The publishers of the always-informative online publication Bank Info Security are now tackling the healthcare industry with a new site called Healthcare Info Security. This site should be a great resource for HIPAA and HITECH compliance information and other technology issues that face the healthcare industry.
In one of the first articles posted to the site, Proofpoint customer Crystal Run Healthcare discusses how they solved their secure email issues and protect private health information (PHI) in email.
In "Secure E-mail Cures Headaches," IT director Miguel Hernandez discusses how email encryption is used to secure communication between doctors and patients, share private information with business partners including accountants and lawyers and help with ensuring HIPAA compliance.
"Considering the cost of secure email, as opposed to the cost of litigation over a HIPAA violation," says Hernandez, "It's certainly worth it."
The article is a good view into the real world issues that all types of healthcare organizations are facing vis-a-vis securing email. Several other Proofpoint resources related to email encryption, HIPAA compliance and the healthcare industry include the following whitepapers:
Byron Acohido at USA Today has an interesting article out today (see "Cybersecurity Stocks Look Hot in 2010") positing that tech security companies are "poised to become Wall Street darlings this year, thanks in part to Google's tiff with China."
Quoting an analyst at FBR Capital Markets, he says the Google-China row has underscored the already positive outlook for stock price performance of diversified security vendors such as McAfee, Symantec and Check Point and that the security sector is underinvested. As we point out at Proofpoint quite often, IT security (including email security and data loss prevention) solutions simply aren't optional and large enterprises and government organizations can't delay purchases of such solutions.
Statistics from IDC are also quoted, noting that worldwide spending on IT security rose 6% in 2009 and is expected to grow another 9% in 2010.
The article notes that prospects for privately-held security companies are also looking very positive:
"Meanwhile, the rising incidence — and visibility — of cyberattacks also is boosting prospects for privately held tech-security firms, says Asheem Chandna, a partner at Greylock Partners, a leading Silicon Valley venture capital firm.
Private firms with strong balance sheets and good growth prospects that might be viewed as viable candidates to float an initial public stock offering include Sophos, Barracuda Networks, Qualys, Proofpoint and Tripwire, Chandna says. He estimates 30 to 50 tech firms could go public this year, including three to five tech-security companies."
I've seen a few reports of this from random folks on Twitter, but now the Scott Panzer over in the Proofpoint Attack Response Center has confirmed that we have samples of spam messages that appear to be exploiting Google Maps to send spam.
The messages, which have subject lines like "[email address] sent this to you using Google Maps:" followed by some additional (possibly randomized) text, don't contain a link to a Google Map, but instead have a link to a spam payload hosted at imageshack.us.
The image spam payloads advertise old standbys like Canadian Pharmacy (you know, in case you needed a source for "cheap Viagra").
The messages seem to be exploiting a weakness in Google Maps (either an exploit that gets around Google Maps CAPTCHA or an automated way to break Google Maps CAPTCHA) that results in the message being sent from Google servers... Which means that the messages are also DKIM signed as valid Google email.
While we've not seen very high volumes of this sort of spam (yet?), I'm assured by the PARC team that Proofpoint Spam Detection now blocks any of these spam messages that may have been evading detection.
Must be "scams on the rise" day here at the email security blog. Moments after my previous post on rises in phishing and vishing, one of my colleagues alerted me to a BBC story (see "Scams Affect One in 10 Britons, Says OFT") with some interesting statistics about how often consumers are victimized by scams.
Britain's Office of Fair Trading (OFT) issued some new statistics about scams as part of their annual "Scams Awareness Month" campaign for 2010. New research by the OFT reveals that mass-marketed scams that "mislead people to part with their cash" and may arrive by regular postal mail, text message, telephone or online (e.g., email and web) vectors have affected nearly 10% of British citizens.
Among the OFT report's findings:
Email is now the most common scam approach: 73% of British adults have received a scam email in the past year. This is followed by scams via a letter (21%) and via text message (12%).
Social media sites appear to be emerging as a new route for scammers: 9% of adults received an approach this way.
Being victimized by a scam is not rare: Around one in 11 (just over 4 million) British adults say they have responded to a scam at some time in their life, of whom nearly a third lost money. And about 4% of Britons (1 in 25 or 2 million people) have responded to a scam in just the last 12 months.
Losses from scams are substantial: Around half (49%) of those scammed have lost more than £50 (about $80) in total, with 5% losing more than £5000 (about $8000).
You can find the OFT's original press release at the following link:
Just as we've done here on numerous occasions, the Office of Fair Trade issued a good list of tips for avoiding being victimized by a scam. Says the press release:
To help protect yourself and those you care about, the OFT is encouraging people to remember the following tips:
Stop, think and be sceptical. If something sounds too good to be true it probably is.
Do not be rushed into sending off money to someone you do not know, however plausible they might sound and even where an approach is personalised.
Ask yourself how likely it is that you have been especially chosen for this offer - thousands of other people will probably have received the same offer.
Think about how much money you could lose from replying to a potential scam - it's not a gamble worth taking.
A couple of interesting articles from the always awesome Bank Info Security today, noting that various forms of phishing are on the rise. First up, the Anti-Phishing Working Group (APWG) reported that all types of phishing are on the rise. In the APWG's report for the third quarter of 2009, phishing reports to the organization rose to a record 40,621 (in August 2009). More, including some quotes form the APWG's chairman, Dave Jeavans, here:
"Financial institutions in Michigan, Wisconsin, Minnesota and Mississippi report being hit by these "vishing" attacks in the past two weeks. Five different institutions -- three credit unions and two banks - say their customers have received vishing calls from fraudsters."
The article includes details of the various attacks.
ChannelWeb has a new slideshow out today highlighting the "20 Coolest Cloud Security Vendors" including Proofpoint. As ChannelWeb's editors note, over the last couple of years there's been a strong trend in the enterprise toward moving various security features to the cloud and a "tough economy" has only increased that momentum.
"Proofpoint offers its comprehensive Enterprise service, based on the same platform powering its Messaging Security Gateway appliances and incorporates DLP, spam filtering and e-mail archiving services. Its hosted e-mail service, Proofpoint Protect, is also an easy-to-use, low-cost inbound e-mail security product designed for organizations that don't require outbound data privacy and e-mail encryption features. The company distinguishes itself with its single management and policy console powered by Proofpoint MLX technology, an advanced machine learning system."
It's great to be named as one of the "Coolest Cloud Security Vendors," but if you're an enterprise IT buyer, the sheer number of vendors offering SaaS and cloud-based can be exceptionally confusing. If you have questions about how to best go about evaluating and comparing SaaS security solutions, you won't want to miss our February live web seminar:
Proofpoint's Dave Champine will share best practices that enterprises should follow when evaluating cloud-based security solutions, including how to address concerns around (and evaluate vendor's approaches to) security, scalability and availability. Some case studies from Proofpoint's own extensive customer base of Global 2000 organizations will be presented as examples.
And if you're not sure about this whole cloud security thing, might I suggest you check out the following Osterman Research whitepapers that discuss the cost savings and other benefits that can be had by adopting SaaS approaches to email security and email archiving? See:
Q4 2009 was Proofpoint's 26th sequential quarter of record revenue. Drivers for business during the quarter included increasing adoption of Proofpoint's SaaS email security solutions and a record number of new customer wins with Fortune 1000 companies.
Proofpoint's SaaS business doubled from 2008 to 2009 and hit a new quarterly high in Q4 2009.
Ongoing competitive wins versus solutions from vendors including Google (Postini) and Cisco (IronPort).
Q4 2009 saw the introduction of the Proofpoint version 6 platform, which includes the new SaaS-powered Proofpoint Encryption (email encryption) solution.
See the full release for examples of the types of large enterprises that are adopting Proofpoint's email security, data loss prevention and email archiving solutions.
Highlights of the new channel program include an improved pricing structure, deeper discounts for certain types of partners and new training components to help resellers make the most of their Proofpoint sales efforts.
Response from Proofpoint's existing channel partners has been extremely positive. Quoted in the release, Greg Curlee at channel partner SBS Security (Dallas, TX) commented:
“We’ve been a Proofpoint reseller since 2004, and we’re really pleased with the new program. Because we’ve stepped up to meet the highest level of qualifications, SBS Security is now a Proofpoint Elite Partner. We like that we’ve received well-defined benefits for our efforts, including healthy base discounts and additional margin for registered deals. To us, it just makes sense that Proofpoint is recognizing its best resellers this way.”
If you're a distributor or reseller interested in partnering with Proofpoint, you can reach out to our channel folks by emailing partners@proofpoint.com.
Our next Proofpoint live web seminar is, "SaaS and the Global 2000: Best Practices for Buying Security-as-a-Service." Proofpoint SaaS expert Dave Champine will discuss why large enterprises are increasingly turning to the cloud to maximize ROI and meet today’s email security and archiving challenges, and share the best practices that large enterprises should follow when buying SaaS security solutions.
While Dave will be focusing on the needs of larger enterprises, this should be a great overview for any company looking to move email security, email archiving, email encryption, data loss prevention or other security functions to a SaaS model.
Join us on Wednesday, February 10 at 2:00 p.m. ET / 11:00 a.m. PT. And remember, if you can't make it to the live event, we always share a replay with registered attendees. To register, please visit:
Hard to believe that the RSA Conference 2010 is just a little more than a month away! If you'll be attending RSA Conference 2010 at Moscone Center in San Francisco, please be sure to visit the exhibits and visit Proofpoint at booth #3728.
If you'd like to attend the RSA Conference expo (exhibits), you can get a free exhibits-only pass (which RSA calls an "Expo Pass") courtesy of Proofpoint by using code EC10PRF when you register. We'll be demonstrating our latest email security solutions including our new email encryption solution, Proofpoint Encryption.
To register for your free exhibit pass, please visit the following URL:
For reasons we discuss regularly in this blog, more and more enterprises are choosing to move email security functions "to the cloud" and today's announcement from Proofpoint offers yet another example.
Headquartered globally in Paris, web and audio conferencing vendor Arkadin found that its previous on-premises email security solution was suffering from poor anti-spam accuracy and imposing too many administrative burdens on IT staff. So they looked for new solutions that provided better effectiveness versus email-borne threats as well as reduced administration time and reduced TCO.
Arkadin found that adopting Proofpoint's SaaS email security solution gave them the features and savings they were looking for, without sacrificing control and customizability. Proofpoint ENTERPRISE now protects 1000 Arkadin end-user inboxes worldwide. Says Arnaud Lejeune, executive president of operations for Arkadin:
“We needed an email security solution with better performance that was also reliable and easy to manage. Proofpoint ENTERPRISE delivered on all of those requirements and more. By moving to Proofpoint’s cloud computing-based email security solution, we’ve greatly reduced our costs, effectiveness in stopping spam has been incredible and performance is guaranteed by service level agreements. It’s the perfect solution for enterprises faced with these problems.”
Arkadin’s information services team was also impressed by level of customization enabled by Proofpoint’s SaaS email security solution.
“Even though it’s a SaaS solution, Proofpoint ENTERPRISE gives us a level of control and configurability comparable to on-premises appliances,” said Jean-Claude Asseufi, global IS support manager at Arkadin. “Everything is managed by a centralized, Web-based management console, so we can easily make changes and get complete visibility into our email systems.”
If you'd like to learn more about the advantages of moving email security to the cloud and tips on what large enterprises should look for when buying security-as-a-service, register for our next live web seminar at the following link:
