Implementing Zero Trust is a huge shift in how organizations operate networking and cyber security: Forcepoint

Forcepoint is an American MNC software company headquartered in Austin, Texas, that develops computer security software and data protection, cloud access security broker, firewall and cross-domain solutions. Forcepoint was founded in 1994 as an information technology reseller called NetPartners.

Here, John DiLullo, Chief Revenue Officer at Forcepoint, tells us more. Excerpts from an interview:

DQ: Why are CEOs and CISOs doubling down on cybersecurity, converged approaches?

John DiLullo: Companies are facing a new reality where employees work from anywhere, using many different devices – both managed and unmanaged. The pandemic compelled organizations to migrate much faster than originally planned to cloud-based and service-based applications. This has far-reaching implications for cybersecurity and risk and is a paradigm shift that will last long after the pandemic has ended.

Traditional security approaches, which involve dozens of point products focused on controlling and protecting access to corporate resources, are no longer enough to protect a fluid, dispersed, connected and cloud-based business environment. You cannot assume that employees’ devices attached to your ‘corporate’ network should be trusted and restricting sensitive data is paramount. You need to understand and control how data is used and by whom, on the web, within cloud applications, and through internal, private applications.

This is why business leaders such as CEOs and CISOs are exploring and adopting converged approaches to cybersecurity. In converging security capabilities to let’s say a single platform, it doesn’t mean eliminating or reducing capabilities. It provides a simpler approach to effectively managing security in today’s anywhere worker reality. And this is where we start to see security become a business enabler – and for many, serve as a competitive differentiator.

DQ: How can Secure Access Service Edge (SASE) solutions enable enterprises to protect data from anywhere it is accessed?

John DiLullo: SASE brings together networking and security for organizations, allowing both to be delivered consistently wherever employees might be working. These technologies used to be treated separately, but with SASE, security policies can be defined and monitored from one place, and enforced wherever they’re needed.

Data is almost always stored in one of three places – the web, cloud apps like Microsoft 365, or private applications hosted in internal data centers or private clouds. The average remote worker is using an estimated twelve or more software as a service (SaaS) apps, and an increasing number of private applications, making for a challenging environment to monitor and secure properly.

Because SASE uses a combination of security gateways including Cloud Access Security Brokers (allowing access to cloud assets to users that need it, while keeping out unauthorized access) and Zero Trust Network Access (a way of ensuring each user can only see the specific resources they are allowed to access), alongside software-defined networking, both security and connectivity can be delivered consistently, regardless of where people are working or where the resources they are accessing reside.

DQ: How can one handle data breaches due to remote work?

John DiLullo: The best way to handle data breaches is to prevent them from happening in the first place, and to be able to detect imminent or developing breaches before they occur.

Remote working has given employees a huge amount of flexibility. But, it has also increased the spread and sprawl of data because information is being stored on and accessed from all kinds of devices and locations – some more secure than others. This means that without consistent cybersecurity measures in place, gaps can open up.

Adversaries can exploit such gaps, for example to compromise networks or steal data, or data can be accidentally exposed. There is also likely to be incomplete visibility of network traffic, or the number and range of application used. Unmanaged or unapproved applications installed by employees for business use – known as ‘shadow IT’ – can also increase the risk of data loss or exposure.

Keeping data safe from breaches in such an environment requires a tool like cloud-based Data Loss Prevention (DLP). Typically incorporated within cybersecurity models like Secure Access Service Edge (SASE), DLP can help organizations to discover where data is and classify it according to whether it is ‘at rest’, ‘in use’ or ‘in motion.’ It also allows IT teams to apply security policies to protect data across a company’s entire network – including multiple cloud environments, applications, mobile devices, and on-premises data centers.

DQ: What does one do in case there are missing security patches?

John DiLullo: Many cyberattacks are successful because threat actors exploit open weaknesses in unpatched systems. Keeping a close eye on newly reported vulnerabilities, knowing which devices or applications might be vulnerable and applying the most critical security patches and updates as soon as possible are critical components of any strong cybersecurity defense.

Maintenance tasks, such as security patching, is a big part of why public cloud providers have become a popular route for organizations, because these tasks are typically handled by the provider, leaving the customer to focus on other security priorities. Alongside this, there also exists a variety of automated patching tools to help identify and implement security patches across all the software and systems an organization might be using.

However, in the absence of an effective patching strategy, Zero Trust solutions do provide some relief by reducing the number of users that have unrestricted access to unpatched systems.

DQ: How safe is the cloud, and the world, from the threat to trust?

John DiLullo: The network of a typical organization is extremely noisy. With employees using all manner of data and software as a service (SaaS) apps, from a wide range of locations, it is becoming evident that security based mainly on threat detection is not the solution. The sheer volume of daily security alerts would be overwhelming and genuine malicious or suspicious activity could easily be missed.

While detection remains an important part of a resilient cybersecurity infrastructure, finding the real threat among the noise and false positives is like trying to find a needle in a haystack.

What’s more, every time the cybersecurity industry finds a new way to detect cyber threats, cybercriminals find ways around it. The innovation arms race hasn’t lessened the threat of things like ransomware – in fact if anything it’s made them more sophisticated.

Zero Trust is a security philosophy that is focused more on prevention. It gives organizations a fighting chance of getting one over on cybercriminals. A Zero Trust approach assumes that all content is ‘bad’ and sanitizes everything regardless of source. In addition, content transformation technologies like Content Disarm and Reconstruction (CDR), for example, completely strip and rebuild files coming into the network so they can be delivered clean and safe to the intended recipient.

Implementing Zero Trust is a huge shift in how organizations operate their networking and cybersecurity. As such, it’s not a change that can be made overnight. But, by gradually implementing it, organizations can give themselves an advantage in the ongoing battle against ever-evolving cyber threats and intrusions.