Proofpoint: Security, Compliance and the Cloud

New for 2012, Gartner's "Magic Quadrant for Secure Email Gateways" -- wherein Gartner describes the current state of the email security market, technology and threat trends, and describes the leading vendors and solutions in this market -- has been published.

As usual, Proofpoint has licensed a reprint of the new magic quadrant and you can read the full report, compliments of Proofpoint, at the following URL:

http://www.proofpoint.com/magicquadrant

Writing in the 2012 "Magic Quadrant for Secure Email Gateways," Gartner analysts Peter Firstbrook and Eric Ouellet note that, "Buyers should focus on strategic vendors, data loss prevention capability, encryption and better protection from targeted phishing attacks."

While spam volumes have declined, Gartner notes that targeted attacks against organizations represent an increasingly serious threat, noting that, "Better protection from targeted phishing attacks is the most critical new inbound protection capability (72% of respondents indicated that this was a very important capability), but only a few vendors have advanced the state of the art against these attacks."

There's a lot more great information in this report, which you can read by following the link above, or by simply completing the mini form, below:

About the Magic Quadrant graphic:

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Proofpoint, Inc. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 

Our live web seminar series continues next week with, "Targeted Attacks on Your Key Employees: How to Respond to Targeted Attempts to Steal Sensitive Enterprise Data." As readers of this blog are no doubt aware, spear phishing and other forms of targeted attacks represent one of the most dangerous attack vectors today.

In this live web seminar (Wednesday, August 22nd at 11 AM PT, 2 PM ET), we'll share best practices for responding to targeted attacks. In addition, you'll get a first look at the new Proofpoint Targeted Attack Protection solution. The newest addition to Proofpoint's security-as-a-service suite uses big data analytics and other advanced technologies to help organizations identify, defeat and remediate targeted attacks. And the user interface (especially the "Threat Insight" dashboard) is incredibly slick -- definitely worth checking out.

As usual, we'll also reserve time for Q&A to answer your questions live.

To register, follow the link above, or simply complete the form below. Webinar registrants will get a link to the replay of the live event as soon as its available, so it's worth registering even if you can't make it to the live event. We hope you'll join us!

In the financial services industry, maintaining control over private data is crucial to both your customers and your organization's reputation. As the security landscape continues to change, companies need to be prepared to protect their most sensitive business data with the most advanced approaches available today.

To ensure financial industry enterprises are aware of these leading technologies, our next live web seminar, this Wednesday, will focus on best practices for creating the right policies for data privacy and encryption. As new technologies are created that help make encryption efforts easier — and as widely publicized breaches of private data continue to come to light — more financial enterprises are considering these features.  

Our resident data privacy expert, Ken Liao, will discuss how Proofpoint’s financial industry customers use Proofpoint solutions to comply with existing and emerging regulations and ensure the highest standards of security for their companies. Please join us on August 8th 11 AM PST (2 PM EST).

To register, visit the link above or simply complete the form below. As always, a link to a replay of the webinar will be sent to all registered attendees shortly after the live event.

"Ship it!"

It's been a busy week on the engineering side of things here in Proofpoint land as a new version of Proofpoint Enterprise Protection / Proofpoint Enterprise Privacy is now available, and the new Proofpoint Targeted Attack Protection solution has also become generally available.

New features in Enterprise Protection/Privacy version 7.1 include support for Proofpoint Targeted Attack Protection, a new MLX Reputation service, administrative interface enhancements including French and German versions, new Smart Identifiers (for Privacy), security enhancements and much more.

As always, the new version is free to current customers of Enterprise Protection or Enterprise Privacy. Current customers can initiate an upgrade by opening a new support call requesting an upgrade to version 7.1. More details on the new version can be found in this support note (your support login is required to view).

Our new cloud-based solution for spear phishing and other forms of targeted attacks, Proofpoint Targeted Attack Protection, deploys an array of advanced technologies including big data analysis techniques, URL interception, and malware sandboxing to provide unprecedented protection that follows messages and users wherever they go. Learn more about this exciting new cloud security solution here.

There was quite a bit of media coverage over the last two weeks of a reported takedown of the Grum botnet, led by California-based security vendor FireEye and UK-based spam-tracking service SpamHaus.

According to according to ITWorld, the Grum botnet may have been responsible for sending some 18 billion messages per day. FireEye has a detailed account of the takedown process, which happened between July 17 and 19th, in their blog.

Now that it's been more than a week since the initial takedown I thought it would be interesting to see what, if any, impact the Grum takedown has had on overall spam volume. The chart at the top of this post (click for a full-size view) shows the daily volume of spam messages coming into some of Proofpoint's spam traps from May 2012 through today.

There are several interesting points worth noting:

• During most of May and June this year, spam volumes seen by our automated systems were in a relatively steady state, oscillating between 4 and 6 million messages per day. In late June, we begin to see a more bursty pattern of spam attacks with daily volumes sometimes spiking as high as 9 million messages.
• While there is a clear low point (about 2 million messages around July 19th), you can see that bursty spam-sending behavior immediately resumes, though there may be a continued downward trend as measured on a longer timeframe (weeks or months). It will be interesting to see how things evolve in the coming weeks.
• The behavior here is somewhat reminiscent of spam sending behavior immediately after the Rustock botnet takedown, which I covered in a post from early last year.

In general, "honeypot" spam volumes have fallen quite dramatically (about 5x on a daily basis) since 2010 (when it wasn't uncommon for our spam traps to see in excess of 25 million messages daily). While botnet shutdowns have undoubtedly had an impact on spam volume over the past few years, and are an important part of the overall effort to deter and prevent various forms of cybercrime, they are not the sole reason that we've seen nuisance spam subside.

There's been a fundamental change in the business model around unsolicited email. Instead of being primarily concerned with promoting (often fraudulent) products and services, unsolicited email is instead being used as one of the primary vectors to compromise systems (by stealing user credentials), recruit computers (and possibly mobile devices) into botnets (which have applications in many different types of cyberattacks beyond spam and phish), install various forms of malware and commit other forms of fraud.

Such emails are sent in lower volume and are often highly targeted in nature. That is, they are distributed not en masse, but in a very controlled manner, targeting specific Internet domains, or even specific users. In this way, such messages often avoid winding up in generic spam honeypots. The detection and prevention of such attacks, particularly the highly-targeted versions, require different techniques (which I won't belabor here, but see our materials around Proofpoint Targeted Attack Protection as one example). 

I suspect that both current and future botnets will become harder to detect and harder to take down. There is already evidence that newly-engineered botnets are becoming increasingly resistant to takedown efforts. News this week from the BlackHat conference in Las Vegas speculated that Gameover ZeuS, a P2P botnet that is the largest bank-theft botnet, incorporates many defensive advantages to avoid a takedown.

According to CSO's article, this botnet has already infected hundreds of thousands of PCs around the globe and that, "The botnet steals by accessing bank accounts and making unauthorized large Automated Clearinghouse (ACH) and wire transfers to what are called 'money mules,' who works as accomplices."

Expect that future botnets (and associated cybercriminal activity) will become increasingly evasive, and increasingly difficult to dismantle once their existence is detected. 

[Special thanks to intern Courtney Klosterman for her research and contributions to this article.]

Today, Proofpoint published the findings from a recent survey of more than 330 IT professionals, aimed at learning the extent and impact of targeted phishing attacks (a.k.a., "spear phishing").

With so many phishing-sourced data breaches making the news in the past couple of years, it will probably come as no surprise that we found that targeted phishing attacks are just as—if not more—prevalent than ever.

Additionally, the survey found a strong connection between spear phishing attacks and the compromise of user login credentials (i.e., usernames and passwords) and unauthorized access to corporate IT systems.

Survey responses were gathered at Proofpoint's booth at last month's Microsoft TechEd conference. We've summarized the findings in a short PDF format report (which also summarizes findings from a similar survey we conducted at the RSA Security Conference earlier in the year).

In brief, the Proofpoint TechEd survey found that:

1. Spear Phishing Continues to be a Serious Threat

Half of all respondents (51%) believe that, in the past year, their organization was targeted by a phishing email designed specifically to compromise their own users. Another 31% do not believe they were the target of such an attack and 18% reported they did not know.

2. Larger Organizations are Even More Likely to be Targeted by Phishing Attacks

Among organizations with 1,000 or more email users (214 survey respondents), more than half (56%) believe their organizations were targeted by a spear phishing attack. Of this group, 27% do not believe they were the target of a spear phishing attack and 17% reported they did not know. Comparatively, organizations with fewer than 1,000 email users (125 survey respondents) reported fewer spear phishing attacks—42% believe they had been targeted, 39% did not and 19% did not know.

3. Spear Phishing Attacks are Often the Root Cause of Security Breaches

More than one third (34%) of respondents who reported experiencing a spear phishing attack in the past year (17% of all respondents) believe that such an attack resulted in the compromise of user login credentials (e.g., usernames/passwords) or unauthorized access to corporate IT systems.

We've been regularly surveying IT professionals about the threat from targeted attacks over the years and occurances of spear phishing have clearly risen over time. For example, in a survey conducted at the RSA Conference in 2010, 48% of respondents told us that they believed their organizations had been targeted... But that number rose to 58% in our 2012 RSA Survey (again, see the PDF for details).

The trend toward hard-to-detect, highly targeted phishing attacks aimed at compromising valuable corporate data is why Proofpoint has spent a great deal of research and development effort in the past year perfecting new approaches to detecting and stopping advanced targeted attacks.

In this digital age, our smartphones tend to know more information about us than say, our great Aunt Suzie. From your name and location to the interests of you and your closest friends; all of this information is readily available to advertisers and marketers the moment you accept the terms and agreements of certain mobile applications.

The accessibility of such data has sparked a continued dispute between consumer groups and online marketing firms over the access of user information via mobile applications.

On July 12, the National Telecommunications and Information Administration (NTIA) will host the first of several meetings in an effort to develop new codes of conduct for handling private consumer data on the internet and on mobile networks. The meeting will focus primarily on mobile application security and provide a chance for industry stakeholders to voice their concerns regarding access to private consumer data.

The upcoming meetings stem from a Consumer Privacy Bill of Rights released by the Obama Administration in February of this year. Instead of calling for new privacy standards, Obama’s Bill of Rights calls for a multi-stakeholder process to develop general rules and regulations. The process has generated skepticism about whether this system will incorporate the desires of all publics fairly, most importantly the consumers.

The start of the NTIA meetings could not come soon enough. Recent episodes of mobile applications illegally downloading user information has heightened the need for defined mobile privacy standards. The issue of mobile security now goes beyond simply the applications to also include the advertisements shown within them.

As we watch to see if an outcome can be achieved at the NTIA meetings, it will be interesting to see how these standards will reflect on the corporate side of the equation. Right now, companies must decide for themselves which security features to implement for their employees. This increasingly means creating mobile security applications that encrypt, archive, and protect company data on an employee's smartphone will likely become a corporate necessity.

Proofpoint is hiring! If you're searching for the next defining step in your career, come and see us at the Tech Career Expo in San Francisco.

The Tech Career Expo and Developer Jam is taking place today and tomorrow June 28 and 29 at the Moscone Center in San Francisco. The expo is being held concurrently with Google’s sold out developer conference, Google I/O, which is also taking place in the Moscone Center. As an added perk, keynotes and key sessions from Google I/O will be live streamed into the developer theater for Tech Career Expo attendees to view.

The most exciting part of the event (other than talking with awesome Proofpoint recruiters!) is that anyone can attend the Tech Career Expo free of charge.

Don’t miss out on the opportunity to network with Proofpoint professionals who are hiring in all areas of technology. We're seeking the best and the brightest for positions in engineering, operations, big data (Hadoop, Mapreduce, Hive, etc.), quality assurance, software R&D,  marketing and sales.

If you will be attending the Expo or Google I/O, make a point to stop by Proofpoint's Tech Career Expo booth (#512) to learn about all of our incredible employment opportunities.

For those who cannot make the event but are interested in a career with Proofpoint, check out the Proofpoint careers page for information on available positions.

Today, Proofpoint introduced an exciting new product, Proofpoint Targeted Attack Protection, that aims to solve one of the most vexing enterprise security problems—targeted attacks, such as email spear phishing attempts.

Spear phishing and other forms of targeted attacks are extremely difficult for traditional gateway security solutions to detect. Not only are they sent in low volume (unlike spam email campaigns), they often don't contain any form of malicious content, known malware, dangerous attachments or links to known malicious sites.

For these reasons, "properly" crafted spear phishing messages often have a 100% delivery rate, even to enterprises protected by modern email and web security systems. 

How, then, can organizations protect themselves? Proofpoint Targeted Attack Protection takes an entirely different approach, based on a new class of context-aware analysis techniques enabled by "big data" technologies. Using big data analysis, the solution essentially builds a model of "normal" messaging behavior, examining hundreds of variables in real time—including message properties and the email traffic history of individual message recipients.

Messages that deviate from that norm—especially messages that include attachments or URLs—are regarded as suspicious and are subjected to additional security controls, including URL interception and malware sandboxing.

We call these anomaly identification techniques "anomalytics" and you can read more about them in our new whitepaper, Big Data Solutions to Enterprise Data Security Challenges.

Persistent Protection from Malicious URLs
No matter how much you tell them not to, email users are going to click links in email. And a common tactic used in targeting phishing attacks is the use of URLs that are actually harmless at the time the message is sent. It's only later that they turn malicious.

To combat these issues, Proofpoint Targeted Attack Protection re-writes links in suspicious messages so that browsers are transparently redirected through the Proofpoint cloud, where content is re-inspected and malware anlysis is performed every time a potentially dangerous link is clicked. In this way, your organization's users are always protected—whether they access messages inside the corporate network, at home, on mobile devices, or on a public network.

Attack Remediation and Response
Another important component of Proofpoint Targeted Attack Protection is the Threat Insight Service, which provides a web-based dashboard that provides an easy-to-understand, graphical view of attacks.

It helps give administrators and security professionals the ability to identify targeted attacks, the scope of these attacks ("are they hitting just my organization or wider industry?"), which individuals are being targeted by the attacks, the nature of the attacks (malware, credential phishing, etc.), and what remediation actions, if any, are necessary.  

Live Webinar: Get a First Look at Proofpoint Targeted Attack Protection
Obviously, there's a lot more to Proofpoint Targeted Attack Protection than I can share in a single blog post.

If you're interested in learning more, you won't want to miss next week's live web seminar, "Spearing the Spear Phishers: How to Reliably Defeat Targeted Attacks" where we'll explain the challenges posed by targeted attacks, the new technology approach developed by Proofpoint, and give you a first look at Proofpoint Targeted Attack Protection.

I hope you'll join us on Wednesday, June 13th at 11 AM PT, 2 PM ET!

Click here to register for "Spearing the Spear Phishers" »

We're excited to announce that our email security and data loss prevention solutions, Proofpoint Enterprise Protection and Proofpoint Enterprise Privacy, were awarded SC Magazine's prestigious Reader Trust Award for "Best Email Content Management, 2012," presented at an award ceremony held in conjunction with the 2012 RSA Conference.

Winners were chosen by voters who are SC Magazine readers and work as high-level IT security executives (CISOs, CIOs, VPs, etc.) for organizations across various markets, including finance, health care, government, education and other industries.

"Our readers are on the front lines of information security, and they have recognized Proofpoint Enterprise Protection and Privacy as one of their key tools for securing their organizations," said Illena Armstrong, vice president and editorial director, SC Magazine. "Without leaders in innovation, such as Proofpoint, we would not be able to plan for the future of enterprise security." 

The "Best Email Content Management" category honors enterprise solutions that are not simply anti-spam filters but offer enhanced features such as bi-directional filtering, centralized management, and/or filtering of unauthorized content (i.e.,  "extrusion protection" or data loss prevention features).

Thanks to SC Magazine and its readers for honoring Proofpoint with this award!

You can learn more about Proofpoint Enterprise Protection and Privacy at http://www.proofpoint.com/products. Learn more about this award by reading our complete press release, "Proofpoint Winner of 2012 SC Magazine Reader Trust Award."

To see all of the 2012 winners, visit the following link:

2012 SC Magazine Awards Winners