The "business" of the US Federal government presents unique challenges to IT administrators and information security professionals who support and secure a complex IT infrastructure. With email being the most prevalent medium for communications, federal organizations are facing an increasing set of challenges around the security and compliance of government email communications. Proofpoint Enterprise Protection, Privacy, and Archive provide federal organizations with a comprehensive solution for email compliance and security to address those challenges.
Proofpoint Enterprise Privacy helps federal organizations protect confidential information, personally identifiable information (PII), and Controlled Unclassified Information (CUI) by ensuring that email carrying this sensitive information is always secured, whether they are blocked from leaving an organization or, in cases where the information needs to be shared, that it is encrypted before it leaves the organization.
Proofpoint Enterprise Archive is a FISMA-compliant archiving solution and provides features to help federal organizations address challenges around email storage management, eDiscovery, and regulatory compliance.
With modern day low-volume phishing attacks targeted at corporate data instead of only at end user credentials, federal organizations must ensure that their email security solutions are protecting them against these latest threats. Proofpoint Enterprise Protection provides the industry's best threat protection against modern-day, malicious threats, with a combination of accurate threat detection, granular management based on the threat classification, and tools for response should the need arise to react to a direct attack.
- FISMA Compliance: Proofpoint Enterprise Archive meets the stringent requirements of the Federal Information Security Management Act (FISMA) certification and accreditation (C&A) process. Operating a service to FISMA standards requires Proofpoint to manage information with heightened controls and operational safeguards.
- Email Encryption: Proofpoint Encryption provides easy-to-use email encryption, backed by a strong policy engine that ensures all sensitive content is protected before it leaves the organization. All encrypted messages are branded to your organizations requirements. Recipients of Proofpoint encrypted emails follow extremely simple steps to authenticate and access their messages. No pre-registration or exchange of encryption keys is required to use Proofpoint Encryption; ad-hoc email encryption is fully supported. Proofpoint Encryption is compliant with the FIPS 140-2 standard.
- Smart Identifiers: Proofpoint's Smart Identifier technology dramatically reduces the number of false positives. Depending on the specific Smart Identifier, a variety of checks are performed, increasing the accuracy of the detection. For example, the Smart Identifier for credit card numbers performs the Lunh Algorithm check, which validates the checksum. This prevents any random 16-digit number from being flagged as credit card number. Custom Smart Identifiers can easily be added as well. ABA Routing Numbers and Social Security Number Smart Identifiers are pre-built into the Proofpoint Enterprise Privacy solution.
- Accurate Detection of PII/CUI: Accurate identification of PII and CUI is completed by utilizing a combination of Smart Identifiers along with proximity matching. For example, the Smart Identifier for a Social Security Number is validated against the Social Security Administrations Issuance Table (valid for all SSN's issued prior to June 1, 2011) but also checks for the an indicator in close proximity to the identified number, such as "SSN:", "SS#", etc., significantly increasing the confidence level of the detection.
- Flexible Policy Management: Granular policies can be set, allowing specific sets of users to send and receive PII/CUI via a secure encryption with Proofpoint Encryption, yet prevent other groups from sending PII/CUI altogether.
- Compliance Dashboard: Compliance officers have a dashboard view of their organization. Incidents that require review are highlighted, with one-click drill-down access to each specific incident that may require intervention or remediation. Reports summarize the number of encrypted messages that have been sent and the type of content that triggered the encryption (Credit Card Number, NPI, trade confirmations, etc.).
- Workflow: Detailed workflow is available to provide detailed tracking against each incident. Compliance reviews can release messages by encrypting the messages, or leave messages blocked within the quarantine. Severe violations can be escalated for further review. Status of each incident in review is then logged.
- Flexible Remediation: The vast majority of compliance issues come from inadvertent data loss. Proofpoint Smart Send is a feature that allows administrators to selectively allow sender-based remediation. For example, a federal employee may attach a spreadsheet containing PII. Smart Send can temporarily stop this message, send a notification back to the sender alerting them of the content within the message, but then also provide direct remediation options within the notification email: the ability to block that message permanently, the ability to release that message or to encryption that message before sending. Smart Send can be enabled for the entire organization or for specific groups.
- Best-in-class Threat Protection: Government agencies have long been a target of hackers. With phishing attacks on the rise, focused not on just end user account credentials, but increasingly on leveraging phishing emails as an entry vector to steal sensitive information from government organizations, having a best-in-class threat protection system is critical when addressing any data protection strategies. Proofpoint Enterprise Protection provides the best threat protection available against these external malicious threats today.
- Full Support for Cloud-based Email Systems (e.g., MS Office 365): Proofpoint Enterprise Privacy is available as a cloud-based solution and provides all the same rich functionality available as an on-premise solution. This also seamlessly integrates to any cloud-based email solution, such as Microsoft's Office 365, ensuring regulatory compliance while leveraging the cost benefits of the cloud.
- Secure Inter-agency Communications: Provide secure communications when your organization is conducting business with other government agencies.
- Request for Information: Provide easy-to-use, high-speed search technology to product information quickly to comply with mandates set by FRCP and the Freedom of Information Act.
- Detection Accuracy of PII/CUI: No other solution on the market today provides the accurate detection of PII and CUI like Proofpoint. This ensures that all PII and CUI is encrypted, but just importantly, does not flag information that does not require encryption to be encrypted.
- eDiscovery: Easy-to-use, high-speed search technology returns results in 20 seconds or less, making it easy to comply with the FRCP mandate and Freedom of Information Act requests.
- Easy-to-Use, Fully Integrated Encryption: An easy-to-use, policy-based encryption solution, accurately identifying messages for encryption ensures your organization is maintaining compliance to federal regulations.
- Mobile Support for Broad Range of Devices: Proofpoint solutions are fully optimized for mobile device usage, from both the sender and recipient perspectives. With the best mobile experience available from any solution today, this is critical as we see a growth in the variety of mobile devices in the enterprise environment.