Why studying human behavior could be the key to securing networks

For effective cybersecurity, organizations must understand employees’ actions, motivations

 
Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

I first met Matt Moy­na­han in 2009 just after he left Syman­tec to become CEO of appli­ca­tion secu­ri­ty firm Ver­a­code. We met again, most recent­ly, at RSA 2017, just after Moy­na­han was named CEO of For­ce­point, a joint ven­ture of Raytheon Co. and Vista Equi­ty Part­ners.

For­ce­point is some­thing of a hybrid ven­dor. It is com­posed of end­point secu­ri­ty firm Web­sense inte­grat­ed into Raytheon Cyber Prod­ucts and the Stone­soft next-gen­er­a­tion fire­wall. I spoke with Moy­na­han about the company’s new focus on help­ing orga­ni­za­tions bet­ter under­stand employ­ee behav­iors as the path to robust net­work secu­ri­ty. Some take­aways:

Peo­ple-cen­tric secu­ri­ty. Hard­en­ing the net­work perime­ter is an approach that falls well short. Threat actors con­tin­ue to eas­i­ly get inside, and that pat­tern has no end in sight. For­ce­point argues that much can be gained by study­ing and pro­fil­ing the behav­iors of autho­rized parties—be they employ­ees, part­ners or contractors—as they rou­tine­ly access busi­ness sys­tems to do legit­i­mate work.

Relat­ed essay: Behav­ior-based user pro­files can help stymie hack­ers

Matt Moy­na­han, For­ce­point CEO

If you can under­stand what’s accept­able and what’s not accept­able, and then apply poli­cies to what’s not accept­able, that’s a very dif­fer­ent approach than try­ing to find out every­thing that’s hap­pen­ing on the net­work, and then doing reverse engi­neer­ing to fig­ure out who the per­son is behind a cer­tain IP address that’s doing some­thing wrong,” Moy­na­han says.

Proac­tive behav­ior mon­i­tor­ing. Data leak pre­ven­tion, aka data loss pre­ven­tion, refers to tech­nolo­gies designed to make sure end users can­not send crit­i­cal infor­ma­tion out­side of the cor­po­rate net­work. To date, DLP sys­tems have been rather nar­row­ly deployed to keep close track of crown-jew­el intel­lec­tu­al prop­er­ty.

Work-force mon­i­tor­ing tech­nolo­gies, that pro­file employ­ees’ use of their end­point devices, also have had lim­it­ed use in busi­ness set­tings. For­ce­point is cham­pi­oning the notion of expand­ing and extend­ing the use of DLP sys­tems and com­bin­ing them with work-force mon­i­tor­ing sys­tems.

Look­ing at abnor­mal behav­iors by the employ­ee base, in an anony­mous way, to deter­mine whether some­thing looks abnor­mal … that would be the next step,” Moy­na­han says.

When you fuse those two things togeth­er, some­thing mag­i­cal hap­pens. You lit­er­al­ly can have a very easy, intu­itive way to parse through things that are hap­pen­ing in your net­work that is more peo­ple-cen­tric.”

Help­ing good employ­ees. So where does the need to secure com­pa­ny data cross over into invad­ing an individual’s pri­va­cy? Moy­na­han argues the line can be clear­ly drawn, and respect­ed, thanks to advances in data min­ing and machine learn­ing.

We are pro­vid­ing ways to imple­ment peo­ple-cen­tric secu­ri­ty respect­ful­ly,” he says. “We pro­vide the tools and the abil­i­ty to cre­ate trans­par­ent poli­cies for enter­pris­es to real­ly make sure that one bad apple doesn’t ruin the bushel.”

Moy­na­han, for one, believes “most employ­ees are doing absolute­ly the right thing.” He says data leak­age often stems from sim­ple mis­takes. It is now pos­si­ble, he says, “to help the good employ­ees be good employ­ees, with­out putting in place oner­ous secu­ri­ty that dis­rupts the day-to-day work force.” For a deep­er dive into this dis­cus­sion, please lis­ten to the accom­pa­ny­ing pod­cast.

More sto­ries relat­ed to cyber­se­cu­ri­ty, employ­ees and behav­ior:
When it comes to secu­ri­ty, don’t give employ­ee edu­ca­tion short shrift
Embrace bio­met­rics to stay ahead of advanced cyber threats
Look to human nature for con­tin­ued suc­cess of phish­ing attacks
Peo­ple are the prob­lem in count­less data breach­es