Proofpoint: Security, Compliance and the Cloud

In the financial services industry, maintaining control over private data is crucial to both your customers and your organization's reputation. As the security landscape continues to change, companies need to be prepared to protect their most sensitive business data with the most advanced approaches available today.

To ensure financial industry enterprises are aware of these leading technologies, our next live web seminar, this Wednesday, will focus on best practices for creating the right policies for data privacy and encryption. As new technologies are created that help make encryption efforts easier — and as widely publicized breaches of private data continue to come to light — more financial enterprises are considering these features.  

Our resident data privacy expert, Ken Liao, will discuss how Proofpoint’s financial industry customers use Proofpoint solutions to comply with existing and emerging regulations and ensure the highest standards of security for their companies. Please join us on August 8th 11 AM PST (2 PM EST).

To register, visit the link above or simply complete the form below. As always, a link to a replay of the webinar will be sent to all registered attendees shortly after the live event.

"Ship it!"

It's been a busy week on the engineering side of things here in Proofpoint land as a new version of Proofpoint Enterprise Protection / Proofpoint Enterprise Privacy is now available, and the new Proofpoint Targeted Attack Protection solution has also become generally available.

New features in Enterprise Protection/Privacy version 7.1 include support for Proofpoint Targeted Attack Protection, a new MLX Reputation service, administrative interface enhancements including French and German versions, new Smart Identifiers (for Privacy), security enhancements and much more.

As always, the new version is free to current customers of Enterprise Protection or Enterprise Privacy. Current customers can initiate an upgrade by opening a new support call requesting an upgrade to version 7.1. More details on the new version can be found in this support note (your support login is required to view).

Our new cloud-based solution for spear phishing and other forms of targeted attacks, Proofpoint Targeted Attack Protection, deploys an array of advanced technologies including big data analysis techniques, URL interception, and malware sandboxing to provide unprecedented protection that follows messages and users wherever they go. Learn more about this exciting new cloud security solution here.

Today, Proofpoint published the findings from a recent survey of more than 330 IT professionals, aimed at learning the extent and impact of targeted phishing attacks (a.k.a., "spear phishing").

With so many phishing-sourced data breaches making the news in the past couple of years, it will probably come as no surprise that we found that targeted phishing attacks are just as—if not more—prevalent than ever.

Additionally, the survey found a strong connection between spear phishing attacks and the compromise of user login credentials (i.e., usernames and passwords) and unauthorized access to corporate IT systems.

Survey responses were gathered at Proofpoint's booth at last month's Microsoft TechEd conference. We've summarized the findings in a short PDF format report (which also summarizes findings from a similar survey we conducted at the RSA Security Conference earlier in the year).

In brief, the Proofpoint TechEd survey found that:

1. Spear Phishing Continues to be a Serious Threat

Half of all respondents (51%) believe that, in the past year, their organization was targeted by a phishing email designed specifically to compromise their own users. Another 31% do not believe they were the target of such an attack and 18% reported they did not know.

2. Larger Organizations are Even More Likely to be Targeted by Phishing Attacks

Among organizations with 1,000 or more email users (214 survey respondents), more than half (56%) believe their organizations were targeted by a spear phishing attack. Of this group, 27% do not believe they were the target of a spear phishing attack and 17% reported they did not know. Comparatively, organizations with fewer than 1,000 email users (125 survey respondents) reported fewer spear phishing attacks—42% believe they had been targeted, 39% did not and 19% did not know.

3. Spear Phishing Attacks are Often the Root Cause of Security Breaches

More than one third (34%) of respondents who reported experiencing a spear phishing attack in the past year (17% of all respondents) believe that such an attack resulted in the compromise of user login credentials (e.g., usernames/passwords) or unauthorized access to corporate IT systems.

We've been regularly surveying IT professionals about the threat from targeted attacks over the years and occurances of spear phishing have clearly risen over time. For example, in a survey conducted at the RSA Conference in 2010, 48% of respondents told us that they believed their organizations had been targeted... But that number rose to 58% in our 2012 RSA Survey (again, see the PDF for details).

The trend toward hard-to-detect, highly targeted phishing attacks aimed at compromising valuable corporate data is why Proofpoint has spent a great deal of research and development effort in the past year perfecting new approaches to detecting and stopping advanced targeted attacks.

Our live web seminar series continues on Wednesday, July 25th at 11 a.m. PT, 2 p.m. ET with a case study presentation about how one of our BlueCross BlueShield customers has tacked their email security, encryption and healthcare privacy issues. Resident data loss prevention and email encryption expert, Ken Liao, presents.

There are numerous solutions that can be used to encrypt email messages and other important data, however, without a robust policy-based encryption strategy, organizations are highly vulnerable to the leakage of sensitive data.

In, BlueCross BlueShield Case Study: Best Practices and Critical Steps to Protect and Secure Sensitive Data , you will learn firsthand how and why a leading BlueCross BlueShield uses Proofpoint solutions including our next-generation, policy-based encryption solution to protect private healthcare information in email.

Ken will also explain how Proofpoint technology ensures message privacy, enforces internal policies, and helps healthcare organizations comply with HIPAA/HITECH and other data protection and privacy regulations.

To register, visit the link above or simply complete the form below. As always, a link to a replay of the webinar will be sent to all registered attendees shortly after the live event.

Proofpoint is hiring! If you're searching for the next defining step in your career, come and see us at the Tech Career Expo in San Francisco.

The Tech Career Expo and Developer Jam is taking place today and tomorrow June 28 and 29 at the Moscone Center in San Francisco. The expo is being held concurrently with Google’s sold out developer conference, Google I/O, which is also taking place in the Moscone Center. As an added perk, keynotes and key sessions from Google I/O will be live streamed into the developer theater for Tech Career Expo attendees to view.

The most exciting part of the event (other than talking with awesome Proofpoint recruiters!) is that anyone can attend the Tech Career Expo free of charge.

Don’t miss out on the opportunity to network with Proofpoint professionals who are hiring in all areas of technology. We're seeking the best and the brightest for positions in engineering, operations, big data (Hadoop, Mapreduce, Hive, etc.), quality assurance, software R&D,  marketing and sales.

If you will be attending the Expo or Google I/O, make a point to stop by Proofpoint's Tech Career Expo booth (#512) to learn about all of our incredible employment opportunities.

For those who cannot make the event but are interested in a career with Proofpoint, check out the Proofpoint careers page for information on available positions.

We're excited to announce that our email security and data loss prevention solutions, Proofpoint Enterprise Protection and Proofpoint Enterprise Privacy, were awarded SC Magazine's prestigious Reader Trust Award for "Best Email Content Management, 2012," presented at an award ceremony held in conjunction with the 2012 RSA Conference.

Winners were chosen by voters who are SC Magazine readers and work as high-level IT security executives (CISOs, CIOs, VPs, etc.) for organizations across various markets, including finance, health care, government, education and other industries.

"Our readers are on the front lines of information security, and they have recognized Proofpoint Enterprise Protection and Privacy as one of their key tools for securing their organizations," said Illena Armstrong, vice president and editorial director, SC Magazine. "Without leaders in innovation, such as Proofpoint, we would not be able to plan for the future of enterprise security." 

The "Best Email Content Management" category honors enterprise solutions that are not simply anti-spam filters but offer enhanced features such as bi-directional filtering, centralized management, and/or filtering of unauthorized content (i.e.,  "extrusion protection" or data loss prevention features).

Thanks to SC Magazine and its readers for honoring Proofpoint with this award!

You can learn more about Proofpoint Enterprise Protection and Privacy at http://www.proofpoint.com/products. Learn more about this award by reading our complete press release, "Proofpoint Winner of 2012 SC Magazine Reader Trust Award."

To see all of the 2012 winners, visit the following link:

2012 SC Magazine Awards Winners 

As we enter day two of the 2012 RSA Conference, Proofpoint issued a press release this morning (see, "Proofpoint Extends Data Protection and Information Governance Solutions to Address Cloud-Based File Sharing, Collaboration and Social Media") announcing new capabilities for Proofpoint Enterprise Privacy and Proofpoint Enterprise Governance, based on integration with popular cloud content management solution, Box.

According to the release, the integration between Proofpoint Enterprise solutions and Box will offer "enhanced security, compliance and control over documents shared via Box."

The integration is part of Proofpoint's ongoing strategy to help organizations better monitor and control the flow of information across all major data stores and communication channels, including cloud-based file sharing, collaboration and social media services. Read the full release here.

If you're at RSA, do make a point of coming by Proofpoint's booth (#850) in the Moscone Center exhibit hall where the team will be demonstrating some of the new capabilities. And while you're there, take our short survey and snag one of our cool "Email Me Your Credit Card" or "Open the Attachment" tees.

If you're going to be in San Francisco next week for the RSA Security Expo 2012, do make a point of stopping by the Proofpoint booth (#850). In addition to meeting the fun and friendly Proofpoint team, and seeing demonstrations of our latest and greatest cloud-based security and compliance solutions, you can also take a few moments to take our traditional RSA booth survey.

And what would a tradeshow be without swag? In exchange for answering a few simple questions we'll give you one of our limited edition "Bad Idea" or "Phishing Attachment" RSA t-shirts — shown below — and you will surely be the envy of your "security professional" friends.

We hope to see you there!

We recently published a new report with Osterman Research, Making Office 365 More Secure and Compliant.

In this report, Osterman describes the various security, compliance and governance features of Microsoft Office 365, and identifies areas where those features may not meet the specialized requirements of organizations in highly-regulated industries or those enterprises with special security requirements.

There is also a good discussion of why the email archiving capabilities of Office 365, while useful, may not be sufficient to satisfy many of the common eDiscovery and regulatory obligations faced by large enterprises.

To download a complimentary copy of this report, follow this link, or simply fill out the mini-form below.

Complete this form to access a PDF copy of Making Office 365 More Secure and Compliant: 

At our recent "Proofpoint Inner Circle" customer events, we had a great opportunity to interview several of our enterprise customers about how and why they use Proofpoint Enterprise solutions for email security, data loss prevention, email encryption, regulatory compliance, archiving and electronic discovery.

I've collected several of them in this YouTube playlist. In these videos, representatives from Amalgamated, Liberty Health, PETCO, Graubard Miller, MED3000, Zions Bank and Scottsdale Healthcare share some of the reasons they rely on Proofpoint.

Thanks again to all of our terrific customers who took the time to share their stories with us... And you can find a lot more Proofpoint video content in our YouTube channel at http://www.proofpoint.com/youtube.