Forcepoint sees strong demand for insider security solutions
By Goh Thean Eu August 8, 2016
- Most data breaches due to insider misuse or miscellaneous errors
- SureView Insider Threat being offered outside the US for the first time
MANY companies may have the necessary solutions to combat external threats, but this is not the case when it comes to protecting themselves against threats within the organisation.
According to US-based security solutions company Forcepoint, citing findings from Forester Research, more than half of data breaches are due to insider misuse or miscellaneous errors.
Insider crimes are also 38% more damaging than incidents perpetrated by external adversaries.
Forcepoint South-East Asia sales director Alex Lim (pic above) said that not all insider security risks are conducted by employees with malicious intent, and there are three types of user behaviour that pose risk to an organisation.
“First is the compromised user, who could be a victim of cyber-attacks or social engineering. Second are the intentional insiders – they can be disgruntled employees or those who abuse their privileges and access,” he said.
“Third are the accidental insiders, people who are working around a broken business process or perhaps lack training,” he told a recent media briefing in Kuala Lumpur.
SureView Insider Threat
Forcepoint recently launched its SureView Insider Threat in Asia, claiming this solution could help organisations combat such insider crimes.
“The solution identifies risk by baselining ‘normal’ user behaviour,” said Lim.
“The technology then recognises deviations from the norm, such as a change in data access, working hours, email activity, or copying files from network to desktop.
The solution allows organisation to spot risky behaviour and activities, by comparing a user’s behaviour based on at least two parameters.
First, it compares the user’s behaviour against his colleagues’ behaviour. Should this particular user be accessing a particular file or server significantly more often than his colleagues, SureView Insider Threat will notify the IT administrator (admin).
Secondly, it compares the user’s behaviour against his normal behaviour. For example, if this particular user accesses certain files after working hours for the past five days, a habit or activity that is out of the norm for this user, SureView Insider Threat will also notify the admin.
“It is also able to video-capture and play back enduser desktop activity from Windows and Mac OS endpoints,” said Lim.
“The video can provide insight into possible motivations of suspicious behaviour before it becomes a problem,” he declared.
SureView Insider Threat has been used by US corporations and government agencies for several years now, but had not been sold to customers outside the United States till July this year.
Forcepoint was formed in 2015 by the merger of Raytheon Cyber Products and Websense, and SureView is a Raytheon product. That company’s business focus had been mainly on the United States.
Lim claimed the response “has been good so far” and that Forcepoint was expecting a “good take-up rate” as the market is more mature.
Forcepoint may be a new company, but Websense has been offering its data loss or leakage protection (DLP) solution to the Malaysian market over the past decade or so. This solution is now in use in verticals such as banking, healthcare, and the public sector, according to Lim.
The company sees a natural synergy between its DLP and SureView Insider Threat solutions. “SureView Insider Threat will monitor user behaviour and the DLP solution will enforce and prevent leakage,” he said.
Today, Forcepoint sells its solutions to Malaysian customers via three distributors, and is in talks to appoint a fourth distributor, he added.
Automated security is now a reality
The threat landscape runneth over, here's what we need to do
No 1 security vulnerability is careless or unaware employees: EY survey
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.