ESG Validates Proofpoint’s Ability to Stop Advanced Email-based Attacks

1 © 2017 Proofpoint, Inc.
EVOLVING AT
THE SPEED OF
THREATS
Adapted from ESG Lab Validation
for Proofpoint Advanced Email Security
September 2017

About this presentation
§ ESG Lab performed hands-on evaluation and testing of Proofpoint Advanced Email Security. The goal was to
validate the company’s unified solution and its ability to secure inbound and outbound email. ESG looked at
whether it addresses the spectrum of email-borne threats businesses need to address today. These threats
include:
§ Email fraud (also known as business email compromise, or BEC)
§ Advanced malware and ransomware
§ Inbound and outbound phishing.
§ The ESG Lab tests covered at three areas of focus Proofpoint email security: Non-malware-based threats
such as BEC and credential phishing, malware-based threats like ransomware, and threat response.
§ This presentation is a summary of ESG’s findings and recommendations.
§ To download the full report, visit.proofpoint.com/esg-lab-report

CYBERSECURITY
A SURPLUS OF CONCERN, A SHORTAGE OF SKILLS

Cybersecurity is a Growing Concern
ESG Research Report, 2017 IT Spending
Intentions Survey, March 2017.
cited cybersecurity as
their top IT initiative
(nearly double the second-place initiative)
faced an incident that
required reimaging
at least one
endpoint or server2
were hit with
ransomware
faced an incident
that disrupted a
business app
32% 39% 27% 20%
ESG/ISSA Research Report: Through the
Eyes of Cyber Security Professionals: Annual
Research Report (Part II). December 2016. Ibid. Ibid.

The workplace is changing. So are cyber threats.
More data is consumed outside of the corporate data
Email
The cloud and
SaaS
Web Mobile Social

The Workplace is Changing. So are Cyber Threats.
This mobility has put corporate data at risk
§ Users access information and apps on compromised hardware.
§ They click malicious URLs.
§ They open infected files and documents.

The Workplace is Changing. So are Cyber Threats.
Attackers exploit technical vulnerabilities and human nature
§ Advanced threats (ransomware and other malware)
§ Non-malware threats (email fraud, credential phishing)

Cybersecurity Skills are Critically Scarce
ESG Research Report, 2017 IT Spending
Intentions Survey, March 2017.
of businesses say
they have a
problematic shortage
of cybersecurity skills.
45%
Ibid.
That’s the largest
shortage of any IT skill.

How today’s cybersecurity tools can fill the gap
§ Prevent, detect and block attacks before they reach their target
§ Equip security teams to respond to threats quickly and effectively
§ Provide visibility into threats that happen outside the network
§ Reduce manual tasks (including verifying and remediating threats)
§ Provide insight into the full threat landscape to understand and anticipate future threats
§ On an ongoing basis, report on the security posture and effectiveness

OVERVIEW
PROOFPOINT ADVANCED EMAIL SECURITY

Proofpoint Advanced Email Security
Cloud-based platform for fast deployment, continuous updates
Protects more than 4,000 organizations
§ Scans more than 1 billion email messages per day
§ Has evaluated more than 21 million iOS and Android apps
§ Protects more than 200 million social accounts
Advanced Email Security is a complete, multilayered solution for email threats and continuity
§ Protects against attachment and URL-based attacks (ransomware, malware)
§ Protects against threats that exploit human nature (email fraud and phishing)
§ Automatically removes malicious email from inboxes
§ Provides critical context around alerts for faster, more focused response
§ Keeps users’ email, calendars, and contacts working when regular service is down

Proofpoint Advanced Email Security: Technology
§ Dynamic analysis of URLs and attachments
§ Email authentication (DMARC)
§ Email content analysis and classification, to provide
§ Threat Response Auto Pull (automatically removes emails from user inboxes that are deemed
malicious or turn malicious after being delivered)
§ The Nexus Threat Graph
§ 800 billion data points
§ Threat Intelligence that extracts and correlates data across attackers and their campaigns to connect
the dots
§ Spans email, the web, SaaS, social, and mobile
§ Enabled Proofpoint to block Locky at the outset

Proofpoint Advanced Email Security: Components
§ Email Protection: Classifies email to protect against spam, phishing, impostor email,
malware, bulk, and adult content
§ Targeted Attack Protection: Detects and blocks advanced threats that target people through
email
§ Email Fraud Defense: Reveals who is sending email under a domain to let legitimate
senders through and block fraudulent emails targeting employees, business partners, and
customers
§ Information Protection: Advanced data loss protection (DLP) without the complexity and
costs of legacy tools
§ Threat Response Auto Pull (TRAP): Automatically removes already-delivered malicious
email from users’ inboxes including any copies that have been forwarded to colleagues
§ Email Continuity: Keeps email, calendar, and contacts available when regular email service
is down

VALIDATION
ESG’S HANDS-ON EVALUATION AND TESTING

ESG’s Findings
ESG Lab validated that Proofpoint Advanced Email Security:
§ Provides visibility into all email-based attacks
§ Implements core control and deep content analysis
§ Enables email authentication for both inbound and outbound business email
§ Protects against data loss, and enables rapid response to threats and attacks.
§ It is a holistic solution that enables organizations to identify interconnections and patterns,
which helps identify malicious actors and their campaigns. Proofpoint aggregates this
intelligence and feeds it back to customers through the TAP dashboard and through the entire
suite of Proofpoint products and solutions.

Targeted Attack Protection: TAP Dashboard
This is the main TAP interface used by customers’ security teams.

Attack-spread
thermometer shows
impact among
Proofpoint customers
to show whether
the attack is targeted
Targeted Attack Protection: TAP Dashboard
Clicking on any threat name in the table
brings up detailed information on the threat:
§ Long-form description
§ Summary of attack
Forensics section
§ Attack technique
§ Malware used, if any
§ Attacker details, including modus operandi:
objectives, targeting, delivery, and execution

Targeted Attack Protection: Landscape Report

Targeted Attack Protection: Landscape Report
§ Provides a high-level overview of all threats arriving through email
§ Summarizes categories such as malware, spam, phishing, and email fraud
§ Drilling down to threat categories shows statistics according to threat type
§ Top threat actors
§ Total volume of threats
§ Threats that were inadvertently delivered and need follow-up

Email Fraud Defense

Email Fraud Defense
Email fraud is hard to detect and prevent
§ They rarely contain links or attachments
§ Often are sent in very low volumes
§ Use sophisticated social engineering techniques
§ Email Fraud Defense uses Domain-based Message Authentication Reporting and
Conformance (DMARC) to authenticate email

Email Fraud Defense: How DMARC works
§ When email is received by an ISP or Secure Email Gateway (SEG), the receiving organization
determines whether DMARC has been implemented (through a DNS query)
§ If no DMARC record is in place, the email is processed normally and passed on to its
destination
§ If a DMARC record exists, the receiver checks DMARC authentication.
§ If authentication passes, the receiving entity runs their filters as normal
§ If it fails, the receiving entity applies the domain owner’s DMARC policy: do nothing, quarantine, or
reject

Email Fraud Defense: When Legitimate Email Fails
§ Sometimes, legitimate email may fail authentication checks.
§ With a couple of clicks, ESG Lab could troubleshoot authentication failures for legitimate
traffic
§ Organizations can see not only which legitimate messages are failing DMARC, but why, so
they can take corrective action.
§ The inbound view provides the same visibility for emails sent to an organization’s business
customers and partners.
§ This is the first time ESG Lab has seen this functionality in a commercial product. The time
and effort required to analyze raw DMARC data in-house would be considerable.

Email Fraud Defense: Inbound View

Threat Response: Post-Delivery Protection
Why you need it:
§ No defense stops all threats.
§ Some attachments and URLs are benign when delivered and weaponized later
§ Cleaning up has been a largely manual process.
§ ESG Lab used Proofpoint Threat Response Auto-Pull to retract all copies of a malicious email
from multiple users’ inboxes including copies of the message in other folders.

Conclusion
ESG Lab validated fast and easy identification and prioritization of email-based
cybersecurity threats using Proofpoint’s TAP dashboard:
§ At-a-glance summary information about each threat with more detailed information and analysis
available with just a click.
§ Visibility into every aspect of the threats we examined, with insights developed by Proofpoint’s team of
more than 100 security researchers.
§ Holistic, aggregated intelligence that enables organizations to identify interconnections and patterns,
which helps identify malicious actors and their campaigns.
§ ESG Lab confirmed that Proofpoint helps address potential risks that could slide past
traditional, point-based solutions. And Proofpoint helps tackle them with a prompt remediation
process.
§ ESG Lab feels that Proofpoint’s integrated approach can provide organizations with a toolset
designed to effectively manage the resources spent monitoring, managing, and remediating
threats and attacks.

“If your organization is concerned with the rising
tide of increasingly sophisticated email-based
attacks, Proofpoint’s extensible, multi-layered
platform is worth a closer look.”

To download the full report, visit
proofpoint.com/esg-lab-report

ESG Validates Proofpoint’s Ability to Stop Advanced Email-based Attacks

More Related Content

What's hot (20)

Similar to ESG Validates Proofpoint’s Ability to Stop Advanced Email-based Attacks (20)

Recently uploaded (20)

ESG Validates Proofpoint’s Ability to Stop Advanced Email-based Attacks