How to Eradicate Cybercriminal Access to the Data Gold MineForcepoint CEO Manny Rivelo on Why New Attacks Evade Legacy Defenses Like Sandboxes
A renaissance around data protection has taken advantage of artificial intelligence and machine learning to bolster data classification and governance, said Forcepoint CEO Manny Rivelo.
Technological advances in areas such as generative AI allow adversaries to create sophisticated attacks that evade traditional defenses such as sandboxes and focus on exfiltrating data from victim companies, Rivelo said. Organizations should apply zero trust methodologies to their content and assume all of their files have been infected when determining how they engineer their network and analyze data, Rivelo said (see: Forcepoint CEO on How SSE Eases Unified Policy Application).
"AI drives too much improvement inside what you need to do to drive growth for your organization and productivity for your employees," Rivelo said. "But with that said, new mechanisms are going to have to come in to protect the enterprise right from this technology. It's a great boost from an innovation perspective, but it also can be malicious if not protected correctly inside an organization."
In this video interview with Information Security Media Group at RSA Conference 2023, Rivelo also discusses:
- The most common ways for adversaries to access victim data;
- How enterprises can secure data in legacy, on-premises systems;
- How White House initiatives spurred private investment in zero trust.
Rivelo drives Forcepoint's strategy to accelerate enterprise and government agency adoption of a modern approach to security that embraces the emerging SASE architecture. He has more than 30 years of experience across executive leadership, product management, customer support and sales functions. He has also held leadership roles at Francisco Partners Consulting.
Michael Novinson: Hello, this is Michael Novinson with Information Security Media Group. Today, we're going to be taking a deep dive into data security. To explore this further, I am joined by Manny Rivelo. He is the CEO at Forcepoint. Hi, Manny, how are you?
Manny Rivelo: How are you, Michael? Pleasure to be here.
Novinson: I want to start by taking a look at the threat landscape, getting a sense of some of the newest ways that you see cybercriminals and adversaries using an exploding data. What do you see there?
Rivelo: Well, there's just so many different ways. I think the concept is, I'll start off by saying there's a renaissance in data protection that wasn't there. You could even argue a couple of years ago. And partly because I think the market was looking at data loss prevention as data protection. But you've seen this new renaissance, the need to discover where your data is. And discover it using intelligent mechanisms. AI or ML mechanisms classifying your data and having good data governance: who's touching your data, who has access to your data, who's moving your data, and data loss prevention. And you're seeing that across the whole threat landscape. And the basic attacks don't differ. They're getting much more sophisticated. There's no question around that. But you still continue to see the phishing attacks. So you continue to see the malware attacks, you continue to see all of that, to try to exfiltrate that data. We had an engineer in our corporation. Within two hours, using nothing but ChatGPT, by asking it questions, writing zero lines of code, we're able to create a zero-day vulnerability attack, and that basically guaranteed exfiltrate data because it was tested on VirusTotal. And nobody caught it in the market. So the technology is there even now to create even much more sophisticated attacks than ever before. So you're going to continue to see it. But assume it's not just traditional mechanisms, there are new mechanisms coming our way.
Novinson: So what are the implications for cyber defenders? If you have an engineer who without code and within 2 hours using generative AI can produce a highly effective cyberattack, what does that mean defenders need to be thinking about in turn?
Rivelo: I think you got to look at new tools, the old tools don't satisfy. If you're using, for example, sandboxing technology, it's pretty straightforward, because all you got to do is pause the attack. If you pause it over two minutes, most sandboxes don't catch it. So you're going to have to start using AI even to analyze that data and become much more intelligent. There are some great solutions out there. The whole concept of zero trust in the way you engineer your network helps with that. And there are unique technologies, like content disarmament and reconstruction technology, which assume that all files, everything is infected. So it's zero trust around your content to be able to give you greater security. So you've got to revisit the way you're looking at data protection and the way attacks are coming into your organization.
Novinson: We've had a lot of digital transformation, but at the same time, we still have a lot of legacy on-premise systems. What are some of the best practices for enterprises when they're thinking about securing their data that still lives on-premise?
Rivelo: I think it's a great question because the on-prem environment is not going away. There's always going to be data to some degree on-prem. There are employees that work on-prem. You may have call centers and customer success teams that are working on-prem; you may have older systems that have data that is on-prem. So our approach has been one around data-first SASE, which is the construct of everything that SASE is, but the concept of data first is putting data protection in line with SASE. So for example, at RSA, we're announcing Data Protection Everywhere, which means we take the on-prem policies that organizations have built over the last decade to two decades. And now we apply that same policy across all the SASE channels. But think about one unified data protection policy across your email, USB ports, Wi-Fi, MiFi connections, Cosby channels, Etna channel, suite channels, making it very simple. So one head around data protection, applied, distributed everywhere - on-prem and off-prem. From that perspective.
Novinson: And from an implementation standpoint, what does that entail on the back end in order to get in-line data protection into SASE? What does that involve from an architectural standpoint?
Rivelo: Yeah, for us, it's basically an API interconnect that we've done across the two platforms that make it quite simple. So we are able to have centralized policy and control plane for data protection, and then distributed enforcement, if you think about that, through a set of APIs, and we can extend that to applications if we want to also so it's been as part of our security simplified initiative. We've done that integration for you, using our technologies. So it's out of the box. As a matter of fact, we already have customers in production with the technology, who were using both platforms. And as we went into beta, they turned it on production and it is seamlessly working.
Novinson: So I was curious I know we've been talking about data protection. But in terms of initial access points for data exfiltration or data-based hacks, you had mentioned malware and phishing, as well. What tend to be the most common entry points for adversaries who are going after a victim's data?
Rivelo: It's still the basic channels. It's still phishing attacks, malware; those are some of the most common forms of getting in there. The old mechanisms still work and work quite well, because you're dealing with human behavior. No matter how much you coach people not to click on that URL that's embedded in an email. There's always a percentage of every organization that clicks on that URL. So those are still very simplistic tools that are coming out. There are more sophisticated attacks. People are embedding malware in images. As you're downloading images from the web, whether that be your favorite picture of a cat, there might be malware inside that because it's easy to hide the malware inside an image and image files are quite large. And therefore it's easy to inject code inside those things. So you're seeing other forms of attack through stenography and things of that nature. But there's no question that basic forms are still coming in the door, today.
Novinson: I know two terms that tend to be synonymous with one another - SASE and zero trust. And SASE being kind of the actualization, the realization of a zero trust architecture. Given all of the federal initiatives in the United States around zero trust, what are the implications then in the private sector of the attention the U.S. government has been paying to zero trust?
Rivelo: Yeah, it means different things for the government. Also, there are a set of zero trust technologies, which are synonymous with the commercial movement, if you will, around implicit explicit security, separating your users from the applications of the data and only at the point of connection, assuming not trusting anything, but at the point of connection, authenticating a user to only the data or applications that, that user should have. That is also something that we see in the government. So you're starting to see that awareness. I would say two years ago, zero trust and SASE were unknown terms for most of the enterprise. Today, they're very well-known terms. There are very few organizations that do not have either strategies afoot, or plans to put strategies afoot. Now to the government, it means even more, because there are technologies inside the government space, like cross-domain solutions, diode technologies, insider threat technologies or even other forms of zero trust. But it's synonymous now in the commercial space. When we talk to customers, it's hard not to get into a form of SASE or zero trust conversation.
Novinson: So for organizations who are maybe earlier in their journey, what tends to be the first steps that a company will take if they're looking to begin their journey to zero trust?
Rivelo: Yeah, and it varies by industry, and it varies more by customer size on the segmentation. If you're a large enterprise as a strategic account, you're usually moving from point products to suite of platforms. A suite of technology and usually insert one, you may insert with CASB, zero trust, zero trust network access, SWG or something of that nature. So they kind of do a replacement, get that established inside an organization and they branch out. If you're under organizations of 10,000 users, we're seeing them move quicker to adopting the suite and taking out multiple vendors, because they don't have the expertise. We make it very simple for them to take advantage of the technology. They get a ROI benefit from it, as well as security benefit from it. So it does vary by customer size. But you could argue on the high end of the enterprise, it's a replacement for an existing tech. And in the smaller end of the market, it's the replacement of multiple techs for a platform suite.
Novinson: Finally, want to get a sense to know ChatGPT has been such a hot topic for the past five months. At a high level, what do you feel the impact of generative AI will be on the cyber industry?
Rivelo: So the concept is there's two use cases I get into conversation with customers is ChatGPT is going to make it back into our enterprises because it's going to drive productivity, meaning it's going to drive profit. Think about a simple use case where you could have your subscribers asking questions to a corporation, and your ChatGPT bot answering those questions. So there's a risk of exfiltration of data. So how do you protect that and data protection can help you there. But there's also the concept of your organization using public AI and asking it questions, and that engine inferring right from the information. And so there's two ways that this can be done. AI, ChatGPT or whatever it may be is going to make its way. We've all stood here 15 years ago and many enterprises said, we're not going to use the cloud, but now we are using the cloud. We've all said that even earlier, we're not going to use Wi-Fi technology or we're not going to use this. We're all using these technologies. They drive too much improvement inside what you need to do to drive growth for your organizations and productivity for your employees. But with that said, new mechanisms going to have to come in to protect the enterprises from this technology. So it's a great boost from an innovation perspective, but it also can be malicious if not protected correctly inside an organization.
Novinson: Be a fascinating space to watch. Manny, thank you so much for the time.
Rivelo: My pleasure. Thank you for everything.
Novinson: Of course. We've been speaking with Manny Rivelo. He is the CEO at Forcepoint. For Information Security Media Group, this is Michael Novinson. Have a nice day.