- Implement a more proactive cybersecurity strategy
- Safeguard interaction with third-party partners
- Protect brand integrity
- Proofpoint Email Fraud Defense (EFD)
- Proofpoint Enterprise Protection
- Proofpoint Targeted Attack Protection (TAP)
- Proofpoint Threat Response Auto-Pull (TRAP)
- Internal Mail Defense
- Proofpoint Security Awareness Training
- Improved phishing click rates and better engaged employees in security awareness
- Reduced time for mitigating email threats
- Minimised unauthorised email attempts with EFD and DMARC reject
Moving from reactive to proactive security
For nearly two decades, this fashion innovator has steadily grown and diversified its offerings. To protect its hundreds of global sites, as well as its online retail operations, the company has made cybersecurity a key pillar of its IT strategy.
“We’re a retail company, so the availability of registers, mobile POS systems and things like that are critical to our business,” said the company’s Information Security Officer. If we can’t ring up sales, obviously we’re not making any money. We support the business by making sure that decisions are made with security in mind. That includes the design of systems, processes, and the way that things are run, monitored, and cared for.”
To keep pace with new threats, the organisation has placed added emphasis on email security. Protecting its brand reputation and safeguarding employees from phishing and other threats have been top of mind.
“We have seen quite a bit of impersonation of our domain, and people sending on emails on behalf of our brand,” said the Information Security Officer. “Because of this, we are taking steps to move to a DMARC-compliant setup. This will help us improve and monitor protection of our domain against fraudulent email.”
As it evaluated its cybersecurity solutions and practices, the company also found that its email security systems were unable to keep up with threats that changed almost daily.
“We were always chasing issues in a reactive way,” said the Information Security Officer. “We became aware of at least four different techniques that attackers were consistently using to bypass our legacy system. In one case, we had a trouble ticket open with our vendor for more than a year, yet they were unable to fix the exploitation technique that attackers were using for credential phishing.”
The designer was seeking a comprehensive email solution that provided not only protection against the latest threats, but training and support to help it build a stronger culture of security from within.
A comprehensive approach to minimising business email risk
After considering a variety of solutions, the fashion designer’s security team deployed multilayered security solutions from Proofpoint.
Proofpoint Email Fraud Defense (EFD) provides the company with the tools, services and visibility it needs to authorise legitimate email and ensure trust for its business communications. EFD also helps the company simplify its DMARC authentication initiative and gain visibility into lookalike domains and risky suppliers.
“We’re still moving to DMARC compliance, so that’s one of the reasons we chose Proofpoint EFD,” said the Information Security Officer. “We have seen quite a bit of impersonation of our domain, as well as people sending email on our behalf. It’s essential for us to move to a DMARC-compliant setup, and so far we’ve moved over 429 domains that we have identified for malicious activity.”
To gain better insight and more proactive protection against email threats, the designer also deployed Proofpoint Threat Response Auto-Pull (TRAP). Designed to remediate active attacks like phishing, TRAP can automatically pull bad messages out of the organisation’s message flow. This helps the designer’s security team lock down any threats from compromised email accounts, fast. And it gives them the tools and visibility they need to analyse emails and make better decisions about suspicious messages.
“In the past, we had no automation in place to perform removals,” said the Information Security Officer. “We had to manually identify the attributes of emails we needed to search for, identify the compromised user and the subjects of their emails, and run a discovery search. The process might take thirty minutes, and we would have to repeat it to refine the results. With TRAP, almost everything is automated.”
Getting proactive about email security and long-term protection
The designer has been pleased with the performance provided by Proofpoint email security solutions. Proofpoint TRAP has provided dependable protection and automation that saves staff time.
“I haven’t had to do a manual email removal in quite a long time,” said the Information Security Officer. “Usually I can let TRAP just do its thing, and I don’t intervene.”
To go beyond security tools alone and instil best practices in its company culture, the designer chose Proofpoint Security Awareness Training. Designed to encourage behaviour change, this online education is targeted to the needs and roles of its users. The designer chose to launch a monthly phishing simulation campaign to be sure that users are actively engaged in identifying and reporting suspicious emails.
“Since we implemented Proofpoint Security Awareness Training, we’ve actually seen a very good trend in our phishing simulation,” said the Information Security Officer. “Within about a year, the click rates on simulated threats dropped 39%. And over the same period, our user-reported phishing emails grew by 20%.”
Behind it all, Proofpoint Professional Services provided solid support during the migration process. This made the move to Proofpoint an easy one.
“Our support professional was extremely knowledgeable, and very flexible in terms of time,” said the Information Security Officer. “Obviously we just can’t switch over our mail in the middle of the day, so we had to do things after hours. Proofpoint gave us their time at night and on weekends, and everything went extremely smoothly.”
With the help of Proofpoint solutions and services, the global fashion designer has taken a leap forward in moving from a reactive, uncertain security posture toward more confident, proactive risk management.