Ensuring Email Security

Creating multiple layers of intelligent protection for 100% coverage

The company turned to Proofpoint to address these issues. And it found its solution in Proofpoint Email Protection and Email Fraud Defense. The email security team also implemented Targeted Attack Protection (TAP) and Threat Response Auto Pull (TRAP). These protect them against messages carrying advanced malware, ransomware or dangerous links. These intelligent tools identify known or suspected malicious senders. And they either block or quarantine any suspect messages for further analysis, even after delivery. If the analysis determines a message to be malicious, TRAP follows forwarded mail or distribution lists. And it removes all dangerous content from the system. These features gave the company a foundation of protection against advanced malware, ransomware and dangerous URL links.

Proofpoint also helped the company address their BEC and EAC attacks. BEC, in particular, had become increasingly common. Display-name spoofing, domain spoofing, and lookalike domains can “trick” the receiver of a message into believing a message is coming from a known and trusted source. As an example, the team described one attempted attack during which more than 500,000 messages arrived from a spoofed domain during a single 16-day window.

The email security team was able to block this massive attack, and many others of lesser magnitude. To do this, they used Proofpoint Email Fraud Defense to implement DMARC (Domain‑based Message Authentication Reporting and Conformance). Email Fraud Defense gave the team visibility into the details of domain‑based attacks targeting employees, customers and business partners. And it provided them with the ability to quarantine or block any messages from suspicious domains. When team members first implemented the solution, they found many cases where up to thousands of spoofed emails arrived over a brief period, often from multiple spoofed domains. This detailed visibility allowed them to create rules to identify, quarantine and block any domain-based fraudulent messages.

“The email security team is responsible for making sure that our employees and our financial reps are safe. Impostors or bad actors often try to fool someone into authorizing a fund transfer or sending out gift cards by sending a fake email from our CEO,” said the company’s senior engineer for email security. “These bad actors are increasingly sophisticated: sometimes 50% of the message is legitimate and the other 50% is not.”
 

The team then turned to its cloud-based communications. As the use of cloud email services has increased, attacks on cloud‑based accounts have skyrocketed. Once attackers have hacked a remote account, they gain complete control over that account. They can cause severe damage, as any email recipient believes a received message is “genuine” because it originated from a trusted source. To protect their cloud-based communications, the company installed Proofpoint Cloud App Security Broker (CASB). CASB extends advanced threat protection to the cloud, allowing the IT team as a whole to detect, investigate and defend against bad actors attempting to access sensitive data and trusted accounts. For example, any suspect file uploaded to a cloud-based collaboration app is quarantined and analyzed for potential risks in real time. CASB also interoperates seamlessly with the Proofpoint suite of protection tools, sharing data, and effectively expanding the area of protection to include all cloud‑based operations.