Proofpoint: Security, Compliance and the Cloud

159 posts categorized "Data Loss Prevention"

December 03, 2012

Best Email Security Solutions 2013: Proofpoint is a Finalist in SC Magazine Reader Trust Awards, 2013

SC-Awards-2013-Finalist-Best-Email-Security-SolutionWe're honored once again to be finalists in SC Magazine's Readers Trust Awards. Proofpoint Enterprise Protection and Proofpoint Enterprise Privacy are finalists in the Reader Trust Awards category "Best Email Security Solution."

You can read more about this category and find the complete list of best email security solution finalists here, "Best Email Security Solution."

As usual, the winners of the annual SC Awards will be unveiled at an event held in conjunction with the RSA Security Conference which will be held at San Francisco's Moscone Center, February 25 through March 1, 2013. (If you'd like to attend the RSA Security Expo free of charge, see my previous blog post about how you can use Proofpoint's code FXE13PRF when you register.)

Proofpoint followers may recall that Proofpoint Enterprise Protection and Privacy won a similar category ("Best Email Content Management Solution") in 2012. If you'd like to learn more about why SC Magazine readers selected Proofpoint as the 2012 winner, you can register to download the award write-up here.

Thanks to our friends at SC Magazine for once again recognizing Proofpoint Enterprise as one of today's leading email security solutions!

November 27, 2012

Spear Phishing Attack Cause of Massive South Carolina Data Breach

Spear phishing cause of South Carolina Dept. of Revenue Data BreachIt will come as no surprise to regular readers of this blog, but it was revealed this week that a recent, massive data breach at the South Carolina Department of Revenue -- which exposed "millions of Social Security numbers, bank account information and thousands of credit and debit card numbers" according to SearchSecurity -- started with a phishing attack around mid-August 2012.

According to the official response report (South Carolina Department of Revenue, Public Incident Response Report, November 20, 2012),  "A malicious (phishing) email was sent to multiple Department of Revenue employees. At least one Department of Revenue user clicked on the embedded link, unwittingly executed malware, and became compromised. The malware likely stole the user’s username and password."

Later, the attacker logged into a remote access service using compromised user credentials and began an ongoing process of escalating privileges and installing malware on compromised servers. Potentially stolen information exfiltrated by the attacker totalled more than 74 Gigabytes of data.

SearchSecurity's coverage (see, "Phishing attack, stolen credentials sparked South Carolina breach") notes that, "In addition to the 3.8 million people whose data were exposed, the breach included information on 1.9 million dependents. It also included data on 699,900 businesses. Information on 3.3 million bank accounts were also stolen."

SC Magazine also has a good summary of this attack and the phishing attack that ulitmately lead to the release of confidential information (see, "S.C. tax breach began when employee fell for spear phish").

If you're interested in the methods and motives of today's advanced targeted attackers, you'll want to join us for our next live web seminar, "Targeted Hybrid Attacks on Organizations:
2012 & Beyond
," on Wednesday, December 5 (11 AM PT / 2 PM ET).

Forrester Research security analyst Rick Holland will be on hand to discuss the South Carolina breach as just the latest example of spear phishing-lead attacks, why organizations keep getting phished, and how to apply today's email security solutions to keep your enterprise's most valuable data secure.

Follow the link above to register, or simply complete the form below:

November 16, 2012

Stay Safe Online this Holiday Season: Proofpoint's Seven Simple Rules and New Advanced Targeted Attacks Webinar

Mugshot-Santa-Stay-Safe-Online-2012-Holiday-Season-ThreatsYes, the holiday season is approaching once again and along with holiday celebrations and shopping — especially "Cyber Monday" and "Black Friday" sales, which seem to start earlier every year — also comes an increase in online threats.

Over the past several years, Proofpoint security researchers have observed that the that the volume of attacks — including phishing email attacks, social media exploits and other types of malware attacks — typically increases during the holiday season. Many of these attacks are engineered to take advantage of the consumer mindset during the holidays.

Our October 2012 report on email security threats found that, on any given day, phishing attacks represented 10% to more than 30% of total unsolicited email volume and this trend has continued into the first part of  November.

So, as is traditional here at Proofpoint, I wanted to take a moment to remind you of our "Seven Simple Rules" for staying safe online during the busy holiday season. Read on for our updated tips for 2012 and feel free to share them with your friends, family and email users!

As usual, we also have a couple of early presents for you IT security types: December's live web seminar "Targeted Hybrid Attacks: 2012 and Beyond" will feature special guest Rick Holland, security analyst for Forrester Research. And you can read Rick's latest research, The Forrester Wave™: Email Content Security, Q4 2012, compliments of Proofpoint.

Proofpoint's Seven Simple Rules for Staying Safe Online During the Holidays

1. Be aware: Always view with suspicion any email with requests for personal IDs, financial information, user names or passwords. Your bank, online services, government agencies or legitimate online stores are extremely unlikely to ask you for this type of information via email. Consumers should also be suspicious of similar emails that appear to come from an employer or friend. Never send personal financial information such as credit card numbers and Social Security numbers via email. Today’s malicious emails and phishing attacks are disguised as communications from all sorts of organizations, including banks, money transfer services, government agencies, media outlets, and package delivery services.

2. Don’t click: If you receive a suspicious email, don’t click the links in the email or open file attachments from anything but 100 percent trusted sources. Links embedded in emails may take you to fraudulent sites that look similar or identical to the legitimate “spoofed” site. In addition to attempting to gather your personal login credentials, these phishing sites may also automatically install malicious software, without your knowledge. Increasingly, scammers are using link shortening services to disguise the true destinations of their links. Instead of clicking, open a browser and type the actual Web address for the site into the address bar. Alternatively, call the company using a phone number you already know.

3. Be secure: When you are shopping online, entering important information such as credit card numbers, or updating personal information, make sure you’re using a secure Web site. If you are on a secure Web server, the Web address will begin with “https://” instead of the usual “http://”. Most Web browsers also show an icon (such as Internet Explorer’s “padlock” icon) to indicate that the page you are viewing is secure.

4. Don’t fill out email forms: Never fill out forms within an email, especially those asking for personal information. Instead, visit the company’s actual Web site (using a Web address you already know) and ensure that the page you are using is secure before entering sensitive information.

5. Keep an eye on your accounts: Check the accuracy of your credit card and bank statements on a regular basis, especially during the busy holiday shopping season. Many scammers count on consumer inattention to get away with fraudulent charges. If you see anything suspicious, contact your financial institution immediately.

6. Get social media savvy: Email isn’t the only attack vector used by spammers and scammers. Social media sites like Facebook and Twitter are increasingly used to deliver the same kinds of scams and malicious links to unsuspecting users. Spammers and malware writers continue to distribute malicious, but convincing, emails that masquerade as notifications such as friend requests or message notifications. Keep all of the preceding tips in mind when using the latest communication tools.

7. Make security your first stop: If your holiday includes giving or receiving a new computer, mobile device or upgraded operating system, install a good anti-virus or Internet security solution before doing anything else online. Reputable vendors include F-Secure, McAfee and Symantec. There are also reputable free solutions such as Avast, so a lack of resources doesn't mean you have to go without security. Be extremely wary of Web pop-ups that offer “free security scans” or that inform you that your machine is infected with a virus. Such offers commonly lead to fraudulent anti-virus solutions that are actually malicious software.

Have a safe and happy holiday season, OK?


October 04, 2012

Free RSA® Security Expo 2013 Passes, Courtesy of Proofpoint: Use Code FXE13PRF

RSA-Conference-Free-Exhibit-Passes-2013[Update 10/9/2013: Looking for 2014 passes? Use our new code SC4PROOFB.  Find registration link in this post.] 

In a sure sign that summer is over and that the holidays are nearly here, I am informed that registration is now open for the RSA Conference 2013.

As usual, Proofpoint will be exhibiting at the RSA Conference 2013, to be held February 25 thru March 1, 2013 at Moscone Center in San Francisco.

If you'd like to attend the RSA Conference 2013 expo (exhibits), you can get a free exhibits-only pass (which RSA calls an "Expo Pass") courtesy of Proofpoint by using code FXE13PRF when you register.

To register for your free RSA exhibits pass, please visit the following URL and enter code FXE13PRF during the registration process:

We look forward to seeing you there! Proofpoint will be exhibiting at booth #739, demonstrating our entire suite of cloud-based data protection solutions, including threat management (email security), compliance (data loss prevention, email encryption), archiving & governance, and secure communications.


October 02, 2012

Cloud Storage and Collaboration Meet Security, Compliance and DLP: Box and Proofpoint Team Up

Box-and-proofpoint-logosOur friends at content sharing leader Box issued a press release about ongoing efforts to improve enterprise adoption of its service by improving visibility and security for files stored in Box's cloud.

A significant part of that effort involves an integration partnership between Proofpoint and Box that extends Proofpoint's cloud-based data loss prevention (DLP) capabilities to content stored in Box. Using these new features, administrators will be able to ensure compliance with a wide variety of corporate policies, comply with data protection/privacy regulations and guard against the loss or exposure of confidential information.

As Proofpoint CEO Gary Steele explained to CIO Today, "We are delivering an advanced layer of security capabilities that enable enterprises to have a full view of what is happening with sensitive information across their organization."

Gary will be talking more about this partnership during a panel discussion at the upcoming Box customer conference, BoxWorks.


September 20, 2012

Replacing Postini: Should You Replace Postini with Google Apps, or Replace with an Alternative Email Security Solution? (Video)

As you've probably already heard, Google is actively moving customers of its Postini email security and archiving solutions to Google Apps. This is essentially forcing organizations to replace Postini with either Google Apps or an alternative Postini replacement.

The options and implications can be confusing, so our VP of product marketing, Kevin Epstein, put together a great overview of what is happening with Postini, potential issues to be aware of when transitioning from Postini to Google Apps, and the types of benefits that enterprises could reap if they replaced Postini with an alternative email security solution.

Check it out here: 

There are several resources mentioned by Kevin in that video, and I've provided handy links to them, below:


September 04, 2012

New Forrester Analyst Reports on Protecting IP from Cybercrime, Controlling Sensitive Information in the Era of Big Data

Forrester-protect-your-competitive-advantage-by-protecting-your-intellectual-property-from-cybercriminalsJust a quick note to let you know about two new resources from analyst firm Forrester we've posted to the analyst reports section of the Proofpoint Resource Center

These are:

Protect Your Competitive Advantage by Protecting your Intellectual Property from Cybercriminals, which investigates common ways that data is stolen from organizations today, the cost of inadequate data security, and what organizations must do to protect their data.


Control and Protect Sensitive Information in the Era of Big Data, outlines some best practices to help security and risk professionals understand how to control and properly protect sensitive information in today's era of massive enterprise datasets and data stores.

You can read the full reports, compliments of Proofpoint, by following the links above. 




August 20, 2012

New Email Security Magic Quadrant: Proofpoint is a Leader in the 2012 Magic Quadrant for Secure Email Gateways

Magic-Quadrant-for-Secure-Email-Gateways-2012New for 2012, Gartner's "Magic Quadrant for Secure Email Gateways" -- wherein Gartner describes the current state of the email security market, technology and threat trends, and describes the leading vendors and solutions in this market -- has been published.

As usual, Proofpoint has licensed a reprint of the new magic quadrant and you can read the full report, compliments of Proofpoint, at the following URL:

Writing in the 2012 "Magic Quadrant for Secure Email Gateways," Gartner analysts Peter Firstbrook and Eric Ouellet note that, "Buyers should focus on strategic vendors, data loss prevention capability, encryption and better protection from targeted phishing attacks."

While spam volumes have declined, Gartner notes that targeted attacks against organizations represent an increasingly serious threat, noting that, "Better protection from targeted phishing attacks is the most critical new inbound protection capability (72% of respondents indicated that this was a very important capability), but only a few vendors have advanced the state of the art against these attacks."

There's a lot more great information in this report, which you can read by following the link above, or by simply completing the mini form, below:

About the Magic Quadrant graphic:

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Proofpoint, Inc. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 

August 06, 2012

Live this Week! Security Best Practices for Financial Services Organizations

In the financial services industry, maintaining control over private data is crucial to both your customers and your organization's reputation. As the security landscape continues to change, companies need to be prepared to protect their most sensitive business data with the most advanced approaches available today.

To ensure financial industry enterprises are aware of these leading technologies, our next live web seminar, this Wednesday, will focus on best practices for creating the right policies for data privacy and encryption. As new technologies are created that help make encryption efforts easier — and as widely publicized breaches of private data continue to come to light — more financial enterprises are considering these features.  

Our resident data privacy expert, Ken Liao, will discuss how Proofpoint’s financial industry customers use Proofpoint solutions to comply with existing and emerging regulations and ensure the highest standards of security for their companies. Please join us on August 8th 11 AM PST (2 PM EST).

To register, visit the link above or simply complete the form below. As always, a link to a replay of the webinar will be sent to all registered attendees shortly after the live event.


August 02, 2012

Now Available: Proofpoint Enterprise Protection and Privacy 7.1, Proofpoint Targeted Attack Protection

Learn More: Proofpoint Targeted Attack Protection"Ship it!"

It's been a busy week on the engineering side of things here in Proofpoint land as a new version of Proofpoint Enterprise Protection / Proofpoint Enterprise Privacy is now available, and the new Proofpoint Targeted Attack Protection solution has also become generally available.

New features in Enterprise Protection/Privacy version 7.1 include support for Proofpoint Targeted Attack Protection, a new MLX Reputation service, administrative interface enhancements including French and German versions, new Smart Identifiers (for Privacy), security enhancements and much more.

As always, the new version is free to current customers of Enterprise Protection or Enterprise Privacy. Current customers can initiate an upgrade by opening a new support call requesting an upgrade to version 7.1. More details on the new version can be found in this support note (your support login is required to view).

Our new cloud-based solution for spear phishing and other forms of targeted attacks, Proofpoint Targeted Attack Protection, deploys an array of advanced technologies including big data analysis techniques, URL interception, and malware sandboxing to provide unprecedented protection that follows messages and users wherever they go. Learn more about this exciting new cloud security solution here.


Blog Search

Email Security Gateways, 2012

Magic Quadrant


What people are saying right now about us.

©2012 Proofpoint, Inc.
threat protection: Proofpoint Enterprise Protection compliance: Proofpoint Enterprise Privacy governance: Proofpoint Enterprise Archive secure communication: Proofpoint Encryption