Global Manufacturer Forges a Stronger Security Culture With Proofpoint
The Challenge
- Predict, discover and mitigate phishing and other email attacks
- Educate the global workforce on security best practices
- Improve the efficiency of cybersecurity team
The Solution
- Proofpoint Security Awareness
- Proofpoint Email Protection
- Proofpoint Targeted Attack Protection (TAP)
- Proofpoint Threat Response Auto-Pull (TRAP)
- Proofpoint Email Fraud Defense (EFD)
The Results
- Average reporting rate of phishing simulation increased dramatically
- Email threats delivered in users’ inboxes substantially decreased
- Decreased unauthorized email attempts with Email Fraud Defense and DMARC reject
The Challenge
Enabling employees for more proactive, predictive cybersecurity
Ariston Group is a global leader in sustainable solutions for thermal comfort, components and burners. And like other global enterprises, Ariston Group considers cybersecurity a top priority.
“Our team has a mission to make our architecture more resilient to cyber attacks,” said the Ariston Group ICT Security Team Lead. “We identify the appropriate strategies and security controls to mitigate risk in general; plan and implement preventive measures to minimize the risk of threats and their reach; and support incident investigation response and recovery.”
Of course, the best way to minimize the impact of threats is to stop them before they can get in. Ariston Group developed a three-year strategy based on a predictive approach, analyzing past events to gain insights, and transforming those insights into action. Empowering employees is a key pillar of this proactive strategy. Ariston Group wanted to educate users and give them the tools and knowledge they need to play an active role in helping to stop threats.
Considering the amount of user mailboxes in its email system, Ariston Group needed an enterprise-grade solution that could detect and stop the latest email attacks. The company was seeking a vendor that could provide not only the solutions and technologies needed for evolving threats, but service offerings to help keep its workforce up to date on the latest best practices.
The Solution
Comprehensive security training and email security
The ICT Security Team Lead tested solutions from a variety of leading vendors. They determined that Proofpoint provided the breadth of services and solutions it needed to empower its workforce and apply the most advanced email protection capabilities across its locations around the world.
“We started looking for training offerings, and evaluated the main brands identified by Forrester and Gartner,” said the ICT Security Team Lead. “We also needed a solution that gave us tools to help our users evaluate and report suspicious email. And enabling people to provide immediate feedback was key to our remediation strategy. We chose Proofpoint Security Awareness Training because it gave us the strongest combination of these tools and education.”
Proofpoint Security Awareness Training provides targeted, threat-guided education. This helps Ariston Group’s employees know what action to take when they’re faced with an actual threat. The team was especially impressed with its tailored approach that lets the company align its education to specific user roles and vulnerabilities.
“Proofpoint lets us provide specific training for top management, our financial team, and other groups,” said the ICT Security Team Lead. “Proofpoint enables us to assign bespoke best practice recommendations to address specific user issues, as well as provide training designed just for new employees.”
Proofpoint Security Awareness training also includes extensive language offerings. “In addition to our training activities, we share Proofpoint education content in our internal social networks,” said the ICT Security Team Lead. “And one of the main strengths that Proofpoint offered was its language translation. This allowed us to better support our diverse employees across all our offices.”
As part of its comprehensive email solution, Ariston Group deployed the Proofpoint Enterprise Protection email security gateway and Proofpoint Email Fraud Defense. The company also installed Proofpoint Targeted Attack Protection (TAP) to discover and mitigate ransomware and other advanced email threats that are delivered via attachments and URLs. And with Proofpoint Threat Response Auto-Pull (TRAP), the Ariston Group team can analyze emails and quarantine malicious or unwanted emails after they are delivered to further strengthen security and protection.
“In a way, our approach to protection is inspired by cyber criminals,” said the ICT Security Team Lead “We can look at the TAP dashboard to understand the most frequently used tactics and techniques, and which templates they are using, and which services they are emulating, and then refine our plans.”
“The solution was easy to roll out, and we able to implement it into production in three months,” adds the ICT Security Team Lead.
The Results
Getting out in front of email threats
With Proofpoint Security Awareness Training—and its broad set of email security solutions—Ariston Group has a comprehensive solution in place. And the company has seen dramatic and measurable results.
“We have seen a huge reduction of risk in terms of malware and targeted attacks,” said the ICT Security Team Lead. “Proofpoint is able to identify specific, targeted attacks against our supply chain, and block communication in advance. Proofpoint Security Awareness Training has helped us augment this protection. It improves awareness among our employees and gives them the tools they need to recognize attack techniques and report them.”
The Ariston Group team measured the average reporting rate of the phishing simulation in Proofpoint Security Awareness Training. They found that the rate has increased steadily and significantly over three years. This growth shows that Ariston Group employees are more engaged in protecting the company. It also reflects how they have changed their behavior to take on more responsibility in helping defend against threats.
The team also looked at the number of emails that were deemed malicious, suspicious or spam. They did this using PhishAlarm Analyzer, which is part of Proofpoint Security Awareness Training. This tool uses Proofpoint threat intelligence to help the team identify the most serious threats. Within one year, Ariston Group saw a remarkable reduction in threats delivered to its user inboxes.
Proofpoint also provides up-to-date insights into the latest cybersecurity threats. This enables Ariston Group to tailor its training so it can keep up with a constantly shifting threat landscape.
“Proofpoint is a complete solution that gives us full visibility into what’s going on in the communication stack, the people stack and the behavioral stack,” said the ICT Security Team Lead. “When we apply that intelligence, we can find the gaps in our real environment. Then we can use those insights to better align our employee training processes.”
Proofpoint Email Fraud Defense has also helped Ariston Group take more control over its domain to stop phishing attacks. Working closely with a Proofpoint Professional Services consultant, Ariston Group set up Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). Next, the company set up a Domain-based Message Authentication Reporting and Conformance (DMARC) “reject” policy for its domain. As a result, the delivery of unauthorized messages dropped completely over just six months.
“The support we received from the Proofpoint Professional Services team was one of the key factors that led to our project’s success,” said the ICT Security Team Lead. “Our representative understood our needs and guided us through the technical steps needed to authenticate our external services and platforms.”
With its advanced email technologies in place, and a proactive company security culture, Ariston Group is set up for success. The company is confident in its ability to stay ahead of evolving threats well into the future.