Why studying human behavior could be the key to securing networks
For effective cybersecurity, organizations must understand employees’ actions, motivations
By Byron Acohido, ThirdCertainty
I first met Matt Moynahan in 2009 just after he left Symantec to become CEO of application security firm Veracode. We met again, most recently, at RSA 2017, just after Moynahan was named CEO of Forcepoint, a joint venture of Raytheon Co. and Vista Equity Partners.
Forcepoint is something of a hybrid vendor. It is composed of endpoint security firm Websense integrated into Raytheon Cyber Products and the Stonesoft next-generation firewall. I spoke with Moynahan about the company’s new focus on helping organizations better understand employee behaviors as the path to robust network security. Some takeaways:
People-centric security. Hardening the network perimeter is an approach that falls well short. Threat actors continue to easily get inside, and that pattern has no end in sight. Forcepoint argues that much can be gained by studying and profiling the behaviors of authorized parties—be they employees, partners or contractors—as they routinely access business systems to do legitimate work.
Related essay: Behavior-based user profiles can help stymie hackers
“If you can understand what’s acceptable and what’s not acceptable, and then apply policies to what’s not acceptable, that’s a very different approach than trying to find out everything that’s happening on the network, and then doing reverse engineering to figure out who the person is behind a certain IP address that’s doing something wrong,” Moynahan says.
Proactive behavior monitoring. Data leak prevention, aka data loss prevention, refers to technologies designed to make sure end users cannot send critical information outside of the corporate network. To date, DLP systems have been rather narrowly deployed to keep close track of crown-jewel intellectual property.
Work-force monitoring technologies, that profile employees’ use of their endpoint devices, also have had limited use in business settings. Forcepoint is championing the notion of expanding and extending the use of DLP systems and combining them with work-force monitoring systems.
“Looking at abnormal behaviors by the employee base, in an anonymous way, to determine whether something looks abnormal … that would be the next step,” Moynahan says.
“When you fuse those two things together, something magical happens. You literally can have a very easy, intuitive way to parse through things that are happening in your network that is more people-centric.”
Helping good employees. So where does the need to secure company data cross over into invading an individual’s privacy? Moynahan argues the line can be clearly drawn, and respected, thanks to advances in data mining and machine learning.
“We are providing ways to implement people-centric security respectfully,” he says. “We provide the tools and the ability to create transparent policies for enterprises to really make sure that one bad apple doesn’t ruin the bushel.”
Moynahan, for one, believes “most employees are doing absolutely the right thing.” He says data leakage often stems from simple mistakes. It is now possible, he says, “to help the good employees be good employees, without putting in place onerous security that disrupts the day-to-day work force.” For a deeper dive into this discussion, please listen to the accompanying podcast.
More stories related to cybersecurity, employees and behavior:
When it comes to security, don’t give employee education short shrift
Embrace biometrics to stay ahead of advanced cyber threats
Look to human nature for continued success of phishing attacks
People are the problem in countless data breaches