Forcepoint adds RedOwl to people-focused cyber portfolio

Forcepoint has added another building block to its portfolio that focues on the human elements of cyber security.

The company has acquired RedOwl of Baltimore, a maker of cyber monitoring technologies and tools that analyze data and human actions on a network.

This deal comes as Forcepoint enters its third-year as a joint venture majority-owned by Raytheon to develop cybersecurity products.

Terms of the deal for RedOwl were not disclosed. It is ForcePoint’s third acquisition following deals for McAfee’s StoneSoft business in 2016 and cloud security company Skyfence earlier this year.

“We were interested first from a technology standpoint in [RedOwl’s] approach to solving problems of behavioral analytics,” Forcepoint executive Heath Thompson told Washington Technology. Heath leads Forcepoint’s data and insider threat security product line as a senior vice president and general manager.

RedOwl focuses on broader user activity on a network beyond just those related to a cyber event. Heath said the behavior analytics discipline tries to identify anomalies in patterns of user behavior on a network based on comparisons to others in similar job functions, departments or locations.

RedOwl looks at “humans as they interact with mission-critical data” with the goal of “trying to use behavior as way to get to intent,” Thompson said. “It’s a core part really of our own vision for protecting human point.”

And then there is the government component alongside both Forcepoint’s and RedOwl’s commercial sector businesses. George Kamis, Forcepoint’s global government chief technology officer, recently described the venture’s public sector growth aims to WT as part of a larger conversation on how Forcepoint focuses on protection of people in its cyber strategy.

Similar to Forcepoint, RedOwl has a “well-established” footprint among agencies in the defense, intelligence and civilian sectors, Thompson said. RedOwl also has a presence in other similar highly-regulated industries that include financial services.

Public sector IT product reseller immixGroup offers RedOwl’s behavior risk analytics products to agencies at the federal, state and local levels. ImmixGroup said in its February announcement of the partnership that both companies seek to help agencies deter classified information leaks and intellectual property loss, plus comply with a presidential executive order to implement an insider threat defense program.

“What agencies are looking for today is the introduction of an analytics platform into their insider threat capability set,” Thomspon told WT. “Agencies are looking for analytics to solve skill set shortages and the civilian agencies are really interested in doing this.

“They don’t have the strong and deep security teams you might find in the intelligence community. The continual trend in civilian agencies is to parallel the activities of a large enterprise.”

In the course WT’s conversation with Kamis, he described the ways Forcepoint aims to take a quicker, more agile approach to cyber for both its commercial and government businesses. Thompson told WT that approach aims to help large commercial enterprises and federal agencies solve similar cyber-related problems such as malicious or unintentional insider threats.

“The commercial customer sees value in using analytics to ingest large amounts of information through rich sources (and) we see the government customer doing the same thing,” Thompson said. “That similarity is really noteworthy: both commercial and government organizations face the same the challenges with analysts too short in number.”

The analyst that are on staff are often overwhelmed by the amount of information they are seeing. “We try to provide a better lens to look at threat landscape whether they’re a government or commercial customer,” he said.