Proofpoint: Security, Compliance and the Cloud

It will come as no surprise to regular readers of this blog, but it was revealed this week that a recent, massive data breach at the South Carolina Department of Revenue -- which exposed "millions of Social Security numbers, bank account information and thousands of credit and debit card numbers" according to SearchSecurity -- started with a phishing attack around mid-August 2012.

According to the official response report (South Carolina Department of Revenue, Public Incident Response Report, November 20, 2012),  "A malicious (phishing) email was sent to multiple Department of Revenue employees. At least one Department of Revenue user clicked on the embedded link, unwittingly executed malware, and became compromised. The malware likely stole the user’s username and password."

Later, the attacker logged into a remote access service using compromised user credentials and began an ongoing process of escalating privileges and installing malware on compromised servers. Potentially stolen information exfiltrated by the attacker totalled more than 74 Gigabytes of data.

SearchSecurity's coverage (see, "Phishing attack, stolen credentials sparked South Carolina breach") notes that, "In addition to the 3.8 million people whose data were exposed, the breach included information on 1.9 million dependents. It also included data on 699,900 businesses. Information on 3.3 million bank accounts were also stolen."

SC Magazine also has a good summary of this attack and the phishing attack that ulitmately lead to the release of confidential information (see, "S.C. tax breach began when employee fell for spear phish").

If you're interested in the methods and motives of today's advanced targeted attackers, you'll want to join us for our next live web seminar, "Targeted Hybrid Attacks on Organizations:
2012 & Beyond," on Wednesday, December 5 (11 AM PT / 2 PM ET).

Forrester Research security analyst Rick Holland will be on hand to discuss the South Carolina breach as just the latest example of spear phishing-lead attacks, why organizations keep getting phished, and how to apply today's email security solutions to keep your enterprise's most valuable data secure.

Follow the link above to register, or simply complete the form below:

Yes, the holiday season is approaching once again and along with holiday celebrations and shopping — especially "Cyber Monday" and "Black Friday" sales, which seem to start earlier every year — also comes an increase in online threats.

Over the past several years, Proofpoint security researchers have observed that the that the volume of attacks — including phishing email attacks, social media exploits and other types of malware attacks — typically increases during the holiday season. Many of these attacks are engineered to take advantage of the consumer mindset during the holidays.

Our October 2012 report on email security threats found that, on any given day, phishing attacks represented 10% to more than 30% of total unsolicited email volume and this trend has continued into the first part of  November.

So, as is traditional here at Proofpoint, I wanted to take a moment to remind you of our "Seven Simple Rules" for staying safe online during the busy holiday season. Read on for our updated tips for 2012 and feel free to share them with your friends, family and email users!

As usual, we also have a couple of early presents for you IT security types: December's live web seminar "Targeted Hybrid Attacks: 2012 and Beyond" will feature special guest Rick Holland, security analyst for Forrester Research. And you can read Rick's latest research, The Forrester Wave™: Email Content Security, Q4 2012, compliments of Proofpoint.

Proofpoint's Seven Simple Rules for Staying Safe Online During the Holidays

1. Be aware: Always view with suspicion any email with requests for personal IDs, financial information, user names or passwords. Your bank, online services, government agencies or legitimate online stores are extremely unlikely to ask you for this type of information via email. Consumers should also be suspicious of similar emails that appear to come from an employer or friend. Never send personal financial information such as credit card numbers and Social Security numbers via email. Today’s malicious emails and phishing attacks are disguised as communications from all sorts of organizations, including banks, money transfer services, government agencies, media outlets, and package delivery services.

2. Don’t click: If you receive a suspicious email, don’t click the links in the email or open file attachments from anything but 100 percent trusted sources. Links embedded in emails may take you to fraudulent sites that look similar or identical to the legitimate “spoofed” site. In addition to attempting to gather your personal login credentials, these phishing sites may also automatically install malicious software, without your knowledge. Increasingly, scammers are using link shortening services to disguise the true destinations of their links. Instead of clicking, open a browser and type the actual Web address for the site into the address bar. Alternatively, call the company using a phone number you already know.

3. Be secure: When you are shopping online, entering important information such as credit card numbers, or updating personal information, make sure you’re using a secure Web site. If you are on a secure Web server, the Web address will begin with “https://” instead of the usual “http://”. Most Web browsers also show an icon (such as Internet Explorer’s “padlock” icon) to indicate that the page you are viewing is secure.

4. Don’t fill out email forms: Never fill out forms within an email, especially those asking for personal information. Instead, visit the company’s actual Web site (using a Web address you already know) and ensure that the page you are using is secure before entering sensitive information.

5. Keep an eye on your accounts: Check the accuracy of your credit card and bank statements on a regular basis, especially during the busy holiday shopping season. Many scammers count on consumer inattention to get away with fraudulent charges. If you see anything suspicious, contact your financial institution immediately.

6. Get social media savvy: Email isn’t the only attack vector used by spammers and scammers. Social media sites like Facebook and Twitter are increasingly used to deliver the same kinds of scams and malicious links to unsuspecting users. Spammers and malware writers continue to distribute malicious, but convincing, emails that masquerade as notifications such as friend requests or message notifications. Keep all of the preceding tips in mind when using the latest communication tools.

7. Make security your first stop: If your holiday includes giving or receiving a new computer, mobile device or upgraded operating system, install a good anti-virus or Internet security solution before doing anything else online. Reputable vendors include F-Secure, McAfee and Symantec. There are also reputable free solutions such as Avast, so a lack of resources doesn't mean you have to go without security. Be extremely wary of Web pop-ups that offer “free security scans” or that inform you that your machine is infected with a virus. Such offers commonly lead to fraudulent anti-virus solutions that are actually malicious software.

Have a safe and happy holiday season, OK?

In a sure sign that summer is over and that the holidays are nearly here, I am informed that registration is now open for the RSA Conference 2013.

As usual, Proofpoint will be exhibiting at the RSA Conference 2013, to be held February 25 thru March 1, 2013 at Moscone Center in San Francisco.

If you'd like to attend the RSA Conference 2013 expo (exhibits), you can get a free exhibits-only pass (which RSA calls an "Expo Pass") courtesy of Proofpoint by using code FXE13PRF when you register.

To register for your free RSA exhibits pass, please visit the following URL and enter code FXE13PRF during the registration process:

 https://ae.rsaconference.com/US13/portal/login.ww

We look forward to seeing you there! Proofpoint will be exhibiting at booth #739, demonstrating our entire suite of cloud-based data protection solutions, including threat management (email security), compliance (data loss prevention, email encryption), archiving & governance, and secure communications.

Our friends at content sharing leader Box issued a press release about ongoing efforts to improve enterprise adoption of its service by improving visibility and security for files stored in Box's cloud.

A significant part of that effort involves an integration partnership between Proofpoint and Box that extends Proofpoint's cloud-based data loss prevention (DLP) capabilities to content stored in Box. Using these new features, administrators will be able to ensure compliance with a wide variety of corporate policies, comply with data protection/privacy regulations and guard against the loss or exposure of confidential information.

As Proofpoint CEO Gary Steele explained to CIO Today, "We are delivering an advanced layer of security capabilities that enable enterprises to have a full view of what is happening with sensitive information across their organization."

Gary will be talking more about this partnership during a panel discussion at the upcoming Box customer conference, BoxWorks.

[Ed.: Today's guest blog post comes courtesy of Robert Cruz, Proofpoint's senior director of archiving and discovery solutions. Robert's been busy representing Proofpoint on the road at the recent ARMA show and will be at the Association of Corporate Counsel's upcoming Annual Meeting where he's part of the team introducing our new Proofpoint Content Collection solution. Follow him on Twitter @RobertCruz03.]

Computer forensics and eDiscovery blogger, Craig Ball, has a great recent post that discusses how legal professionals need to strike a balance between "trust" and "verification" when managing legal holds (see, "Custodial Hold: Trust But Verify," at his excellent Ball in your Court blog). Trust is a must, but relying exclusively upon the actions of individual custodians leaves many potential points of failure, as well noted in the article. As Ball notes:

"This is where the thinking and balancing comes in.  You might choose to put a hold on the e-mail and network shares of key custodians from the system/IT side before charging the custodians with preservation. 

Or you might change preservation settings at the mail server level (what used to be called Dumpster settings in older versions of Microsoft Exchange server) to hang onto double deleted messaging for key custodians."

Ball's post points to some of the key issues around the technologies and processes that are currently available to IT and legal staffs who are charged with effectively executing legal holds:

• How are specific emails and file share content going to be identified?
• Will messages be recovered from backup tapes or PST files?
• What chain of custody protections are provided when executing these tasks?
• What tools, technology or services are available for organizations to provide this needed verification step — without consuming the entire IT staff or hiring an army of discovery service provider consultants who extract and preserve at $250 per GB?

Clearly, there have been advancements in technology and services that can enable the proper balance of trust and verification — without blowing the legal budget or introducing preservation risks.

In order to preserve email and file share content, organizations faced with frequent discovery should be adding information archiving solutions to their shopping lists.

As just one example, our own Proofpoint Enterprise Archive solution serves as a proxy to the email system, and ensures that email is retained and disposed based on a company’s defined retention policies. As legal holds arise, retention periods are suspended and custodian data is preserved for the duration of a given matter in a tamper-proof repository. Organizations that use this solution benefit from verification without the typical expenses, hassles, and risks – and without having to rely on actions by individual custodians or untrained IT staff.

Just this week, Proofpoint extended this legal hold capability beyond email by enabling the targeted capture and preservation of custodian information (stored in a wide variety of document types) that resides in repositories including end-user desktops, laptops, SharePoint and networked file shares.

See our product page on the new Content Collection option for Proofpoint Enterprise Archive for more information about how Proofpoint is addressing these sorts of "trust but verify" challenges in legal discovery and data preservation.

In the financial services industry, maintaining control over private data is crucial to both your customers and your organization's reputation. As the security landscape continues to change, companies need to be prepared to protect their most sensitive business data with the most advanced approaches available today.

To ensure financial industry enterprises are aware of these leading technologies, our next live web seminar, this Wednesday, will focus on best practices for creating the right policies for data privacy and encryption. As new technologies are created that help make encryption efforts easier — and as widely publicized breaches of private data continue to come to light — more financial enterprises are considering these features.  

Our resident data privacy expert, Ken Liao, will discuss how Proofpoint’s financial industry customers use Proofpoint solutions to comply with existing and emerging regulations and ensure the highest standards of security for their companies. Please join us on August 8th 11 AM PST (2 PM EST).

To register, visit the link above or simply complete the form below. As always, a link to a replay of the webinar will be sent to all registered attendees shortly after the live event.

Our live web seminar series continues on Wednesday, July 25th at 11 a.m. PT, 2 p.m. ET with a case study presentation about how one of our BlueCross BlueShield customers has tacked their email security, encryption and healthcare privacy issues. Resident data loss prevention and email encryption expert, Ken Liao, presents.

There are numerous solutions that can be used to encrypt email messages and other important data, however, without a robust policy-based encryption strategy, organizations are highly vulnerable to the leakage of sensitive data.

In, BlueCross BlueShield Case Study: Best Practices and Critical Steps to Protect and Secure Sensitive Data , you will learn firsthand how and why a leading BlueCross BlueShield uses Proofpoint solutions including our next-generation, policy-based encryption solution to protect private healthcare information in email.

Ken will also explain how Proofpoint technology ensures message privacy, enforces internal policies, and helps healthcare organizations comply with HIPAA/HITECH and other data protection and privacy regulations.

To register, visit the link above or simply complete the form below. As always, a link to a replay of the webinar will be sent to all registered attendees shortly after the live event.

Proofpoint is hiring! If you're searching for the next defining step in your career, come and see us at the Tech Career Expo in San Francisco.

The Tech Career Expo and Developer Jam is taking place today and tomorrow June 28 and 29 at the Moscone Center in San Francisco. The expo is being held concurrently with Google’s sold out developer conference, Google I/O, which is also taking place in the Moscone Center. As an added perk, keynotes and key sessions from Google I/O will be live streamed into the developer theater for Tech Career Expo attendees to view.

The most exciting part of the event (other than talking with awesome Proofpoint recruiters!) is that anyone can attend the Tech Career Expo free of charge.

Don’t miss out on the opportunity to network with Proofpoint professionals who are hiring in all areas of technology. We're seeking the best and the brightest for positions in engineering, operations, big data (Hadoop, Mapreduce, Hive, etc.), quality assurance, software R&D,  marketing and sales.

If you will be attending the Expo or Google I/O, make a point to stop by Proofpoint's Tech Career Expo booth (#512) to learn about all of our incredible employment opportunities.

For those who cannot make the event but are interested in a career with Proofpoint, check out the Proofpoint careers page for information on available positions.

We're excited to announce that our email security and data loss prevention solutions, Proofpoint Enterprise Protection and Proofpoint Enterprise Privacy, were awarded SC Magazine's prestigious Reader Trust Award for "Best Email Content Management, 2012," presented at an award ceremony held in conjunction with the 2012 RSA Conference.

Winners were chosen by voters who are SC Magazine readers and work as high-level IT security executives (CISOs, CIOs, VPs, etc.) for organizations across various markets, including finance, health care, government, education and other industries.

"Our readers are on the front lines of information security, and they have recognized Proofpoint Enterprise Protection and Privacy as one of their key tools for securing their organizations," said Illena Armstrong, vice president and editorial director, SC Magazine. "Without leaders in innovation, such as Proofpoint, we would not be able to plan for the future of enterprise security." 

The "Best Email Content Management" category honors enterprise solutions that are not simply anti-spam filters but offer enhanced features such as bi-directional filtering, centralized management, and/or filtering of unauthorized content (i.e.,  "extrusion protection" or data loss prevention features).

Thanks to SC Magazine and its readers for honoring Proofpoint with this award!

You can learn more about Proofpoint Enterprise Protection and Privacy at http://www.proofpoint.com/products. Learn more about this award by reading our complete press release, "Proofpoint Winner of 2012 SC Magazine Reader Trust Award."

To see all of the 2012 winners, visit the following link:

2012 SC Magazine Awards Winners 

As we enter day two of the 2012 RSA Conference, Proofpoint issued a press release this morning (see, "Proofpoint Extends Data Protection and Information Governance Solutions to Address Cloud-Based File Sharing, Collaboration and Social Media") announcing new capabilities for Proofpoint Enterprise Privacy and Proofpoint Enterprise Governance, based on integration with popular cloud content management solution, Box.

According to the release, the integration between Proofpoint Enterprise solutions and Box will offer "enhanced security, compliance and control over documents shared via Box."

The integration is part of Proofpoint's ongoing strategy to help organizations better monitor and control the flow of information across all major data stores and communication channels, including cloud-based file sharing, collaboration and social media services. Read the full release here.

If you're at RSA, do make a point of coming by Proofpoint's booth (#850) in the Moscone Center exhibit hall where the team will be demonstrating some of the new capabilities. And while you're there, take our short survey and snag one of our cool "Email Me Your Credit Card" or "Open the Attachment" tees.