Professional Documents
Culture Documents
Kaan Kayan
Sales Engineer
kaan.kayan@forcepoint.com
5. Ineffective Enforcement
Unable to make informed decisions for the entire
business
6. Compliance
Remote Users Things just got a lot more complicated
Communication System
What are they feeling? How are they behaving digitally?
With whom are they interacting? What sites and systems are they
Data: Email, chat, voice accessing?
Data: SIEM, endpoint, web browsing,
logins, file sharing
HR Physical
What is their motivation? How are they behaving physically?
Why might they have malicious intent? Where are they going and when?
Data: Performance reviews, Active Data: Badge data, traveling
Directory
Communications
Entity Information
User Access
Proxy
System Administration
SCENARIOS
“Connect the dots” across event/entity models
for a composite measure of risk
EVENT ANALYTICS - “What They Do” ENTITY ANALYTICS - “Who They Are”
Enrich events with observed features of interest, Score non-activity based indicators
scored for rarity and normalized by individual or peer group about an entity to influence scoring
Comprehensive Only vendor that covers structured & unstructured business data PLUS
Visibility communications to leave no detection gaps.
Easily build or customize risk models to fit your unique enterprise and support
Flexible any risk use case.
“Huge fight with boss. Quit “Downloaded a “Recruited by a “Social media posts about “Became disillusioned “Taped passwords to his
and deployed time-bomb spreadsheet with competitor. Took client financial troubles led a after reading executive monitor, refused to lock
corrupting our HR system, malware, unknowingly lists, product ideas, ‘recruiter’ to contact her. emails, chats, and his screen. Regularly
inserted false transactions exposing our company. It internal working Simple requests quickly compensation logs. Went emailed himself sensitive
in a client back-end took us weeks to figure documents - everything escalated into blackmail.” to the media with a story.” information he needed to
system.” out who was patient zero.” he’d ever been a remember.”
part of.”
• Web Proxy • Web Proxy • Web Proxy • Web Proxy • Web Proxy
• Windows • Windows • Windows • Email • Email
• Linux • Linux • Linux • Chat • Chat
• User Activity Monitoring • User Activity • User Activity Monitoring • Network Flow Logs • Firewall
• Email Monitoring • Email • HR • HR
• • • • •
Data •
Chat
Network Flow Logs •
Email
Chat •
Chat
Network Flow Logs
Voice
•
Voice
DLP
Sources • SharePoint • Network Flow Logs • VPN
• Web Server Logs • VPN • Badge Data
• HR • Firewall • Voice
• Anti-Virus • HR
• HR
• Voice
Copyright © 2017 Forcepoint. | 16
BASELINE ANALYTICS MODELS | REGULATORY SURVEILLANCE
“Out-of-the-box” Market Manipulation Insider Trading (IT) Conduct Risk (CR)
models for scenarios (MM)
across regulatory
MM-1 Trades FX Rate Fixing IT-1 Trades Outlier Activity CR-1 Disengagement from work
surveillance and
MM-2 Comms FX Rate Fixing IT-2 Comms Insider Trading CR-2 Personal Duress
information security
Models MM-3 Trades Libor Rate Fixing IT-3 Comms Disclosure of MNPI CR-3 Oversight Evasion
Known as BAM, MM-4 Comms Libor Rate Fixing IT-4 Web Personal Trade Activity CR-4 Ethics Risk