Global Food Packaging and Processing Company secures email with Proofpoint

People-centric solution slashes targeted phishing attacks

The Challenge

  • Reduce message-based phishing and malware attacks
  • Increase IT efficiency with automated analysis and remediation
  • Secure communications with partners across the supply-chain
  • Increase employee awareness of email-based threats and engage them in the security effort

The Solution

  • Proofpoint Enterprise Protection with Targeted Attack Protection (TAP) and Threat Response Auto Pull (TRAP)
  • Proofpoint Internal Mail Defense and Proofpoint Email Fraud Defense
  • Proofpoint Security Awareness Training with CLEAR

The Results

  • Significantly reduced the number of malicious emails reaching employees
  • Reduced resources dedicated to analyzing suspicious emails
  • Improved employee awareness and increased employee reporting of phishing attempts

The Challenge

Building a secure email infrastructure for a global business

Cyber criminals may use various tools to breach a company’s network, but message-based attacks remain far and away their most effective weapon. The company, long aware of this fact, has tried to prevent phishing and other malware attacks on their employees and partners for many years. But as cyber criminals have become more sophisticated in their targeting and methodology, the company’s chosen solution began to show its limitations.

“We had several issues with our previous supplier,” explained the company’s IT security lead analyst. “And with our support contract expiring, we decided it was time to bring on another vendor.”

To start, the team needed to increase the number of phishing messages stopped by their email security gateway. More than 40% of malicious emails were slipping past it. And even after they educated employees on identifying phishing emails, the team found far too many genuine attacks getting through and “tricking” their employees into clicking on malicious links. The team soon hit their turning point. The company was hit by an attack that slowed down email delivery for close to 12 hours, significantly impacting everyone’s productivity. The team knew they had to quickly find a better solution.

“Proofpoint has been incredibly effective in identifying and stopping malicious attacks. We now have full visibility into our email environment. We’ve been able to streamline our analysis and remediation efforts and increase our overall company security.”
IT security lead analyst

The Solution

Proofpoint delivers on all counts

With a complex, global environment, the company sought a single partner to work with to protect the company from message-based attacks. The security team invited several vendors to participate in an extensive RFP process across a wide range of requirements. Proofpoint beat the competition on all counts. Proofpoint’s selection as the Gartner Magic Quadrant leader in the space also gave senior managers the confidence they sought in moving forward with Proofpoint.

The security team started by laying a strong foundation for their email security architecture. They implemented a multi-tiered approach to meet their requirements, beginning with Proofpoint Email Protection with Targeted Attack Protection (TAP) and Threat Response Auto-Pull (TRAP). TAP uses static and dynamic techniques to continually adapt and detect new cyber-attack patterns, analyzing potential threats using multiple approaches to examine behavior, code and protocol. TAP also detects threats and risks in cloud-based applications and connects email attacks related to credential theft or other attacks. And it uses machine learning to observe patterns, behaviors and techniques used in each episode. TRAP analyzes messages against multiple intelligence systems and shares the results with the message security team. It can automatically delete or quarantine messages above a certain risk threshold. Or it can provide the security team with the information needed to decide manually. And that decision can be executed with a single click. Once it’s determined that a message is malicious, TRAP automatically removes all harmful content. What’s more, it can follow forwarded mail or distribution lists to their end recipients.

“The automated analysis and remediation we gained from TAP and TRAP was a game changer. Not only did they stop more malicious emails from getting in, but we significantly reduced the amount of manual analysis we had to perform with our previous supplier,” explained the IT security lead analyst.

With a strong foundation in place, the security team set out to prevent threats from attackers using business email compromise (BEC) and email account compromise (EAC). EAC and BEC attacks share the same goal: to fool the recipient into believing a message originates from a legitimate source to access company information. To address these problems, the team implemented Proofpoint Internal Mail Defense (IMD) and Email Fraud Defense (EFD), respectively. IMD examines internal traffic and identifies BEC and EAC signatures, automatically diverting malicious traffic into a secure location for further analysis. EFD uses DMARC to verify the identity of the sender. DMARC establishes end-to-end email authenticity by keeping a list of approved users, credentials and valid domains at each endpoint. This extends email protection to the company’s many partners around the globe, and significantly reduces security risk in their supply chain.

The company’s security team has long known that company employees are the last line of defense against email fraud. With a security awareness training program already in place, the team chose to expand their efforts in this area. They chose Proofpoint Security Awareness Training with Closed-Loop Email Analysis and Response (CLEAR). These solutions gave them the ability to automate the employee reporting process, analysis, and remediation for suspicious emails.

CLEAR is composed of three key pieces. First, a PhishAlarm “button”—embedded in all desktop and mobile email clients—allows users to send suspected phishing emails directly to an abuse box with all headers and attachments intact. This provides consistent information for analysis. Second, a module called the PhishAlarm Analyzer receives the suspect messages, analyzes them based on various risk factors, and categorizes them based on their likelihood of containing malicious content. This intelligent process reduces the triage time required each day from hours to minutes. And third, PhishAlarm Analyzer passes the information to TRAP for manual or automated remediation.

“CLEAR has been a huge success for us,” said the manager of information security education and awareness. “With our previous solution, if employees suspected a possible phish, they had to fill out a form and email it to IT for analysis. Now they press a button on their email toolbar. CLEAR forwards the suspect message, along with all of its details, to TAP and TRAP for analysis and remediation.”

The Results

Moving to Proofpoint yields tangible results

Proofpoint Email Protection with TAP and TRAP brought the company concrete results. The team saw 30% more malicious emails blocked than their previous solution. Combined with TRAP’s automated analysis and remediation, the Proofpoint solution freed up precious IT resources. And the team went from two full-time people dedicated to analyzing potential malware to a single engineer who spends less than half a day on analysis.

The security awareness team has also seen a significant increase in the number of employees reporting suspected phishing attacks. This includes both external messages and those generated by the team’s regular test campaigns. And using CLEAR, 42% of employees reported the test phish during their latest test, with the percentage increasing every month.

The company has been delighted with the results. Summarized the IT security lead analyst: “Proofpoint has been super to work with. The product is effective and reliable, and the support team made installation straightforward. Proofpoint has not only stopped more attacks, but we now have visibility into our entire email environment. We’ve been able to streamline our analysis and remediation efforts and increase our overall company security.”

Download Customer Story