Proofpoint, Inc., a leading cybersecurity and compliance company, today introduced industry-first innovations that address the top risks organizations face today—from business email compromise (BEC), the leading cause of financial loss for organizations, to ransomware and data exfiltration. The unified solutions, announced at Proofpoint Protect 2023, span the company’s Aegis Threat Protection, Identity Threat Defense and Sigma Information Protection platforms to thwart threats across the most critical stages of the attack chain. Fueled by trillions of detected threat activities sourced from one of the most comprehensive data sets in the industry, Proofpoint’s new AI- and ML-powered innovations equip security practitioners with unmatched visibility, flexibility, and depth to detect and disrupt sophisticated adversaries across their organizations’ attack surfaces.
“The critical parts of the attack chain can’t be effectively combatted without taking a people-centric approach,” said Ryan Kalember, executive vice president, cybersecurity strategy, Proofpoint. “We analyze more human communications than any other cybersecurity company, allowing us to deliver industry-first innovations that disrupt the threat actor’s playbook across the attack chain for email fraud, ransomware, data theft, and other risks that matter.”
AI and ML require robust detection models and a high-fidelity data pipeline to yield accurate detection rates, operational efficiencies, and automated protection. Proofpoint customers benefit from one of the largest and most diverse global cybersecurity data pipelines across email, the cloud, and mobile computing. Every year, Proofpoint analyzes an unparalleled amount of data sourced from more than 2.8 trillion scanned email messages, 17 trillion scanned URLs, 1.3 trillion scanned SMS and MMS, and 46 million DLP end users.
Preventing Initial Compromise
Email is the number one attack vector leading to successful compromise. Proofpoint’s Aegis Platform is the only AI/ML-powered, cloud-based threat protection platform that disarms today’s advanced attacks, including email fraud (BEC), ransomware, weaponized URLs, multifactor authentication (MFA) bypass for credential phishing, and more. New enhancements and features in Aegis include:
- Industry-first LLM-based Pre-delivery Threat Detection: Through Proofpoint’s implementation of the BERT large language model (LLM) within Proofpoint’s CLEAR solution, the company is pioneering industry-first, pre-delivery protection against social engineering attacks before they can do harm.
Pre-delivery protection is so critical because, based on Proofpoint’s telemetry across more than 230,000 organizations around the world, post-delivery detections are frequently too late. Nearly one in seven malicious URL clicks occur within one minute of the email’s arrival, and more than one-third of BEC replies happen in less than five minutes. These narrow timeframes, during which a user can fall prey to an attack, underscore the importance of blocking malicious attacks before they can reach a user’s inbox.
This LLM-based detection has also proven highly successful at detecting malicious messages—both those created traditionally and with generative AI. Proofpoint has also been using ChatGPT, WormGPT, and other generative AI-created malicious content to train our models.
- Enhanced Visibility into Blocked Threats: Last year, businesses lost more than $2.7 billion due to BEC scams—nearly 80 times greater than losses due to ransomware. Beginning in Q3, new summaries in the Targeted Attack Prevention (TAP) Dashboard will provide enhanced explanation on BEC condemnations performed by Proofpoint’s CLEAR solution, including threats condemned by the new LLM-based detection. Condemnation summaries will include why a threat was determined to be a BEC attack and its corresponding response timelines, reducing security practitioners’ time spent on threat analysis and reporting to management.
Identity Threat Defense: Attack Path Risk
The global increase in cyberattacks has been enabled by attackers shifting their tactics and focus to identity-based attacks, with 84% of organizations falling victim to an identity-related breach last year. When attackers first land on a host, it’s very rarely their end target. Instead, they escalate privilege and move laterally across an environment to exploit privileged credentials.
By bringing together market-leading data across the attack chain between Proofpoint’s Aegis and Identity Threat Defense platforms, security practitioners can understand the number of attack paths for ransomware and data exfiltration should an employee’s identity be compromised for privileged identity abuse and lateral movement with Proofpoint’s new Attack Path Risk. Available in Q4 within Proofpoint’s TAP dashboard, organizations that add Proofpoint’s Identity Threat Defense to their Proofpoint Aegis implementation can empower their analysts to swiftly prioritize the remediation and adaptive controls.
Defending Against Data Exfiltration: Misdirected Email
Proofpoint Sigma is the only information protection platform that merges content classification, threat telemetry and user behavior across channels in a unified, cloud-native interface to stop data loss and insider threats. Proofpoint is the world’s largest Insider Threat Management (ITM) provider and second largest data loss prevention (DLP) vendor globally and by revenue (Gartner). Driven by the accelerated adoption of work-from-anywhere practices, Sigma is trusted by nearly half of the Fortune 100 and deployed to over 5,000 customers and 46 million users worldwide, analyzing 45 billion events each month.
Leveraging behavior anomaly detection machine learning for content scanning, Proofpoint’s new Misdirected Email solution, available in Q4, prevents users from accidentally sending emails and files to the wrong recipient and possibly creating a data loss incident.