Michelle Jordan, Global Governments Cybersecurity Principal Cybersecurity Manager, Forcepoint George Kamis, CTO, Global Governments & Critical Infrastructure, Forcepoint 2019 Cybersecurity Leadership Forum

2. Track A-2: Forcepoint Raised The Bar:
What's Next in the Cross Domain Community
Michelle Jordan,
Global Governments Cybersecurity
Principal Cybersecurity Manager,
Forcepoint
George Kamis,
CTO, Global Governments &
Critical Infrastructure,
Forcepoint

3. Data Protection | Web Security | CASB | NGFW | Advanced Malware Detection | Behavioral Analytics | Insider Threat | Email Security | Data Guard | Cross Domain
Forcepoint Raised The Bar: What’s next in the
Cross Domain Community
George Kamis
Chief Technology Officer, Forcepoint Global Governments and Critical Infrastructure
Michelle Jordan
Cyber Security, Business Development, Forcepoint Global Governments and Critical Infrastructure

4. Forcepoint Proprietary © 2019 Forcepoint | 4
What are Cross Domain Solutions
Cross Domain Solutions:
• Facilitate secure information sharing between entities (agencies, countries, networks) with different sensitivity levels
through a controlled interface
• Are built on top of a secure, trusted operating system to achieve a high assurance platform
Three types of cross domain solutions as defined by the NCDSMO:
• Provides users a path to data on different networks as allowed by policy
Access:
• Provides various mechanisms to securely move data between different networks, while mitigating against
viruses, malware and policy violations as allowed by policy
Transfer (Guards):
• Solutions that encompass both access and transfer capabilities
Hybrid:

5. © 2019 Forcepoint | 5
Cross Domain Advantages
To effectively yet securely share information across multiple classified & separate
networks/domains
Real time access to multiple
separate & sensitive
networks/clouds
Removal of risky manual processes
including portable media used for
file transfer during mission-critical
activities (“sneakernet”)
Reduction of network and
computer hardware costs
Ability to access and share
information at multiple security
levels

6. Forcepoint Proprietary © 2019 Forcepoint | 6
What is Raise The Bar?
Raise The Bar
• An NSA and NCDSMO led initiative to continually improve the status quo in the cross domain community
• Focuses primarily on Transfer (Guard) mechanisms as well as concepts for Access solutions and system integrations to
combat evolving threats – The bar raises every year!
NSA and NCDSMO provide community support around Raise The Bar concepts:
• Community outreach and information briefings to contractors, vendors, customers and security personnel
• Security Design Reviews with vendors to tailor RTB guidance to specific technologies and determine best paths forward
• Engagement with independent test labs around methods to recognize, test and verify RTB concepts
• **Documented in Cross Domain Solution (CDS) Design and Implementation Requirements, 2018 Raise the Bar (RTB)
Baseline Release, Revision 1.0, 21 December 2018, Doc ID: NCDSMO-R-00008-001_00, National Cross Domain Strategy
and Management Office and National Security Agency
Forcepoint Proprietary

7. Forcepoint Proprietary © 2019 Forcepoint | 7
What is in Raise The Bar?
Raise The Bar currently consists of guidance across a number of areas
• What technology to use – don’t build from scratch
• System architectures and integration models
• Design and connectivity guidance
• Internal software architecture
• Management, maintenance and monitoring mechanisms
Borrows several concepts from the cryptography and formal methods communities, particularly R.A.I.N.
• Redundant - Always Invoked – Independent Implementation - Non-by-passable
• Substantial CDS redesign
Notable attention is paid to improving the state of data filtering, inspection & transformation
• New threats found on a regular basis requiring more robust and adaptable filtering
• Attempting standardization more accurate & precise language than “Deep Content Inspection”
• Constantly evaluating the state-of-the-art sanitization tools
Forcepoint Proprietary

8. Forcepoint Proprietary © 2019 Forcepoint | 8
Forcepoint’s Raise The Bar Involvement
Forcepoint is heavily involved in Raise The Bar (RTB)
• Trusted Thin Client, SimShield, Trusted Gateway System & High Speed Guard have met Raise The Bar objectives
• SimShield = one of the first products across the community to complete independent testing with RTB objectives
• All products have had favorable SABI LBSA test results and SAOs reviews
The Secret And Below Interoperability (SABI) process has fully embraced RTB:
• Independent test labs performing Lab Based Security Assessments (LBSA) since 2016 include RTB objectives
• Others are closely watching, Monitored closely by the Five-Eyes CDS working group
Forcepoint Proprietary

9. © 2019 Forcepoint | 9
Trusted Thin Client
Trusted Thin Client Remote
High Speed Guard
High Speed Guard SP
SimShield WebShield
Trusted Gateway
System
Trusted Print Delivery Trusted Mail System
Cross Domain Solutions Suite
Facilitating your mission while maintaining the highest degree of network and data security
ACCESS TRANSFER
TRANSFER - ADAPTORTRANSFER - ADAPTORTRANSFER
TRANSFER TRANSFER

10. Forcepoint Proprietary © 2019 Forcepoint | 10
Better Yet – Let’s Raise The Bar!
Virginia ABC store
December ‘18

11. Forcepoint Proprietary © 2019 Forcepoint | 11
Risk Adaptive Protection
Concepts to Cross Domain
Transfer
A Thought Leadership Discussion –
Going Beyond the Bar

12. Forcepoint Proprietary © 2019 Forcepoint | 12Forcepoint Proprietary
The growth of structured versus unstructured data over the past decade shows that unstructured data accounts for more than 90% of all data
Source: Patrick Cheesman)
Data continues to expand exponentially
Data volume growth directly
correlates to increase information
sharing needs
at multiple classifications level

13. Forcepoint Proprietary © 2019 Forcepoint | 13
User & Data Centric
Risk Adaptive Policies for
Cross Domain
UsersAndDataMustBeAtTheCenterOfYourDesignThinking
User and data interactions are distributed, diverse and dynamic – this breaks traditional security architectures and increases risk
DegreeofDigital
Transformation
ITComplexity&Risk
Pre-2000 2025Infrastructure-centric 2015 Behavioral-centric
perimeter
Stove-Pipe CDS
Static Policies
Enterprise CDS
Static Policies

14. Forcepoint Proprietary © 2019 Forcepoint | 14Forcepoint Proprietary
DIGITAL
ACTIVITY
“Can’t Share” Can Share
Threat-Centric Cybersecurity
Necessary but insufficient to
scale
Does not meet the warfighters
needs
A LACK
OF CONTEXT
for Policy based
Decisions
EASY TO CLASSIFY EASY TO CLASSIFYHARD TO CLASSIFY
Trusting static policies in a dynamic
environment
Decide what is good or bad at a
single point in time
Configure your defenses to stop the
bad from entering and only allow
the good to pass through
Traditional approach to cross domain transfers
Security Wants to limit
data to only this
Operators Need This

15. Forcepoint Proprietary © 2019 Forcepoint | 15
UsersandDataisthecenterofourdesignthinking
User and data interactions are distributed, diverse and dynamic – this breaks traditional security architectures and increases business risk
User & Data Centric
Risk Adaptive policy
Policy Policy
High SideLow Side
Traditional CDS Security
(static policy)
One-to-many enforcement of static,
generic policies, producing high
false positive rates.

16. Forcepoint Proprietary © 2019 Forcepoint | 16
Human-Centriccybersecuritychangeseverything
One-to-one enforcement of different policies based
on the risk, enabling automation.
Human-Centric Security
User & Data Centric
Risk Adaptive policy

17. Forcepoint Proprietary © 2019 Forcepoint | 17
The best way to efficiently evaluate data
transfers it to look beyond the CDS
demarcation point.
(data types, formats, sanitization, etc)
Need to extend risk factors in cross domain
transfer decisions outside the CDS device
(dynamic risk based on user behaviors, data
flows, data sources, data types, DLP markings,
etc)

18. Forcepoint Proprietary © 2019 Forcepoint | 18Forcepoint Proprietary
Today: All decisions are made at the CDS

19. Forcepoint Proprietary © 2019 Forcepoint | 19Forcepoint Proprietary
TECHNOLOGY ARCHITECTURE
1 SENSE
2
CONTEXTUALIZE
& UNDERSTAND
SENSE
CONCEPTUALIZE &
UNDERSTAND
1
2
Tomorrow: Closed Loop, Risk-adaptive approach
3 ENFORCE
3 ENFORCE at CDS

20. Forcepoint Proprietary © 2019 Forcepoint | 20Forcepoint Proprietary
RisklevelassignmentwithDynamicDataProtection(DDP)
Risk Scored Against:
• Self
• Local Group
• Organization

21. Forcepoint Proprietary © 2019 Forcepoint | 21Forcepoint Proprietary
Systemactionassignmentbyrisklevel–automaticpolicy(DDP)

22. Forcepoint Proprietary © 2019 Forcepoint | 22
We need to start looking beyond the bar
Static policies do not scale
Need to look deeper into the source of data, not just the data to make an authorized
transfer (behaviors -who, where, when, how much)
Can leverage DLP technology to make better transfer decisions
Common static filtering across all CDSes
can be targeted and exploited
Need to look at human behaviors and
model normal vs compromised with
dynamic policy adjustment
Static policies do not scale and will limit
data and visibility to those that need the
data

23. Forcepoint Proprietary © 2019 Forcepoint | 23Forcepoint Proprietary
The Forcepoint Difference
Risk-adaptive protection powered by behavioral
intelligence research delivers automation is available
today with Forcepoint Dynamic Data Protection
Leader in Cross Domain (CDS), Data Loss Protection
(DLP), Data Analytics, Insider Threat, and Dynamic
Data Protection
We are the experts in human-centric security.
Understand the balance between security and
operational needs

24. Forcepoint Proprietary
Follow us!
Forcepoint LLC@Forcepoint Forcepoint @ForcepointSec
@ForcepointLabs
Forcepoint

25. Thank you
© 2019 Forcepoint | 25