Interview: Petko Stoyanov On Zero Trust Fundamentals, Cybersecurity Consolidation, And The Benefits Of SASE
Expert Insights interviews Petko Stoyanov, Global Chief Technology Officer At Forcepoint.
“Having more tools does not make us safer. Having more toys, does not make you happier. Having more focus, getting more efficient is what really makes us happy,” Petko Stoyanov, Global Chief Technology Officer at Forcepoint, tells Expert Insights. “I’m seeing a trend right now which is consistent. We have less people. We need to consolidate.”
At Forcepoint, Stoyanov is responsible for helping customers protect their data and align with Zero Trust principles amongst other duties. For the last 20 years, he has worked with customers, including enterprises and the US government, as a security practitioner, developing both human security practices and technological approaches. Expert Insights sat down with Stoyanov for a wide-ranging interview at the recent RSAC 2023 Conference – you can listen to our full interview here.
One of the major challenges that security teams must deal with today is a surplus of IT tools, Stoyanov explains. Teams will have 50+ security tools, which all produce data and alerts that make it hard to prioritize and focus on the events that really matter. When “you have this list of 1,000 things you need to do, guess what, none of them are getting done! We’ve got so much data that’s been thrown at us that without context, without finding how it fits in, nothing is going to get solved.”
For these reasons, “there has been a consolidation phase in security for a while,” he says. This has led to the rise of categories like SASE (Secure Access Service Edge) he explains, a framework for network architecture that combines multiple cloud security technologies, including Cloud Web Gateways, CASB solutions, ZTNA, and Firewalls. Consolidating tools in this way helps to reduce false positives and produce a “better signal-to-noise ratio.” This shifts the focused onto outcomes rather than the huge volume of data and alerts.
Consolidating tools can also help with the economic pressures on security teams, who with a worsening economic outlook in many industries are often under increasing pressure to do more with less. “We’re definitely having a lot more conversations around time-to-value of products,” Stoyanov says. “If I put in $1 here, how do I save it? What does the total cost of ownership look like?”
We’ve all had the experience of paying for a service, only to find taxes aren’t included, there’s extra hidden costs and fees. “Guess what? Same thing happens in security unfortunately,” Stoyanov says. “When you’re going in with a vendor, get a real understanding of the whole cost of ownership, because if I did a total cost of ownership on the pre-fee cost, it’s a different calculation after all those extra fees… we’re seeing more and more CISOs ask for [the total cost of ownership] from the vendors directly, and having their teams validate internally.”
To this end, Forcepoint has recently launched Forcepoint ONE Insights; a new product designed to help teams measure the total cost of ownership by showcasing the number of events tracked, and the amount of data blocked. “When you have the conversation of is technology providing value, we’ll give you that answer, and you get to customize all of it. Your own personalized total cost of ownership.”
The Fundamentals Of Zero Trust
One of the major security trends of the past few years has been the push for adoption of Zero Trust principles – an area in which Forcepoint has been a market leader. While previous years have been focused on defining Zero Trust, many enterprises are now firmly moving into the deployment stage for Zero Trust fundamentals.
“Zero Trust – I hate to say it – means different things to different people,” Stoyanov says. “But if we focus on the fundamentals, it’s about granting access, and having control over the information and data. The principles are really around network least privilege, at the core.”
There are multiple pillars within Zero Trust, Stoyanov says. These include identity, devices, the network, application, and data. With Forcepoint, these pillars are centralized within a single admin console, to enable users to manage user devices, what they can connect to, and what data they can access. “We’ve taken Zero Trust, and we put it in our policy infrastructure, so it makes sense to the user.”
This also extends to contextual decision making for internal users. For example, if a device outside the network logged in from an untrusted location, you could temporarily block that user from accessing certain data or allow them to view the data but limit their ability to make changes. You could also prevent them from uploading new data as it could be malicious. “Because we also have to start thinking that it’s not just our data,” Stoyanov explains. “It’s how the partners interact with us. It’s how our supply chain interacts with us. We have to start thinking about what they are giving us that could affect us in the future?”
Generative AI And Cybersecurity Teams
“I feel like I can’t go a few blocks here without hearing about ChatGPT!” Stoyanov says when asked about the future trends in the cybersecurity landscape. “We’re definitely seeing more of that type of technology. How can I just talk to someone, asking questions, and it makes my job easier? In cyber, that becomes critical.”
Attackers are already starting to use tools like ChatGPT to circumvent cybersecurity controls, Stoyanov says. Defenders must therefore also look to utilize generative AI technologies in order to make their lives easier and help address some of the challenges we’ve outlined around the complexity of tools, and the difficulties in prioritizing or contextualizing security alerts.
“I think you’ll start seeing these chatbots become much more personalized within each vertical and each technology to be able to answer more specific questions. And you don’t need to be an expert to understand it.” In cyber, this means cybersecurity teams can get immediate answers from AI ‘Co-Pilots’ that can identify new vulnerabilities and maintain services. These tools can reduce some of the challenges caused by skills gaps and ever-expanding data outputs.
“You can ask a bot question and it helps to reframe it. Because sometimes that’s what we need. Given this data – what do you think happened? Is this really a breach? These might be questions that you ask the bot.”
You can listen to our full interview with Petko Stoyanov on the Expert Insights podcast.
Listen on Spotify:
Listen on Apple Podcasts:
About Expert Insights:
Expert Insights provides leading research, reviews, and interviews to help organizations make the right IT purchasing decisions.