Proofpoint Inc., a security-as-a-service provider, released Thursday a new cloud-based security solution architected to provide reliable protection against spear phishing and other malicious, targeted attacks that have eluded the security industry for more than a decade. Proofpoint Targeted Attack Protection deploys an array of advanced technologies including big data analysis techniques, URL interception, and malware sandboxing to provide unprecedented protection that follows messages and users wherever they go -- whether they're behind the corporate firewall or off the corporate network, on mobile devices, or public terminals.
"Today's targeted attacks are one of those issues that keep every security professional up at night because they're both harder to detect and harder to recover from than conventional threats," said Patty Krivitzky, senior systems support specialist for Alticor, the parent company for Amway. "If even one user clicks just once on one phish, it could turn into a disaster -- where that one data breach could end up triggering millions of dollars in damages and cost, not to mention the damage to brand reputation. Proofpoint has been our trusted security partner for years and Targeted Attack Protection is yet another example of how Proofpoint delivers innovative solutions to our most pressing security concerns."
"Targeted attacks represent one of the most dangerous IT threats facing enterprises today. These sophisticated blended attacks can bypass even the most advanced Web, email and end-point security systems by exploiting gaps between these point products," said David Knight, executive vice president of product management for Proofpoint. "Proofpoint Targeted Attack Protection is designed to close these gaps and stop targeted attacks by combining previously disparate email security, Web security and malware analysis technologies into a comprehensive, cloud-based service."
Proofpoint Targeted Attack Protection takes an entirely new approach to identifying suspected attacks, employing big data analysis techniques to spot and apply additional security controls to suspicious messages. Proofpoint Anomalytics examines hundreds of variables in real time -- including message properties and the email traffic history of the message recipient -- to understand per-user what constitutes "normal" mail traffic, and to identify exceptions that would indicate that an incoming message may be (or later become) a threat.
"Attackers are increasingly focused on delivering malicious content inside of email and Web transactions in order to breach your security and pass through your existing security controls. In the past, signature-based technologies such as antivirus were adequate to protect against a majority of threat," said Gartner analysts Lawrence Pingree and Neil MacDonald, writing in Best Practices for Mitigating Advanced Persistent Threats. "However, the emergence of newer attack and payload delivery techniques that bypass these traditional signature-based approaches must be addressed by new emerging security technologies as well as augmentation of our old paradigm of thinking about traditional security technologies."
Attachments to and URLs in these anomalytics-identified messages are then subjected to additional processing. Proofpoint Targeted Attack Protection re-writes any links (URLs) in the messages so that browsers are transparently redirected through the Proofpoint cloud for content inspection and malware analysis every time the link is subsequently clicked -- a tactic dubbed "URL click-time defense." If URLs that were initially harmless turn malicious after a period of time -- a common phishing tactic -- users are still protected, whether they access the message from the corporate network, home network, mobile device, or public network.
Proofpoint Targeted Attack Protection provides unprecedented visibility into persistent threats through its unique Threat Insight Service. The Threat Insight Service includes a Web-based threat dashboard and configurable alerts that give administrators and security professionals the ability to identify targeted attacks, the scope of these attacks (just their organization or wider industry), which individuals are being targeted by the attacks, the nature of the attacks (malware, credential phishing etc.), and what remediation actions if any are necessary.
Proofpoint Targeted Attack Protection is a cloud-based solution that can be rapidly deployed without up-front capital expenditures and is designed to complement existing email and web-security products. General availability is slated for the third quarter of this year with licensing on a per-user, per-year basis.