Proofpoint Introduces New Innovations at the 2023 RSA Conference to Break the Attack Chain


Proofpoint, Inc., a leading cybersecurity and compliance company, today announced a host of innovations across its Aegis Threat ProtectionIdentity Threat Defense and Sigma Information Protection platforms, empowering organisations to stop malicious email attacks, detect and prevent identity-based threats and defend sensitive data from theft, loss and insider threats. The new innovations further enhance Proofpoint’s leading threat and information protection platforms, in addition to its newly formed Identity Threat Defense business (formerly known as Illusive), to help organisations augment and safeguard their productivity investments, such as Microsoft 365, with maximum deployment flexibility.

“Proofpoint continues to deliver on innovations that empower organisations to break the attack chain,” said Ryan Kalember, executive vice president, cyber security strategy, Proofpoint. “By providing our customers a unified path to solve for risk across email, cloud, identity and data, CISOs gain unparalleled visibility into and protection against the tactics that attackers rely on most.”

Aegis Threat Protection Platform

Proofpoint Aegis Threat Protection Platform is the only AI/ML-powered threat protection platform that disarms today’s advanced attacks, including Business Email Compromise (BEC), phishing, ransomware, supply chain threats and more. With flexible deployment options using both APIs and inline architecture, Aegis delivers advanced AI-powered, cloud-based protection that complements native Microsoft 365 defences.

By combining the company’s proprietary behavioural analytics and threat intelligence, Proofpoint is delivering new capabilities that provide visibility into account takeover-based attacks – from both within an organisation’s environment and outside suppliers. EvilProxy, for example, has become the most prominent MFA phishing-as-a-service provider according to recent Proofpoint threat intelligence – an attack that allows threat actors to hijack employee accounts or those of trusted suppliers.

  • *NEW* Supplier Threat Protection: Trusted supplier relationships are a growing attack vector: 69% of organisations experienced a supply chain attack within the past year, and CISOs rate it as one of their top concerns. With Proofpoint Supplier Threat Protection, available today, organisations can detect compromised supplier accounts so that security teams can swiftly investigate and remediate. This new product proactively monitors for and prioritises known compromised third-party accounts, simplifies investigation with details on why the account is suspected compromised and which employees recently communicated with the account in question, enabling security teams to seamlessly defend against prevalent third-party attacks such as BEC and phishing.

  • *NEW* Targeted Attack Prevention Account Takeover (TAP ATO): Threat actors successfully override multi-factor authentication in 30% of all targeted cloud and email account takeover attacks according to Proofpoint threat research. Once inside, malicious actors can hide undetected in an organisation’s environment, waging sophisticated attacks at will. Proofpoint TAP ATO, available at the end of Q2 2023, provides visibility across the entire email account takeover attack chain. It accelerates response investigation and remediates accounts, malicious mailbox rule changes, and manipulations of third-party apps and data exfiltration across email and cloud environments.
Identity Threat Defense (formerly known as Illusive):

From ransomware to APTs, 90% of attacks rely on compromised identities. The complexity of managing Active Directory (AD) has resulted in the presence of exploitable privileged identity risks in all organisations at a rate of one in six endpoints. These identity risks include unmanaged local admins with stale passwords, misconfigured users with unnecessary privileges, cached credentials left exposed on endpoints, and much more. When an attacker compromises an endpoint with these privileged identity risks, deploying malicious software and stealing data are easy. Privileged identities represent the keys to the kingdom, which attackers exploit to steal the crown jewels. Unfortunately, most organisations are unaware of this risk – until they are attacked.

Leveraging new advanced identity risk analytics and automated detection, Proofpoint has further bolstered its Identity Threat Defense platform – undefeated in more than 150 red team exercises – to provide organisations with comprehensive identity risk protection and remediation:

  • *NEW* Spotlight Risk Analytics: The new advanced risk analytics in the Spotlight dashboard allow users to gain an executive view of an organisation’s risk trends as well as  exposure across various risk categories and risk exposure levels. It also provides recommendations for possible user admin action. Spotlight Risk Analytics simplifies decision makers’ workload while ensuring organisational leaders can make informed decisions to remediate modern and sophisticated identity risks. With availability expected late Q2 2023, decision makers will also be able to follow risk trends to track their organisation’s risk posture improvements over time.

  • *NEW* Proofpoint Spotlight Cross Domain & Trust Visibility: For organisations with complex infrastructure, including multinational, multi-business and merging organisations, identity infrastructure is often stitched together without broader visibility. Spotlight Cross Domain & Trust Visibility, available today, provides insight to understand where AD domains across companies have too much bi-directional trust, which can result in identity risk and lateral movement by attackers. Business leaders can gain a centralised view into the broadest organisational structure’s domains and trusts to better prevent identity risk exposure in a holistic fashion.

Organisations can contact Proofpoint for a two-minute complimentary Identity Threat Assessment of their environment to instantly learn about their identity risk profile.

Sigma Information Protection Platform

Proofpoint is the world’ largest Insider Threat Management (ITM) provider, and since its introduction in early 2020, Proofpoint’s information protection business has grown a remarkable 107%, making the company the second largest data loss prevention (DLP) vendor globally and by revenue according to Gartner (Gartner, Inc. Market Share: All Software Markets, Worldwide, 2022). Driven by the accelerated adoption of work-from-anywhere practices, the Proofpoint Sigma Information Protection platform is now deployed to over 5,000 customers and 46 million users worldwide, analysing 45 billion events each month, and trusted by nearly half of the Fortune 100.

Proofpoint’s Information Protection Platform is the only information protection platform that merges content inspection, threat telemetry and user behaviour across channels in a unified, cloud-native interface.

  • *NEW* Privacy by Design Data Loss Prevention: As international organisations work to meet new and changing local privacy and data sovereignty requirements, Proofpoint now hosts its Sigma Information Protection platform in regions such as the European Union, Japan, and Australia in addition to the United States. Proofpoint is also further investing in privacy-related capabilities so that organisations can mask sensitive data in the console to limit its exposure and create custom data access policies to address privacy and compliance needsAdditional features are available in beta today, with general availability expected in Q3 2023, enabling organisations to anonymise identifying user information so analysts can investigate without bias and with better privacy for the user. Administrators will also be able to set up metadata to anonymisation and  approval workflows for de-anonymising the metadata during investigation.