Proofpoint: Security, Compliance and the Cloud

88 posts categorized "Phishing"

August 20, 2012

New Email Security Magic Quadrant: Proofpoint is a Leader in the 2012 Magic Quadrant for Secure Email Gateways

Magic-Quadrant-for-Secure-Email-Gateways-2012New for 2012, Gartner's "Magic Quadrant for Secure Email Gateways" -- wherein Gartner describes the current state of the email security market, technology and threat trends, and describes the leading vendors and solutions in this market -- has been published.

As usual, Proofpoint has licensed a reprint of the new magic quadrant and you can read the full report, compliments of Proofpoint, at the following URL:

Writing in the 2012 "Magic Quadrant for Secure Email Gateways," Gartner analysts Peter Firstbrook and Eric Ouellet note that, "Buyers should focus on strategic vendors, data loss prevention capability, encryption and better protection from targeted phishing attacks."

While spam volumes have declined, Gartner notes that targeted attacks against organizations represent an increasingly serious threat, noting that, "Better protection from targeted phishing attacks is the most critical new inbound protection capability (72% of respondents indicated that this was a very important capability), but only a few vendors have advanced the state of the art against these attacks."

There's a lot more great information in this report, which you can read by following the link above, or by simply completing the mini form, below:

About the Magic Quadrant graphic:

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Proofpoint, Inc. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 

August 13, 2012

Get a First Look at Targeted Attack Protection: Live Next Wednesday!

Proofpoint-targeted-attack-protection-spear-phishing-defenseOur live web seminar series continues next week with, "Targeted Attacks on Your Key Employees: How to Respond to Targeted Attempts to Steal Sensitive Enterprise Data." As readers of this blog are no doubt aware, spear phishing and other forms of targeted attacks represent one of the most dangerous attack vectors today.

In this live web seminar (Wednesday, August 22nd at 11 AM PT, 2 PM ET), we'll share best practices for responding to targeted attacks. In addition, you'll get a first look at the new Proofpoint Targeted Attack Protection solution. The newest addition to Proofpoint's security-as-a-service suite uses big data analytics and other advanced technologies to help organizations identify, defeat and remediate targeted attacks. And the user interface (especially the "Threat Insight" dashboard) is incredibly slick -- definitely worth checking out.

As usual, we'll also reserve time for Q&A to answer your questions live.

To register, follow the link above, or simply complete the form below. Webinar registrants will get a link to the replay of the live event as soon as its available, so it's worth registering even if you can't make it to the live event. We hope you'll join us!


August 02, 2012

Now Available: Proofpoint Enterprise Protection and Privacy 7.1, Proofpoint Targeted Attack Protection

Learn More: Proofpoint Targeted Attack Protection"Ship it!"

It's been a busy week on the engineering side of things here in Proofpoint land as a new version of Proofpoint Enterprise Protection / Proofpoint Enterprise Privacy is now available, and the new Proofpoint Targeted Attack Protection solution has also become generally available.

New features in Enterprise Protection/Privacy version 7.1 include support for Proofpoint Targeted Attack Protection, a new MLX Reputation service, administrative interface enhancements including French and German versions, new Smart Identifiers (for Privacy), security enhancements and much more.

As always, the new version is free to current customers of Enterprise Protection or Enterprise Privacy. Current customers can initiate an upgrade by opening a new support call requesting an upgrade to version 7.1. More details on the new version can be found in this support note (your support login is required to view).

Our new cloud-based solution for spear phishing and other forms of targeted attacks, Proofpoint Targeted Attack Protection, deploys an array of advanced technologies including big data analysis techniques, URL interception, and malware sandboxing to provide unprecedented protection that follows messages and users wherever they go. Learn more about this exciting new cloud security solution here.

July 30, 2012

Grum Botnet Takedown: Spam Volumes Reduced Somewhat, but Bursty Behavior Continues


There was quite a bit of media coverage over the last two weeks of a reported takedown of the Grum botnet, led by California-based security vendor FireEye and UK-based spam-tracking service SpamHaus.

According to according to ITWorld, the Grum botnet may have been responsible for sending some 18 billion messages per day. FireEye has a detailed account of the takedown process, which happened between July 17 and 19th, in their blog.

Now that it's been more than a week since the initial takedown I thought it would be interesting to see what, if any, impact the Grum takedown has had on overall spam volume. The chart at the top of this post (click for a full-size view) shows the daily volume of spam messages coming into some of Proofpoint's spam traps from May 2012 through today.

There are several interesting points worth noting:

  • During most of May and June this year, spam volumes seen by our automated systems were in a relatively steady state, oscillating between 4 and 6 million messages per day. In late June, we begin to see a more bursty pattern of spam attacks with daily volumes sometimes spiking as high as 9 million messages.
  • While there is a clear low point (about 2 million messages around July 19th), you can see that bursty spam-sending behavior immediately resumes, though there may be a continued downward trend as measured on a longer timeframe (weeks or months). It will be interesting to see how things evolve in the coming weeks.
  • The behavior here is somewhat reminiscent of spam sending behavior immediately after the Rustock botnet takedown, which I covered in a post from early last year.

In general, "honeypot" spam volumes have fallen quite dramatically (about 5x on a daily basis) since 2010 (when it wasn't uncommon for our spam traps to see in excess of 25 million messages daily). While botnet shutdowns have undoubtedly had an impact on spam volume over the past few years, and are an important part of the overall effort to deter and prevent various forms of cybercrime, they are not the sole reason that we've seen nuisance spam subside.

There's been a fundamental change in the business model around unsolicited email. Instead of being primarily concerned with promoting (often fraudulent) products and services, unsolicited email is instead being used as one of the primary vectors to compromise systems (by stealing user credentials), recruit computers (and possibly mobile devices) into botnets (which have applications in many different types of cyberattacks beyond spam and phish), install various forms of malware and commit other forms of fraud.

Such emails are sent in lower volume and are often highly targeted in nature. That is, they are distributed not en masse, but in a very controlled manner, targeting specific Internet domains, or even specific users. In this way, such messages often avoid winding up in generic spam honeypots. The detection and prevention of such attacks, particularly the highly-targeted versions, require different techniques (which I won't belabor here, but see our materials around Proofpoint Targeted Attack Protection as one example). 

I suspect that both current and future botnets will become harder to detect and harder to take down. There is already evidence that newly-engineered botnets are becoming increasingly resistant to takedown efforts. News this week from the BlackHat conference in Las Vegas speculated that Gameover ZeuS, a P2P botnet that is the largest bank-theft botnet, incorporates many defensive advantages to avoid a takedown.

According to CSO's article, this botnet has already infected hundreds of thousands of PCs around the globe and that, "The botnet steals by accessing bank accounts and making unauthorized large Automated Clearinghouse (ACH) and wire transfers to what are called 'money mules,' who works as accomplices."

Expect that future botnets (and associated cybercriminal activity) will become increasingly evasive, and increasingly difficult to dismantle once their existence is detected. 

[Special thanks to intern Courtney Klosterman for her research and contributions to this article.]

July 18, 2012

Spear Phishing Statistics: 2012 Findings from Microsoft TechEd, RSA Security Conference Surveys

Spear-phishing-survey-results-2012-reportToday, Proofpoint published the findings from a recent survey of more than 330 IT professionals, aimed at learning the extent and impact of targeted phishing attacks (a.k.a., "spear phishing").

With so many phishing-sourced data breaches making the news in the past couple of years, it will probably come as no surprise that we found that targeted phishing attacks are just as—if not more—prevalent than ever.

Additionally, the survey found a strong connection between spear phishing attacks and the compromise of user login credentials (i.e., usernames and passwords) and unauthorized access to corporate IT systems.

Survey responses were gathered at Proofpoint's booth at last month's Microsoft TechEd conference. We've summarized the findings in a short PDF format report (which also summarizes findings from a similar survey we conducted at the RSA Security Conference earlier in the year).

In brief, the Proofpoint TechEd survey found that:

1. Spear Phishing Continues to be a Serious Threat

Half of all respondents (51%) believe that, in the past year, their organization was targeted by a phishing email designed specifically to compromise their own users. Another 31% do not believe they were the target of such an attack and 18% reported they did not know.

2. Larger Organizations are Even More Likely to be Targeted by Phishing Attacks

Among organizations with 1,000 or more email users (214 survey respondents), more than half (56%) believe their organizations were targeted by a spear phishing attack. Of this group, 27% do not believe they were the target of a spear phishing attack and 17% reported they did not know. Comparatively, organizations with fewer than 1,000 email users (125 survey respondents) reported fewer spear phishing attacks—42% believe they had been targeted, 39% did not and 19% did not know.

3. Spear Phishing Attacks are Often the Root Cause of Security Breaches

More than one third (34%) of respondents who reported experiencing a spear phishing attack in the past year (17% of all respondents) believe that such an attack resulted in the compromise of user login credentials (e.g., usernames/passwords) or unauthorized access to corporate IT systems.

We've been regularly surveying IT professionals about the threat from targeted attacks over the years and occurances of spear phishing have clearly risen over time. For example, in a survey conducted at the RSA Conference in 2010, 48% of respondents told us that they believed their organizations had been targeted... But that number rose to 58% in our 2012 RSA Survey (again, see the PDF for details).

The trend toward hard-to-detect, highly targeted phishing attacks aimed at compromising valuable corporate data is why Proofpoint has spent a great deal of research and development effort in the past year perfecting new approaches to detecting and stopping advanced targeted attacks.

June 07, 2012

Introducing Proofpoint Targeted Attack Protection: Cloud-based Protection from Spear Phishing, Targeted Attacks

Proofpoint Targeted Attack Protection: Spear Phishing Defense SolutionToday, Proofpoint introduced an exciting new product, Proofpoint Targeted Attack Protection, that aims to solve one of the most vexing enterprise security problems—targeted attacks, such as email spear phishing attempts.

Spear phishing and other forms of targeted attacks are extremely difficult for traditional gateway security solutions to detect. Not only are they sent in low volume (unlike spam email campaigns), they often don't contain any form of malicious content, known malware, dangerous attachments or links to known malicious sites.

For these reasons, "properly" crafted spear phishing messages often have a 100% delivery rate, even to enterprises protected by modern email and web security systems. 

How, then, can organizations protect themselves? Proofpoint Targeted Attack Protection takes an entirely different approach, based on a new class of context-aware analysis techniques enabled by "big data" technologies. Using big data analysis, the solution essentially builds a model of "normal" messaging behavior, examining hundreds of variables in real time—including message properties and the email traffic history of individual message recipients.

Messages that deviate from that norm—especially messages that include attachments or URLs—are regarded as suspicious and are subjected to additional security controls, including URL interception and malware sandboxing.

We call these anomaly identification techniques "anomalytics" and you can read more about them in our new whitepaper, Big Data Solutions to Enterprise Data Security Challenges.

Persistent Protection from Malicious URLs
No matter how much you tell them not to, email users are going to click links in email. And a common tactic used in targeting phishing attacks is the use of URLs that are actually harmless at the time the message is sent. It's only later that they turn malicious.

To combat these issues, Proofpoint Targeted Attack Protection re-writes links in suspicious messages so that browsers are transparently redirected through the Proofpoint cloud, where content is re-inspected and malware anlysis is performed every time a potentially dangerous link is clicked. In this way, your organization's users are always protected—whether they access messages inside the corporate network, at home, on mobile devices, or on a public network.

Key Features of Proofpoint Targeted Attack Protection (click for larger view)

Key Features of Proofpoint Targeted Attack Protection (click for larger view)

Attack Remediation and Response
Another important component of Proofpoint Targeted Attack Protection is the Threat Insight Service, which provides a web-based dashboard that provides an easy-to-understand, graphical view of attacks.

It helps give administrators and security professionals the ability to identify targeted attacks, the scope of these attacks ("are they hitting just my organization or wider industry?"), which individuals are being targeted by the attacks, the nature of the attacks (malware, credential phishing, etc.), and what remediation actions, if any, are necessary.  

Live Webinar: Get a First Look at Proofpoint Targeted Attack Protection
Obviously, there's a lot more to Proofpoint Targeted Attack Protection than I can share in a single blog post.

If you're interested in learning more, you won't want to miss next week's live web seminar, "Spearing the Spear Phishers: How to Reliably Defeat Targeted Attacks" where we'll explain the challenges posed by targeted attacks, the new technology approach developed by Proofpoint, and give you a first look at Proofpoint Targeted Attack Protection.

I hope you'll join us on Wednesday, June 13th at 11 AM PT, 2 PM ET!

Click here to register for "Spearing the Spear Phishers" »

February 29, 2012

Thanks for Making Us "Best Email Content Management" in 2012 SC Magazine US Awards!


We're excited to announce that our email security and data loss prevention solutions, Proofpoint Enterprise Protection and Proofpoint Enterprise Privacy, were awarded SC Magazine's prestigious Reader Trust Award for "Best Email Content Management, 2012," presented at an award ceremony held in conjunction with the 2012 RSA Conference.

Winners were chosen by voters who are SC Magazine readers and work as high-level IT security executives (CISOs, CIOs, VPs, etc.) for organizations across various markets, including finance, health care, government, education and other industries.

"Our readers are on the front lines of information security, and they have recognized Proofpoint Enterprise Protection and Privacy as one of their key tools for securing their organizations," said Illena Armstrong, vice president and editorial director, SC Magazine. "Without leaders in innovation, such as Proofpoint, we would not be able to plan for the future of enterprise security." 

The "Best Email Content Management" category honors enterprise solutions that are not simply anti-spam filters but offer enhanced features such as bi-directional filtering, centralized management, and/or filtering of unauthorized content (i.e.,  "extrusion protection" or data loss prevention features).

Thanks to SC Magazine and its readers for honoring Proofpoint with this award!

You can learn more about Proofpoint Enterprise Protection and Privacy at Learn more about this award by reading our complete press release, "Proofpoint Winner of 2012 SC Magazine Reader Trust Award."

To see all of the 2012 winners, visit the following link:

2012 SC Magazine Awards Winners 

February 24, 2012

Email Geek Chic: Proofpoint at RSA Security Expo 2012

If you're going to be in San Francisco next week for the RSA Security Expo 2012, do make a point of stopping by the Proofpoint booth (#850). In addition to meeting the fun and friendly Proofpoint team, and seeing demonstrations of our latest and greatest cloud-based security and compliance solutions, you can also take a few moments to take our traditional RSA booth survey.

And what would a tradeshow be without swag? In exchange for answering a few simple questions we'll give you one of our limited edition "Bad Idea" or "Phishing Attachment" RSA t-shirts — shown below — and you will surely be the envy of your "security professional" friends.


We hope to see you there!

December 08, 2011

New Customer Videos: Leaders in Healthcare, Financial Services, Retail and More Describe Why they Use Proofpoint

At our recent "Proofpoint Inner Circle" customer events, we had a great opportunity to interview several of our enterprise customers about how and why they use Proofpoint Enterprise solutions for email security, data loss prevention, email encryption, regulatory compliance, archiving and electronic discovery.

I've collected several of them in this YouTube playlist. In these videos, representatives from Amalgamated, Liberty Health, PETCO, Graubard Miller, MED3000, Zions Bank and Scottsdale Healthcare share some of the reasons they rely on Proofpoint.

Thanks again to all of our terrific customers who took the time to share their stories with us... And you can find a lot more Proofpoint video content in our YouTube channel at

November 22, 2011

New Phishing Webinar and the Traditional "Stay Safe Online During the Holidays" Tips

Stay-Safe-from-Phishing-and-Other-Online-Threats-this-Holiday-Season-2012The holiday season — you know, Black Friday, Cyber Monday and those other ones — is once again upon us.

Here at Proofpoint, we celebrate the season with two fine traditions: An inbound email threats webinar (see the bottom of this post for more details) and a reminder about how to stay safe online during the busy holiday shopping season.

At this time of year, both snail mail and email inboxes start to get full of special offers, catalogs and the like.

As the volume of legitimate email marketing increases, Proofpoint also sees the volume of spam, phishing and other forms of scam email increase as well. The chart below shows the relative volume of "obvious" phishing messages in Proofpoint's spam traps over the last month (click the image for a larger view):

Holiday-Phising-Volume-Proofpoint-2012Over the course of 2011 we've seen spear phishing messages revealed to be the exploit at the root of many high-profile data breaches.

In the same way that enterprises and government organizations need to be wary of phishing messages and other types of threats, consumers too need to be especially careful around this time of year.

So, once again, let me reiterate our “Seven Simple Rules” for staying safe online during the holidays (or any time of the year) which explain some of the tactics that scammers use and the important steps consumers can take to protect themselves. Keep these tips in mind this holiday season and share them with your friends, family and email users!

Proofpoint's Seven Simple Rules for Staying Safe Online During the Holidays

1. Be aware: View with suspicion any email with requests for personal identification, financial information, user names or passwords, especially during the busy holiday season when spammers and scammers use the increased volume of legitimate promotional email as “cover” for their attacks. Your bank, online services, government agencies or legitimate online stores are extremely unlikely to ask you for this type of information via email. Consumers should also be suspicious of similar emails that appear to come from an employer or friend. Never send personal financial information such as credit card numbers and Social Security numbers via email. 

2. Don’t click: If you receive a suspicious email, don’t click the links in the email or open file attachments. Never click email links or open attachments from anything but 100% trusted sources. Links embedded in emails may take you to fraudulent sites that look similar or identical to the legitimate “spoofed” site. Instead of clicking, open a browser and type the actual Web address for the site into the address bar. Alternatively, call the company using a phone number you already know.

3. Be secure: When you are shopping online, entering important information such as credit card numbers, or updating personal information, make sure you’re using a secure Web site. If you are on a secure Web server, the Web address will begin with “https://” instead of the usual “http://”. Most Web browsers also show an icon (such as Internet Explorer’s “padlock” icon) to indicate that the page you are viewing is secure. 

4. Don’t fill out email forms: Never fill out forms within an email, especially those asking for personal information. Instead, visit the company’s actual Web site and ensure that the page you are using is secure before entering sensitive information. 

5. Keep an eye on your accounts: Check the accuracy of your credit card and bank statements on a regular basis, especially during the holiday shopping season, when cyber attacks typically increase and busy consumers tend to be less attentive. If you see anything suspicious, contact the financial institution immediately.

6. Get social media savvy: Email isn’t the only attack vector used by spammers and scammers. Social media sites like Facebook, LinkedIn and Twitter are commonly used to deliver the same kinds of scams and malicious links to unsuspecting users. Be wary 0f social media notifications—such as friend requests, security notices and message notifications—that arrive via email. Scammers have spoofed these sorts of messages to deliver links that lead to fraudulent sites or malware. 

7. Make security your first stop: If your holiday includes giving or receiving a new computer (or tablet, netbook, operating system upgrade, etc.) always install a good desktop anti-virus or Internet security solution before doing anything else online. Always make sure that your net-connected computers are protected by such a solution—and that you keep your subscription up to date! Reputable vendors include F-SecureMcAfee and Symantec.

There are also reputable free solutions such as Avast, so a lack of resources doesn't mean you have to go without security. But be extremely wary of Web pop-ups that offer “free security scans” or that inform you that your machine is infected with a virus. Such offers usually lead to fraudulent anti-virus solutions that are actually malicious software.

If you'd like to learn more about the latest phishing threats, and new techniques for stopping them, attend our upcoming live web seminar Don't Get Hooked by the Latest Phishing Attacks (December 14th, 11 a.m. PT/2 p.m. ET). To register, visit the link — or simply fill out the form below:


Blog Search

Email Security Gateways, 2012

Magic Quadrant


What people are saying right now about us.

©2012 Proofpoint, Inc.
threat protection: Proofpoint Enterprise Protection compliance: Proofpoint Enterprise Privacy governance: Proofpoint Enterprise Archive secure communication: Proofpoint Encryption