FEATURES AND BENEFITS
Dynamically analyze and block in real-time the malicious URLs and attachments that can evade antivirus and reputation filters to deliver banking Trojans, ransomware, and other malware.
Leverage cloud-based Big Data analytics to predictively detect malicious URLs in unsolicited emails and block user clicks before they can lead to a compromise.
Provide comprehensive security whenever or wherever the user clicks by following email and checking for the URL destination’s safety in real-time.
Detect compromises and speed response and remediation of phishing and web compromise attacks by quickly identifying campaigns, targeted users, and potentially infected systems.
Next Generation Detection
Detect sophisticated malware attacks, including:
- Polymorphic and zero-day malware
- Malicious attachments
- Other advanced exploits
In order to detect such advanced malware effectively—whether malware spread via spear-phishing emails containing a malicious attachment, watering hole URLs over email, or longline phishing campaigns — our malware analysis system technology uses a combination of sophisticated techniques to evaluate advance threats, including:
- Real-time checks against emerging campaigns and new malicious websites that are being detected across organizations
- Static code analysis that looks for suspicious behavior, obfuscated scripts, malicious code snippets, and redirects to other malicious sites
- Dynamic malware analysis that sandboxes the destination URL or suspicious attachments to simulate a real user on a machine, with the goal of observing any changes made to the system
Our anti-evasion technology, in the dynamic analysis, tricks malware into revealing itself by creating virtual environments that accurately reproduce real system and real user behavior and interactions. This process provides comprehensive detection analysis that determines whether the destination URL or an attachment under suspicion is malicious, even finding malware that is sophisticated enough to conceal itself from detection leveraging techniques, e.g., IP rotation, mouse movement simulation, real browser sessions, time-delayed analysis.
Proofpoint applies machine-learning heuristics to model email flow at a per-user level, and at a cloud-level across all traffic within Targeted Attack Protection™, in order to block URLs even before they host active malware, using a cloud-based process that incorporates Big Data techniques and a real-time scoring engine, including:
- Anomalytics Service
- Kill Chain Analysis and Preemptive Sandboxing
Together, these technologies provide the ability to predictively determine what could likely be malicious—and take preemptive steps before any user has a chance to click and have their machine compromised, as explained here:
Make use of this Big Data technique that models every protected user’s email patterns, and is built on the behavioral history of that specific user to determine which email is suspicious and requires further scrutiny; this is especially useful in spear-phishing detection. Anomalytics observes normal mail flow characteristics for every user mailbox, and analyzes the inbound email in real-time to pick out anomalies. This observation and analysis further influence the systems actions around detection and protection from threats.
Kill Chain Analysis and Preemptive Sandboxing
Take advantage of this technique that leverages patterns using history, Alexa ranking, IP block reputation, velocity of email sent from an originating IP, and a set of other observed criteria in the browser path including Traffic Distribution System (TDS) IPs and obfuscated redirects. Based on patterns and known kill chain elements (TDSs, redirects), it is often possible to preemptively block URLs even prior to malware analysis – in other cases, the anomalies trigger proactive sandboxing of the destination URLs, and ultimately help to declare entire normalized patterns as being malicious, which reduces the time and effort to stop the damage of campaigns.
Follow Me Protection
Leverage an agentless, cloud-based service with URL intelligence to protect users from malicious links in emails no matter when or where they click on that URL– while working remotely, BYOD, and more. A frequent tactic has been to send users socially engineered emails that are designed to entice the user to click a URL within the email. The URL web destination either automatically initiates a download, or tricks the user to enter sensitive or private information. Proofpoint research has shown that 20% of clicks by users on malicious emails occur off the corporate network, bypassing on-premise security controls.
Proofpoint’s URL Defense Service rewrites the URL, so that wherever the user checks their email, Proofpoint can:
- Protect: Protect your enterprise by testing every URL behind the scenes at click time—wherever and whenever it’s clicked—to ensure that the organization is always protected, whether the user is accessing email on the corporate VPN or on an unsecured public connection
- Expose: Provide discrete visibility and click-tracking by ensuring URLs are unique for each recipient and each message, enabling end-to-end insight
- Complement: Respects your existing layers of security by not acting as a proxy service, but rather using a 302 redirect to reroute the user’s browser to safe destinations upon confirmation by Targeted Attack Protection. This proxy-less approach ensures existing corporate security controls and acceptable use policies are not bypassed
Follow-Me Protection works in conjunction with Next Generation Detection and Predictive Defense to provide a comprehensive solution to defend against advanced attacks even after an email has been delivered to the recipient’s inbox.
Obtain details of attacks, understand the size of the threat, identify specific users that were affected, and get real-time notifications for potential incidents that require investigation. Proofpoint provides a graphical, web-based threat analysis dashboard that offers data at an organizational, threat, and user levels, enabling you to take immediate action. Administrators, security professionals and incident response teams can:
- Analyze how many and what types of email threats are currently being received by the organization, and its comparison to other organizations
- Identify who has received malicious email threats, who has received malicious attachments, how many messages with the same malicious email threat were delivered, when they were received, which users have clicked, and which users were permitted to the malicious destination through click tracking
- Extract malware forensics to determine the behavior that was involved in the targeted threat under question
In addition, administrators and incident response teams can be notified in real-time when a threat is detected that requires user machine remediation.