A Firewall for E-mails: PROOFPOINT
In this article, we discuss “Proofpoint Email Protection” and its features which smooth the way for security individuals to better understand the security state of an organization.
E-mail is today’s most important communication channel and it’s №1 threat vector both for organizations and individuals. Thus, e-mail phishing is a popular form of cybercrime. Unfortunately, protection against phishing e-mails is proportional to the awareness of employees and dependent on the user behavior. That means there is always a risk of human error. Proofpoint helps us to overcome such vulnerabilities.
Too much e-mail flow causes many blind spots in the communication environment. Therefore, all organizations need security solutions integrated with visibility and automation tools. Proofpoint is a people-centric and user-friendly security solution which sandboxes 120 million attachments, monitors 16 million cloud accounts, analyzes 26 billion URLs and 5 billion e-mail messages per day.
Cyber attackers use a range of identity deception tactics, such as lookalike domains/emails. Proofpoint is a proactive approach to typosquatting or fake URLs/websites/email addresses.
With integration to SIEM (Security Information and Event Management), organizations can strengthen their cybersecurity posture through Proofpoint.
TAP Dashboard (Targeted Attack Protection) console reveals which users are most attacked and empowers the security team to protect them from malicious URLs, attachments and email threats.
Here are some unique features of PROOFPOINT;
1.Choosing the right time frame is very important. To be able to track a phishing attempt in Proofpoint, we should firstly set the time option. To customize a specified period is also possible under “Time option tab”.
2.With the help of “Attack Index” tab, the analyst can figure out which of the users are focus of the phishing attacks and how many times they clicked on the suspicious links attached to emails. Thus, the awareness level of main targets can be heightened, or the security level of their credentials can be increased.
3.By selecting “VIP” from “USERS” tab, we can narrow the review area to important users.
4.The admin console empowers the users to activate Proofpoint’s spam detection feature with “Organizational Safe List” and “Organizational Block List” tabs under spam detection menu.
5.With “Threats” tab, we can see a general list of malware families and search a particular malware type attached/linked to an e-mail. With this tab, security teams can search and better understand the sophisticated malwares used in e-mail phishing.
6.A unique feature of Proofpoint is “phishalarm button” which enables users to report suspicious e-mails and messages with just one click.
7.By clicking on “Evidence” tab, we can get a forensic point of view on the e-mail-related evidence such as sender e-mail, receiver as well as the infected account, blocked, permitted or delivered email. Under the “Reports” tab, we can see which site Proofpoint applied to sandbox the malware.
8.The most important information about phishing e-mails can be found under the “People” tab. Header forgery is the first step to detect e-mail spoofing. In addition to the affected recipients of a phishing e-mail, we can find the “header analysis” of a suspicious e-mail under the “People” tab. Proofpoint conducts a sophisticated “e-mail header analysis” which is one of the crucial steps to detect phishing attempts.
9.By clicking on “Open in Proofpoint Browser Isolation”, we can see how Proofpoint analyzes a malicious link after re-writing it with a prefix named “Saasisolation”. That means, Proofpoint conducts a dynamic malware analysis within its own sandbox environment without infecting the users’ system.
10.Proofpoint can work as a DLP solution (Data Loss Prevention) thanks to its outgoing e-mail control ability. Although it’s not a total loss prevention key for data leaks, Proofpoint can monitor e-mail communication and by setting admin rules, it can prevent certain data leaks such as PII (Personal Identifiable Information) through e-mail.
11.Proofpoint is a learning tool, which means, it’s skilled at creating and sharing knowledge, and modifying its behavior to react against new malwares. AV-TEST Institute registers 450,000 new malicious programs (malware) and potentially unwanted applications (PUA) daily. When there is a brand-new malware, Proofpoint detects and shares it in its database to reach out multiple applications and users.
12.Proofpoint can be used with Jira Software to escalate/hand over an issue to other counterparts such as system administrator, service desk etc. In addition, Proofpoint can also be used with a ticketing tool like IBM SOAR (formerly Resilient). Both talents empower the cybersecurity teams to work in automation, coordination and confidence with all counterparts of cybersecurity landscape.
SOURCES
2. https://help.proofpoint.com/Threat_Insight_Dashboard/API_Documentation/SIEM_API
