How Proofpoint Helps Enable a Cybersecurity Mesh Approach

Many organizations have made dramatic changes in recent years in how they manage their most critical data and assets—moving from primarily on-premises infrastructure to relying more on private and public cloud infrastructure, for example. And how users access these assets and data has changed, too, as the number of employees working remotely has expanded significantly over the past year.

Rethinking security strategy is a priority for many organizations. Users must be able to access data and assets easily, regardless of where they’re connecting from or what device they’re using. But what’s even more important is robust security that can protect “the keys to the kingdom.”

That requires a new approach—one that Gartner has been talking about recently and calls the “cybersecurity mesh.” According to Gartner, with many IT assets now outside traditional enterprise perimeters, IT leaders must rethink security. Enter the cybersecurity mesh architecture, a composable and scalable approach to extend security controls to distributed assets by decoupling policy enforcement from the assets being protected.” *

People-centric security is made for the mesh

As an industry leader in focusing on the importance of people-centric security. We’ve seen traditional security perimeters within companies breaking down and threat actors increasingly targeting people rather than infrastructure.

Because of this focus, Proofpoint has developed an in-depth information protection solution that we believe aligns well with Gartner’s cybersecurity mesh concepts. Below, we present some actions that Gartner recommends to organizations implementing the cybersecurity mesh approach. We also discuss how Proofpoint solutions fit with that guidance.

1. Enable the organization’s need for anywhere operations by shifting to cloud-delivered, location-independent cybersecurity controls.* 

Proofpoint solutions that can help organizations enable a cybersecurity mesh approach are all cloud-delivered. Our security stack starts with Proofpoint Targeted Attack Protection (TAP). It’s a critical component for protecting organizations against sophisticated email-borne threats—a top attack vector for threat actors. 

TAP provides industry-leading protection against the most sophisticated threats, along with detailed threat information that allows organizations to fully understand the kinds of attacks targeting them. The threat intelligence that is part of TAP also feeds other Proofpoint security solutions, such as Proofpoint CASB.

CASB provides people-centric security to the cloud apps organizations are using more than ever.

Another critical security capability is our cloud insider threat solution, Proofpoint Insider Threat Management (ITM). ITM is critical for organizations to help protect against data loss and brand damage from either malicious or negligent insiders. 

Finally, the cloud-based Proofpoint Enterprise DLP solution helps organizations prevent data loss by focusing on the people who are using the data—regardless of where the data resides.

2. Transition from traditional VPNs to reliable, flexible and secure cloud-delivered ZTNA.*

As more employees work outside the traditional enterprise perimeter, it becomes more important for organizations to have a fast, secure and easy-to-use solution in place for users to access the corporate data and assets they need to perform their work.

Proofpoint Meta provides organizations with micro-segmented, secure access and cloud-delivered security, along with an exceptional user experience. It narrows the attack surface significantly by ensuring users only have access to exactly what they need, based on who they are, where they are and what device they are using to connect.

3. Choose security analytics and intelligence technology that is interoperable and extensible: Additional security tools will be expected to plug into this technology, both by contributing additional data as well as leveraging insight and being triggered through events.*

Organizations often rely on a wide variety of disparate tools as they work to protect themselves from today’s threats. All these tools produce their own alerts—making it extremely challenging for security teams to identify cohesive patterns in alert activity.

With Proofpoint Threat Response Auto Pull (TRAP) security teams now have a simple way to automatically remediate malicious emails in user’s inbox post-delivery. Even once an email has been delivered, we provide security teams information and automation in case the posture of the email changes once it’s in a user’s inbox.  TRAP can also follow everywhere the email has been spread in an organization to remove it from all users’ inboxes.

Proofpoint TRAP further enables Closed Loop Email Analysis and Response (CLEAR).  CLEAR allows users to report suspicious emails which are then prioritized for further analysis and enriched with Proofpoint Threat Intelligence and Security Awareness Training data.  If the reported emails are found to me malicious, they can automatically be removed from inboxes across the entire organization.

4. Deploy a gateway approach to SaaS access control, using a CASB or SWG, when adaptive control and real-time traffic inspection are required.*

Proofpoint can quickly determine the riskiest users in your organization by using our superior threat intelligence. Our CASB uses this information to block access automatically from risky locations and networks and by known threat actors. The solution can also apply various risk-based controls to high-risk and high-privilege users. 

With Proofpoint Email Isolation, we can provide isolation for risky links within corporate email. We can also provide deeper levels of isolation for users Proofpoint TAP has classified as Very Attacked People (VAPs). This proprietary capability brings true adaptive controls, and it changes automatically as threat actors change their targets.

5. Beware of silos: Scrutinize vendor offerings for interoperability with cybersecurity controls and dashboards in the form of APIs and integrations. Give priority to vendors that have opened up their policy framework, allowing policy decisions to be made outside the tool.*

Proofpoint has partnered closely with several other leading vendors to ensure security controls are robust and as easy to set up as possible. For example, we work with:

  • Okta: With Okta, Proofpoint provides threat intelligence that enables adaptive controls which protect users who may have been targeted by attacks. 
  • CrowdStrike: Our partnership with CrowdStrike allows for threat intelligence-sharing to ensure both endpoint and email threat vectors are as secure as possible. 
  • Carbon Black: Our recently announced partnership with Carbon Black offers a simple way for Proofpoint threat intelligence to enhance the security of the Carbon Black endpoint solution. 

Proofpoint is committed to these partnerships. We want to make sure that any of our shared customers have an easy path to improve their resilience against even the most sophisticated attacks.

Gartner’s cybersecurity mesh is an important way for organizations to think broadly about how to achieve their security goals. Proofpoint is positioned well to enable this approach by offering multiple solutions that can fill any cybersecurity mesh gaps your organization may have.

To talk with us about this topic and learn more about our solutions, click here.

*Gartner, Inc., Top Strategic Technology Trends for 2021: Cybersecurity Mesh, Jay Heiser, Felix Gaehtgens, February 4th 2021.

Subscribe to the Proofpoint Blog