Category Archives: Forcepoint

  • 0

GDPR, Why US-based Organizations Must Pay Attention, Now!

Category : Forcepoint

Date: Thursday, September 14, 2017

Time: 11:00 AM – 12:00 PM Central Daylight Time

In May 2018, the EU’s General Data Protection Regulations (GDPR) will impact US-based organizations – that’s a fact. But how? Accudata’s certified GDPR expert Paul Kendall, will be joined by Forcepoint’s Global Information Security & Strategy Officer, Neil Thacker, to discuss:

  1. What is GDPR and what makes a US-based organization subject to compliance
  2. How GDPR will impact your business both operationally and financially
  3. Where organizations can start to ensure compliance is achieved by May 2018
  4. The overall intent of the EU, and what they will require of organizations in the event of a breach after the May deadlines

The following presentation does not represent nor is intended to offer legal advice.

We strongly recommend you discuss achieving compliance with the GDPR via your legal, compliance, data protection & privacy team.


  • 0

People Are the New Security Perimeter – Introducing ForcePoint UEBA

Category : Forcepoint

I’ve written recently about how cybersecurity has traditionally been all about building better walls. With workforce mobility, BYOD, and users increasingly working from home, suddenly those walls have disintegrated – and what’s left are users and data. Historically, organizations simply needed to “secure the perimeter.” But now cloud and mobility are creating a new normal, where there is no defined perimeter. Or to put it another way, people are the new perimeter.

At Forcepoint, we understand this new security perimeter as being fundamentally about people interacting with data and IP. We view people – rather than technology infrastructure – as the focal point for cybersecurity. By focusing on how, when, where and why people interact with critical data and IP, organizations can more effectively identify and address risk.

Traditional UEBA helps address this – with limitations

Observing human behavior and understanding user intent is the key to better security and protection against data and intellectual property theft. And user and entity behavior analytics (UEBA) brings user insights, in the form of anomaly detection, to traditional data dominated environments. However, traditional UEBA provides insights that go straight to the SOC. This is a good beginning, but ultimately limited given that traditional UEBA is merely focused around detection, and the speed of that detection can be too slow to actually be useful in preventing breaches and losses. When global security disasters can occur in minutes due to accidental or malicious breaches, it’s imperative that enterprises be able to directly couple insights into protection, and do so rapidly so that action can be taken before critical data is lost.

Introducing RedOwl

And this is why we’re thrilled to announce today our acquisition of UEBA leader RedOwl. RedOwl’s UEBA platform uniquely enables users to rapidly integrate new, complex data sources, apply powerful behavioral analytics that look at the behaviors of people and help understand intent across both security and compliance-related use cases.  We’re especially excited to be joining forces, because unlike other UEBA vendors, RedOwl’s vision directly aligns with our human-centric POV.  Since 2011, RedOwl has been the only UEBA that specifically monitors and provides visibility into the cyber activity of people.  Like Forcepoint, RedOwl has been consistently all-in on a human-centric approach to security.


With this acquisition, we can now ingest multiple data sources –including structured and unstructured data — whether that’s from databases, Workday (HR), Salesforce, or other widely used applications and programs, and draw correlations that legacy DLP wouldn’t let you do. With the volume of data sources we can analyze, we can build a view of what “good” and “safe” look like for both security and compliance considerations. When something falls out of that normal profile, like accessing data at odd times, or from odd locations, we can raise the awareness and automatically adapt protection to the appropriate risk level.

For example, if sensitive data is being accessed during the middle of the night, the human-centric analytics can determine whether the employee in question is on a business trip to Asia, and the access to sensitive data is just happening during her working hours while away from the office. However, maybe that employee is at home but had her credentials compromised, and there is no easy explanation for accessing information at 3:30 in the morning. With RedOwl, a customer could use employee travel status as an input source to the analytics system – providing a level of insight to know the difference between a real attack or a false alarm.

Compliance Matters

Data Loss Prevention is evolving. And the UEBA market is moving from solving insider threat-only use cases to people-centric protection for security and compliance requirements. Traditional DLP has relied on static policy alone, without consideration for risky user behaviors, in order to take action.  However, by taking insights around risky behavior into consideration, policy enforcement can become risk-adaptive, taking specific actions based on the dynamic determination of risk.  The RedOwl UEBA capabilities will allow Forcepoint to provide a key foundation for this new generation of risk-adaptive DLP.  And with RedOwl, we can take into consideration not only cyber sources but also human-centric databases and applications. For organizations that face heavy compliance obligations, such as government or financial services, or for organizations that are focused on protecting their core intellectual property, this new era of risk-informed DLP, powered by UEBA, can offer new levels of fidelity AND usability in keeping sensitive information where it belongs.

The Future’s So Bright

Many companies solve for a specific task; Forcepoint solves for the total solution. This isn’t just big data, it’s human-behavior centric insights. And now, the time between data capture and human action can move from days to minutes. We’ll be making the newly named Forcepoint UEBAavailable beginning immediately, and over the coming quarters UEBA capabilities will be integrated across the company’s portfolio, as well as with customers’ existing cybersecurity technologies.

Finally, great technology is created by great people.  And I’m especially excited to welcome the highly talented and dedicated team of professionals at RedOwl to the Forcepoint family. I look forward to working with them to help advance Forcepoint’s mission of protecting the Human Point.


Author: Heath Thompson

  • 0

Forcepoint A Leader in Gartner 2017 Magic Quadrant for Enterprise DLP Nine Consecutive Times

Category : Forcepoint

Gartner has once again positioned Forcepoint as a leader in the enterprise DLP market, based on our ability to execute and completeness of vision.

“Leaders have products that work well for Gartner clients in midsize and large deployments. They have demonstrated a good understanding of client needs and generally offer comprehensive capabilities in all three functional areas — network, discovery and endpoint.”*

Register for your COMPLIMENTARY copy of the Gartner Enterprise Data Loss Prevention Report.


*Gartner, Magic Quadrant for Enterprise Data Loss Prevention, Brian Reed, Deborah Kish, February 16, 2017.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

  • 0

Notes From DODIIS 2017: Talking Cyber Espionage and Insider Threat

Category : Forcepoint

Read on for a sneak peek into some of the Insider Threats insights I will be sharing at DoDIIS today as part of the “Industry Perspective on Cyber Espionage and Insider Threat” panel.

Insider threat is both a very old concept and a new one. The cyclical nature of technology concepts is constant, with only the players and methods changing. However, the instruments of data movement are getting smaller. In the past a person had to literally carry reams of paper out of the building to do the same kind of damage a person with a cell phone camera, cloud storage account, or a USB drive can today. Additionally, interconnections within the growing technology-enabled physical world and the infinitely connected web have allowed for more esoteric ways of information movement and access through the average smart home thermostat or wifi-enabled light bulb.

This newfound ability to deal damage in small packages has created a secondary issue: the accident. When data was big, taking the form of paper, floppy disks, or CD-ROMs, it took physical media or a lot of upload time to cause widespread harm. Again, this isn’t a concept any reasonable security practitioner is unaware of. In fact, I’m counting on it. The issue is not that there is growing risk and the world is harsh place, or that people will forever try to gain an unfair edge, but the reality that the line between maliciousness and accidents is growing ever greyer.

The Grey Area between Accidents and Maliciousness

When exfiltration and infiltration methods were complex and incredibly risky (think Cold War spy tactics) an accident would be defined as taking a folder of documents home, leaving a laptop on a train or having your Blackberry stolen. Now it is as simple as an unnoticed incorrect autocomplete address in Outlook with a sensitive attachment, or a misunderstanding about sensitivity and upload to a cloud drive. A mistakenly clicked email about a fake password reset can risk a whole company, just ask a few retailers or Hollywood producers.

This creates several avenues of discussion mainly around training and awareness (do it), thoughtful and effective controls (get some), and security analysis and response (make it tougher). The issue with insider issues is that mindset is everything. The motivation and goal of the actor is what determines the real difference between a stern lecture, employment termination or law enforcement arrest. Did the person really mis-click that link in the email? Did they really not notice the other address? Actually, they probably didn’t notice and just thought they had to provide their password. Realistically, there are only a few real-life Jason Bourne or Ethan Hunt types in the world — and if those people were targeting you odds are you’d have little chance of stopping it.

We need to realize that people are people and not computers. If we approach insider threat analysis as a black and white issue like malware then we risk more than wasted time. If an analyst suspects a computer to be infected with malware, they can patch or re-image without a second thought. The computer won’t get offended or quit. But we all live in a world of greys, not black and white. The sooner we start to recognize that different tactics and analysis are needed to better assess activities to determine that mindset the better.

This isn’t about ignoring or discounting troubling events, it is about understanding context, asking questions and realizing that while we have machines learning how to identify malware patterns we just aren’t that good at people yet. A computer really can’t have good days and bad days, but people have every kind of day imaginable. Some end one day feeling like they need to take their traffic and coffee-fueled frustrations out on others and “get their due,” but go back home, have a Coke and a smile and then the next day is a bit brighter. Let’s look at insider threat as managing both the light and dark side of the human condition, and ensure that people are aware of the rules, we have good controls to help contain when they forget or break them, and analysis that isn’t based on “guilty before proven innocent.”

If you are in St. Louis attending DoDIIS today be sure to stop by Room 103 at 1:30 p.m. CT to hear more during the “Industry Perspective on Cyber Espionage and Insider Threat” panel.

Or, if you aren’t attending DoDIIS but would like to learn how you can “Operationalize a Practical Insider Threat Program” in your organization, view my webcast here.


Author: Brandon Swafford

  • 0

Securing the Digital Dream

Category : Forcepoint

Secure SD-WAN opens the door to digital transformation

It’s no secret that digital transformation initiatives such as customer experience optimization and operational process transformation raise productivity levels and lower organizational costs.

However, implementing such policies causes additional demands on the infrastructure, often requiring diversification into hybrid or software-defined wide area networks (SD-WANs): Organizations must ensure security will not be compromised in the process, since these initiatives raise red flags with regard to data visibility and control.

Read the latest paper from Computing Research, “Securing the digital dream” and learn why SD-WAN security must be included as fundamental consideration of digital transformation plans.

  • 0

GDPR – The Final Countdown

Category : Forcepoint

With under a year to go until the regulation becomes enforceable by law, Forcepoint has partnered with Computing Research to discover how organizations are prioritizing their GDPR preparations.

100 UK business decisions makers from multiple industry sectors were surveyed on the provisions concerning the right of erasure, personal data transfers and the notification of data authorities and data subjects themselves of data breaches. Responses included:

  • 51% identified article 17, the Right to Erasure, as the hardest to comply with
  • Over half identified the lack of certainty of where data resides as the greatest challenge with Cloud Services
  • The requirement to notify the authorities of a data breach within 72 hours was ONLY ranked by 27% of respondents as being the hardest to comply with
  • 59% indicated they would be providing additional security measures to comply with the GDPR

Read the Computing Research paper, “GDPR – The final countdown” for the full results and a discussion around the issues.

Download now

  • 0

Forcepoint Simplifies Cybersecurity Through Cloud-Based Behavior Analytics

Category : Forcepoint

  • New Forcepoint CASB behavior analytics help enterprise and government security teams reduce time to action by focusing on the business impact of highest risk users
  • Forcepoint Web Security and Forcepoint Email Security deliver new cloud application controls and Advanced Malware Detection service enabling rapid, secure cloud adoption and management

Global cybersecurity leader Forcepoint today fortified its cloud security portfolio to empower security teams with new behavior-driven controls that simplify protection of employees, critical business data and intellectual property (IP). New capabilities now available across Forcepoint CASB, Forcepoint Web Security and Forcepoint Email Security ensure customers around the world can safely embrace, and continue to grow, their business in the cloud.

According to Gartner, the average time to detect a breach is 99 days with an average cost of $4 millioni; however, enterprises can shorten dwell time utilizing data and analytics. The firm expects by 2018 80 percent of endpoint protection platforms will include user activity monitoring and forensic capabilities — up from less than 5 percent in 2013ii, and estimates at least 25 percent of self-discovered enterprise breaches will be found using user and entity behavior analyticsiii.

“Approaching security through a human-centric lens helps organizations better understand indicators of normal cyber behavior and quickly identify activity and operations, such as shadow IT, that pose the biggest risk,” said Kris Lamb, vice president and general manager of the Cloud Security business at Forcepoint. “As enterprises and government agencies shift their applications to SaaS and cloud IT models, they require intelligent systems that quickly spot anomalies, assess risk and facilitate rapid resolution to protect users and their data in an increasingly zero perimeter world.”

Enabling cloud-first security strategies

Forcepoint is delivering today new CASB capabilities that assess the risk posed by file sharing and other cloud applications and protect against the loss of critical business data and IP not stored on a corporate network. Forcepoint CASB now analyzes user behavior and characteristics of the application, such as the data, device and location being accessed. A new single-view User Risk Dashboard reports both employee behavior and, unique to Forcepoint CASB, the potential business impact based on the user’s account permissions within an organization. Security teams can now access actionable insights faster with a full understanding of risk at-a-glance; and, when CASB is used with Forcepoint Advanced Malware Detection powered by Lastline, organizations can be assured their data is fully protected from both risky users and malware posing as a user.

Real-world threats facing enterprises and government agencies today can be thwarted through Forcepoint CASB behavior analytics. For example, banks transitioning from delivering on-premises to cloud-based financial services and infrastructure require protection for employees using Microsoft Office 365 as well as contract developers using Amazon or Azure public clouds to develop custom applications. In healthcare, departing physicians downloading patient files from their electronic health records (EHR) system to personal cloud storage for use in a new practice will raise their user risk ranking and enable quick response by the security team to revoke access and stop the attempted data export.

Forcepoint further enhanced its Forcepoint Web Security and Forcepoint Email Security cloud and on-premises offerings today with new features and tools, including;

  • Forcepoint Web Security enhancements enable more granular control of cloud applications and blocking unsanctioned shadow IT.
  • Forcepoint Web Security with new cloud migration tools to Forcepoint Web Security Cloud help on-premises appliance customers migrate when ready.
  • Advanced Malware Detection (AMD) Powered by Lastline is now available for on-premises and cloud Forcepoint Web Security and Forcepoint Email Security platforms. Integration of AMD sandbox technology enables real-time protection of users anywhere.

Additional Resources:


Author: Virginia Satrom

  • 0

Forcepoint Cloud Security Reaches “FEDRAMP IN PROCESS” Phase

Category : Forcepoint

In a cloud-first world, advances in technology constantly change how we communicate and have given organizations increased flexibility and rapid collaboration capabilities. In order to reap these benefits, organizations must streamline security with an intelligent, cloud-first solution that protects in real-time and that will enable long term missions and protect critical infrastructure.

Today, Forcepoint has announced it’s taken a significant next step in offering our US federal government customers peace of mind when it comes to their cloud cybersecurity strategy by reaching the FedRAMP In Process” phase with the sponsorship of the Office of Personnel Management (OPM).

Forcepoint Web Security Cloud and Forcepoint Email Security Cloud are demonstrating FedRAMP Compliance through evidence, documents and engineering processes delivered in the security package delivered to the FedRAMP Project Management Office (PMO) on June 12, 2017.

Forcepoint Web Security Cloud provides industry-leading reporting, sandboxing and DLP capabilities, and advanced, non-signature threats to business critical data. Forcepoint Web Security Cloud is built on a unified platform that enables Forcepoint products to work together, and protects data everywhere – in the cloud, on the road and in the office – simplifying compliance and enabling better decision-making and more efficient security.

Forcepoint Email Security Cloud protects against multi-stage advanced threats that often exploit email to penetrate IT defenses. It applies thousands of real time threat analytics, behavioral sandboxing and other advanced defense technologies to identify targeted attacks.

About FedRAMP

The Federal Risk and Authorization Management Program, or FedRAMP, is a U.S. government-wide program that provides a standardized approach to security assessment, authorization and continuous monitoring for cloud products and services. FedRAMP is the result of close collaboration with cybersecurity and cloud experts from the General Services Administration (GSA), National Institute of Standards and Technology (NIST), Department of Homeland Security (DHS), Department of Defense (DOD), National Security Agency (NSA), Office of Management and Budget (OMB), the Federal Chief Information Officer (CIO) Council and its working groups, as well as private industry.

Products go through three phases during the FedRAMP authorization process.

Phase 1: The process starts with a Readiness Assessment of a company’s operational system. This is done through completing a Readiness Assessment Report. After completing the Readiness Assessment the system will be designated “FedRAMP Ready.” Forcepoint’s Cloud Security products have been FedRAMP Ready since 2016.

Phase 2: The next step in the FedRAMP process is the development of a complete security package for review.  Cloud systems are designated as “FedRAMP In Process” upon completion and delivery of the security package to the JAB.

Phase 3: The final step is the JAB Authorization Review Process. In this phase the FedRAMP PMO will conduct a thorough review of the complete security package. The JAB will then make a recommendation to grant a company FedRAMP authorization. At this point the system will be designated at “FedRAMP Authorized,” which takes about another 4 to 6 months.

For more information regarding the FedRAMP process please visit the FedRAMP website:

Forcepoint is now listed in the FedRAMP Marketplace in the “FedRAMP In Process” section of the website at


Author: Jeff Hunter

  • 0

NSS Labs NGFW Test: Is your firewall a top performer?

Category : Forcepoint

NSS Labs leads the industry in third-party assessments of Next Generation Firewalls (NGFWs), releasing the results of their stringent testing each year. And this year NSS expanded their testing, so the results may not be what you are expecting.

Join Thomas Skybakmoen, Distinguished Research Director for NSS Labs, as he shares the latest results and what distinguishes the top performers in this exclusive webcast.

And see where your current NGFW solution ranks for:

  • Live and continuous threat protection
  • Low total cost of ownership
  • Ease of deployment and management

Learn why there is so much acclaim about Forcepoint NGFW products across the industry, and why NSS Labs recommends the Forcepoint NGFW to be on every company’s short list.

Register for the webcast now.

  • 0

Complying with Data Protection Law in a Changing World (SANS)

Category : Forcepoint


For many enterprises, the legal and political demands for data security can be perplexing. These demands come from many different countries and legal domains; they also don’t always speak with a unified voice.

In addition, expectations for data security are rapidly evolving across the world. Unfortunately, no sizable enterprise can achieve perfect compliance around the world. But there are methods to lower the risks of non-compliance.

This paper identifies major steps a large, multinational enterprise can take to assure the public, authorities and business partners of its responsible behavior and adherence of pertinent regulations.

Read the Report