According to the 2019 Verizon Data Breach Investigations report, 32% of data breaches involved phishing, and 94% of malware incidents were delivered via email. Given these numbers, it’s clear that email continues to be a massive attack surface and a significant exit point for sensitive data. What’s the best way organizations can protect their people from this frequently exploited attack vector?
That’s the question Gartner explores in its recently published “Market Guide for Email Security” report. In this guide, Gartner provides a comprehensive list of capabilities that security leaders should look for in an email security solution.
Here’s how Proofpoint’s market-leading email security solution delivers on all of them:
Advanced Threat Defense
Proofpoint delivers a comprehensive solution that prevents, detects and responds to advanced threats. We use multiple techniques to detect and prevent malicious content from reaching end users via attachments and URLs.
Proofpoint employs sandboxing to inspect attachments and URLs. Static and dynamic analysis techniques continuously adapt to and detect new attack patterns. We also provide URL rewriting and time-of-click analysis. As an added layer of protection, we also provide browser isolation.
Proofpoint can respond by removing any threats or sensitive data from user inboxes. Our Threat Response and Auto Pull (TRAP) capability automatically identifies all instances of the malicious email across an organization and removes them all. And we go a step further by learning from this data and adapting our threat intelligence to improve detection of future threats.
Lastly, graymail handling—a key feature Gartner says “This is an area in which many SEGs require further investment”—is something we’ve been doing for years. Our granular email filtering controls identify graymail (e.g., newsletters, bulk mail) and deliver it to a low-priority inbox. And users have personalized, individual control over graymail.
Impostor Email or Business Email Compromise (BEC) Protection
Impostor email doesn’t rely on malware attachments or malicious URLs. Instead, it uses social engineering and account compromise to trick people—employees, customers and business partners—into sending money or sensitive information. Proofpoint provides multi-layered protection from email fraud.
Along with predefined anti-spoofing rules, we apply machine-learning technology to analyze and classify anomalous messages. Our dynamic classification looks at several factors, including content, reputation (sender, recipient and domain) and the relationship between the sender and recipient. It also detects domain-spoofing by analyzing email address data.
We can identify lookalike domains that have been registered, and thus enable organizations to start takedown activities and help them validate the legitimacy of inbound emails. We also help implement DMARC authentication, so organizations can confidently authorize legitimate senders and block malicious email spoofing their trusted domains.
Lastly, our DLP capabilities can automatically inspect and stop outbound messages to protect critical data such as tax records and wire-transfer information.
Security Awareness Training
Proofpoint’s market-leading security awareness training helps companies address the human layer of email security. We’ve helped companies reduce phishing attacks by up to 90 percent and cut malware infections by 40 percent.
Unlike other solutions, our phishing simulation capabilities utilize real phishing lures spotted “in-the-wild” by Proofpoint threat intelligence. By using real data, we can create simulated attacks that challenge users to more effectively spot and respond to threats.
Proofpoint Security Awareness Training packages include PhishAlarm, which allows end users to easily report suspected phishing emails to an abuse mailbox. This helps power Closed-Loop Email Analysis and Response (CLEAR). CLEAR automates reporting, analysis and remediation of potential email threats reported by end users.
Cloud Email Security
Gartner’s report discusses Cloud Email Security Supplements. We believe that organizations don’t need them with Proofpoint. Our email security gives companies the flexibility to deploy in the cloud, on-premises or both. And our comprehensive email security—including accurate phishing detection, remediation of threats, internal mail defense and data protection—supports traditional on-premise email as well as cloud email solutions like O365 and G Suite.
Download the report today to learn more about what to look for in an email security solution. And visit proofpoint.com to see how Proofpoint delivers on Gartner’s email security recommendations.
Gartner, Market Guide for Email Security, Peter Firstbrook, Neil Wynne, 6 June 2019
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Subscribe to the Proofpoint Blog