Interviews | June 23, 2017

Black Hat USA Sponsor Interviews: Forcepoint, Qualys, and RSA

Matt Moynahan

Matt Moynahan
Forcepoint Chief Executive Officer


Q: Forcepoint has positioned itself as a vendor that helps companies protect the human point. What exactly does that mean from a product perspective? How are your products designed to address the risks companies face from accidental, negligent or malicious actions of employees?

At Forcepoint, we are focused on helping customers to understand the cyber behaviors and intent of people as they interact with critical business data and IP. The point where these interactions take place – what we call the human point – presents both the greatest value and vulnerability to a company. That is why understanding intention – why an interaction is taking place – is so critical. If you understand intention, you'll quickly be able to discern whether key assets are being used properly, improperly, but without ill intent or improperly with malice.

Despite the importance of understanding behaviors and intent, organizations have a hard time understanding which cyber behaviors are productive and which ones could lead to an unintentional or malicious breach. Security professionals have told us they lack the visibility into user activity needed to uncover intent. This lack of visibility has only been compounded with the enablement of remote employees to work anywhere in the world, as well as the stratification of data in the cloud, on mobile devices and on-premises.

Forcepoint's technology, including insider threat, data loss prevention, cloud security and network security, form the foundation of capabilities that allow companies to increase visibility and share intelligence along multiple points in order to coordinate defense policies. They help establish baselines for normal behavior, from which security teams can identify patterns of behavioral anomalies or areas of potential risk. Through behavioral analytics, we can help identify your riskiest users and provide the context behind their actions, stopping bad cyber behaviors many steps ahead of a breach.

Q: It's been little more than a year since you took the helm at Forcepoint. Talk to us about what you see as the value add your company brings to the security table. Where do you see the biggest opportunities for growth moving forward?

Historically, the cybersecurity industry has revolved around building walls and moats to combat external threats, and layering more and more security on top of more and more technology infrastructure. In a sense, some of the recent cyber-attacks prove how little this industry has changed. Take a look at the numbers—record security investment dollars are being met with a never-before seen number of new breaches. It seems as though we still haven't made progress or really even addressed the root cause of our problem: the IT landscape is moving far faster than cybersecurity.

The industry's approach to security has been bottoms up, starting with malicious code, trying to trace the 1s and 0s back to a PC and eventually finding the person behind it. At Forcepoint, we're taking an entirely new approach. We're starting with the person. We no longer want to go down the rabbit hole of chasing every new security threat with more technology. Let's face it; we'll never be fast enough to keep up with the virtually infinite number of potential threats. For us, it's not so much about having the broadest portfolio. It's about having a system of technologies that work together to address the cybersecurity problem in an entirely new way.

Cyber has now become a way of life. The fiber of the world is one-part physical and one-part digital, and the fusion of the two is occurring in a way that will soon be virtually indistinguishable. Given how integrated the internet is in our daily lives, cyber has become both the planning area and the battleground for attacks carried out in our physical world.

We saw how easy it was for WannaCry to affect critical infrastructure, tying up hospitals and limiting their ability to provide care for patients. For this reason, our "human point" approach is that much more important—we must understand how cyber behaviors manifest themselves as risk. But it's even more important to understand how these behaviors point to intent related to harm in the physical world.

Q: Forcepoint is a Diamond Sponsor of Black Hat USA 2017. What do you want attendees to learn about your company from your presence at the event?

The security industry has reached a tipping point. As I mentioned, record investment dollars have done little to stem the onslaught of data breaches, led by a dramatic rise in insider-related incidents. Worldwide spending on information security will reach $90 billion this year and is projected to top $113 billion by 2020. How do we make the most of these investments?

More technology is not the answer, yet even the most esteemed experts have a very difficult time looking beyond the solutions they've helped design. The world simply cannot afford a cybersecurity industry full of ambulance chasers, playing defense and rushing to patch up each new wave of threats.

The industry is in need of a paradigm shift toward people-centric security that is capable of understanding user behavior and intent. Organizations must be able to observe the relationship between employees and their cyber activities and gain insight to characteristics and motivations that cause a normal, productive user to become the center of a breach. How do we allow good employees to do their jobs while identifying and stopping an accidental cyber behavior before it leads to a breach? The best malware is designed to act like the person its compromising. What cyber actions signal a compromised insider? 

Without visibility, cybersecurity is just another tech buzzword. We can alleviate these behavior-centric risks through systems of intelligent solutions that work together to take the incident management burden away from IT. That's what protecting the human point is all about—it starts with understanding our people to protect the things we value the most. If there was one thing we'd want Black Hat attendees to leave with, that would be it:  Forcepoint is here to help protect your employees, critical business data and IP – and we'll do that by helping you better understand and respond to the cyber behaviors and intent of people. You'll do that by protecting the human point.

Mark Butler

Mark Butler
Chief Information Security Officer


Q: You recently joined Qualys as CISO after serving in that same role at Fiserv. How do you plan on using your experience to advocate CISO needs for Qualys' customers?

As Fiserv's CISO, I was responsible for the enterprise cyber security strategy. My priorities were ensuring the availability and performance of the payment platforms, and the integrity and trustworthiness of E2E transactions. As financial services companies must maintain extremely high security and compliance standards, I also oversaw PCI DSS assessment delivery, operational risk mitigation, internal penetration testing, vulnerability scanning, and web application security.

Furthermore, in 20-plus years in IT security, I've developed expertise in threat intelligence, architecture, roadmap development, framework alignment, orchestration and workflow integration. I've also worked extensively with executive managers, IT leaders and legal counsel to provide precise visibility into new business opportunities and their associated cyber risks.

So at Qualys I will leverage all of that experience to help our customers' CISOs in a number of important areas, including:

  • Building security into the fabric of their digital transformation, which all companies are pursuing to remain competitive. CISOs must seize the opportunity to insert security teams in new facilitator roles into these initiatives at their organizations. That way, CISOs will raise the security team's level of partnership, engagement and influence with the business, and security will no longer be the group that — citing afety concerns object, delay or even attempt to block initiatives. By evolving from IT defenders to business enablers, CISOs will ensure digital transformation efforts are not only effective but also secure.

  • Assisting our customers with DevSecOps, at whatever stage they're in with their adoption of this agile and collaborative process for secure application development and delivery.

  • Helping CISOs achieve instant and complete visibility across all of their IT assets, and effectively respond to cyber threats. Speed, efficiency and visibility are the themes and priorities that go-forward CISOs will align their efforts with.

Q: What do you see as some of Qualys' biggest strengths in helping enterprises enable digital innovation in a secure manner?

Digital transformation technologies and processes – such as cloud computing, IoT, BYOD, containers, Agile development, continuous web application integration and delivery, mobility – have erased the boundaries of traditional network perimeters. To prevent breaches, organizations must quickly and constantly collect and analyze enormous amounts of IT asset data in these now hybrid and more complex IT environments. Meanwhile, hackers' attacks are getting more vicious and sophisticated.

In this new perimeter-less, hyper-connected world, enterprise security software designed for client-server environments falls short. It's too slow, costly, rigid and functionally narrow.  In response, CISOs have had to scramble to plug the information security gaps, diving into a noisy and confusing enterprise security market, crowded with obsolete and niche solutions. It's not uncommon for an enterprise InfoSec team to end up with 30-plus heterogeneous, siloed products that don't interoperate, and are expensive to maintain, and difficult to scale and manage.

The Qualys Cloud Platform has been designed for these new challenges. With it, CISOs can consolidate, simplify, modernize, and enhance their security and compliance posture. The platform is highly scalable, extensible and centrally managed, and has a suite of more than 10 natively integrated solutions for IT security and compliance. It gives customers continuous, comprehensive "single pane of glass" visibility and intelligence into all IT assets and their vulnerabilities — on premises, in the cloud, and at endpoints.

The platform constantly collects, assesses and correlates asset and vulnerability information, helping organizations prioritize their security and compliance remediation across their threat landscape. In short, the Qualys platform is in a leading position to not only provide the real-time visibility needed to respond to risks, but also the flexibility, coverage and scale that businesses need to protect any device on any environment.

Q: As a Diamond Sponsor of Black Hat USA 2017 what is your company's main focus at the event?

In addition to our existing security and compliance solutions for challenges like vulnerability management, web application security, IT policy compliance, third-party IT risk management, asset management, DevSecOps, cloud and threat prioritization, we'll be showcasing our newest products and helping to educate attendees on how to reduce the number of consoles and point solutions needed to gain security across these modern IT architectures and environments.

For example, we have a new solution called Container Security that basically lets customers address security for containers in their DevOps pipeline and deployments. It does that across cloud and on-premises environments.

Another new product is File Integrity Monitoring, which is now in public beta. It's designed to cut the cost and complexity of detecting policy and compliance changes, as mandated by increasingly prescriptive regulations.

We'll also be showing Indicator of Compromise Detection, which is also in public beta. It detects activity and behavioral changes on the endpoint. So customers get a continuous view of suspicious activity that may signal a variety of issues.

Then we have Secure Configuration Assessment, which is a new add-on to our Vulnerability Management app. It lets customers expand their VM program with configuration scanning capabilities and simplified workflows. That way they can assess, report, monitor and remediate security-related configuration issues based on the Center for Internet Security benchmark.

For customers looking to secure their public cloud workloads, we'll be showing our security and compliance solutions for Azure, Amazon AWS and Google Cloud. We have agreements and integrations with all three companies, so you can deploy our virtual scanner appliance and our Cloud Agents to monitor your workloads on all three platforms.

Last but not least, we'll be talking about how you can use a variety of Qualys products to boost and improve your DevSecOps environments, including our Web Application Scanning and Web Application Firewall solutions.

Mike Adler

Mike Adler
VP, Product Development


Q: How do you expect RSA's new 'Business Driven Security' focus to shape product development at the company? How do you expect your products and services to help enterprises bring security efforts into closer alignment with business needs?

At RSA, we believe that, although the challenge of securing modern computing environments may be daunting, it is solvable with an approach we call Business-Driven Security. [It refers to] the ability of an organization to comprehensively and rapidly link security with business context to detect and respond effectively and protect what matters most.

With the massive expansion of the attack surface area, the shortage of security teams, and the exponential increase in threats, Security Operations teams need context to enable them to work smarter. That's because there are too many threats, too much to protect, and not enough time or people to do it all.

Our goal is to enable the Security Operations staff to be more effective at doing their jobs by giving them more insight to both spot incidents and prioritize them more effectively. By leveraging context around the criticality of assets, and insight into users and behaviors, they'll have that much more insight to accomplish their core job—spotting the incidents that have the greatest potential to do harm to their organization.

Providing asset context from RSA Archer and identity context from RSA SecurID can enable the SOC analysts to reduce the dwell time of hackers and insider threats. By aligning business context to security risks, RSA NetWitness Suite provides the most advanced technology to analyze, prioritize, and investigate threats making security analysts more effective and efficient. We are continuing to invest in bringing together identity and business context into the RSA NetWitness Suite so that we can provide actionable and automated threat detection and response for our customers.

Q: How are evolving threats forcing organizations to rethink their security technology strategies? Why is it that enterprises have such a hard time preventing intrusions despite all the money they are spending on security?

Despite increasing investments in security, breaches are still occurring at an alarming rate. Whether the result of cyber criminals sending phishing or malware attacks through company emails, nation states targeting organization's IP, or insiders misusing sensitive data, we live in a world where prevention of breaches has become impossible. Successful attacks bypass each layer of prevention that we have put in place because they often use valid user credentials, trusted access paths, or new exploits, thus going unnoticed by our preventative controls.  Given the speed of which cyber criminals are able to create new security threats, companies must change their approach to security.

Since companies have no choice but to allow some traffic to pass through all layers of defense in order to do business, traffic will need to flow through preventative controls.  Logs only tell part of the story of what traffic makes it through.  Log centric SIEMs can only report on what the preventative controls have identified. As organizations add more preventative controls, the amount of data and events generated can overwhelm even the most mature security teams. This leads to even more noise, increasing the likelihood that the signal or clues about an attack will get lost.

This is where RSA NetWitness Suite SIEM comes in to address the problem in a very unique way. It can ingest log data just like a standard SIEM, but it can also tap into traffic bypassing preventative controls by ingesting raw packet data to achieve much deeper visibility and provide a comprehensive view of the entire organization.  Better yet it amplifies the value of this data with capture time data enrichment. Making it more effective for spotting and investigating attacks.

Q: RSA has a pretty wide portfolio of security products at services. What do you expect will be the main focus at Black Hat USA 2017 and why?

The RSA NetWitness Suite will be the main focus at Black Hat USA 2017. The capabilities of our SIEM go far beyond what a traditional, log based SIEM does. We are excited to share the latest information on our threat research, product development and technical differentiation with the audience at Black Hat. We believe our tools can make security analysts more efficient and effective at their jobs by combining the industry's most pervasive visibility across data sources - from any modern infrastructure - with advanced analytics and a response framework focused on minimizing risk.

We are squarely focused on rapidly detecting and responding to the threats that matter most, not just what was logged. RSA is redefining the market with our evolved, Advanced SIEM, which leverages real-time visibility across logs, packets, endpoints and threat intelligence. The power of the RSA NetWitness Suite increases productivity for analysts of every skill and experience level and accelerates threat detection and response.  With the integration of business context to better determine risk, RSA NetWitness Suite immediately exposes the most important and high risk threats across the organization, optimizes security processes to drastically reduce attacker dwell time, and prioritizes response to target the threats that matter most to the business.

Sustaining Partners