Intelligent CIO LATAM Issue 14 - Page 54

FEATURE : MODERN WORKPLACE
You could allow downloads , for example , but scan any files that come from an unknown site . Or perhaps use content disarm and reconstruction ( CDR ) technology to permit the download but strip out things that might be malicious on the fly .
One key thing is the association with the channels or paths of data that are important to protect . We need to not only consider the threats , but also what can happen from a data leakage perspective if , for example , someone accidentally dragged a file on to a personal OneDrive or email account .
This is another area that can be controlled in Forcepoint ONE , so there is a lot of flexibility offered .

IT ’ S CLEAR THAT LOOKING AHEAD , EMPLOYEES WILL WORK FROM EVERYWHERE .

Can you provide an example of how Forcepoint one has helped to transform a customer ’ s security posture and the benefits they have received ?
It ’ s really the combination of the hybrid work , SaaS application enablement and being in that ‘ grey ’ area . Not forcing the old school block or allow scenario , but instead enabling the business .
How does Forcepoint ONE provide seamless protection against today ’ s most advanced threats ?
Through technology such as CASB we can identify applications via shadow IT discovery . We can track these and decide whether there are risks associated and , if so , whether it should be blocked or allowed but brought under IT ’ s preview .
From a threat perspective , things have changed . In a hybrid environment , if using a partner ’ s PC or different device , you can ’ t be sure that it has the required antivirus or other security measures in place .
Forcepoint ONE allows things like discovery of an application , movement into a control plane perspective and then also from a security posture benefit perspective .
Forcepoint ONE combines advanced capabilities to protect against these different security threats and scenarios . We have a number of OEMs that we combine with internal technology , as well as things like signature identification . If a file is malicious , for example , it can be blocked , or if you see behavior that ’ s atypical you can block and control it . We also have the ability to add on capabilities like Machine Learning-based zero-day threat prevention .
Zero Trust Network Access ( ZTNA ), specifically , is a way to provide access to a corporate file store or application to specific individuals . This could be a contractor or a partner that you ’ re working with , allowing use of that application while providing security around it .
How does Forcepoint ONE offer a simple path to a Zero Trust architecture ?
Beyond that , there are also malicious URLs , whether sent via phishing or via someone attempting to access a site using an anonymous proxy , or a spam host . Being able to control and block those are key .
We also have a remote browser isolation – RBI – capability where perhaps a site doesn ’ t classify as malware but is unknown . In that scenario , you can push it through an isolation container and control what happens .
The simplest path to Zero Trust is to not just permit certain things but continue to inspect them . Technology-wise , you might block a malware site straight up and not allow connectivity , or you could allow movement of data to something that is managed or maybe unknown and unsanctioned at that point in time but inspect what ’ s going on .
It will sit in the path of traffic for an application with a proxy – that can be a reverse proxy or agentless ,
54 INTELLIGENTCIO LATAM www . intelligentcio . com