Network Security

Interview: Why Organizations Need To Consolidate Their Security

Petko Stoyanov, Global CTO at Forcepoint, discusses the benefits of consolidating your security stack, how acquisitions are affecting the cybersecurity landscape, and how Forcepoint is helping their customers stop some of the most prevalent threats we’re seeing today.

Expert Insights Interview With Petko Stoyanov Of Forcepoint

Petko Stoyanov is the Global CTO at Forcepoint where he brings two decades of experience in cyber security, anti-tamper, program management, and go-to-market strategy to the company. Prior to joining Forcepoint, Stoyanov served as McAfee’s Chief Technical Strategist for Public Sector and has held multiple quasi-government roles within the Intelligence Community and Department of Defense driving IT modernization and cybersecurity initiatives in securing customer data and improving their security posture.

As well as this, Petko Stoyanov is an established thought leader in the cybersecurity space, being a member of the Forbes Technology Council, an ATO on the AWS Advisory Board, and a STAR Mentor at MACH37 Cyber Accelerator. He is particularly interested in emerging disruptive trends in the industry and is often invited to speak on such themes at industry events.

At RSAC 2022, we spoke with Petko Stoyanov to discuss the benefits of consolidating today’s security stack, how acquisitions are affecting the cybersecurity landscape, and how Forcepoint is helping their customers stop some of the most prevalent threats we’re seeing today.

Could you give us an introduction to Forcepoint and your key use cases?

Forcepoint is comprised of three primary businesses: enterprise DLP that helps small businesses and enterprise customers protect their critical data while staying productive; Secure SD-WAN, which allows you to optimize connections to the cloud and to branch offices, with added next-gen firewall protection and prevention capabilities; and, our Secure Service Edge (SSE) platform Forcepoint ONE.  

We announced Forcepoint ONE a couple of months ago. It’s a managed cloud solution that combines traditional on-prem security with cloud security, so when you’re accessing your cloud apps we’re protecting you there, when you’re accessing private applications that are in your data center, for example, we provide true prevention and DLP protections. Additionally, as you’re surfing the internet, we enable reputational URL protection and Cloud Access Security Broker capabilities for Cloud Apps. And then if you need additional protections, we have features like remote browser isolation with content disarm and reconstruction functionality that’s built into the platform today. 

One of the biggest challenges we have in cyber security is is people. We’ve heard this said over and over again, but I don’t see many companies doing something about it. So, I decided to look at some of the data. And one of the pieces of data I looked at showed there are 3.5 million job openings for cyber and, when you dig into the numbers, you find that the majority of them require special certifications. So, businesses are trying to hire one person to do six jobs. And that’s the dirty little secret. And what ends up happening is, businesses keep raising the bar of the cyber qualifications, saying they want a Security Professional with a CISSP and a networking expert with a CCIE, it’s like looking for a purple unicorn among the candidates. Good luck finding that! 

Businesses aren’t at fault here. Over the last few decades technology has become more and more complex. As technology vendors, we never actually made technology easy to manage.

We figured that, if there are all these issues on the people side of things, we have to do something in our products to make it easier for them to use.

And that’s where Forcepoint ONE fits in, as a SaaS solution for customers, which they can log in and configure. But our focus is ensuring that you don’t need to have a PhD or senior-level certification to use it. We’ve made it logical enough that you can easily select the applications you want to protect that we’ve identified for you, you can identify who can go there and what type of protection you want, all with just a couple of clicks.

What are some of the main threats and security challenges that organizations are currently facing, which may require them to invest in a solution such as Forcepoint’s?

In the presentation I did today I showed on the screen an iPhone and an Android, and said, “There are two types of people.” Then I went to the next slide, which said, “Those who patch and those who don’t.” We buy so much technology, we pile it high, and then we wonder, “Am I keeping up?” We get stuck on getting products up to date, and we forget why we bought it for the business.  

So, one of the trends we’re seeing is a massive consolidation of tools as everyone’s outsourcing to SaaS. Analysts like Gartner are seeing the same thing, which they describe as SSE and SASE. Our approach is to take our data protection capabilities and infuse them into our SASE architecture, so it’s data-first SASE. We feel that’s unique because we’re focused on the data and the individual, rather than all the technology you have to worry about.

In terms of threats, ransomware is definitely one that we see often. And it may seem cliché to worry about ransomware, but the thing you have to remember is that ransomware is such a concern because it disrupts the business, and it makes it so that employees can’t do their job. From that standpoint, the business can do certain things—like restore backups—but there are also prevention tools that we can use to stop it before it gets to the endpoint.  

Most of the ransomware we’ve seen starts with an email and a click. The question you have to ask is, where does that click go? So, what will happen is it’ll come in through your email security, then you might hit a sandbox, and then it hits the users. Security really has to be at the point of the click; not at all these layers of defenses and everything that we built.  

The way we provide protection for this is through remote browser isolation. That’s when you have another solution that sits in front of you that’s like a browser, but the browser is hosted elsewhere. It’s a cloud browser that serves data for you and gives you almost like a virtual desktop, if you will, but only for the browser.  

Now, what’s really interesting is there have been a couple of recent attacks in certain areas that were using something called HTML smuggling. HTML smuggling is when you take an executable, convert it to base 64, and smuggle the executable in JavaScript, and then when the browser reads it, it actually downloads it as an executable. Think about that for a second; it just bypassed your security and made you download something. Our solutions like remote browser sessions are actually very effective in combating that, as it completely neuters it so it’s no longer effective. 

And why is remote browser isolation such an effective tool, compared to more traditional web security tools, such as DNS filters?

If you have a company, you have to start asking, do I want my systems directly exposed to the internet, even with firewalls and everything else? Is there a way for me to hide from it? Remote browser isolation provides that capability. It shrinks your attack surface, so only when you surf the internet is it exposed. And when it does get exposed, it is a browser that’s in the cloud somewhere—not in your environment.  

You’re able to isolate yourself from the attackers and they don’t know it’s you. That means they can’t come after you directly, they can’t target you.

Our browser isolation solution is fully containerized; every user gets their own container; it spins up in microseconds. But we also created something called Smart Isolation, which allows us to optimize teleconferencing software and other things that might be browser-based by focusing on streaming the most important pieces of content. 

Additionally, if a user is downloads files, instead of just scanning with AV, for non-executables like PDF and Word, we will actually sanitize it. We’ve gotten used to using hand sanitizer in the last two years. So, what if we did that on our files? That’s how this technology works. It’s prevention without detection. Gartner published a report that said organizations that isolate high-risk internet browsing and access to URLs in email will experience a 70% reduction in attacks that compromise end-user systems.

We’ve discussed a few of your tools today, and Forcepoint offers a lot of these cloud, network and web security tools via one holistic platform. How important is it for organizations to use one unified security platform, rather than multiple separate products across different business areas?

I had a CIO once mention to me that they only care about two things: the who and the what.

Everything else that’s in the middle is a security control to answer the who and what. In order to align with the business, the CIO needed to be able to answer the question of who touched what data. And they’re business-minded, they weren’t focused on technology. But those simple questions drove a lot of technology decisions, because they had to ask, “How do I answer that question? Do I need to buy seven tools, or do I buy one tool?”

I jokingly say that as a security industry we need to grow up, because we still want to buy our shiny objects, we want our toys, yet we’re still a little kid at heart. We love the latest technologies. I mean look at everyone in cyber; everyone loves technology, they get the newest iPhone, or the newest Android, they’ll have an Alexa in their house that’s hooked up to everything—but are they more secure? Are they more productive? Possibly, but not always.

So, what we’re seeing is a massive trend in the industry where “more” does not mean “better”. More technology actually makes you less secure because it increases your attack surface and giving more opportunities for someone to get in and means there are more things to maintain. And at the end of the day, the question is, “Am I using technology to benefit the business, or is technology using me to keep it up to date?” 

In light of that, do you think there’s going to be movement within the industry to offer more holistic security suites, either in terms of vendors developing more products or in terms of acquisitions?

Given the changes we’re seeing in the market dynamics, I think we’re going to have more acquisitions happening this year. It’s just natural. If you’re following the US stock market, you’ll see companies that are stable are rewarded, and companies that are focused on let’s say marketing rather than stability are having a challenge. I think there will be some opportunities for industry consolidation in the near future.

This lines up with what Gartner are saying, which is that, in two to five years, everyone’s going to be transforming into SASE and SSE platforms. Platforms will focus on identity and on usability first, and then you see the products in the middle; but you don’t focus on the products, you focus on the usability part of it.

Finally, what is your advice to organizations struggling to juggle multiple security tools? What is the first step they can take to simplifying their security?

Remember that we don’t need more technology. We just need to start looking at consolidating either vendors or technologies.

I met with the CIO of a major bank recently. They had a SIEM, and he told me that the whole team left. In one week, the eight people that were managing this one technology left. And when he hired new people, they said, “Oh, we don’t like this technology, we want a new one.”

And he thought, wait, I’ve had this investment for years, and now you want me to get a new one?

So, they spent more time trying to justify why they needed a new one, instead of just using what they had. And I think we’re all experiencing this problem, where we have so much technology that we start wondering, why did I buy it in the first place?  Is it the right solution for the problem? Do we still have the same problems we had when we acquired the technology, or have the problems changed? COVID gave us an opportunity to rethink the fundamentals: Why are we doing something? How many agents do we need? Is there a way to protect the user at a point of time, versus trying to do everything upfront? And to answer these, every organization out there should be looking at vendor consolidation and simplifying, rather than implementing more things.

Thank you to Petko Stoyanov for taking part in this interview. You can find out more about Forcepoint’s cloud, network and web security solutions via their website.

Expert Insights provides leading research, reviews, and interviews to help organizations make the right IT purchasing decisions with confidence.