the year ahead. Security will become a cloud commodity, with machine learning offering a frictionless approach to user monitoring. But machine learning isn’t without its biases, and the threat landscape will continue to evolve even as cybersecurity tools do. Whether because of disinformation, human error, or new kinds of bad actors, organizations need to make sure they know where their data is at all times in order to stay secure in 2021 and beyond.

 

View our webinar for more information on changes within the industry from Forcepoint cybersecurity experts across the business.