Home > Research > Your Employees Are the Target: Proofpoint’s Human-Centric Answer

Your Employees Are the Target: Proofpoint’s Human-Centric Answer

Proofpoint, an innovator in the cybersecurity industry, has earned its reputation as a leader in email security and data loss prevention (DLP). As the threat landscape evolves, Proofpoint has expanded its solutions beyond legacy perimeters, embracing a more holistic, human-centric approach. This tech note examines the need for intelligent email security platforms, Proofpoint’s expanded capabilities, and its strategic focus in the face of increasingly sophisticated attacks.

The Need for an Intelligent Email Security Platform

Email remains a primary vector for cyberattacks, with social engineering and targeted phishing becoming increasingly effective as attackers leverage AI to automate and scale their operations. Traditional perimeter-based email security solutions struggle to keep pace with the complexity and sophistication of these threats. Modern email security platforms must leverage:

  • Advanced threat intelligence: Real-time analysis of global threat data from dedicated threat researchers to stop the widest variety of threats.
  • Behavioral analysis: AI-driven techniques to identify subtle contextual anomalies indicative of malicious intent.
  • Continuous user-focused detection: Identification of risky users, supported by both pre- and post-delivery detection of email threats.
  • Automation and integration: Shared data across solutions to automate remediation actions and empower administrative efficiency.
  • Data protection: Solutions to safeguard against both intentional and accidental data loss.

95% of cybersecurity incidents involve human error, and 74% of data breaches rely on exploiting human actions.

Source: Proofpoint Analyst Briefing Deck, Email Security, 2024

Proofpoint: A Company Snapshot

Founded in 2002, Proofpoint has established itself as a leader in email security and DLP. Its extensive experience is evident in its work protecting more than 85% of the Fortune 100 companies and processing a massive volume of daily email traffic. Proofpoint’s data-driven approach leverages this substantial data set to fuel advanced threat analysis and power superior detection capabilities. The company demonstrates a strong emphasis on continuous development and innovation.

In 2021, Proofpoint was acquired by Thoma Bravo, a leading private equity software investment firm with $138 billion in assets that also owns Ping Identity, SailPoint, Veracode, and Delinea, a portfolio company via Centrify. This acquisition has further fueled Proofpoint’s growth trajectory and focus on innovation within the cybersecurity landscape.

Proofpoint’s Threat Protection Platform

Proofpoint’s core email security solution offers multilayered detection, including robust threat protection that combines intelligence, attachment and URL sandboxing, behavioral analytics, and advanced AI to thwart known and emerging threats. It also offers authentication and antispoofing, including domain-based message authentication, reporting, and conformance (DMARC) enforcement, implementation, hosting, and outbound domain protection. It defends against business email compromise (BEC) with Supernova, leveraging behavioral AI for sophisticated detection and response against BEC attempts. Click-time protection provides real-time link analysis and adaptive, context-aware email banners and browser isolation for suspicious messages based on calculated risk to mitigate malware, phishing, and email fraud attacks.

Reducing risk: Proofpoint's detection stack ft. AI/ML. Proofpoint's detection involves factors including intelligence, sandbox, behavioural, advanced ML/AI, higher fidelity detection, and better explainability, leading to over a billion phishing attacks stopped each year and millions of other kinds of attacks stopped.

Source: Proofpoint Analyst Briefing Deck, Email Security, 2024

Supplier Threat Protection (VEC) and Account Takeover

Proofpoint recognizes the intertwined nature of supply chain attacks and the dangers of account takeovers. To that end, it mitigates VEC attacks by leveraging behavioral analysis. This helps identify spoofed and lookalike domains impersonating trusted third parties and threats sent from compromised suppliers targeted to gain access into larger organizations. Proofpoint’s account takeover (ATO) component provides ATO protection and focuses on the entire attack chain through pre- and post-takeover phases, protecting both internal and external accounts.

Reducing risk: Compromised account protection with supplier threat protection. This includes screenshots of information along with a customer success story. Using Proofpoint, the customer identified 10 high-risk compromised supplier accounts in 1 month, cut time to detect and investigate in half, and strengthened partner trust by offering actionable evidence.

Source: Proofpoint Analyst Briefing Deck, Email Security, 2024

Additional Insights

Proofpoint provides mail transfer agent (MTA) and API-based deployment options, offering pricing parity and flexibility. Its high-fidelity detection engines place emphasis on rich data and advanced analysis to drive impressive accuracy with extremely low false positive rates (1 in 19 million). The solution integrates with other leading vendors, including security orchestration, automation, and response (SOAR) and security information and event management (SIEM) solutions for enhanced incident response, risk data correlation, and automation.

Reducing risk: Stop threats before they become incidents. With pre-delivery blocking, remove the burden from the security team, reduce the volume of malicious messages in employee inboxes, and improve employee productivity and email experience.

Source: Proofpoint Analyst Briefing Deck, Email Security, 2024

Differentiating Features

I believe Proofpoint’s strength lies in its ability to evolve alongside the constantly shifting cybersecurity landscape. Proofpoint understands that robust email protection and advanced DLP capabilities, while foundational, are no longer enough. Its differentiating features reflect a commitment to harnessing threat intelligence, AI behavioral analysis, and automation to address the escalating risk posed by sophisticated attackers intent on exploiting the human element of security. In summary, these features set Proofpoint apart:

  • Intelligence powered by scale: Proofpoint’s massive data set fuels superior threat detection, behavioral analysis, and robust identity protection against impersonation attacks to help security teams stay ahead of threat actors.
  • Focus on human-centric security: Proofpoint addresses the ever-present human factor in security incidents through identity threat protection, unique user-specific insights, and tailored defenses for an organization’s Very Attacked People (VAPs).
  • Comprehensive threat protection: Proofpoint demonstrates its commitment to multilayered security by providing comprehensive safeguards for pre- and post-delivery protection against the widest variety of malware, phishing, and other email-borne threats.
  • Efficiency from automation: Proofpoint unburdens security teams with fewer incidents to respond to, adaptive security controls for in-time defense, and automated remediation actions such as abuse mailbox management.
  • Commitment to innovation: This commitment is evidenced by its continuous investments in R&D through acquisitions like Illusive and Tessian, which incorporate identity threat defense and AI-based email DLP, and its evolving solutions for threat protection.

Improved visibility: Understanding people risk. Categories users into groups based on risk level, prioritize and apply adaptive security controls, and investigate why users pose risk to the organization. Included is a screenshot of Proofpoint showing a dashboard with details on Very Attacked People.

Source: Proofpoint Analyst Briefing Deck, Email Security (2024)

Conclusion

Proofpoint offers a comprehensive and adaptive platform addressing a wide array of threats, including advanced email attacks (such as malware like ransomware, phishing, and BEC), account compromises, and attempts to exploit supply chain vulnerabilities. Its focus on data-driven analysis, sophisticated techniques like semantic analysis for contextual understanding, and an ability to detect even previously unseen malicious URLs underscores its commitment to combating evolving risk. While no single solution is a silver bullet, Proofpoint’s emphasis on innovation, integration, and human-centric security makes it a strong contender for organizations prioritizing proactive threat defense.

The Proofpoint difference: risk reduction, improved visibility, and operational efficiency.

Source: Proofpoint Analyst Briefing Deck, Email Security (2024)

Our Take

Proofpoint's transformation highlights the urgent need for email security to go beyond traditional gateway solutions. Its emphasis on AI-driven analysis, paired with cutting-edge behavioral machine learning engines and access to a large volume of data, sets Proofpoint apart in its ability to detect and respond to the largest variety of highly sophisticated attacks. This focus on behavioral analysis and understanding the human element of security aligns well with the realities of modern cyber threats. Furthermore, Proofpoint’s impressive track record of protecting most of the Fortune 100, scanning billions of emails daily, and substantial revenue underscores its market expertise. The commitment to integrating with other security solutions demonstrates that Proofpoint understands that human-centric protection like email is just one piece of the security puzzle. Additionally, its strategic moves like VEC and ATO protection and the Tessian acquisition illustrate adaptability and a proactive approach to addressing emerging vulnerabilities.

Here are some additional points to consider as you evaluate Proofpoint against other vendors:

  • Maturity of supplier threat protection: Proofpoint’s supplier threat protection against vendor email compromise (VEC) is a relatively recent addition (released in May 2023). While solutions from vendors like Abnormal Security (VendorBase) or Checkpoint Avanan may have a more established track record in this specialized area, Proofpoint’s advanced threat intelligence, larger customer base and ability to see message traffic before delivery can provide an advantage in this category.
  • Very Attacked Person (VAP) focus: Proofpoint has strong capabilities for identifying and protecting high-profile individuals within your organization who are more likely to be targeted by sophisticated attacks. This can be extremely valuable for organizations who have executives or other personnel who regularly handle sensitive data.
  • Comprehensive vs. specialized: It’s important to deeply understand your business needs and levels of risk tolerance. Then, evaluate if your organization requires Proofpoint’s broader security focus against a wider variety of threats, or if you prefer to rely on a native security solution augmented by a secondary vendor with more limited scope.

Ultimately, the best email security solution for your organization depends on your specific threat landscape and risk priorities. Carefully consider which types of threats your organization is most likely to experience before making a decision.

Key strengths of Proofpoint include:

  • Advanced threat detection: Its AI-powered approach and vast data resources position it well for sophisticated attack prevention.
  • Human-centric focus: Recognizing the human element in cyber threats strengthens its overall security posture.
  • Market leadership: Its experience protecting major corporations and its substantial market presence demonstrate its capabilities.
  • Innovation and development: Its visibility into the global threat landscape and history of reinvesting in R&D enable it to innovate with more agility.
  • Integration and adaptability: Commitment to integration with other security solutions and strategic moves like VEC protection show its proactive approach.

While Proofpoint offers a compelling solution, given the significance of supply chain risks, consider the maturity of its VEC offering compared to other established vendors in that space. Additionally, evaluate if a broader email security focus aligns with your needs, or if you prioritize specialized expertise in certain areas.

Sources

Proofpoint, Email Security Analyst Briefing, delivered by Brette Petersen on 4/1/24

Proofpoint, Email Security Analyst Briefing Deck, 2024

Email Protection - Email Security Solutions | Proofpoint US


Want to Know More?

Threat Intelligence & Incident Response | Info-Tech Research Group

Improve Email Security | Info-Tech Research Group

Best Cloud Email Security Solutions 2024 | SoftwareReviews