Proofpoint Launches Industry-First Innovations to Break the Attack Chain

Nyc clouds

New integrated solutions solve for the most critical risks facing organisations when it matters most—spanning threat, identity, and data—to detect more attacks pre-delivery, quantify the impact of compromised identities, and improve the efficiency of defenders responding to data loss

SUNNYVALE, Calif. and NEW YORK Sept. 6, 2023Proofpoint, Inc., a leading cybersecurity and compliance company, today introduced industry-first innovations that address the top risks organisations face today—from business email compromise (BEC), the leading cause of financial loss for organisations, to ransomware and data exfiltration. The unified solutions, announced at Proofpoint Protect 2023, span the company’s Aegis Threat Protection, Identity Threat Defense and Sigma Information Protection platforms to thwart threats across the most critical stages of the attack chain. Fuelled by trillions of detected threat activities sourced from one of the most comprehensive data sets in the industry, Proofpoint’s new AI- and ML-powered innovations equip security practitioners with unmatched visibility, flexibility, and depth to detect and disrupt sophisticated adversaries across their organisations’ attack surfaces.

“The critical parts of the attack chain can’t be effectively combatted without taking a people-centric approach,” said Ryan Kalember, executive vice president, cybersecurity strategy, Proofpoint. “We analyse more human communications than any other cybersecurity company, allowing us to deliver industry-first innovations that disrupt the threat actor’s playbook across the attack chain for email fraud, ransomware, data theft, and other risks that matter.”

AI and ML require robust detection models and a high-fidelity data pipeline to yield accurate detection rates, operational efficiencies, and automated protection. Proofpoint customers benefit from one of the largest and most diverse global cybersecurity data pipelines across email, the cloud, and mobile computing. Every year, Proofpoint analyses an unparalleled amount of data sourced from more than 2.8 trillion scanned email messages, 17 trillion scanned URLs, 1.3 trillion scanned SMS and MMS, and 46 million DLP end users.

Preventing Initial Compromise 

Email is the number one attack vector leading to successful compromise. Proofpoint’s Aegis Platform is the only AI/ML-powered, cloud-based threat protection platform that disarms today's advanced attacks, including email fraud (BEC), ransomware, weaponised URLs, multi-factor authentication (MFA) bypass for credential phishing, and more. New enhancements and features in Aegis include:

  • Industry-first LLM-based Pre-delivery Threat Detection: Through Proofpoint’s implementation of the BERT large language model (LLM) within Proofpoint’s CLEAR solution, the company is pioneering industry-first, pre-delivery protection against social engineering attacks before they can do harm.

Pre-delivery protection is so critical because, based on Proofpoint’s telemetry across more than 230,000 organisations around the world, post-delivery detections are frequently too late. Nearly one in seven malicious URL clicks occur within one minute of the email’s arrival, and more than one-third of BEC replies happen in less than five minutes. These narrow timeframes, during which a user can fall prey to an attack, underscore the importance of blocking malicious attacks before they can reach a user’s inbox.

Time Elapsed

This LLM-based detection has also proven highly successful at detecting malicious messages—both those created traditionally and with generative AI. Proofpoint has also been using ChatGPT, WormGPT, and other generative AI-created malicious content to train our models.

  • Enhanced Visibility into Blocked Threats: Last year, businesses lost more than $2.7 billion due to BEC scams—nearly 80 times greater than losses due to ransomware. Beginning in Q3, new summaries in the Targeted Attack Prevention (TAP) Dashboard will provide enhanced explanation on BEC condemnations performed by Proofpoint’s CLEAR solution, including threats condemned by the new LLM-based detection. Condemnation summaries will include why a threat was determined to be a BEC attack and its corresponding response timelines, reducing security practitioners’ time spent on threat analysis and reporting to management.   

Identity Threat Defense: Attack Path Risk

The global increase in cyberattacks has been enabled by attackers shifting their tactics and focus to identity-based attacks, with 84% of organisations falling victim to an identity-related breach last year. When attackers first land on a host, it’s very rarely their end target. Instead, they escalate privilege and move laterally across an environment to exploit privileged credentials.

By bringing together market-leading data across the attack chain between Proofpoint’s Aegis and Identity Threat Defense platforms, security practitioners can understand the number of attack paths for ransomware and data exfiltration should an employee’s identity be compromised for privileged identity abuse and lateral movement with Proofpoint’s new Attack Path Risk. Available in Q4 within Proofpoint’s TAP dashboard, organisations that add Proofpoint’s Identity Threat Defense to their Proofpoint Aegis implementation can empower their analysts to swiftly prioritise the remediation and adaptive controls.

Defending Against Data Exfiltration: Misdirected Email 

Proofpoint Sigma is the only information protection platform that merges content classification, threat telemetry and user behavior across channels in a unified, cloud-native interface to stop data loss and insider threats. Proofpoint is the world’s largest Insider Threat Management (ITM) provider and second largest data loss prevention (DLP) vendor globally and by revenue (Gartner). Driven by the accelerated adoption of work-from-anywhere practices, Sigma is trusted by nearly half of the Fortune 100 and deployed to over 5,000 customers and 46 million users worldwide, analysing 45 billion events each month.

Leveraging behaviour anomaly detection machine learning for content scanning, Proofpoint’s new Misdirected Email solution, available in Q4, prevents users from accidentally sending emails and files to the wrong recipient and possibly creating a data loss incident.

Generative AI-based Analysis for Powerful Threat Insights Across the Attack Chain: Proofpoint Security Assistant

Proofpoint continues to deliver unique AI and ML innovations based on telemetry from its vast customer set comprised of more than 230,000 global enterprises and small- and medium-sized businesses as well as 150 ISP and mobile network providers. Previewed for the first time at Protect 2023, Proofpoint Security Assistant, a new generative AI user interface, empowers analysts to ask natural language questions and receive actionable insights and recommendations based on the trillions of combined data points across Proofpoint’s platforms.

Available in Q4 as a technology preview in the Sigma Information Protection platform, DLP SOC analysts can pose questions such as, “show me John Doe’s exfiltration attempts and recommend which DLP controls we should add.” Over time, Proofpoint’s generative AI-based interface will be expanded to the Aegis and Identity Threat Defense platforms, enabling security practitioners to gain powerful threat insights by asking queries such as, “show me the leading Very Attacked People who have the most attack paths that would result in a ransomware-based data exfiltration.”  

Responsible Approach to Generative AI

The integrity, privacy and security of customer data is of paramount importance to Proofpoint.  We rigorously evaluate each generative AI tool for compliance with Proofpoint’s corporate tenets. For example, we use internally deployed versions of generative AI tools, and we do not allow LLM providers to train their models using Proofpoint-held data.     

For more on Proofpoint’s solutions, please visit:

Aegis Threat Protection platform: 

Identity Threat Defense platform:

Sigma Information Protection platform: 

To schedule a complimentary Identity Threat Assessment:


About Proofpoint, Inc.

Proofpoint, Inc. is a leading cybersecurity and compliance company that protects organizations’ greatest assets and biggest risks: their people. With an integrated suite of cloud-based solutions, Proofpoint helps companies around the world stop targeted threats, safeguard their data, and make their users more resilient against cyber attacks. Leading organizations of all sizes, including 85 percent of the Fortune 100, rely on Proofpoint for people-centric security and compliance solutions that mitigate their most critical risks across email, the cloud, social media, and the web. More information is available at

Connect with Proofpoint: Twitter LinkedIn | Facebook YouTube

Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.