Forcepoint cuts through cybersecurity clutter to protect data, networks from threats
Integrated cloud-based security platform is vital for reducing ‘point product fatigue’
By Byron Acohido, ThirdCertainty
Defense contractor Raytheon earlier this year spun off the cybersecurity services it had been supplying via Raytheon Cyber Products into a new business entity called Forcepoint.
Forcepoint also is composed of security software vendor Websense and next-generation firewall vendor Stonesoft, both of which Raytheon acquired in the past year or so.
Free resource: Putting effective data risk management within reach
This isn’t your typical security startup. Forcepoint already has 20,000 customers ranging from businesses with 50 employees to 200,000 employees. Based in Austin, Texas, the company has about 2,200 employees in 44 offices worldwide. At the helm is CEO John McCormack, previously a senior executive at Websense, Symantec and Cisco.
McCormack sat down with ThirdCertainty as he takes command of the freshly minted entity. Text edited for clarity and length.
ThirdCertainty: What is Forcepoint all about?
McCormack: We want to be the company that helps organizations move to the age of cloud computing in a safe and secure way. And we want to help in reducing what I call ‘point product fatigue.’ We’ve created a lot of point solutions for many of the cyber challenges that organizations face. And as I look in the eyes of many chief information security officers I see real fatigue in their eyes. They’re still struggling to manage the environment they have today. Yet they need to get on top of these more determined adversaries.
3C: How is Forcepoint seeking to address that?
McCormack: Our viewpoint is as we work to reduce that point product fatigue, you build an open architectural approach. You build it on cloud computing concepts and capabilities that reduce their administrative burden, reduce that operational footprint. We have to make a meaningful difference so that we can work on more important topics of hardcore security analytics and analysis of the inevitable breaches that happen to most organizations.
3C: Where does an organization begin addressing a worsening cloud-centric environment?
McCormack: Have a healthy risk assessment and threat assessment done, and do best practices regularly. The other thing I would recommend is absolutely work on your weakest link. For all the technology and capabilities around cybersecurity, humans have been, and continue to be, the weakest link in the security chain. They get fooled. They aid and abet, and they make mistakes because of lack of security awareness.
3C: Many times employees are just hustling to be more productive, not necessarily being careless.
McCormack: Absolutely right. Most accidents happen because you’ve got users who are trying to do a great job, quite frankly, and just trying to be productive. But we also know firsthand that the adversaries will recruit people to put into your organization who will work to compromise your organization. You have to be able to identify those insiders. And you’ve got to be able to identify the intent. If it’s an accident, that’s one route to take. But if it involved malicious intent, that’s a different route that you might want to take.
3C: So a new mind-set, really, is needed in this environment.
McCormack: Yeah, you’ve got to bring your users into the fold. Cybersecurity is a highly technical field. You’ve got to make it reasonable to understand. Here at Forcepoint, we run a program called ‘Catch Of The Day.’ Anything suspect, whether it’s physical security or cybersecurity, can be reported and immediately responded to by our teams with both feedback and education about what they found and what they saw. Then we celebrate every quarter. Some of the best catches have kept us from being compromised.
More stories on cloud computing:
Control your encryption keys when using cloud services
Emerging exposure: Rising use of cloud apps creates data leakage pathways
Cloud apps routinely expose sensitive data