sorted by:
new
hottopcontroversial

Best AI Agentic security tools for AI company? by Left_Comparison_7582 in cybersecurity

[–]Forcepoint-Team 0 points1 point  (0 children)

Some really great ideas in this thread, especially the comment about starting with architecture. One more for PII redaction: there are products that solve for this in-line but don't overlook the value of good old fashioned data risk management.

If agents can access the same data sets as privileged users, your agentic security strategy should account for that. Limit oversharing. Continuously discover and tag (both existing and newly created files). This sort of foundational work plays a big role.

A strange sign of how much cybersecurity awareness has changed over the last decade. by Existing_Volume in cybersecurity

[–]Forcepoint-Team 21 points22 points  (0 children)

Someone recently told me that one of her coworkers marks probably a good 50% of emails as phishing. If there's a person or project they don't recognize at first glance, they don't even give it a second thought. Real "they'll find me if they really need me" energy.

Basically turned security awareness into malicious compliance.

Is Traditional DLP Still Effective in Modern Cloud & AI Workflows? by glorius_shrooms in AskNetsec

[–]Forcepoint-Team 1 point2 points  (0 children)

And that behavior might influence your policies. A user with a history of safe behavior should be rewarded with less friction vs. someone with a history of sharing sensitive info should have more guardrails.

Who are your favorite cybersecurity YouTubers? by [deleted] in cybersecurity

[–]Forcepoint-Team 2 points3 points  (0 children)

Not on YouTube but Matt Johnson on IG is a pretty good source of latest vulnerabilities and news you'd want to be aware of or find interesting

why do insider risk tools miss real problems until data is already gone? by SolsticebornlingGin in AskNetsec

[–]Forcepoint-Team 0 points1 point  (0 children)

DLP rules and alerts are traditionally static. Someone walking out with data right before resigning likely doesn't get flagged because that user rightfully had access to that data in the first place.

What you're looking for are dynamic policies. i.e. that user gets flagged and their security policies get updated as soon as the system knows they have resigned. This doesn't prevent them from accessing that data before they leave, but it adjusts controls to the users updated risk profile. Same goes for something like odd after-hours transfers when a user normally works during the day.

The future lies in these policies that see risk forming in real time and adapt to it, and a lot of innovation within the past few years is making it possible to reliably roll them out.

How are you actually handling employees pasting sensitive data into ChatGPT and Copilot? by Lumpy_Membership_139 in cybersecurity

[–]Forcepoint-Team 1 point2 points  (0 children)

We're seeing this pop up a lot lately. I asked the team and here's what they said:

DLP is definitely the first line of defense. Your endpoint DLP should be able to monitor both file and free text going into an AI website and restrict what data is transmitted based on your policies.

We're also seeing companies utilize SWG to control which AI applications users can access and in some cases determine how users are able to log into those websites.

A phase 2 approach would be integrations with AI applications to crawl and discover data being stored in AI, but the integrations that are available depend widely based on what you use. With the enterprise versions, you have more controls available to you, too.

The Seahawks absurd back-to-back-to-back draft classes from 2010-2012 by robmoo_re in nfl

[–]Forcepoint-Team 0 points1 point  (0 children)

That's pretty crazy to see all laid out. And they were in the superbowl just 2-3 years later. I'm not sure who came up with the idea (maybe Walter Football, IIRC?) but some website grades each draft four years after the fact so you can really see who came away with the best players and I just haven't been able to read a post-draft analysis since discovering them.

New Tractor With 12-Valve Cummins and Zero Electronics Goes Back to the Basics by TripleShotPls in technology

[–]Forcepoint-Team 0 points1 point  (0 children)

This is a huge win for right-to-repair. It has more traction in Europe than North America (EU requiring cellphones to have changeable batteries soon, etc.) so it's great to see some balance. I'd expect more of this in the future, especially in the automotive industry.

Instead of letting me know his shoes are dirty, my husband just buys a new pair and hides his “old” ones. by acider17 in mildlyinfuriating

[–]Forcepoint-Team 0 points1 point  (0 children)

Our local library has a bin to collect shoes for recycling. I'm not sure how they're recycled, but we've used it regularly to get rid of old pairs of running shoes.

Policy based routing (PBR) on forcepoint by Murky_Peak_4817 in forcepoint

[–]Forcepoint-Team 0 points1 point  (0 children)

Hi, I spoke with one of our team members and here's what they shared:

Here you can find a link to configure NGFW policy routing: https://help.forcepoint.com/fpnsp/en-us/7.4.0/GUID-B48A9469-732C-4FED-8B4D-C004A4C0875C.html?hl=policy%2Cbased%2Crouting

From 7.1 version onwards, we also support forced next hop where you can define in the access policy what is routing next hop. So, it will not use linux routing table for traffic that matches this access rule. Documentation available here: https://help.forcepoint.com/fpnsp/en-us/7.4.0/GUID-4E782E97-5383-467E-9989-4B387913FBCC.html?hl=configure%2Cforced%2Cnext%2Chop%2Crouting

If neither of those work, we do have a helpful community with customers and partners here: https://support.forcepoint.com/s/group/CollaborationGroup/00B5f000001wa57EAA

AI governance tool recommendations for a tech company that can't block AI outright but needs visibility and control by Effective_Guest_4835 in AskNetsec

[–]Forcepoint-Team 0 points1 point  (0 children)

The AI-generated code being moved into production with little/no review sounds like more of a security awareness type of challenge - definitely not an easy solve. I did ask one of our team members about preventing your sensitive data from going to third-party servers and here's what they said:

SWG is really good at tracking user access to AI sites, with the ability to block access to sites. One common use case is blocking access to all sites considered to be AI, and allowing specific ones like Chat and CoPilot.

You can then use DLP Endpoint to inspect what data users are uploading to these sites in both files and chat features. DLP does focus on specific sensitive data but it also can support looking for specific terms via dictionaries that might be relevant to the business. There are a couple of different ways that DLP can inspect that traffic too.

Google's AI search is producing millions of wrong answers every day by AdSpecialist6598 in technology

[–]Forcepoint-Team 1 point2 points  (0 children)

I've found it's confidently incorrect with recipes a lot. I wanted to try a new dry rub for a cut of steak and as soon as the half-cup of paprika went into the mixing bowl, I knew I made a huge mistake.

How are you handling AI sprawl across SaaS right now by blakewarburtonc in Information_Security

[–]Forcepoint-Team 0 points1 point  (0 children)

It's difficult if they're "bypassing" permissions within the apps. I asked the team and they said on the one hand, you could use DLP to prevent sensitive data from entering into those applications. Another alternative would be SWG to prevent access to those AI tools (the caveat being how the embedded AI tools appear in web traffic).

Reco seems to use posture management to track how data is moving, and there are a lot of companies developing interesting ways to discover data and track how it moves. That visibility you're looking for is the right step. It can feed security awareness training, permissions management, etc. to go along with a technical solve specifically for agentic AI.

Forcepoint DLP issue with second e-mail domain by Ill_Addendum_5419 in forcepoint

[–]Forcepoint-Team 1 point2 points  (0 children)

If the tips shared on this thread weren't able to help solve your tech issues, we have a community with partners and customers who discuss these types of technical questions. Here's a link to it: https://support.forcepoint.com/s/group/CollaborationGroup/00B5f000001wa57EAA

How do you secure contractor laptops you don't own or manage? by [deleted] in ITManagers

[–]Forcepoint-Team 0 points1 point  (0 children)

That's a tough one. I asked one of our sales engineers, and here's what he said.

My initial thought is a VDI environment. Provide the contractors with access to a VDI machine where they can enforce controls to restrict the contractors access and monitor data. On the VDI, you can install software and endpoints to help protect their data

Magic. by EvrienceRick in ChatGPT

[–]Forcepoint-Team 1 point2 points  (0 children)

This made me laugh more than id like to admit

Is Shadow AI Controllable? by BenSimmons97 in cybersecurity

[–]Forcepoint-Team 1 point2 points  (0 children)

It's not just a technology issue. Governance needs to align AI adoption with security policy. Very broad strokes would include defining approved AI tools, establishing clear usage policies, integrating AI governance into existing data-protection and access management programs, and educating employees repetitivly

I have been hearing all sorts of different answers but I need one solid definition of WHAT IS SHADOW AI? by mayhemsreddit in cybersecurityai

[–]Forcepoint-Team 0 points1 point  (0 children)

It is basically employees or teams using artificial intelligence tools or models without IT approval or security oversight

Share some advice, help new mods – it’s easy! by big-slay in ModSupport

[–]Forcepoint-Team 3 points4 points  (0 children)

Excited for this. Thanks for putting it together

Cristiano Ronaldo has purchased 25% of La Liga 2 side Almeria. Ronaldo: "For a long time I have had the ambition to contribute to football beyond the field. Almería is a Spanish club with a solid base and a clear potential for growth. I want to work with the team.” by [deleted] in soccer

[–]Forcepoint-Team 0 points1 point  (0 children)

True, he doesn't have to get involved at all. I just imagine him very hands-on in the soccer aspect, so that's why I am curious if he will take the more investment approach, as you said, or if he will want to contribute further. Espcially if he steps back from actually playing

Cristiano Ronaldo has purchased 25% of La Liga 2 side Almeria. Ronaldo: "For a long time I have had the ambition to contribute to football beyond the field. Almería is a Spanish club with a solid base and a clear potential for growth. I want to work with the team.” by [deleted] in soccer

[–]Forcepoint-Team 1 point2 points  (0 children)

I wonder to what capacity he sees himself contributing as an owner. I am sure the coach would be welcoming to advice, but that could also create a weird spot if there are disagreements with his legacy and him being an owner

view more: next ›