Forcepoint isn’t your typical security start-up. It already has 20,000 customers and ranges from businesses with 50 to 200,000 employees. Based in Austin, Texas, the company has about 2,200 employees in 44 offices worldwide. At the helm is CEO John McCormack, who was previously a senior executive at Websense, Symantec and Cisco.
McCormack sat down with us at ThirdCertainty as he takes command of the freshly minted entity. The text has been edited for clarity and length.
ThirdCertainty: What is Forcepoint all about?
McCormack: We want to be the company that helps organizations move to the age of cloud computing in a safe and secure way. And we want to help in reducing what I call “point product fatigue.” We’ve created a lot of point solutions for many of the cyber challenges that organizations face. And as I look in the eyes of many chief information security officers, I see real fatigue in their eyes. They’re still struggling to manage the environment they have today. Yet they need to get on top of these more determined adversaries.
3C: How is Forcepoint seeking to address that?
McCormack: Our viewpoint is that, as we work to reduce that point-product fatigue, you build an open architectural approach. You build it on cloud computing concepts and capabilities that reduce their administrative burden, that reduce that operational footprint. We have to make a meaningful difference so that we can work on more important topics of hardcore security analytics and analysis of the inevitable breaches that happen to most organizations.
3C: Where does an organization begin addressing a worsening cloud-centric environment?
McCormack: Have a healthy risk assessment and threat assessment done, and do best practices regularly. The other thing I would recommend is absolutely working on your weakest link. For all the technology and capabilities around cybersecurity, humans have been, and continue to be, the weakest link in the security chain. They get fooled. They aid and abet, and they make mistakes because of a lack of security awareness.
3C: Many times employees are just hustling to be more productive, not necessarily being careless.
McCormack: Absolutely right. Most accidents happen because you’ve got users who are trying to do a great job, quite frankly, and are just trying to be productive. But we also know firsthand that adversaries will recruit people to put into your organization who will work to compromise your organization. You have to be able to identify those insiders. And you’ve got to be able to identify the intent. If it’s an accident, that’s one route to take. But if it involved malicious intent, that’s a different route that you might want to take.
3C: So a new mindset, really, is needed in this environment.
McCormack: Yeah, you’ve got to bring your users into the fold. Cybersecurity is a highly technical field. You’ve got to make it reasonable to understand. Here at Forcepoint, we run a program called “Catch Of The Day.” Anything suspect, whether it’s physical security or cybersecurity, can be reported and immediately responded to by our teams with both feedback and education about what they found and what they saw. Then we celebrate every quarter. Some of the best catches have kept us from being compromised.
With $5 trillion in premiums, an incredibly low level of customer satisfaction, aging infrastructures, an analytically based, high-volume business model and a “wait until we have to” approach to innovation, insurance is now fully in the sights of the most disruptively innovative engine on the planet, Silicon Valley. The tipping point for insurance is here.
More than 75 digitally born companies in Silicon Valley, including Google and Apple, are redefining the rules and the infrastructure of the insurance industry.
Inside the Insurance Tipping Point – Silicon Valley | 2016
It’s one thing to listen to all of the analysts talk about the digitization of insurance and the disruptive changes it will bring. It’s quite another to immerse yourself in the amazing array of companies, technologies and trends driving those changes. This post is the first of a series that will give you an inside look at the visions, culture and disruptive innovation accelerating the digital tipping point for insurance and the opportunities that creates for companies bold enough to become part of it. (Join us at #insdisrupt.)
Rise of the Digital Ecosystem – Expanding the Boundaries of Insurance
Digital ecosystems are innovation catalysts and accelerators with power to reshape industry value chains and the world economy. They dramatically expand the boundaries within which insurance can create value for customers and increase the corners from which new competitors can emerge.
Silicon Valley is home to companies acutely aware of how to establish themselves as a dominant and disruptive platform within digital ecosystems. That includes Google, which is investing heavily in the automobile space with Google Compare and self-driving vehicles and has acquired Nest as an anchor in the P&C/smart homes market. Fitbit is already establishing health insurance partnerships. And let’s not forget Apple. The Apple Watch already has insurance-related partners. Apple has clear plans for the smart home market and has recently launched AutoPlay, its anchor entry into the auto market. There are rumors that Apple plans to develop an iCar. And that’s just what we know about.
Customer Engagement and Experience – New Digital Rules, New Digital Playbook.
When your customer satisfaction and trust is one of the lowest in the world and companies like Apple and Google enter your market place, it’s really time to pay attention. There is a customer value-creation and design led innovation culture in the valley unrivaled in the world, and the technology to back it up. Companies like Genesys, and Vlocity are working on perfecting the omni channel expereince. Hearsaysocial and, declara, are working on next gen social media to help customers and the insurance industry create better relationships. Many of the next generation of insurance products will be context aware, opening the door to new ways of reaching and supporting customers. Companies like mCube and Ejenta, are working to provide sensor based insight and the analytics to act on it. Trunomi, Beyond the Ark, and DataSkill via cognitive intelligence are developing new innovative ways to use data & analytics to better understand and engage customers. Lifestyle based insurance models are being launched like Adventure Adovcates and Givesurance, And some of digital marketing automation’s most innovative new players like Marketo, and even Oracle’s Eloqua are rewriting and enabling a new digital generation of marketing best practices.
Big Data and Analytics – Integrated Strategies for the New “Digital” Insurance Company
The techno buzz says big data and analytics are going to affect every business and every business operation. When you are a data- and analytics-driven industry like insurance that deals with massive amounts of policies and transactions, that buzz isn’t hype, it’s a promise.
The thing about big data and analytics is that when they are used in operational silos, they provide a tactical advantage. But when a common interoperable vision and roadmap are established, analytics create a huge strategic advantage. That knowledge and the capability to act on it is built into the DNA of “born digital” entries into the insurance market like Google.
The number of companies working on big data and analytics within the valley is staggering. We have already discussed a few in the Customer Engagement section above. Here are a few more, In the area of risk: RMS is building its stable of talent in the big data space; Actian is delivering lightning-fast Hadoop analytics; Metabiota is providing epidemic disease threat assessments; and Orbital Insights is providing geo-based image analysis. In the areas of claims and fraud, Palantir, ScoreData, Tyche and SAS are adding powerful capabilities for insurance. Improved operational effectiveness is being delivered by Saama Technology, with an integrated insurance analytics suite; by Prevedere, with data-driven predictive analytics; by Volumetrix, with people analytics; and by Sparkling Logic, which helps drive faster and more effective decision making.
Insurance Digitized | Next Generation Core Systems
With insurance boundaries expanding, integration with digital ecosystems, increasing reliance on analytics and the demand for personalized and contextualized outcome- and services-based insurance models, core systems will have huge new sets of requirements placed on them. The requirement for interoperability between systems and data and analytics will grow dramatically.
Surviving the Tipping Point – Becoming One of the Disruptive Leaders
This is a small sampling of the technologies, trends and companies just within Silicon Valley that are shaping the digital future of insurance. The changes these will drive are massive, and they are only the tip of the iceberg.
An Insurance Tech meetup group open to all the insurance-related companies within Silicon Valley was just announced by Guillaume Cabrere, CEO of AXA Labs, and already has 64 members. For established companies to survive the tipping point and thrive on the other side of it requires more than handing “digital transformation” off to the CIO or marketing team. Success requires a C-Suite that has become an integral part of the community and culture building the digital generation of insurance companies.
For technology companies and next-generation insurance companies, success requires building partnerships with established and emerging players.
This blog series is designed to inform and accelerate that dialog and partnering formation. It will include a series of interviews with disruptive leaders from industry and Silicon Valley. If you or your company would like to be a part of that series, please let me know.
Join us for the next Insurance Disrupted Conference – March 22-23, 2016 l Silicon Valley
ITL readers receive a 15% discount when registering here.
More companies than ever realize they’ve been breached, and many more than you might think have begun to put processes in place to respond to breaches.
A survey of 567 U.S. executives conducted by the Ponemon Institute and Experian found that 43% of organizations reported suffering at least one security incident, up from 10% in 2013. And 73% of the companies surveyed have data breach response plans in place, up from just 12% in 2013.
“Compared with last year’s study results, survey findings show encouraging signs that organizations are beginning to better prioritize data breach prevention, but more needs to be done,” says Larry Ponemon, namesake founder of Ponemon Institute.
Major data breaches have become a staple of news headlines. So it can’t be that companies are complacent. The problem seems to be that big organizations just can’t move quickly enough.
Home Depot was blind to intruders plundering customer data even as Target endured exposure and criticism for being similarly victimized just months before, possibly by the same gang.
In our connected world, it’s hard to keep pace. The Ponemon study found 78% of companies do not account for changes in threats or as processes at a company change.
Rise of threat intelligence
That’s where the trend toward correlating data from disparate threat sensors could begin to close the gap. It’s a promising sign that ultra-competitive security companies have begun to collaborate more on sharing and analyzing threat intelligence.
Boulder, Colo.-based security vendor LogRhythm, for instance, has formed an alliance with CrowdStrike, Norse, Symantec, ThreatStream and Webroot to share sensor data and compare notes on traffic that looks suspicious.
LogRhythm supplies a platform for culling and analyzing data from its partner vendors “to help identify threats in our customers’ IT environments more quickly, with fewer false positives and fewer false negatives,” says Matt Winter, LogRhythm’s vice president of corporate and business development.
Since announcing its Threat Intelligence Ecosystem last month, LogRhythm has received “considerable inbound interest from customers and channel partners,” Winter says. “Feedback has been very positive.”
Similar threat intelligence alliances, both formal and informal, are taking shape throughout the tech security world. The business model of Hexis Cyber Solutions, a year-old startup, relies on pooling threat sensor data from several security vendors, including antivirus giant Symantec and social media malware detection firm ZeroFOX.
Hexis applies analytics with the goal of accurately identifying – and automatically removing – clearly malicious programs.
“The state of the art today is a single-point security product triggering alerts on particular things and putting a warning on a screen,” says Chris Fedde, president of Hexis. “We’re all about analyzing alerts and taking action on them. Anything that’s malicious we go ahead and remove.”
In one recent pilot study, Hexis tracked 5,000 computing devices and 13,000 user accounts of a U.S. medical center for 30 days. Hexis intercepted 35,000 incidences of suspicious outside contacts and removed 23 malicious files.
Those malicious files that got inside the medical center’s network included: Dirtjumper, a tool used to conduct denial of service attacks; Tsumani, malware used for spamming and data theft; a remote access tool (RAT) used to take full control of a compromised computer; and an adware Trojan.
There’s a long way to go. But alliances to share threat sensor information, like the ones being pioneered by LogRhythm, Hexis and many other security vendors, seem destined to take root.
Someday in the not too distant future, it may not matter if intruders get inside the network, if robust threat intelligence systems are poised to cut them off from doing damage.
One reason is the bad guys are adept at leveraging a work tool we all use intensively every day: the Web browser. Microsoft Explorer, Mozilla Firefox, Google Chrome and Apple Safari by design execute myriad tiny programs over which network administrators have zero control. Most of this code execution occurs with no action required by the user. That’s what makes browsers so nifty.
A blessing and a curse
But that architecture is also what makes browsers a godsend for intruders. All a criminal hacker has to do is slip malicious code into the mix of legit browser executable code. And, as bad guys are fully aware, there are endless ways to do that.
So if browsers represent a wide open sieve to company networks, could inoculating browsers be something of a security silver bullet? A cadre of security start-ups laser-focused on boosting browser security is testing that notion. The trick, of course, is to do it without undermining usability.
Branden Spikes, Spikes Security founder and CEO
ThirdCertainty recently sat down with one of these security innovators, Branden Spikes, to discuss the progress and promise of improving Web browser security. Spikes left his job as CIO of SpaceX, where he was responsible for securing the browsers of company owner Elon Musk’s team of rocket scientists, to launch an eponymous start-up, Spikes Security. (Answers edited for clarity and length.)
3C: The idea of making Web browsing more secure certainly isn’t new.
Spikes: Let me break it down by drawing a line between detection and isolation. Browser security has been attempted with detection for many, many years, and it’s proven to not work. McAfee, Symantec, Sophos, Kaspersky and all the anti-virus applications that might run on your computer became Web-aware a while back. They all try to use detection mechanisms to prevent you from going to bad places on the Web.
Then you have detection that takes place at secure Web gateways. Websense, Ironport (now part of Cisco), Blue Coat, Zscaler and numerous Web proxies out there have security features based on the concept of preventing you from going to places that look malicious or that are known to be bad. Well, hackers have figured out how to evade detection, so that battle has been lost.
3C: Okay, so you and other start-ups are waging the browser battle on a different front?
Spikes: When you realize that detection doesn’t work, now you have to isolate. You have to say, :You know, I don’t trust browsers anymore. Therefore, I’m not going to let my stuff interact with the Web directly.” In the past five years, newer products have started to offer browser isolation technology. We’ve taken a very no-compromise approach to isolation technology.
3C: So instead of detecting and blocking you’re isolating, and sort of cleansing, browser interactions?
Spikes: Yes, and much like with detection technology, isolation can exist in either the endpoint or on the network. Some examples of endpoint isolation might be Invincea or Bromium, where you’ve got your sandboxes that do isolation on the endpoint. I applaud all the efforts out there. It spreads the whole gamut from minimal amount of isolation to sandbox technologies built into browsers. There’s quite a bit of investment going into this.
3C: Your approach is to intercept browser activity before it can execute on the worker’s computer.
Spikes: If you come at the problem from the assumption that all Web browsers are fundamentally malware, you can understand our technology. We essentially take the malware off the endpoint entirely, and we isolate the execution of Web pages on a purpose-built appliance. What goes to the end user is a very benign stream of images and sound. There’s really no way for malware to get across that channel.
3C: If browser security gets much better, at least in the workplace, how much will that help?
Spikes: If we successfully solve the browser malware problem, we could, I think, allow for more strategically important things to occur in cybersecurity. We could watch the other entry points that are less obvious. This sort of rampant problem with the browser may have taken some very important attention away from other entry points into the network: physical entry points, social engineering and some of the more dynamic and challenging types of attacks.
Your client, ABC Corp. is going about its business and then gets this message:
The above is a typical ransomware message, according to a recent Symantec Security Response report. What’s next? Pay the “ransom” and move on? Ransomware is a type of malware or malicious software that is designed to block access to a computer or computer system until a sum of money is paid. After executing ransomware, cyber criminals will lock down a specific computer or an entire system and then demand a ransom to unlock the system or release the data. This type of cyber crime is becoming more and more common for two reasons:
1. Cyber criminals are become increasingly organized and well-funded.
2. A novice hacker can easily purchase ransomware on the black market.
According to the FBI, this type of cyber crime is increasingly targeting companies and government agencies, as well as individuals. The most common way that criminals execute their evil mission is by sending attachments to an individual or various personnel at a company. The busy executive opens the file, sees nothing and continues with his work day. However, once the file has been opened, the malware has been executed, and Pandora has been unleashed from the box!
Now that the malware has been unleashed, a hacker can take over the company’s computer system or decide to steal or lock up key information. The criminals then make a “ransom”demand on the company. The ransom is usually requested in bitcoins, a digital currency also referred to as crypto-currency that is not backed by any bank or government but can be used on the Internet to trade for goods or services worldwide. One bitcoin is worth about $298 at the moment. Surprisingly, the amounts are generally not exorbitant (sometimes as nominal as $500 to $5,000 dollars). The company then has the choice to pay the sum or to hire a forensics expert to attempt to unlock the system.
The best way companies can attempt to guard against such cyber crime attacks is by educating employees on the prevalence and purpose of malware and the danger of opening suspicious attachments. Employees should be advised not to click on unfamiliar attachments and to advise IT in the event they have opened something that they suspect could have contained malware. Organizations should also consider backing up their data OFF the main network so that, if critical data is held hostage, they have a way to access most of what was kidnapped. Best practices also dictate that company systems (as well as individual personal devices) be patched and updated as soon as upgrades are available.
Finally, in the event you are a victim of a ransom attack, you would need to evaluate it constitutes a data breach incident. If the data hijacked is encrypted, notification is likely not necessary (as the data would be unreadable by the hacker). However, if the data was not encrypted, or you cannot prove to the authorities that it was, notification to clients or individuals is likely necessary.
Cyber extortion is more prevalent than most people realize because such events are not generally publicly reported. To protect against this risk, we recommend that companies employ best practices with respect to cyber security and that they consider purchasing a well-tailored cyber policy that contains cyber extortion coverage. Such coverage would provide assistance in the event a cyber extortion threat is made against the company, as well as finance the ransom amount in the event a payment is made.