New integrated solutions solve for the most critical risks facing organizations when it matters most—spanning threat, identity, and data—to detect more attacks pre-delivery, quantify the impact of compromised identities, and improve the efficiency of defenders responding to data loss
Proofpoint, Inc., a leading cybersecurity and compliance company, introduced industry-first innovations that address the top risks organizations face today—from business email compromise (BEC), the leading cause of financial loss for organizations, to ransomware and data exfiltration. The unified solutions, announced at Proofpoint Protect 2023, span the company’s Aegis Threat Protection, Identity Threat Defense and Sigma Information Protection platforms to thwart threats across the most critical stages of the attack chain. Fueled by trillions of detected threat activities sourced from one of the most comprehensive data sets in the industry, Proofpoint’s new AI- and ML-powered innovations equip security practitioners with unmatched visibility, flexibility, and depth to detect and disrupt sophisticated adversaries across their organizations’ attack surfaces.
“The critical parts of the attack chain can’t be effectively combatted without taking a people-centric approach,” said Ryan Kalember, executive vice president, cybersecurity strategy, Proofpoint. “We analyze more human communications than any other cybersecurity company, allowing us to deliver industry-first innovations that disrupt the threat actor’s playbook across the attack chain for email fraud, ransomware, data theft, and other risks that matter.”
CIO INFLUENCE News: Sungrow Launches New Version of Its Management and Monitoring System iSolarCloud
AI and ML require robust detection models and a high-fidelity data pipeline to yield accurate detection rates, operational efficiencies, and automated protection. Proofpoint customers benefit from one of the largest and most diverse global cybersecurity data pipelines across email, the cloud, and mobile computing. Every year, Proofpoint analyzes an unparalleled amount of data sourced from more than 2.8 trillion scanned email messages, 17 trillion scanned URLs, 1.3 trillion scanned SMS and MMS, and 46 million DLP end users.
Preventing Initial Compromise
Email is the number one attack vector leading to successful compromise. Proofpoint’s Aegis Platform is the only AI/ML-powered, cloud-based threat protection platform that disarms today’s advanced attacks, including email fraud (BEC), ransomware, weaponized URLs, multifactor authentication (MFA) bypass for credential phishing, and more. New enhancements and features in Aegis include:
- Industry-first LLM-based Pre-delivery Threat Detection: Through Proofpoint’s implementation of the BERT large language model (LLM) within Proofpoint’s CLEAR solution, the company is pioneering industry-first, pre-delivery protection against social engineering attacks before they can do harm.
CIO INFLUENCE News: AutoCrypt Security Fuzzer Expands Vehicle Fuzzing Capabilities Through Major Upgrade
Pre-delivery protection is so critical because, based on Proofpoint’s telemetry across more than 230,000 organizations around the world, post-delivery detections are frequently too late. Nearly one in seven malicious URL clicks occur within one minute of the email’s arrival, and more than one-third of BEC replies happen in less than five minutes. These narrow timeframes, during which a user can fall prey to an attack, underscore the importance of blocking malicious attacks before they can reach a user’s inbox.
Time Elapsed | ||||||
<30 seconds | <1 minute | <5 minutes | ||||
Clicks on new malicious URLs | 6.5% | 13.4% | 43.3% | |||
Responses to BEC messages | 18.5% | 20.8% | 34.3% | |||
Responses to BEC messages delivered by telephone | 30.2% | 31.7% | 44.6% |
This LLM-based detection has also proven highly successful at detecting malicious messages—both those created traditionally and with generative AI. Proofpoint has also been using ChatGPT, WormGPT, and other generative AI-created malicious content to train our models.
- Enhanced Visibility into Blocked Threats: Last year, businesses lost more than $2.7 billion due to BEC scams—nearly 80 times greater than losses due to ransomware. Beginning in Q3, new summaries in the Targeted Attack Prevention (TAP) Dashboard will provide enhanced explanation on BEC condemnations performed by Proofpoint’s CLEAR solution, including threats condemned by the new LLM-based detection. Condemnation summaries will include why a threat was determined to be a BEC attack and its corresponding response timelines, reducing security practitioners’ time spent on threat analysis and reporting to management.
Identity Threat Defense: Attack Path Risk
The global increase in cyberattacks has been enabled by attackers shifting their tactics and focus to identity-based attacks, with 84% of organizations falling victim to an identity-related breach last year. When attackers first land on a host, it’s very rarely their end target. Instead, they escalate privilege and move laterally across an environment to exploit privileged credentials.
By bringing together market-leading data across the attack chain between Proofpoint’s Aegis and Identity Threat Defense platforms, security practitioners can understand the number of attack paths for ransomware and data exfiltration should an employee’s identity be compromised for privileged identity abuse and lateral movement with Proofpoint’s new Attack Path Risk. Available in Q4 within Proofpoint’s TAP dashboard, organizations that add Proofpoint’s Identity Threat Defense to their Proofpoint Aegis implementation can empower their analysts to swiftly prioritize the remediation and adaptive controls.
Defending Against Data Exfiltration: Misdirected Email
Proofpoint Sigma is the only information protection platform that merges content classification, threat telemetry and user behavior across channels in a unified, cloud-native interface to stop data loss and insider threats. Proofpoint is the world’s largest Insider Threat Management (ITM) provider and second largest data loss prevention (DLP) vendor globally and by revenue (Gartner). Driven by the accelerated adoption of work-from-anywhere practices, Sigma is trusted by nearly half of the Fortune 100 and deployed to over 5,000 customers and 46 million users worldwide, analyzing 45 billion events each month.
Leveraging behavior anomaly detection machine learning for content scanning, Proofpoint’s new Misdirected Email solution, available in Q4, prevents users from accidentally sending emails and files to the wrong recipient and possibly creating a data loss incident.
CIO INFLUENCE News: Blend360 Announces Suite of New Generative AI Features to Drive Clients’ Business Performance
Generative AI-based Analysis for Powerful Threat Insights Across the Attack Chain: Proofpoint Security Assistant
Proofpoint continues to deliver unique AI and ML innovations based on telemetry from its vast customer set comprised of more than 230,000 global enterprises and small- and medium-sized businesses as well as 150 ISP and mobile network providers. Previewed for the first time at Protect 2023, Proofpoint Security Assistant, a new generative AI user interface, empowers analysts to ask natural language questions and receive actionable insights and recommendations based on the trillions of combined data points across Proofpoint’s platforms.
Available in Q4 as a technology preview in the Sigma Information Protection platform, DLP SOC analysts can pose questions such as, “show me John Doe’s exfiltration attempts and recommend which DLP controls we should add.” Over time, Proofpoint’s generative AI-based interface will be expanded to the Aegis and Identity Threat Defense platforms, enabling security practitioners to gain powerful threat insights by asking queries such as, “show me the leading Very Attacked People who have the most attack paths that would result in a ransomware-based data exfiltration.”
Responsible Approach to Generative AI
The integrity, privacy and security of customer data is of paramount importance to Proofpoint. We rigorously evaluate each generative AI tool for compliance with Proofpoint’s corporate tenets. For example, we use internally deployed versions of generative AI tools, and we do not allow LLM providers to train their models using Proofpoint-held data.
CIO INFLUENCE News: Quantum Computing and European-Based Assured Cyber Protection Ltd Enter into Sales and Teaming Agreement
[To share your insights with us, please write to sghosh@martechseries.com]