Forcepoint Philippines – MEC Networks Corporation

Forcepoint Data Loss Prevention

MEC Digital — Tue, 21 Jul 2020 19:56:48 +0000

Data Protection in a Zero-Perimeter World

Protect your data and enable your people to get the job done.

Forcepoint DLP protects organizations from information leaks and data loss at the perimeter and inside the organization, as well as in certain Infrastructure as a Service platform.

0 %

Of data breaches take months to discover

Learning about a breach months after the fact doesn’t prevent an event from occurring. (VZN 2018 DBIR)

0 %

Of cyberattacks occur with lost or stolen credentials

Bad actors can come from anywhere. It’s not just malicious insiders you need to watch out for to protect data and your people. (VZN 2018 DBIR)

$ 0 M

Average data breach cost

Companies experienced between 2,600 – 10,000 records per breach, containing sensitive and confidential information. (Ponemon Institute 2017)

Individualized, adaptive security

Replace broad, sweeping rules, block actions only where you need to, and drive a more productive organization forward.

Analytics-driven forensics

Unify discovery, analysis, and enforcement, improving investigation efficacy and drastically reducing the rate of occurrence.

Automate policy enforcement

Dynamic Data Protection surfaces anomalies and proactively adjusts individualized data security controls in near real-time to protect your data.

Browse Forcepoint Cyber-Security Solutions

The post Forcepoint Data Loss Prevention appeared first on MEC Networks Corporation.

Implementing zero trust: Time to think beyond identity

MEC Networks Corporation — Fri, 17 Apr 2020 02:49:26 +0000

Infrastructure-centric security deployed today divides the enterprise users into two domains, trusted users on the inside and untrusted individuals on the outside. Security leaders are focused on deploying controls to keep the untrusted individuals out. However, digital transformation and multi-cloud adoption by enterprises are forcing organizations to re-think the traditional network perimeter. As users, partners, and customers access the organization’s data from anywhere in the world, the artificial wall that protects the data is no longer enough, and inherent trust can’t be part of the security stack going forward.

Zero trust and multi-factor authentication

The paradigm shift in trust has led to the ‘Zero Trust’ security framework, first developed by Forrester Research analyst Jon Kindervag in 2009. The initial framework treated all the network traffic as untrusted and recommended that organizations inspect all the traffic and divide the network into small segments. Since 2009, the framework has evolved into advocating the need for protecting the organization’s data and evaluating access to the data throughout the user and device interaction. In simple words, the core principle of Zero Trust is to “never trust, always verify.”

In the Zero Trust framework, users and their identities play a pivotal role, and organizations must ensure that only authenticated and authorized users and devices can access applications and data. The easiest way to validate the identity of a user is through multi-factor authentication.

A case for thinking beyond identity

Multi-factor authentication strengthens access security by requiring two or more factors to establish the identity. These factors can include something you know – like a username and password, something you have – like a smartphone app to approve authentication requests or something you are – like a fingerprint.

The multi-factor authentication solutions have evolved to include the user and device context. Contextual information like the user’s device, the network used for access, or the geographic location can be used to force users to provide additional factors to re-verify their identity.

However, just using the contextual background is still not enough! We have come across incident after incident where insiders with the right access have walked away with sensitive data. A Tesla engineer uploaded auto-pilot source code which cost over $100M and took over five years to develop direct to his iCloud, to aid a rival company. Members of McAfee’s sales team downloaded sales and business strategy data before joining a rival firm.

Understanding the context can help, but it is critical to understand the intent.

Forcepoint’s approach to understanding human behavior

Forcepoint’s behavioral intelligence not only looks at IT environmental data such as logs, events, HR databases, or physical access control systems, but also uses the understanding of human behavior including intent, predisposition, and stressors and the device context to identify risky users. With privacy in mind, the user data is anonymized, and the identities that deviate from normal behavioral patterns result in elevated risk.

Forcepoint Technology Alliance ecosystem

Forcepoint user protection solutions can both directly ingest relevant context from identity and access management (IAM) solutions and (optionally) enrich them with risk user information to dynamically enforce policies.

The first two IAM/IDaas ecosystem partners to integrate with Forcepoint’s Behavioral Analytics are Okta and Ping. These integrations are now available for use. The combined solution delivers enriched visibility into user activities, enhances risk scoring, and enables a risk adaptive authentication policy for joint customers. In the longer term, we’ll also enable customers to drive risk-adaptive authorization to key enterprise resources such as critical data. Stay tuned for exciting developments in this area.

Forcepoint plans to continue to add technology alliance partners to its ecosystem. Learn more about Forcepoint behavioral intelligence, user protection, and data protection solutions by scheduling a demo.

The post Implementing zero trust: Time to think beyond identity appeared first on MEC Networks Corporation.

Forcepoint Recognized As A Visionary For 3rd Year In A Row, In The Gartner 2019 Magic Quadrant For Network Firewalls

MEC Digital — Fri, 25 Oct 2019 06:21:46 +0000

For the 3rd year in a row, Forcepoint is once again recognized as a Visionary in the Gartner 2019 Magic Quadrant for Network Firewalls

Third time’s a charm, the old saying goes. And, for the third year in a row, Gartner has named Forcepoint a Visionary in their 2019 Magic Quadrant for Network Firewalls for the ability to execute and its completeness of vision. With Forcepoint NGFW, we particularly want to assist distributed organizations to better connect and defend their remote offices, stores and branches so that they can take advantage of the cloud to drive bigger productivity and lower costs.

To set the stage for its analysis this year, Gartner begins its report* by highlighting a key industry trend: “With firewall providers embedding multiple security features in firewalls and enabling integration and automation capabilities with other security products, firewalls are evolving into network security platforms.”

We strongly agree. And while each vendor talks about having a platform, we see 3 components as being of crucial importance:

1.) Enterprise connectivity – Digital transformation is driving distributed organizations to make additional use of cloud apps and direct web connections for sites and users. as one of the primary vendors to assemble Multi-Link VPN, Secure SD-WAN capabilities, and advanced clustering in our network firewalls, we see ensuring that users and information may be connected and guarded robustly as two sides of a similar coin.

2.) Extensible Security – As organizations disrupt the way they connect their remote sites and users, old ways of securing those connections should change. Customers are progressively telling us they’re searching for tight integration among their network (NGFW), web (SWG), and cloud app (CASB) security systems—no matter where their users are operating.

3.) Management at Scale – Some of the less-frequently mentioned areas of excellent security platforms can be summarized by the quantity of effort it takes to urge sites and users connected and protected. Through experience managing thousands of websites from a single pane of glass, we’ve found that capabilities like zero-touch provisioning and interactive analysis for quicker incident response are crucial to efficiency in global as well as local operations.

It’s an honor to be referred to as a Visionary. We created Forcepoint to bring a brand new approach to the cybersecurity industry—to help customers to break free from the endless cycle of throwing billions of dollars at threat once threat without very feeling any safer. but even more necessary than vision is the ability to turn good concepts into effective solutions. That’s why our human-centric approach to security and our new cloud-based platform is designed specifically to enable enterprises and government agencies to better understand user behavior and intent so they can more efficiently and securely bring people and information along.

Download Free Forcepoint Resource

Get access to authentic content from one of the leading cyber security experts in the world from the Philippines’ premiere technology provider.

The post Forcepoint Recognized As A Visionary For 3rd Year In A Row, In The Gartner 2019 Magic Quadrant For Network Firewalls appeared first on MEC Networks Corporation.

Forcepoint: Best Practices For A Data Breach Response Plan

MEC Digital — Fri, 11 Oct 2019 07:46:42 +0000

Data breaches happen, however they aren’t necessarily the end of an organization. In several cases, a breach is an inflection point, with the organization coming back stronger. With a data breach response plan, corporations have an improved probability of mitigating the negative consequences of a breach.

By following these best practices for a knowledge breach response arrange, corporations are ready to retain business, customers, and shift the whole perception within the market.

1. Prepare with a data Breach Response plan.

While breaches could vary in nature, having a solid blueprint to arrange can streamline a timely response. First, recruit the key organizational players that should be involved. who should be on your incident response team? Typical players embody Human Resources, Legal, Governance, Business Continuity Officers, Information Technology, Security, and Communications – however, it varies based on your organization. Gathering the stakeholders and documenting a response plan with detailed actions and owners ensures an outlined path for the initial steps. Don’t forget to incorporate a list of extra partners to engage such as authorities, law firms, PR firms, and security groups to concentrate on breach incident and response.

2. Be transparent and timely.

Large breaches don’t remain secrets for long, and the timeframe of exposure is a measurement within the public eye. it’s necessary to make sure fast communication and response to breaches. Communicate among the organization, as well as with customers and partners who can be affected, with clarity on what happened and also the next steps. Work with any applicable regulatory bodies to ensure adherence to laws or regulations. For instance, a GDPR incident response plan would guarantee disclosure to the right authority within 72 hours of discovering the occurrence of a breach. Failure to do so may subject your organization to hefty fines. A decent rule of thumb is having a 24-48 hour response plan – particularly if personal information was breached, or user credentials may be compromised. Make sure that you’re releasing information quickly, and advising customers on options or actions that might limit or eliminate exposure.

3. Construct your communication strategy.

The majority of breaches’ initial assessments underestimate the impact. Given this factor, it’s vital to assume the worst cases and begin to reach out proactively. This might mean credit reporting companies, financial firms, and theft protection services, along with PR and the news media. An amazing tactic to have prepared are email templates that might provide communication across the digital landscape (social media, email, website, response/KB articles with details, blogs), along with your announcement and any customer portals you may have.

4. Determine the root cause beyond the technical aspects.

Ascertaining the technical details of a breach is important. Understanding how people act with technical tools is paramount to understanding breaches – including but not exclusive to phishing. whether it’s upkeep, maintenance/patching, best practices in architecture, audit/reporting, data model flow mapping, identity/credentials, and access management, or beyond – it involves individuals and business processes. Understanding the human component involved is crucial to fulfill ing the challenge of security.

5. Strengthen your posture, don’t just remediate.

Developing a sturdy security posture is an ongoing effort. Immediate remediation steps are vital, however, it’s more crucial to look at risk exposure over time to ensure data and IP protection. This might take the form of response planning for the security organization, or instituting coaching to fortify the data protection strategy. It takes long-term investment.

Securing a company is like competing in a track meet: there is a range of challenges, from immediate, short-term needs like sprints and hurdles, to the endurance and strategy needed for long-distance events, to the specialized skill-sets needed for events like the shot put and pole jumping. It takes long term strategy, planning, and partnering with the proper team to make a winning legacy — equating to long-term brand equity. wherever you’re in your journey as an enterprise, whether you’re racing to the cloud or focusing on safeguarding important IP in a new service or offering, Forcepoint continues to invest in innovation around data protection to partner with organizations on their overall security approach. let us know how we can help!

Download Free Forcepoint Resource

Get access to authentic content from one of the leading cyber security experts in the world from the Philippines’ premiere technology provider.

The post Forcepoint: Best Practices For A Data Breach Response Plan appeared first on MEC Networks Corporation.

Forcepoint: Thinking About Cloud App Security In A Direct-To-Cloud World

MEC Digital — Thu, 29 Aug 2019 07:33:17 +0000

An increasing range of organizations is embarking on the ‘direct-to-cloud’ journey. This provides many advantages from a performance, operations and cost perspective because of the efficiencies achieved by remote and branch locations routing traffic differently.

There are a couple of more things to think about once considering direct-to-cloud connectivity: how it impacts cloud application usage and organizational security.

Impact of direct-to-cloud on business applications

Traditional environments have on-premises infrastructures to support most of the business applications. When we migrate from a central hub infrastructure, will that mean there’ll be inflated dependency on cloud applications?

Most likely, yes!

A larger percentage of new business services are going to be cloud-hosted to achieve the advantages that come with it like a mobile workforce that’s a lot of productive and competitive while on-the-go, reduced the cost of operations, scalability, business continuity, etc. Over time, even on-prem solutions can presumably have a migration path to the cloud.

What are the considerations for security within this new environment?

One of the most things we tend to hear from our discussions with organizations migrating business services to the cloud is around visibility. Historically, security groups had full visibility to the environment once services were hosted on-prem. Now they wonder about things like:

Who is accessing the cloud service?
When are they accessing it?
Where are they accessing it from
How are they accessing it?
What info are they accessing?

With a shared security responsibility model, the cloud becomes another attack surface in addition to the on-prem company environment. Think about this scenario: a worker using a personal device (BYOD) to access a sanctioned cloud service like Office365, can have access to the business data. However, the IT/IS team never sees that traffic hit the company infrastructure.

In a cloud environment, we also ought to consider compliance, which can be streamlined to keep the auditors happy. Some things to think about:

How do on-prem policies reach the cloud?
Do you need a central console for compliance policy management?
Do you have the visibility to attain compliance within the cloud?

To achieve this, we need to alter the approach around security.

Thinking about security differently

Security in a cloud or hybrid environment doesn’t need to be complex. It simply needs us to think about it differently. We don’t have to dismiss the great things we’ve in place around on-prem security. however, we do have to be compelled to add cloud visibility and management to the combination. Cloud Access Security Broker (CASB) will offer the visibility and management for cloud applications that organizations are searching for. Gartner listed CASB as one of the ‘Top 10 Security projects for 2019’. Adding cloud protection or CASB to an existing on-prem environment doesn’t need to be done in a silo. On the contrary, it becomes simpler if done in an integrated manner. This will be done in multiple ways. If you have web security already in place, you’ll be able to augment it with cloud application security as an add-on. As an example, Forcepoint web Security comes with the power to add a cloud app management module to induce visibility and management over cloud applications in an integrated manner. If your organization is concentrated on data protection with a solution like DLP even it will be extended to the cloud to have unified policy management. No matter where you come from adding cloud security to it should be simple. No matter where you’re in the ‘direct-to-cloud” journey, the benefits of embracing a cloud/hybrid environment can remodel your business. It’ll bring larger productivity, lower cost thanks to infrastructure and operational efficiencies, scale back risk with frictionless security and additionally streamline compliance.

Download Free Forcepoint Resource

Get access to authentic content from one of the leading cyber security experts in the world from the Philippines’ premiere technology provider.

The post Forcepoint: Thinking About Cloud App Security In A Direct-To-Cloud World appeared first on MEC Networks Corporation.

Forcepoint: Meeting the Cloud Compliance Challenge

MEC Networks Corporation — Fri, 14 Jun 2019 06:06:37 +0000

Cloud computing is transforming the way businesses operate. While cloud computing reduces the cost and complexity of owning and operating computers and networks, to reap the benefits of cloud computing, companies inherently give up some control over their data.

This is especially true for companies using file storage Software-as-a-Service (SaaS) back-office applications Microsoft Sharepoint and OneDrive, Google Drive, Box, Dropbox and a host of others. However, even though IT teams may not control the endpoint or cloud applications, they are still responsible for protecting their company’s information assets and must ensure their cloud applications are compliant with their IT policies.

External and Internal Compliance Drivers

The word “compliance” has become a catchword that has different meanings and different goals, often dictated by your role in the organization. External compliance requirements focus on following regulations, standards, and laws imposed by external governments, organizations, and industries. Two examples of notable external regulations are the Health Insurance Portability and Accountability Act (HIPAA) which governs how sensitive patient information must be handled, and the Payment Card Industry’s PCI DSS standard that governs how organizations must store, process, and handle credit card information.

Achieving compliance means that at a given point in time, an audit of your information technology software, processes, and workflows allowed you to conform to a set of rules, such as standards, policies, or laws. External compliance requirements, on their own, do not dictate how information security efforts must be conducted. In contrast, internal compliance focuses on adhering to the standards and best practices embodied in internal policy and managed through corporate governance.

Internal compliance is defined by the organization and focuses on protecting data such as intellectual property, strategic plans, and business records. The drive to secure corporate data seeks many of the same outcomes as maintaining compliance with internal and external policies. However, security specifically focuses on malicious actors, which requires its own specific strategy. As a result, while the efforts to maintain compliance and ensure security overlap, they each require individual treatment and one cannot substitute for the other.

The Cloud Compliance Journey

One of the biggest challenges companies face when establishing a compliance program is identifying where to begin. They realize compliance is about properly managing the interactions of people, data, and critical IP, and that they must adhere to federal and state regulations and laws. Unfortunately, few understand that good policies are the foundation of a successful internal compliance program and that it takes time to develop effective policies.

Many also do not realize that the mandates for cloud and on-premises compliance are the same—data is data regardless of where it resides. However, when dealing with SaaS applications in the cloud, companies are not in control of the data environment. This critical factor must be considered when selecting tools to support and enforce compliance and security efforts.

It is important for enterprises to use security measures to help achieve compliance vs. relying upon compliance to drive security.

Download Free Forcepoint Resource

Get access to authentic content from one of the leading cyber security experts in the world from the Philippines’ premiere technology provider.

The post Forcepoint: Meeting the Cloud Compliance Challenge appeared first on MEC Networks Corporation.

Forcepoint: Addressing the Top 3 Risks of Your Transition to the Cloud

MEC Networks Corporation — Tue, 14 May 2019 01:30:22 +0000

As of late, we heard the updates on delicate data getting uncovered from web-based filesharing accounts. It was not amazing and I’m certain most of my partners in cybersecurity were not astounded by it either. In any case, not every person is considering cloud security while concentrating on carrying out their responsibility. With an end goal to share what I have gained from exchanges with security architects and industry pioneers, here are the best three dangers that most associations face when they move to a cloud situation.

1. Users oversharing data in file-sharing apps

Normally, workers are good-natured when they share data in file sharing applications. They are not endeavoring to put the association in danger, rather they are attempting to be beneficial and aggressive. Be that as it may while doing that security isn’t at the forefront of their thoughts. That is the reason we have seen an expansion of cloud application utilization in a group by group premise. The HR, advertising, deals, fund, and others are on the whole utilizing diverse applications which suit their need the most however at what cost. Frequently, the workers end up sharing a lot of which can be an immense hazard to the associations. This could likewise incorporate sharing touchy data outside the associations by means of freely sharing connections.

2. Admins making mistakes or coming under attack

Before, high esteem resources were verified on-premises while under consistent observation. We would realize who got to these advantages in all respects effectively if something somehow happened to get traded off. With the change to the cloud, examination around who is getting to sensitive and secret resources from where winds up basic for data security. Cloud managers hold the notorious ‘keys to the kingdom’ which makes them high esteem targets. As managers are people there will undoubtedly be intermittent oversights that they make which could be expensive to the association. This is notwithstanding administrators getting focused on or assaulted which happens frequently because of the esteem their entrance speaks to.

3. Employees or partners accessing cloud apps using their personal devices

Gone are the days when individuals would just react to email or access business applications amid set hours inside multi day or working from a particular area. Workers and accomplices alike are on an every minute of every day check to be aggressive in this day and age. This implies an ever increasing number of clients are getting to cloud administrations from their own devices (BYOD). The greater part of the occasions these devices don’t have any specialist running on them as they are not corporate issued. At the point when clients get to cloud applications and administrations utilizing these devices, this collaboration is totally imperceptible to conventional IT frameworks. This will in general be a huge vulnerable side and a developing test for some, associations grasping the cloud.

Addressing the risks of transition to the cloud

Knowing the dangers above, will you or your association hinder the selection of cloud innovation later on? I don’t think so (and I want to think not) however what would we be able to accomplish for circumstances like these or ones which have not become known yet. We need to change the manner in which we consider cloud security past the cloud specialist co-op. Here are the three things most significant while verifying cloud applications:

Visibility

We need to understand what apps are in use and who is accessing them from where. Many organizations have no idea what all cloud apps are being used in their environments or if they do might not know who all are accessing them. This brings me to the adage – you cannot secure what you cannot see.

Risk Assessment

Once we know the details of who is accessing the cloud apps and data we need to assess the risk associated with activities that users are performing. This is where behavioral analytics comes in to play.

Protection and Policy Enforcement

Once we know the risk in our environment we can stop data exfiltration or access with automated policies or can leverage our SOC to handle the highest risk users/events first. Having all the activities is important to give context for enforcement and also makes the analytics better.

To have the capabilities above you can leverage tools like Cloud Access Security Broker (CASB) as they secure any app which might be in use in your environment. As an example, you can set a policy for all apps, that anyone from outside the organization is blocked or removing all sharing links from sensitive data uploaded. In the case of a recent breach where sensitive data was accidentally shared publicly, the malicious users would have been stopped in their tracks from accessing it, as they are coming from outside the organization. The beauty of this is, now you do not have to go to individual apps (like Office 365, Box, Dropbox, Salesforce, and others) to make sure things are all set correctly.

Download Free Forcepoint Resource

Get access to authentic content from one of the leading cyber security experts in the world from the Philippines’ premiere technology provider.

The post Forcepoint: Addressing the Top 3 Risks of Your Transition to the Cloud appeared first on MEC Networks Corporation.

MEC Now Distributes Forcepoint

MEC Updates — Tue, 09 Oct 2018 08:06:20 +0000

Forcepoint, recognized by Radicati as a Top Player in the APT Market Quadrant Report 2018, is now part of MEC Networks’ ICT portfolio. The partnership which was officially launched last September 11, 2018, aims to strengthen Forcepoint’s foothold in the local market through MEC Networks’ extensive partner base.̛

Gracing the occasion were Mr. George Chang and Mr. Jeff Castillo, Forcepoint’s Vice President for Sales and Regional Director respectively. Ms. Sheryl Go, MEC Networks’ Senior Vice President for Sales, was also present together with the entire MEC Sales and Technical Team for Forcepoint.

With MEC Networks’ value-added distributorship, Forcepoint can expect local support in terms of partner enablement and marketing programs to capture a greater market share. The partnership is expected to strengthen MEC Networks’ core competencies anew.

Through the partnership, the local market will now have access to cybersecurity that focuses on the human point as the need for an intelligent, integrated approach to network security becomes essential in moving ahead with the organization’s broader mission.

About Forcepoint

Forcepoint is a human-centric cybersecurity company that understands behavior and adapts security response and enforcement to risk. The Forcepoint Human Point platform delivers Risk-Adaptive Protection to continuously ensure trusted use of critical data and systems. Based in Austin, Texas, Forcepoint protects data and identities for thousands of enterprise and government customers in more than 150 countries.

About MEC Networks

MEC Networks Corporation is one of the Philippines ’ leading Value Added ICT distributors. With offices both in Metro Manila and Cebu City and its over 20 years of reseller, integrators, and market coverage, MEC has elevated to be a prime and preferred ICT Distributor of choice. On top of the distribution competence, value-added services through presales engineering, post-sales deployment services, training, certifications, and customer services have been the company’s market value and differentiator.

The post MEC Now Distributes Forcepoint appeared first on MEC Networks Corporation.