June 07, 2012
Introducing Proofpoint Targeted Attack Protection: Cloud-based Protection from Spear Phishing, Targeted Attacks
Today, Proofpoint introduced an exciting new product, Proofpoint Targeted Attack Protection, that aims to solve one of the most vexing enterprise security problems—targeted attacks, such as email spear phishing attempts.
Spear phishing and other forms of targeted attacks are extremely difficult for traditional gateway security solutions to detect. Not only are they sent in low volume (unlike spam email campaigns), they often don't contain any form of malicious content, known malware, dangerous attachments or links to known malicious sites.
For these reasons, "properly" crafted spear phishing messages often have a 100% delivery rate, even to enterprises protected by modern email and web security systems.
How, then, can organizations protect themselves? Proofpoint Targeted Attack Protection takes an entirely different approach, based on a new class of context-aware analysis techniques enabled by "big data" technologies. Using big data analysis, the solution essentially builds a model of "normal" messaging behavior, examining hundreds of variables in real time—including message properties and the email traffic history of individual message recipients.
Messages that deviate from that norm—especially messages that include attachments or URLs—are regarded as suspicious and are subjected to additional security controls, including URL interception and malware sandboxing.
We call these anomaly identification techniques "anomalytics" and you can read more about them in our new whitepaper, Big Data Solutions to Enterprise Data Security Challenges.
Persistent Protection from Malicious URLs
No matter how much you tell them not to, email users are going to click links in email. And a common tactic used in targeting phishing attacks is the use of URLs that are actually harmless at the time the message is sent. It's only later that they turn malicious.
To combat these issues, Proofpoint Targeted Attack Protection re-writes links in suspicious messages so that browsers are transparently redirected through the Proofpoint cloud, where content is re-inspected and malware anlysis is performed every time a potentially dangerous link is clicked. In this way, your organization's users are always protected—whether they access messages inside the corporate network, at home, on mobile devices, or on a public network.
Attack Remediation and Response
Another important component of Proofpoint Targeted Attack Protection is the Threat Insight Service, which provides a web-based dashboard that provides an easy-to-understand, graphical view of attacks.
It helps give administrators and security professionals the ability to identify targeted attacks, the scope of these attacks ("are they hitting just my organization or wider industry?"), which individuals are being targeted by the attacks, the nature of the attacks (malware, credential phishing, etc.), and what remediation actions, if any, are necessary.
Live Webinar: Get a First Look at Proofpoint Targeted Attack Protection
Obviously, there's a lot more to Proofpoint Targeted Attack Protection than I can share in a single blog post.
If you're interested in learning more, you won't want to miss next week's live web seminar, "Spearing the Spear Phishers: How to Reliably Defeat Targeted Attacks" where we'll explain the challenges posed by targeted attacks, the new technology approach developed by Proofpoint, and give you a first look at Proofpoint Targeted Attack Protection.
I hope you'll join us on Wednesday, June 13th at 11 AM PT, 2 PM ET!
