Home
Information Protection
Insider Threat Management
Context and Visibility

Context and Visibility

Information Protection

Correlate user activity, data interaction, and user risk visualized as timeline-based views and prioritized with your data classification labels.

No more manually correlating OS, application and DLP logs to belatedly find out what is happening in your organization.

Context with timelines

Know the Who, What, Where, When & Why

Always know the user and their intent behind their actions on the endpoint, with files and on web apps in consolidated timeline views. No security knowledge required to read these timelines.

Support all common endpoint operating systems

We capture offline and online user actions in applications, files, websites, keystrokes, command-line, print jobs, USB devices and a whole bunch more on

  • Windows desktops, laptops, virtual desktops and servers
  • MacOS desktops and laptops
  • 26 flavors of Linux/UNIX across Amazon Linux, AIX, Debian, HP-UX, Oracle, Red Hat Enterprise Linux, Solaris, SUSE Enterprise Linux Server and Ubuntu
  • Virtualized environments and applications in Citrix Virtual Apps and Desktops and VMWare Horizon
  • Windows on AWS and Azure

Granular user and data activity telemetry with a lightweight endpoint agent

With each activity event, get visibility into

  • Hostname
  • Username
  • Active application name
  • Active window title
  • Open URLs in browser
  • Host/remote host IP address
  • Keyboard and mouse shortcuts
  • File interactions including rename, cut, copy, paste, move, soft delete, download, upload and save alongside each user activity

 

 

 

Endpoint agents collect the telemetry and conduct the prevention actions. Running primarily in user mode with our patented file driver helps ITM achieve industry-leading lightweight architecture. Customers often run us in parallel with other endpoint security products without the traditional headaches of end user complaints nor performance degradation.

 

 

Microsoft Information Protection (MIP) Labels

Data classification with Microsoft Information Protection labels Body

Use the Microsoft Information Protection (MIP) labels to better explore, detect and prevent risky data movement by users.

Leverage your existing investments into MIP labels to your advantage. We read the labels for files as users interact with those files.

Monitor high-risk employees, privileged users, contractors and others

High-risk can occur with

  • Organizational context: Mergers, acquisitions, demotions, promotions, terminations, office relocations
  • User groups: departing employees, privileged users, sales and engineers in competitive industries, temporary workers, contractors and users in high-risk countries
Webinar

2020 Cost of Insider Threats Global Report
E-book

Rethinking Insider Risk in the Gig Economy
Solution Brief

Defend Against Insider Threats
Customer Story

Putting the Brakes on Insider Threats
E-book

Managing Insider Threats in the Technology Sector

Want to see ITM in action?

Let us walk you through Proofpoint Insider Threat Management and answer any questions you have about insider threats.

Request a Demo