Forcepoint has announced the introduction of Dynamic User Protection that redefines modern user activity monitoring (UAM) and insider threat protection with the industry’s first cloud-native solution to deliver out-of-the-box functionality with no policy configuration. Through this capability, security teams are now empowered with real-time visibility into true risk behaviors of compromised and malicious users within hybrid cloud environments.
All security begins with visibility and the massive shift to remote work created blind spots into user activities with critical data and intellectual property in unmanaged home environments. Attackers have actively exploited this vulnerability with a 400% increase in cyberattacks in 2020, according to the FBI. Coupled with the reality that 95% of cybersecurity breaches are the result of compromised user credentials and human error, it is a competitive imperative today that businesses gain needed visibility to mitigate a data breach in real-time.
With Dynamic User Protection, user activity monitoring not only becomes easy-to-deploy it also brings mainstream enterprise access to continuous risk assessment across security control points. For example, utilising Dynamic User Protection’s risk scores transforms the traditional audit-only mode Data Loss Prevention (DLP) deployment to become intelligent DLP by automating policy response based on level of risk while significantly reducing false positives. This ability to understand user risk in real-time across all control points becomes a cybersecurity game-changer for security teams, allowing global enterprises for the first time to seamlessly implement core Zero Trust and CARTA frameworks.
“In this next phase of cybersecurity, managing risk across the cloud, network and endpoint will drive everything. With Dynamic User Protection, Forcepoint is changing the rules of the cybersecurity game by delivering global enterprises the ability to automatically enforce security policy across all control points tailored to a specific end-user based on the risk they represent,” said Nico Popp, Chief Product Officer at Forcepoint. “Dynamic User Protection is the heart of our new converged cloud security platform with integration into Forcepoint Data Loss Prevention available today with future integration planned across the entirety of the Forcepoint portfolio, including our recently announced Cloud Security Gateway SASE solution which will be delivered in first-quarter 2021. This is the true power of human-centric cybersecurity realised today and it is powerful for every organisation that desires the ability to prevent a data breach before it can occur.”
Dynamic User Protection utilises Indicators of Behavior (IoB) as the real-time analytics engine to determine the overall risk of an entity. These IoBs deliver security teams context around behaviors and by combining multiple behaviors determines true risk scores that assess overall risk of an entity as good and/or bad. With this capability, enterprises can now prioritise observed risk in real-time to move left of breach while also reducing security friction.
Delivered in an easy-to-consume SaaS model, Dynamic User Protection is fast and easy to deploy with a small 30MB footprint on the endpoint that installs in under 30 seconds with no reboot required. Utilising Forcepoint’s unified agent, Dynamic User Protection is also self-maintaining through auto-updates ensuring enterprises have an always easy-to-manage cloud-delivered UAM.
Dynamic User Protection key features at-a-glance include;
- Autopilot: pre-configured user risk assessment that continuously collects, enriches and correlates events on the endpoint in order to detect anomalous behavior.
- Anomaly Detection: sets of observed data establish an entity’s baseline activity for specific applications and actions; and, observed data are analysed with the anomaly detection engine to identify outlier behaviors and alert to real-time security risk.
- De-centralized Analytics: performed on the endpoint versus the centralised approach with traditional UAM/Insider Threat solutions
- Risk Calculation: continuous assessment of entity activity and risk impact generates a dynamic risk score that goes up and down based on the level of risk
- Risk-Adaptive Policy Enforcement: based on the risk score, risk-adaptive DLP policies automate security response based on level of risk. Enforcement options include: Audit, Block, Notify, Confirm Prompt, Encrypt and Drop Email Attachment.
“External cyber adversaries as well as internal bad actors put data at risk be it via compromised credentials or malicious insiders. Unfortunately, a lack of visibility into how users interact with data too often leads to cybersecurity incidents resulting in data loss,” said Doug Cahill, Vice President and Group Director at Enterprise Strategy Group. “Meanwhile, digital transformation initiatives have been accelerated by a surge in remote work. As a result, cybersecurity teams are revisiting ‘rights and privileges’ associated with users working from home, an endeavor which requires scale and accuracy. Leveraging User Activity Monitoring-as-a-Service allows enterprises to take advantage of what could best be called a ‘data scientist in the cloud’ to proactively manage user risk and protect critical data from being breached.”