In the recently published “2020 Market Guide for Email Security” report, Gartner says that “email is still the most common channel for opportunistic and targeted attacks, as well as a significant source of data loss. According to the 2020 Verizon Data Breach report, 22% of breaches involved social engineering, and 96% of those breaches came through email.”
Meanwhile, business email compromise (BEC) and email account compromise (EAC) continue to grow. To get an idea of how pervasive a problem BEC/EAC is, Proofpoint detects and blocks over 15,000 BEC/impostor messages a day or nearly four million messages a year. We have observed more than 7,000 executives impersonated and about half of our customers have had an impersonated VIP this year.
Because of the significant role email plays as an attack vector, organizations need to invest in a holistic approach for email security. In this Market Guide, Gartner provides a comprehensive list of differentiating capabilities that security and risk management leaders should look for in an email security solution.
Here’s how Proofpoint’s market-leading email security solution delivers on them:
Advanced Threat Defense
Proofpoint protects your people by delivering a comprehensive solution that prevents, detects and responds to advanced threats. We block email threats with multiple detection techniques to prevent malicious content from reaching users via attachments and URLs.
Proofpoint employs sandboxing to inspect attachments and URLs. Because we’ve observed a rise in legitimate file-sharing abuse, where attackers use legitimate infrastructure to evade detection, we predictively sandbox all file-sharing links. In fact, our research found that of all malicious URLs delivered from file shares, more than half of those were from Microsoft (e.g. OneDrive, SharePoint). We inspect URLs in attachments, including password-protected attachments, and in subject lines. And we also provide URL rewriting and time-of-click analysis to protect your users on any network and device. These detection engines also help detect if a message has been poisoned post-delivery.
As an added layer of protection, we provide browser isolation. Unique to Proofpoint is the ability to apply browser isolation as a risk-based adaptive control. For example, you can implement a policy to isolate all URL clicks for your Very Attacked People, delivering stronger protection for your riskiest users.
Defending against Business Email Compromise (BEC)
Impostor threat preys on human nature. It relies on social engineering to trick or threaten people into making fraudulent wire transfers or financial payments. These threats are difficult to detect because they don’t include malicious payloads, such as malicious URLs or attachments.
We believe, the report aligns with Proofpoint’s perspective that combatting BEC/EAC requires a comprehensive approach that provides layered defenses. Gartner states, “There is no single technology solution to BEC attacks. Solutions need to be a combination of technology and user education.”
Proofpoint provides an integrated, end-to-end solution to defend against email fraud.
Unlike other solutions that rely on static rules matching or limit impostor detection to a pre-defined set of executives, we apply advanced machine learning technology to dynamically detect impostor threats for all messages. We analyze various factors, including the message content, reputation (sender, recipient and domain), sender/recipient relationship and more. More importantly, because we see and block so many impostor messages per day, we have an incredibly large corpus of data to train our detection engines and stay ahead of constantly changing attacker tactics.
To make it easier to enforce DMARC on inbound messages, customers can use our gateway’s verified DMARC feature. It provides a DMARC reputation service that uses data and visibility we uniquely have about the organizations that have properly implemented DMARC. With the verified DMARC feature, you get better protection against inbound impostor threats without worrying it may interrupt your mail flow.
In addition to enforcing DMARC on inbound messages, we can help your organization implement a global email authentication policy (DMARC) and identify lookalikes of your trusted domain. This allows you to confidently authorize legitimate senders, including 3rd party senders, and prevent your trusted domain from being used in email attacks. We’re the preferred choice for DMARC implementation among the F1000 and have successfully managed very complex DMARC deployments. We guide you through each step of your rollout so you can quickly and confidently implement DMARC for your domains.
Security Awareness Training
Gartner recommends, “technology innovations should be complemented by investments in security awareness training, especially to combat email threats that are payload-less.. It also suggests that organizations should simulate attacks via anti-phishing behavioral conditioning (APBC), measure, and provide training and notification to users.”
Proofpoint’s market-leading security awareness training helps you address the human layer of protection. We’ve helped companies reduce phishing attacks by up to 90 percent and cut malware infections by 40 percent.
Unlike other solutions, our security awareness training utilizes Proofpoint’s best-in-class threat intelligence to deliver highly effective and focused education. For example, you can automatically import “Very Attacked People” and “Top Clickers” into the security awareness platform and assign appropriate training. And our phishing simulation utilizes real phishing lures spotted “in-the-wild” by Proofpoint threat intelligence.
We also allow users to easily report suspicious phishing emails to an abuse mailbox, with a single click, using either the PhishAlarm® button or via email warning tag. Email warning tags provide interactive, color-coded visual cues that alert users to take extra precautions with a specific message. This helps power Closed-Loop Email Analysis and Response (CLEAR) that automates reporting, analysis and remediation of potential email threats reported by users.
How we handle Graymail
While Gartner says this is “an area in which many SEGs require further investment,” graymail is something Proofpoint has been doing for years. Not only do we identify graymail (e.g., newsletters, bulk mail) with granular email filtering, but we also give users individual control over these low-priority emails. In fact, we recently made it even easier for users to manage graymail directly within their email client with a new Proofpoint for Outlook plug-in. Users can now view and manage their quarantine and manage their senders lists without having to launch another browser or deal with authentication complexity.
Our alignment with Gartner's "Postdelivery Protection and M-SOAR"
Gartner recommends that organizations should “evaluate vendors that have added detection and response capabilities to address threats that were not initially caught and were allowed to land in a user’s inbox.”
We believe, with our Threat Response Auto Pull (TRAP) capability, you can remove malicious and unwanted messages post-delivery, as well as unwanted email from internal accounts that are compromised. It identifies all instances of the malicious email across an organization and removes them all with just one click, or can be automated, even if it was forwarded or received by other users. This allows organizations to save a significant amount of manual work and reduce the time to remediation.
How Proofpoint helps its clients in protecting Data
Not only is email the number one threat vector, but it’s also a significant vector for outbound data loss. Gartner states, “Outbound email security features (such as DLP, email encryption and EDRM), are critical for intellectual property protection and regulatory compliance (such as Payment Card Industry [PCI] and Health Insurance Portability and Accountability Act [HIPAA] data).”
Proofpoint Email DLP and Email Encryption automatically inspect outbound messages to protect critical data, such as PII and financial data. We recently announced our people-centric Enterprise DLP platform that brings together our DLP solutions for email, cloud, and endpoint, allowing your security and compliance teams to identify and quickly respond to data risks posed by negligent, compromised and malicious users.
How do we align with Gartner Cloud Email Security Supplements (CESSs) and Integrated Email Security Solutions (IESSs)
Gartner report discusses CESSs and IESSs. We believe that organizations don’t need them with Proofpoint. Not only do we detect and block phishing and payload-less threats like impostor emails more effectively, but we also stop attacks farther up the attack chain before they are delivered to end-use inboxes. Rather than purchase and manage several point products that only address one or two use cases, Proofpoint provides a comprehensive platform that allows you to consolidate vendors and improve operational effectiveness.
Download the report today to learn more about what to look for in an email security solution. And visit proofpoint.com to see how Proofpoint delivers on Gartner’s email security recommendations.
Gartner, Market Guide for Email Security, Mark Harris, Peter Firstbrook, Ravisha Chugh, 8 September 2020
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.