Forcepoint is taking a user-centric approach to cloud security, analyzing activity to find users -- and malware masquerading as users -- that threatens the enterprise.

"It's about understanding the human interaction with technology and understanding why a user is moving data," Aaron Smith, Forcepoint senior product manager for cloud security, tells Enterprise Cloud News. "Not all threats will be outside the perimeter. Some of them will be inside."

To that end, Forcepoint announced on Tuesday that it is adding new capabilities to its suite of cloud security products.

The company upgraded its Web Security product with its Cloud Application Security Broker (CASB) to add discovery and reporting of users making unsanctioned use of cloud applications and services -- known as "shadow IT."

Forcepoint acquired the Skyfence CASB from Imperva in February. (See Forcepoint Boosts Cloud Security With Acquisition.)

Forcepoint enhanced Data Loss Prevention (DLP) security analytics for web and email to include incident risk ranking, to classify the seriousness of data leaks -- incidents where confidential or proprietary data leaves the enterprise by email or other Internet channels.

And it integrates malware detection with the CASB for cloud services such as Microsoft Office 365 OneDrive, Google G Suite, and Box

Figure 1:

Also, Forcepoint addded ISO 27018 certification to its trust program for privacy protection of personal data, to enhance compliance with the European General Data Protection Regulation (GDPR) in 27 global data centers offering full IPSEC coverage including new sites in Milan, Stockholm and Warsaw. Forcepoint previously offered ISO27001 and CSA STAR certifications with SOC attestations.

Smith noted that not all breaches detectable by Forcepoint are malicious -- some of them can be caused by employees circumventing security just to get their jobs done, for example, emailing work files to external accounts. That sort of behavior can still result in security problems, however.

While the WannaCry ransomware -- an external threat -- is generating security headlines today, internal threats are a big deal. In financial services and healthcare in particular, insiders accounted for well more than half of attacks, according to the IBM X-Force Research 2016 Cyber Security Intelligence Index. Overall, some 25% of attacks are conducted by insiders, according to the Verizon 2017 Data Breach Investigations Report. (See WannaCry Continues at a Slowed Pace and Cyberespionage, Ransomware Top 2017 Verizon DBIR.)

Forcepoint is reacting to a reality of today's threat environment -- perimeter security isn't enough. Enterprises don't even have a perimeter anymore, with data traveling from on-premises to the cloud, users hooking up personal devices to the company network, customers and partners making connections, and software-as-a-service (SaaS) applications such as Salesforce and Microsoft Office 365 essential to doing business.

Security vendors such as Cisco, Nuage and VMware are touting microsegmentation as a solution -- using network virtualization to divide the network into many compartments, with security barriers between them to prevent the spread of infection.

Forcepoint, headquartered in Austin, Texas, is a privately held cybersecurity company with 2,500 employees and 20,000 customers, backed by Raytheon and launched early last year to bring defense technologies to the private sector. Forcepoint comprises three previously separate companies -- Raytheon Cyber Products, Websense and Intel McAfee Stonesoft.

Related posts:

— Mitch Wagner Editor, Enterprise Cloud News

CALLING ALL CLOUD, NFV AND SDN COMPANIES:
Make sure your company and services are listed free of charge at Virtuapedia, the comprehensive set of searchable databases covering the companies, products, industry organizations and people that are directly involved in defining and shaping the virtualization industry.