Forcepoint

foreign

first I would like to talk to you about the conservation of and you might be saying well the world that we live in is changing rapidly right and the hockey Community is not slowing down I will show you some details later on but and yet with all this productivity that we have with all this technology that we have the way we are doing everything the way we interact is not getting easier we need to adapt we need to change there has to be a new way of doing things that are out there and when I say we I'm thinking about the original Partners the customers and the vendors as well so first I thought I would start talking

to you a little bit about myself um an early riser I woke up around 5am on the morning and the first thing I do is reach out to my tablet and for my personal tablet I have my own application where I have Outlook and I check my corporate emails see if there is any issues on the other side of the world maybe I check in for my Collegiate Europe or Asia if there is any issue that occurred if there is anything that's been happening and then after that I head on to the gym now I'm using my own personal device and I'm still checking my email still checking some of the websites I want while I am at the gym working out

and then once I'm done at the gym the next thing I do is go to Starbucks get a coffee I'm using Starbucks application skates to make a purchase right and then I hit home maybe I have a meeting with some of the colleagues in Asia or Europe to see if there is anything that can be done that week or that day now I switch back to my corporate devices to have right or meetings in this case and then I might jump back again to my own personal device I may go to my bank account start paying bills uh or I may go to some websites that I'm usually going to change these websites and then I might

go back again to my corporate device and log into Salesforce I just wanted to show you what I'm what my day looks like because I'm doing all these things before 9am I was able to use different devices like operating device mobile device tablet and I was able to connect to different Wi-Fi as well right this is the world that we live in today you you supposed to jump from one machine to another Wi-Fi and yet be able to do your job at the same time have that security protecting your corporate applications and all this has been possible because of the technology that was created 50 years ago should most of you are here with it in

early 1970s the open standard again the keyword here is open the open standard of tcpip emerged and because it's open the hackers also have access to these opens library right that means they can look at the southern layers they even have the application there uh presentation there station there transport layer Network layer right data link layer and physical layer and they can see how data is encapsulated how it's been moving up or down the different layers therefore they also have open access and they can they can take advantage of that to create some kind of malicious colors this is what the earlier list was talking about and in early 1980s you start seeing a lot of viruses or nutrition scores being

created and later on the 80s you see the world wide web and marriage and then later on in the 90s you start seeing a lot of applications how the work is evolving and what happens two years ago the pandemic came and we all went off companies spend hundreds of thousands of dollars to create a perimeter so that employees go to the office and have access to those applications because of the pandemic everyone went home we went further and further away from our office from our application we went further and further away from the data That was supposed to I have access as an employee and in the next future in the next four to five years

uh through most of you are familiar with metaverse I have no doubt that we will be logging in early in the morning just like I did to metaverse to try to take advantage of what's available that's out there right I'm sure some of you already have access to metaverse you already have both a virtual band or virtual paintings for virtual pictures as well maybe in the next few years I might be doing business so are my login early in the morning to see what I can take advantage of from today members right the world that we know is evolving very very Interactive rapid and we need to adapt right so I just want to show you all the skin

which is Unstoppable comes with a great cost and the cost of cyber crime by 2025 will be 10.5 trillion dollars think about it and if you compare it for GDP it will be the third largest economy in the World Behind behind us and China so clearly it's going to be higher you should be on the other side yeah it's an amazing thing to be a hacker hackers are going away the third largest economy in the world okay and um 30 000 websites are hacked every single day okay uh email is responsible for 94 of all malware as you know you know email hackers they use social engineering they look at your yeah they look at your

LinkedIn they look at your Facebook and Instagram see what kind of pictures you post and they use that information to send you a malicious quote and all companies have training for employees saying hey please don't click on the link there is training after training but there is always that way always click on it because they masquerade the email as if it's coming from their boss a CEO a director and maybe there's one alphabet missing from the domain you can see why employees can be malicious they can be naive but regardless and because of that hackers know that they always use email to inject malicious code or to reiterate that traffic to a command and control type of techniques

and yet we have a gap of 3.5 million shortage when it comes to cyber security uh professionals and that number is growing significantly okay um therefore if some of you are thinking about cyber security field you can see that there is a huge huge demand and that number is going explanation right so I highly highly recommend it now as a community want to be done when we talk about cyber security now we have given you an alphabet soup of three to four letters that most individuals can conceive with a Management console if you're not the average company they have they have 9 to 12 different cyber security equipment that they are managing a company and I just told you that there is a huge

shortage but imagine you just got higher if you look at all these alphabet solos like classmates DLP RBIs WG I could be called and on and on and you need to learn each and every one of them separately it's complex right it's it's overwhelming and we need to come up with a new way of thinking a new way to see cyber security so before we start talking about the new way let's look at the traditional Network perimeter that's out there today it looks exactly like this Castle you create a perimeter you have a single point of exit single point of entry where you have a firewall or a proxy just like a castle right and

inside the perimeter you use d-lance to create multiple different departments accounting HR department and you create um DMC so where you have your applications web application email application your database where you have all your sensitive data stored again what happened during the pandemic everyone went home you create you spend hundreds of thousands to create this perimeter and your all your employees are outside so what did most companies do they use VPN to battle the traffic and hair data traffic also but I'm sure some of you already tell today most companies were having an issue because VPN was not created for all employees for help it was created for only some employees and most companies started having

outages because CPM didn't have proper capacity redundancy and there was a single choke point at the top the connection was going down productivity went down and it's just not working anymore employees have to be mobile just like I showed you I was able to get my email from my tablet to go to the gym use different application use my corporate device and have a meeting that's the way it is today and regardless of what kind of device you are using you should have a way uh whether they are in the perimeter or outside of the perimeter you need to have that security available if there has to be a new way of thinking and this is the time to be continuing

differently and because it's rare which is really great where you see the analyst community and everybody come around everything in general and a new way of driving business and we want to get in front of these hackers we have to adapt we need to change and this is the new architecture which is the zero trust architecture DNA right zero trust there has been documentation since the 1970s it's not something that came up today and 20 years ago Google started implementing CDMA architecture uh from there it was written by Forrester named by Forester and then a 2018 list and other government organization came out with a security zero trust documentation the idea of zero trust architecture is

to give explicit proxy regardless of where your users are coming from you see it on the right side they might be coming from the branch office or the headquarter using personal device or corporate device regardless of what kind of devices you're using it doesn't matter from any geo location remote users connecting from Starbucks Wi-Fi or risky Wi-Fi at the airport it doesn't matter giving exclusive proxy to your internal application whether they are accessing the SAS application G Suite office 665 or it can be any web content or this can be a private application that's been stored in your private Data Center private Cloud public Cloud regardless right never trust always verify type of approach this way all the users can be

mobile use any device and still you have that control by leveraging zero trust architecture and some companies have already adopted and as you continue in your digital transformation companies have started to adopt this zero trans architecture and this is what force Point does and when we talk about zero trust architecture the second uh shift is that what we call secure access service edge most of your movements I see again another acronym here and all the equipment that you have I was talking about in your perimeter now you need to shift it to the cloud a centralized way of managing everything holistically now at the top you see web security web filter right if you're using corporate

devices you may allow whatever the company wants to allow but we may want to block sites like gambling and some malicious websites as well therefore you have web filtering security traffic will be redirected to the proxy and the web filtering will look at the web content and based on that you can Implement that type of bonds the second one is capacity or Cloud access security broker this will allow you to control your corporate applications you have in SAS applications like Office 365 Salesforce G Suite box Dropbox keep going then if users are attempting to access you can leverage forward proxy if you have an agent or reverse box if you don't have any job by the way after this

as a patient if I have time I will show you a quick demo what that looks like in real life so that and then if you have any questions you can address this one and this is what the casting will allow you to protect your Cloud applications and then you have ztna right now most companies they have a private application stored in Data Center what's the traditional way of accessing it how can you speak yet the problem with VPN is that first of all it's slow and second you will have access to the entire network when you have VPN if it's hard that means you have access to the web server the email server I got it

access gravity but when you remember a ctna connection you only have access to that specific application anything else you're creating an air gap between your internal Network and that application even if it's assume a hacker who somehow was able to get into your private interest then that Hardware only have access to that application nothing else right this is your trust approach and of course enough security which is what we've been talking about every email has to be inspected the link has to be inspected is it coming from malicious malicious does it contain malicious files injected with a malicious codes or is it trying to redirect you all those has to be inspected at the top and then traffic

will be allowed allowed to continue next is the Smart age agent uh Force point one have a smart agent what makes it unique is that it has its own certificate every agent have its own certificate and the ability to do SSL decryption and inspection of the traffic on your machine without redirecting it anywhere else right because the back of the traffic to your headquarter or decision making because if I go to the cloud it can look at the traffic let's say you're going to that big site I will show you a demo shortly and say hey this one is not allowed the decision is made on the device therefore it's fast it's a distributed architecture instead

of a single point you as an administrator you go to first point one portal and configure a policy install the agent after that you don't need to apply a capacity you don't need to plan where your users are connected from your job it's very simple very easy simplify the complexity that's why it's happening and this is what the smart age agent will allow you to do foreign

right the first one is proxy steering the traffic to forcepoint Cloud how is that done if you have Force 121 then that will allow you to steer the traffic depending on what you try advises are you trying to access the corporate application or are you trying to access your own personal application are you trying to answer some Shadow ID type of website uh that would be determined all the agent SSR data and some traffic will be steered to 4.1 proxy for distinguished decision making process from there you can access whatever you're allowed based on your operations regulations and the other way is to bypass the products how do you buy assets let's say if you go for confidentiality and

privacy purposes you go to your banking website or healthcare related websites let's say you want to check your blood result or something like that and you don't want that tracking for them the price is private in that case you can create a policy to say hey if it's the traffic I want to buy past the proxy you can create different types of options 20 or what's my name a number of reviews in this case just VPN sorry it's about again bypass what you're going to do is you just VPN but still just a separate economy um you're bypassing we don't sorry I'm saying you're going to be using VPN in this case no no it's

just just going directly the agent will see because the agent is a smart agent any policy that you have created let's say Healthcare website and banking sector financial sector Bypass or you can create a custom location a specific custom location or if you say for CEO wow yeah very simple straightforward when you see smart agents because it's gonna do one authenticate make sure that it's the same person that is setting up a new class very good point yeah it will authenticate what he will do when you first install it the agent knows what IDP that you have the first sign only once and then it will sing away the first point quite loud and it will say okay foreign

using and based on the IDP traffic will be redirected to the IDP using someone uh once it's authenticated on your identity provider whether you're using OCTA Azure ID and the effects any idea then you'll be authenticated and that user information will be locked anything they're doing will be logged the log information will be sent is the vision based or per user base publishing but if a different user wants it then that's usually authenticate so that that user information will be stored and then one just user logs and user comment that user liver should be not kind of set is set that increase on the new user that correct us yes now sometimes you know companies have

a centralized occasion where they have a machine everybody can log in let's say it's a healthcare everybody goes to that computer anymore in that case you can change it to Anonymous scores the anonymous mode means that you don't need to log it a user don't have to login anything login just it will capture the information from that machine in Anonymous or therefore any user will come

any other questions all right okay um so what time is it ending how long do we have

1250 okay I just wanted to show you a demo before all right and and um so now the fourth component within the cloud is the data ones this is very important right it's DLP or data loss security and whether they are accessing your sanctioned application like obviously 65 one drive SharePoint or accessing their own personal application you know you can log into your corporate device and log into your own box account you need data loss protection you want to make sure that data is not expected it can be a naive employee who's trying who just found out that there is a new application that can allow them to do their job quickly and they say hey I

just want to do my job right or it can be a discounted employee try to execute their Data before leaving the organization but regardless if you have DLP then you can control different different channels whether that's email Channel or a channel a cloud application your own selection application then you can put it in any way removable media like USB or printing or taking description as well you need value and you need trade protection as well you already have that in the cloud the first one is RDI um are you guys familiar with the remote browser isolation or RDI like RBI basically is a way to create an air gap between the website that you are accessing and your

corporate equation it's a zero trust approach to any website what's usually malicious hackers will do is that they inject a resource code within the website in the context of the website not in the actual website but the content and if you have RBI that means you're creating new rendering that website you're creating an air gap even if it has a malicious code that delicious code is not downloading to your proper device this is one way of creating serial trust the second one is CDR CDR is content is this is for anything that's been downloaded if you are allow employees to go to contractors have digital website and download some employees they download let's say mortgage application

or some sort of application in that case you need to inspect that file and this is what CDR would allow you to do and what may CDR unique is that it's completely strict the file and see if there is any content within the file that's not pertaining to the file format if there is that will be straight basically it's we call it bleaching it will desensitize the file from any microbes anything that's containing even if you're using steganography yeah yeah if you hide since the data within an image it looks like an image but I saw I have a steganography here I have the entire book of violent Prejudice embedded Within how many how many AVS can detect that

unless you treat the whole thing you look at this point why not this is what the CDR would allow you to do most AVS when they detect some malicious code they block it we we don't belong at CDR will strip that information and download the clean file so that that's a unique approach that you have so this is definitely be recommended if you want to implement the zero trust for anything that's downloaded to corporate devices how long does it take to process let's say PDF file with something better than it might take problems now it's um we've I don't think it's going to work here I tested it I don't know for some reason the Wi-Fi is not allowing me to connect

to an RBI but um this this this image I just told you about pretty much yeah PDF file if you mess up the size but it usually it takes maybe a few seconds uh I would say four seconds yeah to strip it look at it desensitize it it's sanitize it and then to download it to four seconds Max and then you'll show you you can see the file size before and after you'll see like having a mess or how many kilobits less but the idea is to make sure never trust always verified anything doesn't happen which is pretty fast yeah it depends on the size of the image right yeah yeah but we do any file format this is

this is a unique technology that of course wouldn't have the work with the encrypted files are encrypted well if it's password encrypted then they are yeah no no no no no one can do that yeah that's one thing you can do is block if you have operating machine and if it's a password in this password protected and you blocked out you should not allow that

and of course you have sandboxing as well let's say it's a file you can save it to sandboxing and then file is automated and looked up it's malicious behavior we could block but I I prefer CPR personally because it it's not lucky to find it's simultizing it and you still have the clinical file downloader why not 30 kids I'm about yeah wow yeah yeah now you could you could go by the data protection with different components in this case classy for example I'll show you a demo quickly and uh if you are corporate application and maybe you subjected to some sort of compliance let's say PCI pii and you don't want users to download any file

containing Social Insurance Number credit card number password number and you can combine the data loss with Cassie so that you protect your users not only now you have full control and visibility into your user's Behavior by county office uh and and you can combine DLP with your ztn as well even if it's your internal application let's say you have HTTP https type of application you try to access you can implement the DLP as well right all right this is something that you need to force Formula One Is to do that we have a unique reverse quality technology that's what I did and this will allow you to manage your internal application as if it's a SAS application

right this makes your job a lot easier now you have visibility you can say certain users cannot log in X users can log in they can all log in only from certain location and from certain devices and then you say okay even if you're now we make sure that we inspect it for data make sure that they're not downloaded even if it's a code right you can create glp policy based on that code so that that proprietary coding message is not linked right multiple layer of Defense so the modern architecture gives you a couple of business benefits number one implementation of zero trust moving from implicit security which is access to all the network and the second is to

increase your productivity because you don't have to send everything through and to be inspected as well if you should do and this is the technology today you know some called Assassins but the idea is in to move all the equipment to the cloud as you continue in your digital transformation right and most csos and directors you know they always ask us you know security is very complicated how can we have a simplified way of managing these different products whether it's rcsfc zero trust sd1 data security is there a way to simplify security and this is what unfortunately allow you to do you can manage everything from the same single pane of plans you can control all the users and have

visibility into the log and and then you can correlate the information based on the user behavior and make a decision security is simplify that reducing the complexity of security all right awesome um this is the end of the presentation let me show you a quick demo what that looks like uh in this case I'll show you a demo of Office 365 this is my own personal device I don't have any agent or software installed and I want to show you what that looks like when users attempt to connect from a mobile device or corporate device it doesn't matter in this case I have no agent I'm leveraging 41.90 response what we do ahead of time

is that oh you're not watching anything

yeah interesting now I can't see it okay if you look at the preferences you can view her um that's weird

hello

what's in the middle

so I don't know what's going on uh there is here mirror display how about that

there we go okay all right let me make it bigger I think a little bit deeper okay all right okay all right all right it's my own personal device I'm going to office.com hopefully it works now awesome there we go and what we don't have ahead of time is that on the market of your application we change the single sign-on usually every application where it points to your identity provider right in this case we trick your application into taking that 4.1 is the identity so that the application redirect the traffic to us and we take that traffic and redirected to your IDP whatever ID you are using and then return it back again we took your

application to think Force point one is the identity provider and we treat your identity provider within that forceful point is the service provider and using sample we read during that time we getting that platform s okay so now here I am I'm going to office.com I'm going to sign in um I took my credential obviously 65 to check my credential and no Saturday it started his period during one and course point one will take that traffic is your organizations that I go to my own idb I do my authentication from the user employee perspective and once I click sign in the traffic again will be redirected to course point one and force 41 will read

already traffic to my original destination I'm logged into this is what the process looks like from the user perspective 4.1 is completely transparent they're showing star steps that they have to do right and as far as they're concerned they logged in from idb to Office 365 but now as an administrator you have full control into your users Behavior what are they doing in this application uh you can Leverage The DLP that was prevention to make sure that employees are not doing anything malicious knowing b or unknown in this case let's say I'm working on this document this is a purchasing acquisition document as you can see it's a very sensitive document I can access it from any device

but what happens if an employee wants to download the sensitive data to their own personal device in this case I have created a policy saying that hey no one should download the sensitive document to my own personal device so if I click download then you would see a pop-up message this message can be customized to your own Cooperative rbh you can include your own corporate logo and this is a tutorial basically saying hey what you're doing is against corporate policy start from going down in this information of course is being logged in the log and you have visibility and you an automatic email is also sent to the employee saying that what you've done is

you're being watched be careful you know you can customize it in any way you want if you notice there was a file that was downloaded it and if I open that file instead of continuing the purchasing acquisitions

customizable refunds so if easy straightforward the only thing you need to do is that you have to log into here you have to adjust to to post point one and create policy we have a single management Panel class where you can create policy for your calci for your secure weight Gateway here you can create policy for your securework gateway and for any application that you have in your organization two types of policy proxy-based policy this is your data entrance data in motion and the second one is API response this is for your data address if you want to understand what employees are doing maybe they share their uh outputting sensitive data in the cloud by OneDrive

SharePoint and you are mandated subjected to compliance like PCI pii you don't want your social insurance number to be stored all over the One Direction one API will allow you to scan your data interest and then based on that you can take remediation action you can strengthen your data governance now you put all your sensitive data into one location you have full visibility and control and uh this is agentless from agent perspective also are we modified right right five more minutes okay so quickly I'll give you what it looks like from if you have data okay here we go it's working I'm logged into my VM and Almighty I'm here okay it's agentless but someone has to set up

the policies right it's yeah so what happens is you have to log into [Music] create the policy in 4.1 portal you create the policy here uh if I scroll to Office 365 this is the policy this is where I created the DLP action say that hey if anyone downloads a file containing credit card or if you got that smallware or if it is Canadian sin then this is where you can what kind of actual accounts you want to create like I'll block it I'll deny it encrypt it if you want it to be downloaded where you have a password and you can use digital right management [Music] from taking instructions on sensitive partners yes you can for that you need an agent

dude yeah if you have the agency you can block screenshots you can block removable media you can block your printers and email as well this is this is why we have for the in the cloud different components and each components will do different things for you right the idea is to simplify it now you have this container Plus so it sounds like a DLP solution uh DLP solution as well as a SAS application solution email solution zdna RBI and support right the idea is to combining DLP with different channels this is an email channel on my Channel or your private applications all right thank you everyone anyone have any questions all right thank you so much