Human behavior analytics is the future of cybersecurity

Human behavior technology watches and collects cyber behavior, and stitches themAccording to The Global State of Information Security Survey 2017 conducted by PricewaterhouseCoopers, about one-third (31.5%) of companies in Hong Kong and China are expected to invest in advanced cybersecurity technologies this year.

But that may no longer be enough to protect their valuable digital assets and corporate data at a time when more and more enterprise applications are moving away from internal networks to the cloud and mobility.

“When you have a world with no borders, all you have left is people and data moving around the world, and that is a big challenge. At the same time, when you have research reports saying more than 90% of companies have been owned by hackers, it tells you the current IT security model has broken down. It tells you that we need a new approach to security,” Matthew Moynahan, CEO, Forcepoint, told Computerworld Hong Kong during a visit to the city last week.

Pivoting towards human-centric security

Moynahan pointed out that even with the use of machine data and big data algorithm, enterprises are still being breached.

“There is so much information out there that the real events are getting lost in the haystack. This is because they are focused on looking solely at machine events and not at people’s behavior in the network,” he said.

Forcepoint, established in 2016, is on a mission to help shift today’s threat-centric approach to a human-centric approach.

“The point of interaction between people and data can undermine the most comprehensively designed cybersecurity systems in a single unintentional act or malicious act. Cybersecurity must move from securing technology to understanding human behavior and intent,” Moynahan said.

To this end, Forcepoint’s “human point” strategy is about understanding how people and content move around the world. It makes people the focal point of cybersecurity. The rationale being cloud, mobility and ever-changing infrastructure make the traditional perimeter a fallacy; and by focusing on how, when, where and why people interact with critical data and IP, organizations can more effectively identify and address risk.

“Every time you touch a piece of information technology, it turns into a cyber behavior,” said Moynahan. “We collect information based on what we know about human behavior. Our software watches and collects cyber behavior, and stitches them together to a story.”

“We define behaviors – understanding a pattern of behavior that normal human beings shouldn’t do as opposed to understanding some event that is happening billions of times a day in a network. Instead of taking all the information off a device, we basically ask the device to collect certain types of irregular behaviors for us. And it starts with people and then saying what we want to watch. For example, if you know someone interacted with something, and you say ‘give me all information from this type of behavior, you may only take 10% of total events that are coming in. You do not have to worry about the other stuff,” he added.

Forcepoint provides new tools that can help measure user intent, better analytics that are focused not just on the programs that are running, but what they are doing.

And the company continues to strengthen its human-centric security strategy with the recent acquisition of RedOwl last month. RedOwl specializes in user and entity behavior analytics (UEBA) technology that provides visibility into the holistic activities of people, including cyber, physical and financial. Customers deploy these capabilities to analyze large amounts of complex data, assess high-risk events and behaviors, and enact centralized and supervisory oversight to satisfy both security and regulatory requirements.

RedOwl brings a sophisticated analytics platform to Forcepoint’s human-centric cybersecurity system and will be integrated across the company’s portfolio, as well as with customers’ existing technologies (e.g., SIEM). This platform delivers real-time insight into anomalous interactions and access across people, data, devices and applications.