Advanced Email Protection

© 2019 Proofpoint. All rights reserved

Attacks increasingly target people, not infrastructure
SHIFT TO CLOUD
THREATS USE
CREATES NEW EMAIL FRAUD IS A
SOCIAL ENGINEERING,
THREAT VECTORS, BOARD-LEVEL ISSUE
NOT VULNERABILITIES
DATA EXPOSURE

99%+ Account takeover of cloud

apps is a growing problem
$12.5B+
Rely on user to run direct losses worldwide
malicious code (Oct 2013 – May 2018)

63% Orgs exposed to

targeted attacks
300%+ 78,617
Increase in corporate
credential phishing
37% Orgs detected
successful breach
incidents worldwide
(Q2 to Q3 2018)
Source: Proofpoint Threat Data. Source: Proofpoint Threat Data. Source: FBI.

© 2019 Proofpoint. All rights reserved 2

Defenders don’t focus on people, attackers do

IT Security Spending Attack Vectors

Endpoint

Network
18%

Email 8%
93%
62% all breaches are attacks
Web targeting people,
12% 96% via email

Source: Gartner (2017 forecast) Source: 2018 Verizon DBIR

© 2019 Proofpoint. All rights reserved 3

Defensive strategy needs to rival attacker tactics

LEGACY APPROACH CURRENT ATTACKER TACTICS

Protect channels, devices, data Target people, across all channels

© 2019 Proofpoint. All rights reserved 4

The Attacker’s POV

jbarker@bank.co lbream@bank.co rhendricks@bank.co

Jack Barker Laurie Bream • 2nd Richard Hendricks • 3rd

Executive at Bank Co Financial Advisor at Bank Co Senior System Administrator
500+ connections 500+ connections
How To Find Your VAPs

High Privilege
Users

High Risk
People
Highly Highly
Attacked Vulnerable
Users Users
Top 20 Very Attacked People: Financial Institution
(Ranked by Attack Index)

Executives

Branch Managers

VP of IT

Mortgage Processing

Administrative
Assistant
People-Centric Visibility Drives Better Protection
VAP Scores
VULNERABILITY ATTACK PRIVILEGE
MEDIUM HIGH HIGH
lbream@bank.co
Phish Simulation
Max threat: 850 VIP: yes
test: no action
(top 10%) Sensitive data:
Risky device /
30 day total: 9,143 yes, CASB DLP
network use: yes
(top 5%) AD Score: High
MFA: inconsistent

Laurie Bream Adaptive Controls

Financial Advisor at Bank Co
500+ connections + Access + Threat + Training
Control Control Control

CASB: steps up Email Protection: Training: data

authentication turn on classifiers protection
Email Protection

9
Policy Layers for Email Security

Flexible Policy Layer Email Anti-Virus

 Robust polices allow for filtering messages
 Built in Anti-Virus engine with rapid
by connection or message attributes
update capability
 Create access lists to determine trusted
 Policy based enforcement allows
and untrusted senders
various actions for detected viruses
 Nearly unlimited combinations of conditions
and dispositions to allow customers
ultimate flexibility
Email Firewall Flexibility

 Rules can be written using

55 potential attributes with
up to 4 subsets each
 Complex rule creation based
on customer needs
 Rule capabilities offer
customers more flexibility
than competitors
How SCSS is Different…
Sender
Header Reputation

IP Address

Sender Content
Relationship

 Silos of intelligence  Integrated intelligence

 Trained using test emails  Self learning
 Updated with any changes  Continuously updated
 SCSS in Action Only Proofpoint:

Sender  Adapts our products

Reputation rapidly to enable
protection from new
threats
Sender/recipient
reputation
 Utilizes composite
scoring across
11011010000011100010 00100111001001010111 hundreds of data
11110110111000101100 10000001000001111001 points
11000001100110100110 10000001111000110101
Language agnostic content
11001011111001001111 11000011010011010011  Consistently
analysis
11011010000011100010 00100111001001010111 demonstrates the
11110110111000101100 10000001000001111001 highest effectiveness
11000001100110100110 10000001111000110101
vs. other solutions in
11001011111001001111 11000011010011010011
11110110111000101100
real customer
10000001000001111001
environments
What this Means for Our Customers

Improved protection for email fraud

• Dynamic protection from impostor email threats
• Machine learning changes over time

Greater end user control

• Personalized control over bulk mail
• All end users define what email they want to receive or not

Better end user experience

• Improved detection of spam
• Continuously updated to maintain accurate detection
Next-generation Spam and Unwanted Email Management
Crowdsourced feedback improves accuracy
of bulk detection and classification

Individual Control: Bulk mail

promoted and delivered to Inbox
Subject
Sender
IP Address
Content
URL/Attachment
Individual Control: Bulk mail
relegated and put in Bulk
Email content analyzed, quarantine
and delivered

Crowdsourced feedback improves accuracy

of bulk detection and classification
Redesigned Smart Search
Goes well beyond the asks from customers for the last 5 years

• Expanded search criteria

• Summary stats for
investigative searches
• “Unlimited” search
result export
• Expanded message metadata
with 100+ attributes

© 2019 Proofpoint. All rights reserved 16

Extending Protection to Internal Email

2
1 Journal internal mail to Internal IMD inspects
Mail Defense (IMD) messages offline
IMD
Cloud Service

Exchange On-prem
4 Auto-pull and
quarantine
messages
3
Proofpoint Threat Response
Auto-Pull (TRAP) polls IMD
for bad messages
Proofpoint TRAP
(On-prem)
Email Protection:
Continued Leadership and Innovation

Best in Class Rich, Actionable User Experience

Effectiveness Intelligence and Flexibility

Visibility to Global Advanced Machine Learning Granular Filtering, Custom Rich Reporting, Visualization
Threat Campaigns at with Content, Context, Configuration and Control and Ecosystem Integration
F1000 Companies Behavior Analysis
Targeted Attack Protection
 Industry’s most effective detection

Detection Intel Extraction Analysis and Correlation

POTENTIAL ALL THREATS
THREATS
Composite Reputation IOC Curation +
Mutli-Platform Intel
Correlation Threat Ops Actor/Campaign
Extraction Sandboxes
Analysis
MALWARE
Code Analysis Bare Metal Alerts from Campaign
Network Detection Correlation
TAP Intel Team

Multi-Platform
Malware Sandboxes TAP Ops Analyst-Assisted Customer-Initiated
Execution Research (PTIS)
NON-MALWARE
SaaS TAP Ops Threat Ops
Classifiers Credential Phish
(Phishing, BEC) Sandbox

Proofpoint Nexus Platform

20
 TAP Attachment Defense architecture

Reputation Threat Graph

Proofpoint
Protection
Server (PPS)
Unknown
Threat
Clean
File Hash Data

Attachment Integrated threat

password protected intelligence
zip file Defense
Module If Unknown
Sandbox
Hold email until
receive verdict.
Output
Timeouteither Clean / Threat
TAP
Malware Behavior Code Protocol Dashboard

21
TAP URL Defense Architecture

Clicked

Reputation

Proofpoint
Protection
URI Blacklist
Server (PPS)
Unknown/Clean
Threat Integrated threat Unknown/Clean
Threat
Check reputation. intelligence
Quarantine known Redirector
threats
Sandbox (urldefense.
proofpoint.com)
URL Defense If Unknown If Unknown
Module
Malware Behavior Code Protocol
Predictive
Rewrite URLs Defense

Threat Graph

TAP Data 302 Redirect

Dashboard
22
Who are my Very Attacked People?

90 Day Search
Window Filters

Threat Severity
Very Attacked People
(VAP)

23
TAP SaaS Defense

Malicious
files
uploaded
to cloud file
shares

Suspicious
logins’
severity
levels
Cloud
activity

People-
centric
threat view

24
Targeted Attack Protection:
Pulling Ahead With Industry Leading Solution

Powerful Advanced Threat Swift Response Superior Threat Insights

Protection Against New Vectors and Visibility

Discern Broad Campaigns Identify Targeted, Impacted Inspect All Attachments, Detailed Forensics Insights
and Targeted Attacks and At-Risk Users URLs at Delivery and at Click and Reporting
Email DLP

26
Best of Breed DLP
Drivers for DLP Our Capabilities
 Accuracy in Detection
Regulation and 1
• Document fingerprinting
Compliance • Smart ID
• Dictionaries
• Contextual Data matching
Employee 2
• Header, Attachment metadata tagging
monitoring • EDM

Data Breaches  Enforcement dispositions 3

• Encryption
• Quarantine
Forensics and • Block 4
Investigation • Rescan
• Allow w/ conditions
 Proofpoint DLP – Quickest time to value

Legacy vendor approaches Proofpoint DLP

Digital Assets, EDM to

Analyze all data 1

24-48 Hours
quickly secure IP and critical
Protect
data

2 Rich out-of-box Policies -

3-6+ months

Classify Classify
Dictionaries and Smart-ids

Protect Analyze and Ongoing analysis of all data

3
custom policies sent and received via email
 Integrated Email DLP

Unstructured Data Structured Data Unique Structured Data

John Doe – MRN - 342516

John Doe – MRN - 342516

Document Fingerprinting Smart ID’s / Dictionaries Exact Data Matching

Press Releases SSN Medical Record #

“Secret Recipe” GLBA Insurance Policy #
PII
Smart management, quick results
Contextual Data Matching

Algorithmic Smart Dictionary keywords Digital Assets

ID

f
 Low False  Analysis and
Positives  Granular classification
Prioritization for of Corporate
IT efficiency Sensitive data
Exact Data Matching

Structured non-algorithmic data matching

Reduced false positives

Support for high-volume datasets

Proofpoint Information Protection – A Unique Approach
Legacy insight is limited at
DATA
best. Response is often
binary
From a data protection
perspective, it is either
sensitive or its not. Legacy
DLP either permits or prevents
Proofpoint Information Protection – A Unique Approach
On the other hand
Having broader, people-
DATA
centric context…

PEOPLE-CENTRIC
Proofpoint Information Protection – A Unique Approach
… which includes not only
Proofpoint DATA
data, but access/behavior and
Security threat is better
Awareness
Training

PEOPLE-CENTRIC
ACCESS/
THREATS
BEHAVIOR
MODERN
DLP
Email DLP – Response and Visibility

 Clear visibility to content

 Remediation by Security
that was detected
or Compliance Officers  Integration with
 Self-Remediation by external systems  Custom incident
end-users review queues
 Reports on trends
and violators
Email DLP: Accelerating Momentum with an Integrated
Solution

Rapid Results No Blind Spots Smart Management

Accurately Detect Exfiltration Deploy Quickly with a Rich Pre-built Rules Achieve Compliance for
of Full Files or Data Fragments Cloud-native Solution and Dictionaries HIPAA, GDPR etc.

GDPR
Email Encryption
Integrated Encryption

Granular Message Control Simplified Key Management End-User Ease of Use

• Policy-Based Encryption • Keys managed and secured by • Mobile-optimized experience,

• Expire Messages by policy Proofpoint Key Service no browser plugins required
• Revoke keys for specific • All recipient interaction (encryption, • Clear reporting; messages sent,
messages/users authentication, decryption) is through received, viewed, etc.
customer system • Secure Reader Inbox
Secure Reader Inbox

All encrypted
Send encrypted
emails in a
message as
single inbox
attachment

Customizable URL to navigate to

retention policy inbox directly
Email Encryption: Take Back Control of Data

End-to-end Protection Granular Message Control Enhanced User Experience

No Prying Eyes Protect with No Weak Links Full Life Cycle Solution Expire Simplified Key Management
Strong Encryption with Policy-based Automation Emails, Keys via Policies Service by Proofpoint
Email Continuity

41
Ensure Uninterrupted Access To Email

Emergency Mailbox
30-day rolling email view

Automated Failover
Always-on, just like your business

Automated Restoration
No-touch primary mail recovery

Outlook Integration
Email continuity Simple end-user access

Native Mobile Support

Integrate with native email client

Archive storage

© 2019 Proofpoint. All rights reserved 42

Continuity: Email Always Available

Always-on Anywhere, Any Device Seamless User Experience

Full Access to Automatic Cutover, Hassle-free Cloud-based Extensive Multi-Platform

Emails, Contacts, Calendar Restoration and Syncing Solution Coverage
 44
© 2019 Proofpoint. All rights reserved