Proofpoint: Security, Compliance and the Cloud

In light of next week’s Legal Tech 2013 event in New York (stop by and see Proofpoint at booth 2607), we wanted to recap some of the really terrific insights from our recent web seminar on eDiscovery process efficiency.

In that webinar (see, "Improving eDiscovery Efficiency in a Cloud-based World"), our special guest speaker,  Jonathan Rudolph, attorney for medical device manufacturer C. R. Bard,  raised some very interesting points that might be useful for those heading to Legal Tech next week.

Jonathan was a key part of the team that selected and deployed Proofpoint Enterprise Archive at C. R. Bard and has a unique role in that he serves as both the eDiscovery manager within the IT organization, as well as an attorney within the legal department for this global manufacturer and marketer of medical products, based in New Jersey.

His role as IT-legal liason makes him uniquely qualified to discuss the challenges faced by organizations attempting to improve discovery processes, as well as offer best practices to get past common obstacles. Some of the key points he highlighted:

• eDiscovery remains a matter of perspective, with organizations struggling without a common vocabulary and shared priorities. This gap is made more challenging by the fact that it limits the ability to create a shared view of the problem, which then contributes to a set of common priorities across IT and legal teams. Judges, however, remain above the internal fray and bring unpredictable knowledge (and comfort) of how, when, and where technology and eDiscovery processes intersect.
• For some, today’s processes for identifying and collecting email for discovery can be like a rat maze. He notes that some archiving solutions even return different sets of search results for the same query at different times, leading to completely unpredictable (and clearly incomplete) discovery results. This type of problem not only consumes IT resources, but entails significant organizational risk and can result in multi-million dollar costs to have outside counsel filter through "junk" results.  There are no shortage of recent court rulings that highlight the potential impact (e.g., Samsung v. Apple, Hynix v. Rambus) and costs of "discovery gone wrong."
• Many organizations cannot “break the monkey machine”. In his remarks, Jonathan refers to unbending organizational processes as "the monkey machine." The monkey machine has always done things a specific way, and has embedded that into the company's organizational culture and fabric. To "break the monkey machine," Jonthan argues that it's imperative to involve both the legal and IT departments  from the outset, and that it's helpful to have an individual who can “speak both languages.” Further, it's critical to be able to quantify savings delivered by any technology-enabled eDiscovery process improvement.
• The goal of defensibility is a myth:  Defensibility as a goal often leads to reactivity – which provides a poor starting point and places the burden of persuasion with you, not your adversary. Companies are better served in moving toward a position of justifiability in order to better dictate the rules of the game.
• Security in the cloud is an internal obstacle – that can be overcome. It is inevitable that IT will continue to look for opportunities to cut costs by moving to the cloud. Legal teams - who are often reluctant to embrace cloud-based approaches to eDiscovery - can be persuaded by showing them the advantages of strong service level agreements (SLAs) and security features (such as Proofpoint’s DoubleBlind Key Architecture) which leave data access and control decisions in the hands of legal decision makers – not cloud service administrators.

Using Proofpoint Enterprise Archive, Jonathan and the team at C. R. Bard have already realized the benefits of automating critical, early-stage discovery tasks. After using the system for 4 large matters, he is happy to report that the solution delivers as advertised and has already proven its ability to provide cost reduction and enable greater process efficiency.

To hear all of Jonathan's insights, watch the replay of "Improving eDiscovery Efficiency in a Cloud-based World."

And if you're in NY for Legal Tech next week, please stop by and meet us at booth 2607!

In a press release issued today, Proofpoint announced its Winter 2013 release, which includes updates to our entire suite of cloud-based enterprise security and compliance solutions. One of the highlights of the latest release is a new cloud solution for securely transferring large or sensitive files, Proofpoint Secure Share.

Proofpoint Secure Share provides enhanced security and administrative control over traditional file transfer methods, existing on-premises solutions, and public cloud file sharing services. It leverages the advanced data loss prevention features of Proofpoint Enterprise Privacy to automatically enforce DLP rules such as blocking or encrypting sensitive content.

For a quick overview of the capabilities of Proofpoint Secure Share, including the end-user experience, administrative interface and data loss prevention features, check out this brief video demonstration:

In addition to the new secure file transfer capabilities, the Winter 2013 release includes enhancements across our cloud-based threat protection (Proofpoint Enterprise Protection, Proofpoint Targeted Attack Protection), archiving (Proofpoint Enterprise Archive), and governance (Proofpoint Enterprise Archive Content Collection option) solutions.

In our next live web seminar, File Sharing: Getting Data Control Without Frustrating Your Enterprise Users, we'll be taking a closer look at Proofpoint Secure Share and the issues involved in enabling business users to share large files in an easy, secure and compliant way.

It will come as no surprise to regular readers of this blog, but it was revealed this week that a recent, massive data breach at the South Carolina Department of Revenue -- which exposed "millions of Social Security numbers, bank account information and thousands of credit and debit card numbers" according to SearchSecurity -- started with a phishing attack around mid-August 2012.

According to the official response report (South Carolina Department of Revenue, Public Incident Response Report, November 20, 2012),  "A malicious (phishing) email was sent to multiple Department of Revenue employees. At least one Department of Revenue user clicked on the embedded link, unwittingly executed malware, and became compromised. The malware likely stole the user’s username and password."

Later, the attacker logged into a remote access service using compromised user credentials and began an ongoing process of escalating privileges and installing malware on compromised servers. Potentially stolen information exfiltrated by the attacker totalled more than 74 Gigabytes of data.

SearchSecurity's coverage (see, "Phishing attack, stolen credentials sparked South Carolina breach") notes that, "In addition to the 3.8 million people whose data were exposed, the breach included information on 1.9 million dependents. It also included data on 699,900 businesses. Information on 3.3 million bank accounts were also stolen."

SC Magazine also has a good summary of this attack and the phishing attack that ulitmately lead to the release of confidential information (see, "S.C. tax breach began when employee fell for spear phish").

If you're interested in the methods and motives of today's advanced targeted attackers, you'll want to join us for our next live web seminar, "Targeted Hybrid Attacks on Organizations:
2012 & Beyond," on Wednesday, December 5 (11 AM PT / 2 PM ET).

Forrester Research security analyst Rick Holland will be on hand to discuss the South Carolina breach as just the latest example of spear phishing-lead attacks, why organizations keep getting phished, and how to apply today's email security solutions to keep your enterprise's most valuable data secure.

Follow the link above to register, or simply complete the form below:

Yes, the holiday season is approaching once again and along with holiday celebrations and shopping — especially "Cyber Monday" and "Black Friday" sales, which seem to start earlier every year — also comes an increase in online threats.

Over the past several years, Proofpoint security researchers have observed that the that the volume of attacks — including phishing email attacks, social media exploits and other types of malware attacks — typically increases during the holiday season. Many of these attacks are engineered to take advantage of the consumer mindset during the holidays.

Our October 2012 report on email security threats found that, on any given day, phishing attacks represented 10% to more than 30% of total unsolicited email volume and this trend has continued into the first part of  November.

So, as is traditional here at Proofpoint, I wanted to take a moment to remind you of our "Seven Simple Rules" for staying safe online during the busy holiday season. Read on for our updated tips for 2012 and feel free to share them with your friends, family and email users!

As usual, we also have a couple of early presents for you IT security types: December's live web seminar "Targeted Hybrid Attacks: 2012 and Beyond" will feature special guest Rick Holland, security analyst for Forrester Research. And you can read Rick's latest research, The Forrester Wave™: Email Content Security, Q4 2012, compliments of Proofpoint.

Proofpoint's Seven Simple Rules for Staying Safe Online During the Holidays

1. Be aware: Always view with suspicion any email with requests for personal IDs, financial information, user names or passwords. Your bank, online services, government agencies or legitimate online stores are extremely unlikely to ask you for this type of information via email. Consumers should also be suspicious of similar emails that appear to come from an employer or friend. Never send personal financial information such as credit card numbers and Social Security numbers via email. Today’s malicious emails and phishing attacks are disguised as communications from all sorts of organizations, including banks, money transfer services, government agencies, media outlets, and package delivery services.

2. Don’t click: If you receive a suspicious email, don’t click the links in the email or open file attachments from anything but 100 percent trusted sources. Links embedded in emails may take you to fraudulent sites that look similar or identical to the legitimate “spoofed” site. In addition to attempting to gather your personal login credentials, these phishing sites may also automatically install malicious software, without your knowledge. Increasingly, scammers are using link shortening services to disguise the true destinations of their links. Instead of clicking, open a browser and type the actual Web address for the site into the address bar. Alternatively, call the company using a phone number you already know.

3. Be secure: When you are shopping online, entering important information such as credit card numbers, or updating personal information, make sure you’re using a secure Web site. If you are on a secure Web server, the Web address will begin with “https://” instead of the usual “http://”. Most Web browsers also show an icon (such as Internet Explorer’s “padlock” icon) to indicate that the page you are viewing is secure.

4. Don’t fill out email forms: Never fill out forms within an email, especially those asking for personal information. Instead, visit the company’s actual Web site (using a Web address you already know) and ensure that the page you are using is secure before entering sensitive information.

5. Keep an eye on your accounts: Check the accuracy of your credit card and bank statements on a regular basis, especially during the busy holiday shopping season. Many scammers count on consumer inattention to get away with fraudulent charges. If you see anything suspicious, contact your financial institution immediately.

6. Get social media savvy: Email isn’t the only attack vector used by spammers and scammers. Social media sites like Facebook and Twitter are increasingly used to deliver the same kinds of scams and malicious links to unsuspecting users. Spammers and malware writers continue to distribute malicious, but convincing, emails that masquerade as notifications such as friend requests or message notifications. Keep all of the preceding tips in mind when using the latest communication tools.

7. Make security your first stop: If your holiday includes giving or receiving a new computer, mobile device or upgraded operating system, install a good anti-virus or Internet security solution before doing anything else online. Reputable vendors include F-Secure, McAfee and Symantec. There are also reputable free solutions such as Avast, so a lack of resources doesn't mean you have to go without security. Be extremely wary of Web pop-ups that offer “free security scans” or that inform you that your machine is infected with a virus. Such offers commonly lead to fraudulent anti-virus solutions that are actually malicious software.

Have a safe and happy holiday season, OK?

Our live web seminar series continues next week with, "Targeted Attacks on Your Key Employees: How to Respond to Targeted Attempts to Steal Sensitive Enterprise Data." As readers of this blog are no doubt aware, spear phishing and other forms of targeted attacks represent one of the most dangerous attack vectors today.

In this live web seminar (Wednesday, August 22nd at 11 AM PT, 2 PM ET), we'll share best practices for responding to targeted attacks. In addition, you'll get a first look at the new Proofpoint Targeted Attack Protection solution. The newest addition to Proofpoint's security-as-a-service suite uses big data analytics and other advanced technologies to help organizations identify, defeat and remediate targeted attacks. And the user interface (especially the "Threat Insight" dashboard) is incredibly slick -- definitely worth checking out.

As usual, we'll also reserve time for Q&A to answer your questions live.

To register, follow the link above, or simply complete the form below. Webinar registrants will get a link to the replay of the live event as soon as its available, so it's worth registering even if you can't make it to the live event. We hope you'll join us!

In the financial services industry, maintaining control over private data is crucial to both your customers and your organization's reputation. As the security landscape continues to change, companies need to be prepared to protect their most sensitive business data with the most advanced approaches available today.

To ensure financial industry enterprises are aware of these leading technologies, our next live web seminar, this Wednesday, will focus on best practices for creating the right policies for data privacy and encryption. As new technologies are created that help make encryption efforts easier — and as widely publicized breaches of private data continue to come to light — more financial enterprises are considering these features.  

Our resident data privacy expert, Ken Liao, will discuss how Proofpoint’s financial industry customers use Proofpoint solutions to comply with existing and emerging regulations and ensure the highest standards of security for their companies. Please join us on August 8th 11 AM PST (2 PM EST).

To register, visit the link above or simply complete the form below. As always, a link to a replay of the webinar will be sent to all registered attendees shortly after the live event.

Our live web seminar series continues on Wednesday, July 25th at 11 a.m. PT, 2 p.m. ET with a case study presentation about how one of our BlueCross BlueShield customers has tacked their email security, encryption and healthcare privacy issues. Resident data loss prevention and email encryption expert, Ken Liao, presents.

There are numerous solutions that can be used to encrypt email messages and other important data, however, without a robust policy-based encryption strategy, organizations are highly vulnerable to the leakage of sensitive data.

In, BlueCross BlueShield Case Study: Best Practices and Critical Steps to Protect and Secure Sensitive Data , you will learn firsthand how and why a leading BlueCross BlueShield uses Proofpoint solutions including our next-generation, policy-based encryption solution to protect private healthcare information in email.

Ken will also explain how Proofpoint technology ensures message privacy, enforces internal policies, and helps healthcare organizations comply with HIPAA/HITECH and other data protection and privacy regulations.

To register, visit the link above or simply complete the form below. As always, a link to a replay of the webinar will be sent to all registered attendees shortly after the live event.

Today, Proofpoint introduced an exciting new product, Proofpoint Targeted Attack Protection, that aims to solve one of the most vexing enterprise security problems—targeted attacks, such as email spear phishing attempts.

Spear phishing and other forms of targeted attacks are extremely difficult for traditional gateway security solutions to detect. Not only are they sent in low volume (unlike spam email campaigns), they often don't contain any form of malicious content, known malware, dangerous attachments or links to known malicious sites.

For these reasons, "properly" crafted spear phishing messages often have a 100% delivery rate, even to enterprises protected by modern email and web security systems. 

How, then, can organizations protect themselves? Proofpoint Targeted Attack Protection takes an entirely different approach, based on a new class of context-aware analysis techniques enabled by "big data" technologies. Using big data analysis, the solution essentially builds a model of "normal" messaging behavior, examining hundreds of variables in real time—including message properties and the email traffic history of individual message recipients.

Messages that deviate from that norm—especially messages that include attachments or URLs—are regarded as suspicious and are subjected to additional security controls, including URL interception and malware sandboxing.

We call these anomaly identification techniques "anomalytics" and you can read more about them in our new whitepaper, Big Data Solutions to Enterprise Data Security Challenges.

Persistent Protection from Malicious URLs
No matter how much you tell them not to, email users are going to click links in email. And a common tactic used in targeting phishing attacks is the use of URLs that are actually harmless at the time the message is sent. It's only later that they turn malicious.

To combat these issues, Proofpoint Targeted Attack Protection re-writes links in suspicious messages so that browsers are transparently redirected through the Proofpoint cloud, where content is re-inspected and malware anlysis is performed every time a potentially dangerous link is clicked. In this way, your organization's users are always protected—whether they access messages inside the corporate network, at home, on mobile devices, or on a public network.

Attack Remediation and Response
Another important component of Proofpoint Targeted Attack Protection is the Threat Insight Service, which provides a web-based dashboard that provides an easy-to-understand, graphical view of attacks.

It helps give administrators and security professionals the ability to identify targeted attacks, the scope of these attacks ("are they hitting just my organization or wider industry?"), which individuals are being targeted by the attacks, the nature of the attacks (malware, credential phishing, etc.), and what remediation actions, if any, are necessary.  

Live Webinar: Get a First Look at Proofpoint Targeted Attack Protection
Obviously, there's a lot more to Proofpoint Targeted Attack Protection than I can share in a single blog post.

If you're interested in learning more, you won't want to miss next week's live web seminar, "Spearing the Spear Phishers: How to Reliably Defeat Targeted Attacks" where we'll explain the challenges posed by targeted attacks, the new technology approach developed by Proofpoint, and give you a first look at Proofpoint Targeted Attack Protection.

I hope you'll join us on Wednesday, June 13th at 11 AM PT, 2 PM ET!

Click here to register for "Spearing the Spear Phishers" »

Information governance takes center stage as our live web seminar series continues on March 14, 2012 with "Manage and Govern Your Corporate Data - Wherever it Lives." Proofpoint archiving and governance experts Andres Kohn and Darren Lee will be joined by analyst Mike Osterman to discuss the business drivers behind information governance and the benefits of combining governance and archiving solutions to address a variety of regulatory and legal risks.

If you've been curious about the new Proofpoint Enterprise Governance solution, and the technology behind it, this is also a great opportunity to learn about what it does, how it works and how your organization can benefit.

All three of our speakers are terrific presenters and, as always, we'll save time to take your live questions. Registrants will also receive a link to a replay of the live event.

To register, visit this link - Manage and Govern Your Corporate Data - Wherever it Lives - or simply complete the form below:

The holiday season — you know, Black Friday, Cyber Monday and those other ones — is once again upon us.

Here at Proofpoint, we celebrate the season with two fine traditions: An inbound email threats webinar (see the bottom of this post for more details) and a reminder about how to stay safe online during the busy holiday shopping season.

At this time of year, both snail mail and email inboxes start to get full of special offers, catalogs and the like.

As the volume of legitimate email marketing increases, Proofpoint also sees the volume of spam, phishing and other forms of scam email increase as well. The chart below shows the relative volume of "obvious" phishing messages in Proofpoint's spam traps over the last month (click the image for a larger view):

Over the course of 2011 we've seen spear phishing messages revealed to be the exploit at the root of many high-profile data breaches.

In the same way that enterprises and government organizations need to be wary of phishing messages and other types of threats, consumers too need to be especially careful around this time of year.

So, once again, let me reiterate our “Seven Simple Rules” for staying safe online during the holidays (or any time of the year) which explain some of the tactics that scammers use and the important steps consumers can take to protect themselves. Keep these tips in mind this holiday season and share them with your friends, family and email users!

Proofpoint's Seven Simple Rules for Staying Safe Online During the Holidays

1. Be aware: View with suspicion any email with requests for personal identification, financial information, user names or passwords, especially during the busy holiday season when spammers and scammers use the increased volume of legitimate promotional email as “cover” for their attacks. Your bank, online services, government agencies or legitimate online stores are extremely unlikely to ask you for this type of information via email. Consumers should also be suspicious of similar emails that appear to come from an employer or friend. Never send personal financial information such as credit card numbers and Social Security numbers via email. 

2. Don’t click: If you receive a suspicious email, don’t click the links in the email or open file attachments. Never click email links or open attachments from anything but 100% trusted sources. Links embedded in emails may take you to fraudulent sites that look similar or identical to the legitimate “spoofed” site. Instead of clicking, open a browser and type the actual Web address for the site into the address bar. Alternatively, call the company using a phone number you already know.

3. Be secure: When you are shopping online, entering important information such as credit card numbers, or updating personal information, make sure you’re using a secure Web site. If you are on a secure Web server, the Web address will begin with “https://” instead of the usual “http://”. Most Web browsers also show an icon (such as Internet Explorer’s “padlock” icon) to indicate that the page you are viewing is secure. 

4. Don’t fill out email forms: Never fill out forms within an email, especially those asking for personal information. Instead, visit the company’s actual Web site and ensure that the page you are using is secure before entering sensitive information. 

5. Keep an eye on your accounts: Check the accuracy of your credit card and bank statements on a regular basis, especially during the holiday shopping season, when cyber attacks typically increase and busy consumers tend to be less attentive. If you see anything suspicious, contact the financial institution immediately.

6. Get social media savvy: Email isn’t the only attack vector used by spammers and scammers. Social media sites like Facebook, LinkedIn and Twitter are commonly used to deliver the same kinds of scams and malicious links to unsuspecting users. Be wary 0f social media notifications—such as friend requests, security notices and message notifications—that arrive via email. Scammers have spoofed these sorts of messages to deliver links that lead to fraudulent sites or malware. 

7. Make security your first stop: If your holiday includes giving or receiving a new computer (or tablet, netbook, operating system upgrade, etc.) always install a good desktop anti-virus or Internet security solution before doing anything else online. Always make sure that your net-connected computers are protected by such a solution—and that you keep your subscription up to date! Reputable vendors include F-Secure, McAfee and Symantec.

There are also reputable free solutions such as Avast, so a lack of resources doesn't mean you have to go without security. But be extremely wary of Web pop-ups that offer “free security scans” or that inform you that your machine is infected with a virus. Such offers usually lead to fraudulent anti-virus solutions that are actually malicious software.

If you'd like to learn more about the latest phishing threats, and new techniques for stopping them, attend our upcoming live web seminar Don't Get Hooked by the Latest Phishing Attacks (December 14th, 11 a.m. PT/2 p.m. ET). To register, visit the link — or simply fill out the form below: