RSA 2018 Profile: Forcepoint
A man sits uncomfortably in a dentist’s chair. So what? A lot of people feel uncomfortable at the dentist. That might be your impression if you look at this single frame from the 1976 film, Marathon Man. Dustin Hoffman is getting a dental exam from Laurence Olivier. But no… there’s a lot more going on here than what appears on the surface.
Laurence Olivier is actually an escaped Nazi war criminal and he’s about to torture Hoffman’s character. It’s a memorable, frightening scene. However, to get the full impact of the cinematic moment, you have to look beyond this single frame and see the whole story of the film. You have to get the “character arc” as they call it in the movie business.
In talking to Forcepoint’s Chief Scientist, Dr. Richard Ford, this theme of character arc came up as a way to understand the role of artificial intelligence in cyber security. There were many AI and machine learning solutions on display at RSA. They all try to solve a major problem in security today, which is a volume of threat and incident data that threatens that can easily overwhelm a SecOps team—a risky condition Ford refers to as “cyber fatigue.”
As Ford pointed out, however, the use of AI in security actually creates multiple challenges. First, the AI solution has to be trained to identity threats and help resolve incidents. This is a non-trivial matter. Then, there’s the sticky issue of getting a machine to understand how human beings function. Cyber attackers are humans, or at least machines invented by human minds. The defenders are humans. Employees of the secured organization are also humans. How can an AI-driven cybersecurity solution be effective when it has to contend with all these unpredictable human brains?
“It’s about getting the character arc of the people in your organization,” said Ford. “You can’t rely on static policies and an overly threat-oriented position. We take a dynamic approach to data protection using AI. We look at the story being told. Does it make sense?”
It makes sense to me, but I used to work in television. A character’s arc comprises the way the character changes as the narrative of the story progresses. In Star Wars, for example, Luke Skywalker evolves from a simple farm boy into a heroic fighter pilot. His discovery of his own potential for bravery forms his story arc. Defining the narrative improves the understanding of how people interact with technology.
Describing Forcepoint as a “cognitive prosthesis,” Ford elaborated on getting AI to be truly helpful in parsing human behavior. “The tool helps you think. If an AI security tool is doing all the thinking for you, it’s probably missing something important.” Forcepoint looks for patterns that don’t fit the story arc of the “characters” in the organization.
For example, if Joe works 9-5 and never uploads files to the cloud, then Joe uploading files to the cloud at 2AM is worthy of an alert. However, there may be a good reason why Joe is uploading files at 2AM. Forcepoint’s approach is gather data from multiple sources (firewalls, etc.) to avoid getting an overly “stove-piped” view of what’s going on.
It’s not easy getting an AI tool to learn human behavior in a particular organization. “This is our mission,” Ford said. “We take you beyond seeing single frames of the film, so to speak. We help you see the flow of the narrative.”
Dustin Hoffman could have saved himself some grief by taking the Forcepoint approach. According to legend, to prepare for the notorious dental chair scene, he forced himself to stay away for two days straight. Olivier scoffed, advising, “Why don’t you just try acting, my dear boy?” What he meant was, why don’t you just understand your character’s arc at this point in the story and let that drive your performance.