Proofpoint: Security, Compliance and the Cloud

The new Proofpoint whitepaper, Meeting the Challenges of HIPAA Compliance, Phishing Attacks and Mobile Security discusses three of the most pressing IT security and compliance challenges facing healthcare organizations today.

Read this whitepaper for an update on HIPAA regulations and recent enforcement actions, new attack trends such as spear phishing and other forms of advanced targeted attacks that are putting confidential healthcare information at risk, and mobile/BYOD security and compliance issues in the healthcare space.

To download your free copy, follow the link above, or simply complete the mini form below:

It will come as no surprise to regular readers of this blog, but it was revealed this week that a recent, massive data breach at the South Carolina Department of Revenue -- which exposed "millions of Social Security numbers, bank account information and thousands of credit and debit card numbers" according to SearchSecurity -- started with a phishing attack around mid-August 2012.

According to the official response report (South Carolina Department of Revenue, Public Incident Response Report, November 20, 2012),  "A malicious (phishing) email was sent to multiple Department of Revenue employees. At least one Department of Revenue user clicked on the embedded link, unwittingly executed malware, and became compromised. The malware likely stole the user’s username and password."

Later, the attacker logged into a remote access service using compromised user credentials and began an ongoing process of escalating privileges and installing malware on compromised servers. Potentially stolen information exfiltrated by the attacker totalled more than 74 Gigabytes of data.

SearchSecurity's coverage (see, "Phishing attack, stolen credentials sparked South Carolina breach") notes that, "In addition to the 3.8 million people whose data were exposed, the breach included information on 1.9 million dependents. It also included data on 699,900 businesses. Information on 3.3 million bank accounts were also stolen."

SC Magazine also has a good summary of this attack and the phishing attack that ulitmately lead to the release of confidential information (see, "S.C. tax breach began when employee fell for spear phish").

If you're interested in the methods and motives of today's advanced targeted attackers, you'll want to join us for our next live web seminar, "Targeted Hybrid Attacks on Organizations:
2012 & Beyond," on Wednesday, December 5 (11 AM PT / 2 PM ET).

Forrester Research security analyst Rick Holland will be on hand to discuss the South Carolina breach as just the latest example of spear phishing-lead attacks, why organizations keep getting phished, and how to apply today's email security solutions to keep your enterprise's most valuable data secure.

Follow the link above to register, or simply complete the form below:

Industry analysts Frost & Sullivan have honored Proofpoint with their 2012 Product Differentiation Excellence Award in Email Content Security. This award is based on the firm's recent research into best practices in the email security space.

In its evaluation, Frost & Sullivan examined all of today's email security vendors and solutions, including on-premises, virtual and cloud-based solutions, finding that Proofpoint had achieved the strongest product differentiation in the the past year.

Quoted in a news release, Frost & Sullivan network security analyst Ben Ramirez said, "Vendors in this market face  ever-evolving customer demands in terms of malware prevention, blocking targeted attacks and meeting government compliance and data protection  regulations. Proofpoint is at the forefront of meeting these challenges with innovative cloud-based solutions such as  Proofpoint Targeted Attack Protection, which provides robust and unique protection against spear phishing, malware and targeted spam attacks against customers’ corporate email systems."

In the complete award write-up (which you can read by simply completing the form below), Frost & Sullivan also recognize Proofpoint for meeting the needs of specialized vertical markets, including financial services and healthcare. To read more, complete the form below:

Our friends at content sharing leader Box issued a press release about ongoing efforts to improve enterprise adoption of its service by improving visibility and security for files stored in Box's cloud.

A significant part of that effort involves an integration partnership between Proofpoint and Box that extends Proofpoint's cloud-based data loss prevention (DLP) capabilities to content stored in Box. Using these new features, administrators will be able to ensure compliance with a wide variety of corporate policies, comply with data protection/privacy regulations and guard against the loss or exposure of confidential information.

As Proofpoint CEO Gary Steele explained to CIO Today, "We are delivering an advanced layer of security capabilities that enable enterprises to have a full view of what is happening with sensitive information across their organization."

Gary will be talking more about this partnership during a panel discussion at the upcoming Box customer conference, BoxWorks.

In the financial services industry, maintaining control over private data is crucial to both your customers and your organization's reputation. As the security landscape continues to change, companies need to be prepared to protect their most sensitive business data with the most advanced approaches available today.

To ensure financial industry enterprises are aware of these leading technologies, our next live web seminar, this Wednesday, will focus on best practices for creating the right policies for data privacy and encryption. As new technologies are created that help make encryption efforts easier — and as widely publicized breaches of private data continue to come to light — more financial enterprises are considering these features.  

Our resident data privacy expert, Ken Liao, will discuss how Proofpoint’s financial industry customers use Proofpoint solutions to comply with existing and emerging regulations and ensure the highest standards of security for their companies. Please join us on August 8th 11 AM PST (2 PM EST).

To register, visit the link above or simply complete the form below. As always, a link to a replay of the webinar will be sent to all registered attendees shortly after the live event.

Our live web seminar series continues on Wednesday, July 25th at 11 a.m. PT, 2 p.m. ET with a case study presentation about how one of our BlueCross BlueShield customers has tacked their email security, encryption and healthcare privacy issues. Resident data loss prevention and email encryption expert, Ken Liao, presents.

There are numerous solutions that can be used to encrypt email messages and other important data, however, without a robust policy-based encryption strategy, organizations are highly vulnerable to the leakage of sensitive data.

In, BlueCross BlueShield Case Study: Best Practices and Critical Steps to Protect and Secure Sensitive Data , you will learn firsthand how and why a leading BlueCross BlueShield uses Proofpoint solutions including our next-generation, policy-based encryption solution to protect private healthcare information in email.

Ken will also explain how Proofpoint technology ensures message privacy, enforces internal policies, and helps healthcare organizations comply with HIPAA/HITECH and other data protection and privacy regulations.

To register, visit the link above or simply complete the form below. As always, a link to a replay of the webinar will be sent to all registered attendees shortly after the live event.

In this digital age, our smartphones tend to know more information about us than say, our great Aunt Suzie. From your name and location to the interests of you and your closest friends; all of this information is readily available to advertisers and marketers the moment you accept the terms and agreements of certain mobile applications.

The accessibility of such data has sparked a continued dispute between consumer groups and online marketing firms over the access of user information via mobile applications.

On July 12, the National Telecommunications and Information Administration (NTIA) will host the first of several meetings in an effort to develop new codes of conduct for handling private consumer data on the internet and on mobile networks. The meeting will focus primarily on mobile application security and provide a chance for industry stakeholders to voice their concerns regarding access to private consumer data.

The upcoming meetings stem from a Consumer Privacy Bill of Rights released by the Obama Administration in February of this year. Instead of calling for new privacy standards, Obama’s Bill of Rights calls for a multi-stakeholder process to develop general rules and regulations. The process has generated skepticism about whether this system will incorporate the desires of all publics fairly, most importantly the consumers.

The start of the NTIA meetings could not come soon enough. Recent episodes of mobile applications illegally downloading user information has heightened the need for defined mobile privacy standards. The issue of mobile security now goes beyond simply the applications to also include the advertisements shown within them.

As we watch to see if an outcome can be achieved at the NTIA meetings, it will be interesting to see how these standards will reflect on the corporate side of the equation. Right now, companies must decide for themselves which security features to implement for their employees. This increasingly means creating mobile security applications that encrypt, archive, and protect company data on an employee's smartphone will likely become a corporate necessity.

If you're going to be in San Francisco next week for the RSA Security Expo 2012, do make a point of stopping by the Proofpoint booth (#850). In addition to meeting the fun and friendly Proofpoint team, and seeing demonstrations of our latest and greatest cloud-based security and compliance solutions, you can also take a few moments to take our traditional RSA booth survey.

And what would a tradeshow be without swag? In exchange for answering a few simple questions we'll give you one of our limited edition "Bad Idea" or "Phishing Attachment" RSA t-shirts — shown below — and you will surely be the envy of your "security professional" friends.

We hope to see you there!

From the "you asked for it, you got it" department: Previously available only on the Apple iOS (iPhone, iPad) platform, our Proofpoint Mobile Archive app is now available for Android devices.

The Proofpoint Mobile Archive app lets users of Proofpoint Enterprise Archive (our cloud-based email archiving solution) access their archived email from anywhere, at any time. The app lets you search your entire email archive from your iPhone or Android device, allowing you to quickly find messages, view message details, and retrieve messages to your inbox. 

 The new Android version of this app is part of the latest release of the Proofpoint Enterprise platform (announced today in our press release here).

Mobility is a big theme of this new release and, in addition to the Android version of the Mobile Archive app, the release includes enhancements to Proofpoint's support for mobile email encryption and decryption (which were already very strong). The enhanced mobile decryption user interface takes advantage of the latest smartphone and tablet technologies to display a web interface that looks and feels like a native application, making it even easier for Proofpoint Encryption users (and any recipient of a Proofpoint-encrypted email message) to decrypt, read, and respond from mobile devices.

This video overview demonstrates the iPhone/iOS version of the Proofpoint Mobile Archive app, and how it enables anytime/anywhere access to archived messages:

This next video demonstrates the previous version of the "decrypt assist" features of Proofpoint Encryption, which allows any email recipients on any mobile smartphone or tablet with a web browser (including Android, BlackBerry, iPhone and Windows 7 Phone) to easily decrypt and respond to messages encrypted with Proofpoint Encryption:

And while it's not part of today's announcement, I wanted to remind Proofpoint Enterprise administrators that our Proofpoint Mobile Dashboard app (currently available for Apple iOS devices) gives you access to global spam stats, the status of your support tickets and other information on your Proofpoint Enterprise deployments:

Learn more about the latest features of Proofpoint Enterprise in today's press release, "Proofpoint Extends Mobile Enterprise Offerings."

We recently published a new report with Osterman Research, Making Office 365 More Secure and Compliant.

In this report, Osterman describes the various security, compliance and governance features of Microsoft Office 365, and identifies areas where those features may not meet the specialized requirements of organizations in highly-regulated industries or those enterprises with special security requirements.

There is also a good discussion of why the email archiving capabilities of Office 365, while useful, may not be sufficient to satisfy many of the common eDiscovery and regulatory obligations faced by large enterprises.

To download a complimentary copy of this report, follow this link, or simply fill out the mini-form below.

Complete this form to access a PDF copy of Making Office 365 More Secure and Compliant: