© 2015 Proofpoint, Inc.© 2015 Proofpoint, Inc.
threat protection | compliance | archiving & governance | secure communication
Next-Generation Email Security
Jasper Evertzen [email protected] Sales Director Benelux & NordicsCharles Rami [email protected] SE Manager Benelux & Nordics
© 2015 Proofpoint, Inc.
Proofpoint (NASDAQ: PFPT)
Security-as-Service Leader
Key PartnersWhat We Do
Leaders Quadrant:2013-2014-2015 Magic Quadrant for Secure Email
Gateways & Enterprise Information Archive
Champions Quadrant & Innovation Award, 2012
Accolades
Select Partners & CustomersDemonstrated Success
3 of the 5 largest US Retailers
5 of the 5 largest US Banks
3 of the 5 largest US Defense Contractors
2 of the 5 largest Global Pharmaceuticals
Companies
4000+ Customers
Protect the Most Sensitive Data of the World’s Most Successful Companies
Comprehensive Data Protection Portfolio
Scalable Security-as-a-Service platform
Advanced Threat Protection
© 2015 Proofpoint, Inc.
Leaders in Gartner’s 2015Magic Quadrant for Secure Email GatewaysJune 29, 2015
“Proofpoint continues to lead the market with R&D investments in innovative features and corporate acquisitions to complement its enterprise capability.”
“It clearly has the sharpest focus on email security issues…“
“Spam and malware accuracy has always been a consistent Proofpoint strength...The company continues to invest in new, innovative techniques for spam detection, and gets high marks in this capacity from reference customers.”
“Proofpoint's Targeted Attack Protection service provides time-of-click URL protection and Attachment Defense.”
“The Web-based management interface continues to be one of the best…”
“DLP features are very strong, and include numerous prebuilt policies, dictionaries, number identifiers and integrated policy-based encryption.”
Read the full report at: www.proofpoint.com/mq
This slide for Proofpoint INTERNAL use only.
© 2015 Proofpoint, Inc.
Comprehensive Suite
© 2014 Proofpoint, Inc.
Security-as-a-Service
SuiteFull-life cycle data protection
Big Data PlatformAdvanced data processing, search, and analytics
Cloud InfrastructureInnovative hybrid architecture with global data center footprint
© 2015 Proofpoint, Inc.
Threat ResponseAutomate threat remediationSingle pane of glass for security operationsRespond in minutes instead of hours
Proofpoint Protection
Enterprise
Protection
Threat
Response
Targeted
Attack
Protection
© 2014 Proofpoint, Inc.
Enterprise ProtectionStop SPAM, viruses and other forms of malware
Targeted Attack Protection
Identify and block advanced threats from penetrating the enterprise
© 2015 Proofpoint, Inc.
Office 365 deployment
*Okta integrations
© 2015 Proofpoint, Inc.
Office 365 offer
Software Email Collaboration Security Compliance
Core Services Data Protection
EOAFOPE / EOP
Message Encryption eDiscovery Center
© 2015 Proofpoint, Inc.
Proofpoint is the MX Record
EOPExchange
OnlineInbound Email
Office 365 Suite
Proofpoint on Demand
ACTIVE FILTERING
MX Records: Proofpoint (clusterid.pphosted.com)
© 2015 Proofpoint, Inc.
Datacenters in Europe
© 2015 Proofpoint, Inc.
Proofpoint Email Security Suite
Known, Emerging Threats
Proofpoint Enterprise Protection
DETECTBLOCK
Targeted, Previously Unknown Threats
Proofpoint Targeted Attack
Protection
RESPOND
© 2015 Proofpoint, Inc.
Proofpoint Email Security Suite
Known, Emerging Threats
Proofpoint Enterprise Protection
BLOCK
© 2015 Proofpoint, Inc.
Unmatched Visibility and Control
Powerful threat classification• Phish, Malware, Spam, Adult,
Bulk, Suspect
Rich policy• Flexible options, discard, delay,
quarantine• Separate, configurable
quarantines
Real-time analysis• SmartSearch enable rapid
message tracing and tracking• + 60 reports by domain, AD
group, etc.
BLOCK
© 2015 Proofpoint, Inc.
Proofpoint Email Security Suite
DETECT
Targeted, Previously Unknown Threats
Proofpoint Targeted Attack
Protection
© 2015 Proofpoint, Inc.
The Industry Challenge
© 2014 Proofpoint, Inc.
Breaches Keep Happening
ALL PHISH
© 2015 Proofpoint, Inc.
Email Is the #1 Threat Vector
“There is ample evidence that email is the preferred channel to launch advanced targeted attacks.”- GARTNER, JULY 2013
“Criminals who pursue a career in phishing can reap millions of dollars a year, even if they only manage to snag just a few victims per scam.”- Brian Krebs, KrebsOnSecurity and investigator who revealed Target breach
“Median time-to-click [is] 1 minute and 22 seconds across all campaigns.”- Verizon 2015 Data Breach Investigations Report
“A BUSINESS’ REPUTATION CAN BE AFFECTED IMMENSELY BY A PHISHING ATTACK ... IRRELEVANT OF A COMPANY’S SIZE, IT CAN TAKE A LONG TIME FOR PEOPLE TO REGAIN CONFIDENCE IN A BUSINESS”- Rachel Ark, Hacksurfer
© 2015 Proofpoint, Inc.
We Think “Malware”Attackers Think “Monetization”
Every PC is valuable to cybercriminals
Source: Brian Krebs, “Value of a Hacked PC,” krebsonsecurity.com
© 2015 Proofpoint, Inc.
Email-Borne Threats: Exploit Techniques
URL-Based
Drive-by Downloads: Compromised sites, exploit kits, malware
Credential-seeking: false sites, Google Doc forms, phone number scams
.URLs pointing to zips
Attachment-Based
.exes inside archives (.zips, rar etc.)
Weaponized Documents (PDF, Office)
© 2015 Proofpoint, Inc.
TAP UD vs TAP AD
© 2015 Proofpoint, Inc.
The human factor
© 2015 Proofpoint, Inc.
The human factor - Where Do Users Click?On and off the network
1-in-5 clicks occur off the corporate network
© 2015 Proofpoint, Inc.
The human factor
© 2015 Proofpoint, Inc.
Example #1 Credentials seeking
How it worksTo target defense company Academi, the attacker registered two typosquatted domain names:• tolonevvs[dot]com (real news domain: tolonews.com (news site about
Afghanistan))• academl[dot]com (real company domain: academi.com)
When the target opens the email through the preview pane of Microsoft Outlook Web Access and clicks on the typosquatted domain, a new tab will be opened which loads the original news site.
© 2015 Proofpoint, Inc.
Credentials seeking Fake Outlook Web Access login pages
© 2015 Proofpoint, Inc.
Credentials seeking Fake Outlook Web Access login pages
The typosquatted domain tolonevvs.com actually contained a mildly obfuscated JavaScript code:
This JavaScript is not malicious because it simply sets the windows open property to point to a URL:window.opener.location = “hxxps://mail[dot] academl[dot]com/owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2fmail.academi.com%2fowa%2f&tids=lkdmfvlkd”
© 2015 Proofpoint, Inc.
Credentials seeking Fake Outlook Web Access login pages
© 2015 Proofpoint, Inc.
threat protection | compliance | archiving & governance | secure communication
How it works ?
© 2015 Proofpoint, Inc.
The Cybercrime Attack Chain
© 2015 Proofpoint, Inc.
Proofpoint Targeted Attack ProtectionURL Defense Service
2
http://malware
Email is received
1
All urls are rewritten and sent to the recipients
PROOFPOINTSANDBOX INFRA
https://urldefense.proofpoint.com/v1/url?u=http://onesourceprocess.com/...Proofpoint
Protection Server
DETECT
© 2015 Proofpoint, Inc.
© 2015 Proofpoint, Inc.
https://urldefense.proofpoint.com/v1/url?u=http://onesourceprocess.com/ab3bp5r/index.html&s=abeb44ac1/&k=CPgDZ%...Click to follow link
© 2015 Proofpoint, Inc.
Proofpoint Targeted Attack ProtectionURL Defense Service
2
http://malware
In parallel, a predictive analysis is done for some
urls3
Email is received
1
When user clicks on the link, the dynamic
analysis is activated4
5
Depending on the analysis, user is redirected to the destination web
site or to a blocking page
7The Threat Dashboard provides
all the details and forensics results
« Follow-me Protection » to protect users inside and outside
their corporate networks6
All urls are rewritten and sent to the recipients
PROOFPOINTSANDBOX INFRA
https://urldefense.proofpoint.com/v1/url?u=http://onesourceprocess.com/...Proofpoint
Protection Server
DETECT
© 2015 Proofpoint, Inc.
Dridex 220 – 3/16/15
10:00 12:00 14:00 16:00 18:00 20:008:00
Threat Instances
Hash: db3e6308564335022e38de73bdf6357e9879a0cc6af05d8aac33e7cc62b6a96a
Proofpoint detection via Attachment Defense (10:26)
5 hours later1/10 Top 10 AV vendors*3/57 All AV vendors on VirusTotal
*Top 10 AV: McAfee; Symantec; Kaspersky; F-Secure; Sophos; Trend Micro; Bit Defender; Avira; Microsoft; Malware Bytes
Summary:• 112,888 Messages Seen• 95 Customers Impacted
© 2015 Proofpoint, Inc.
Proofpoint Targeted Attack ProtectionAttachment Defense Service
3
Depending on the analysis result and the policy, the message is sent or quarantined
5The Threat Dashboard provides all
the details and forensics results
Proofpoint Protection
Server
If the hash is unknown, the document is sent to our DC for sandboxing analysis
Dynamic analysis is performed on the file to detect malicious threats.
4
2
PROOFPOINTSANDBOX INFRA
The document is hashed and compare to our database
1
5:00
DETECT
© 2015 Proofpoint, Inc.
Proofpoint TAP Dashboard
© 2015 Proofpoint, Inc.
Proofpoint TAP Dashboard
© 2015 Proofpoint, Inc.
Proofpoint TAP Dashboard
© 2015 Proofpoint, Inc.
Proofpoint Email Security Suite
RESPOND
© 2015 Proofpoint, Inc.
Incident Response Process Today
1INVESTIGATE
4CONTAIN
2VERIFY
3PRIORITIZE
123
Now repeatfor EVERY
security alert
RESPOND
© 2015 Proofpoint, Inc.
Automatic Context, Prioritization and Containment
Correlate & Confirm
AssessPrioritize response
ContainContain & Quarantine
AUTOMATED
CONSISTENT
INSTANT
© 2015 Proofpoint, Inc.
ET IntelligenceThreat Database for Enriching Context
• Access to 5 years of observed threat activity, updated in real-time
• Search on IP, Domain Name, MD5 hash, text string, and ET Pro signature ID (SID)
• Drill down, pivot• Web Portal and API
Use stand alone or integrate into SIEM/TIP
In-depth global context for Incident Response and Threat Research
RESPOND
© 2015 Proofpoint, Inc.
Summary: Proofpoint Protection
Predictively Block more attacks
DETECTBLOCK
Quickly detect targeted, polymorphic and zero-day attacks
RESPOND
Full visibility into targets, methods and exposure
© 2015 Proofpoint, Inc.
Audit or Proof of Concept
Deploy Proofpoint behind your current solution• Can be deployed to remain
passive within mail flow
Quickly determine your current risk exposure and effectiveness
Results within weeks
© 2015 Proofpoint, Inc.
Q A&threat protection | compliance | archiving & governance | secure communication