Proofpoint: Security, Compliance and the Cloud

274 posts categorized "Email Security"

September 20, 2012

Replacing Postini: Should You Replace Postini with Google Apps, or Replace with an Alternative Email Security Solution? (Video)

As you've probably already heard, Google is actively moving customers of its Postini email security and archiving solutions to Google Apps. This is essentially forcing organizations to replace Postini with either Google Apps or an alternative Postini replacement.

The options and implications can be confusing, so our VP of product marketing, Kevin Epstein, put together a great overview of what is happening with Postini, potential issues to be aware of when transitioning from Postini to Google Apps, and the types of benefits that enterprises could reap if they replaced Postini with an alternative email security solution.

Check it out here: 

There are several resources mentioned by Kevin in that video, and I've provided handy links to them, below:


September 04, 2012

New Forrester Analyst Reports on Protecting IP from Cybercrime, Controlling Sensitive Information in the Era of Big Data

Forrester-protect-your-competitive-advantage-by-protecting-your-intellectual-property-from-cybercriminalsJust a quick note to let you know about two new resources from analyst firm Forrester we've posted to the analyst reports section of the Proofpoint Resource Center

These are:

Protect Your Competitive Advantage by Protecting your Intellectual Property from Cybercriminals, which investigates common ways that data is stolen from organizations today, the cost of inadequate data security, and what organizations must do to protect their data.


Control and Protect Sensitive Information in the Era of Big Data, outlines some best practices to help security and risk professionals understand how to control and properly protect sensitive information in today's era of massive enterprise datasets and data stores.

You can read the full reports, compliments of Proofpoint, by following the links above. 




August 20, 2012

New Email Security Magic Quadrant: Proofpoint is a Leader in the 2012 Magic Quadrant for Secure Email Gateways

Magic-Quadrant-for-Secure-Email-Gateways-2012New for 2012, Gartner's "Magic Quadrant for Secure Email Gateways" -- wherein Gartner describes the current state of the email security market, technology and threat trends, and describes the leading vendors and solutions in this market -- has been published.

As usual, Proofpoint has licensed a reprint of the new magic quadrant and you can read the full report, compliments of Proofpoint, at the following URL:

Writing in the 2012 "Magic Quadrant for Secure Email Gateways," Gartner analysts Peter Firstbrook and Eric Ouellet note that, "Buyers should focus on strategic vendors, data loss prevention capability, encryption and better protection from targeted phishing attacks."

While spam volumes have declined, Gartner notes that targeted attacks against organizations represent an increasingly serious threat, noting that, "Better protection from targeted phishing attacks is the most critical new inbound protection capability (72% of respondents indicated that this was a very important capability), but only a few vendors have advanced the state of the art against these attacks."

There's a lot more great information in this report, which you can read by following the link above, or by simply completing the mini form, below:

About the Magic Quadrant graphic:

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Proofpoint, Inc. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 

August 13, 2012

Get a First Look at Targeted Attack Protection: Live Next Wednesday!

Proofpoint-targeted-attack-protection-spear-phishing-defenseOur live web seminar series continues next week with, "Targeted Attacks on Your Key Employees: How to Respond to Targeted Attempts to Steal Sensitive Enterprise Data." As readers of this blog are no doubt aware, spear phishing and other forms of targeted attacks represent one of the most dangerous attack vectors today.

In this live web seminar (Wednesday, August 22nd at 11 AM PT, 2 PM ET), we'll share best practices for responding to targeted attacks. In addition, you'll get a first look at the new Proofpoint Targeted Attack Protection solution. The newest addition to Proofpoint's security-as-a-service suite uses big data analytics and other advanced technologies to help organizations identify, defeat and remediate targeted attacks. And the user interface (especially the "Threat Insight" dashboard) is incredibly slick -- definitely worth checking out.

As usual, we'll also reserve time for Q&A to answer your questions live.

To register, follow the link above, or simply complete the form below. Webinar registrants will get a link to the replay of the live event as soon as its available, so it's worth registering even if you can't make it to the live event. We hope you'll join us!


August 06, 2012

Live this Week! Security Best Practices for Financial Services Organizations

In the financial services industry, maintaining control over private data is crucial to both your customers and your organization's reputation. As the security landscape continues to change, companies need to be prepared to protect their most sensitive business data with the most advanced approaches available today.

To ensure financial industry enterprises are aware of these leading technologies, our next live web seminar, this Wednesday, will focus on best practices for creating the right policies for data privacy and encryption. As new technologies are created that help make encryption efforts easier — and as widely publicized breaches of private data continue to come to light — more financial enterprises are considering these features.  

Our resident data privacy expert, Ken Liao, will discuss how Proofpoint’s financial industry customers use Proofpoint solutions to comply with existing and emerging regulations and ensure the highest standards of security for their companies. Please join us on August 8th 11 AM PST (2 PM EST).

To register, visit the link above or simply complete the form below. As always, a link to a replay of the webinar will be sent to all registered attendees shortly after the live event.


August 02, 2012

Now Available: Proofpoint Enterprise Protection and Privacy 7.1, Proofpoint Targeted Attack Protection

Learn More: Proofpoint Targeted Attack Protection"Ship it!"

It's been a busy week on the engineering side of things here in Proofpoint land as a new version of Proofpoint Enterprise Protection / Proofpoint Enterprise Privacy is now available, and the new Proofpoint Targeted Attack Protection solution has also become generally available.

New features in Enterprise Protection/Privacy version 7.1 include support for Proofpoint Targeted Attack Protection, a new MLX Reputation service, administrative interface enhancements including French and German versions, new Smart Identifiers (for Privacy), security enhancements and much more.

As always, the new version is free to current customers of Enterprise Protection or Enterprise Privacy. Current customers can initiate an upgrade by opening a new support call requesting an upgrade to version 7.1. More details on the new version can be found in this support note (your support login is required to view).

Our new cloud-based solution for spear phishing and other forms of targeted attacks, Proofpoint Targeted Attack Protection, deploys an array of advanced technologies including big data analysis techniques, URL interception, and malware sandboxing to provide unprecedented protection that follows messages and users wherever they go. Learn more about this exciting new cloud security solution here.

July 30, 2012

Grum Botnet Takedown: Spam Volumes Reduced Somewhat, but Bursty Behavior Continues


There was quite a bit of media coverage over the last two weeks of a reported takedown of the Grum botnet, led by California-based security vendor FireEye and UK-based spam-tracking service SpamHaus.

According to according to ITWorld, the Grum botnet may have been responsible for sending some 18 billion messages per day. FireEye has a detailed account of the takedown process, which happened between July 17 and 19th, in their blog.

Now that it's been more than a week since the initial takedown I thought it would be interesting to see what, if any, impact the Grum takedown has had on overall spam volume. The chart at the top of this post (click for a full-size view) shows the daily volume of spam messages coming into some of Proofpoint's spam traps from May 2012 through today.

There are several interesting points worth noting:

  • During most of May and June this year, spam volumes seen by our automated systems were in a relatively steady state, oscillating between 4 and 6 million messages per day. In late June, we begin to see a more bursty pattern of spam attacks with daily volumes sometimes spiking as high as 9 million messages.
  • While there is a clear low point (about 2 million messages around July 19th), you can see that bursty spam-sending behavior immediately resumes, though there may be a continued downward trend as measured on a longer timeframe (weeks or months). It will be interesting to see how things evolve in the coming weeks.
  • The behavior here is somewhat reminiscent of spam sending behavior immediately after the Rustock botnet takedown, which I covered in a post from early last year.

In general, "honeypot" spam volumes have fallen quite dramatically (about 5x on a daily basis) since 2010 (when it wasn't uncommon for our spam traps to see in excess of 25 million messages daily). While botnet shutdowns have undoubtedly had an impact on spam volume over the past few years, and are an important part of the overall effort to deter and prevent various forms of cybercrime, they are not the sole reason that we've seen nuisance spam subside.

There's been a fundamental change in the business model around unsolicited email. Instead of being primarily concerned with promoting (often fraudulent) products and services, unsolicited email is instead being used as one of the primary vectors to compromise systems (by stealing user credentials), recruit computers (and possibly mobile devices) into botnets (which have applications in many different types of cyberattacks beyond spam and phish), install various forms of malware and commit other forms of fraud.

Such emails are sent in lower volume and are often highly targeted in nature. That is, they are distributed not en masse, but in a very controlled manner, targeting specific Internet domains, or even specific users. In this way, such messages often avoid winding up in generic spam honeypots. The detection and prevention of such attacks, particularly the highly-targeted versions, require different techniques (which I won't belabor here, but see our materials around Proofpoint Targeted Attack Protection as one example). 

I suspect that both current and future botnets will become harder to detect and harder to take down. There is already evidence that newly-engineered botnets are becoming increasingly resistant to takedown efforts. News this week from the BlackHat conference in Las Vegas speculated that Gameover ZeuS, a P2P botnet that is the largest bank-theft botnet, incorporates many defensive advantages to avoid a takedown.

According to CSO's article, this botnet has already infected hundreds of thousands of PCs around the globe and that, "The botnet steals by accessing bank accounts and making unauthorized large Automated Clearinghouse (ACH) and wire transfers to what are called 'money mules,' who works as accomplices."

Expect that future botnets (and associated cybercriminal activity) will become increasingly evasive, and increasingly difficult to dismantle once their existence is detected. 

[Special thanks to intern Courtney Klosterman for her research and contributions to this article.]

July 18, 2012

Spear Phishing Statistics: 2012 Findings from Microsoft TechEd, RSA Security Conference Surveys

Spear-phishing-survey-results-2012-reportToday, Proofpoint published the findings from a recent survey of more than 330 IT professionals, aimed at learning the extent and impact of targeted phishing attacks (a.k.a., "spear phishing").

With so many phishing-sourced data breaches making the news in the past couple of years, it will probably come as no surprise that we found that targeted phishing attacks are just as—if not more—prevalent than ever.

Additionally, the survey found a strong connection between spear phishing attacks and the compromise of user login credentials (i.e., usernames and passwords) and unauthorized access to corporate IT systems.

Survey responses were gathered at Proofpoint's booth at last month's Microsoft TechEd conference. We've summarized the findings in a short PDF format report (which also summarizes findings from a similar survey we conducted at the RSA Security Conference earlier in the year).

In brief, the Proofpoint TechEd survey found that:

1. Spear Phishing Continues to be a Serious Threat

Half of all respondents (51%) believe that, in the past year, their organization was targeted by a phishing email designed specifically to compromise their own users. Another 31% do not believe they were the target of such an attack and 18% reported they did not know.

2. Larger Organizations are Even More Likely to be Targeted by Phishing Attacks

Among organizations with 1,000 or more email users (214 survey respondents), more than half (56%) believe their organizations were targeted by a spear phishing attack. Of this group, 27% do not believe they were the target of a spear phishing attack and 17% reported they did not know. Comparatively, organizations with fewer than 1,000 email users (125 survey respondents) reported fewer spear phishing attacks—42% believe they had been targeted, 39% did not and 19% did not know.

3. Spear Phishing Attacks are Often the Root Cause of Security Breaches

More than one third (34%) of respondents who reported experiencing a spear phishing attack in the past year (17% of all respondents) believe that such an attack resulted in the compromise of user login credentials (e.g., usernames/passwords) or unauthorized access to corporate IT systems.

We've been regularly surveying IT professionals about the threat from targeted attacks over the years and occurances of spear phishing have clearly risen over time. For example, in a survey conducted at the RSA Conference in 2010, 48% of respondents told us that they believed their organizations had been targeted... But that number rose to 58% in our 2012 RSA Survey (again, see the PDF for details).

The trend toward hard-to-detect, highly targeted phishing attacks aimed at compromising valuable corporate data is why Proofpoint has spent a great deal of research and development effort in the past year perfecting new approaches to detecting and stopping advanced targeted attacks.

July 10, 2012

Mobile Privacy Standards to be Discussed this Week

Increase-in-use-of-smartphones-making-their-security-more-vulnerable_16000464_800778764_0_0_14000264_300In this digital age, our smartphones tend to know more information about us than say, our great Aunt Suzie. From your name and location to the interests of you and your closest friends; all of this information is readily available to advertisers and marketers the moment you accept the terms and agreements of certain mobile applications.

The accessibility of such data has sparked a continued dispute between consumer groups and online marketing firms over the access of user information via mobile applications.

On July 12, the National Telecommunications and Information Administration (NTIA) will host the first of several meetings in an effort to develop new codes of conduct for handling private consumer data on the internet and on mobile networks. The meeting will focus primarily on mobile application security and provide a chance for industry stakeholders to voice their concerns regarding access to private consumer data.

The upcoming meetings stem from a Consumer Privacy Bill of Rights released by the Obama Administration in February of this year. Instead of calling for new privacy standards, Obama’s Bill of Rights calls for a multi-stakeholder process to develop general rules and regulations. The process has generated skepticism about whether this system will incorporate the desires of all publics fairly, most importantly the consumers.

The start of the NTIA meetings could not come soon enough. Recent episodes of mobile applications illegally downloading user information has heightened the need for defined mobile privacy standards. The issue of mobile security now goes beyond simply the applications to also include the advertisements shown within them.

As we watch to see if an outcome can be achieved at the NTIA meetings, it will be interesting to see how these standards will reflect on the corporate side of the equation. Right now, companies must decide for themselves which security features to implement for their employees. This increasingly means creating mobile security applications that encrypt, archive, and protect company data on an employee's smartphone will likely become a corporate necessity.

June 28, 2012

Proofpoint is Hiring: Cool Jobs in Security, Cloud, Big Data, See Us at Tech Career Expo SF (Adjacent to Google I/O)

Proofpoint-at-Tech-Career-Expo-SF-Stand-512Proofpoint is hiring! If you're searching for the next defining step in your career, come and see us at the Tech Career Expo in San Francisco.

The Tech Career Expo and Developer Jam is taking place today and tomorrow June 28 and 29 at the Moscone Center in San Francisco. The expo is being held concurrently with Google’s sold out developer conference, Google I/O, which is also taking place in the Moscone Center. As an added perk, keynotes and key sessions from Google I/O will be live streamed into the developer theater for Tech Career Expo attendees to view.

The most exciting part of the event (other than talking with awesome Proofpoint recruiters!) is that anyone can attend the Tech Career Expo free of charge.

Don’t miss out on the opportunity to network with Proofpoint professionals who are hiring in all areas of technology. We're seeking the best and the brightest for positions in engineering, operations, big data (Hadoop, Mapreduce, Hive, etc.), quality assurance, software R&D,  marketing and sales.

If you will be attending the Expo or Google I/O, make a point to stop by Proofpoint's Tech Career Expo booth (#512) to learn about all of our incredible employment opportunities.

For those who cannot make the event but are interested in a career with Proofpoint, check out the Proofpoint careers page for information on available positions.


Blog Search

Email Security Gateways, 2012

Magic Quadrant


What people are saying right now about us.

©2012 Proofpoint, Inc.
threat protection: Proofpoint Enterprise Protection compliance: Proofpoint Enterprise Privacy governance: Proofpoint Enterprise Archive secure communication: Proofpoint Encryption