Proofpoint to fight targeted malware in the cloud

Proofpoint launches cloud-based security service to guard against targeted cyber hacks.

security button on keyboard

Security specialist Proofpoint has unveiled a new cloud-based service aimed at protecting business users both when they are behind a corporate firewall and working remotely.

The new Proofpoint Targeted Attack Protection SaaS uses big data analysis techniques, URL interception and malware sandboxing to guard infrastructure against targeted malware.

It combines these various techniques and technologies to pinpoint attacks and defeat them. To identify suspected attacks, the service uses big data analysis techniques to spot and apply additional security controls to suspicious messages.

It examines hundreds of variables in real time - including message properties and the email traffic history of the message recipient - to understand - on a per-user basis - what constitutes "normal" mail traffic, and to identify exceptions that would indicate that an incoming message might be, or later become, a threat.

URLs in suspect messages are then subjected to additional processing. The service re-writes any links in the messages so that browsers are transparently redirected through the Proofpoint cloud for content inspection and malware analysis every time the link is subsequently clicked - a tactic dubbed "URL click-time defence." If URLs that were initially harmless turn malicious after a period of time - a common phishing tactic - users are still protected, whether they access the message from the corporate network, home network, mobile device, or public network.

"Targeted attacks represent one of the most dangerous IT threats facing enterprises today," said David Knight, executive vice president of product management for Proofpoint.

"These sophisticated blended attacks can bypass even the most advanced web, email and end-point security systems by exploiting gaps between these point products."

He added that the new service was designed to close these gaps and stop targeted attacks by "combining previously disparate email security, web security and malware analysis technologies into a comprehensive, cloud-based service."

Analysts said that attackers are increasingly focused on delivering malicious content inside of email and web transactions in order to breach security and pass through existing security controls.

"In the past, signature-based technologies such as antivirus were adequate to protect against a majority of threats," said Gartner analyst Lawrence Pingree.

"However, the emergence of newer attack and payload delivery techniques that bypass these traditional signature-based approaches must be addressed by new emerging security technologies as well as augmentation of our old paradigm of thinking about traditional security technologies."

Featured Resources

The challenge of securing the remote working employee

The IT Pro Guide to Sase and successful digital transformation

Free Download

VMware Cloud workload migration tools

Cloud migration types, phases, and strategies

Free download

Practices for maximising the business value of digital infrastructure Consumption-as- a-Service subscriptions

IDC PeerScape

Free Download

Container network security guide for dummies

Enforcing Kubernetes best practices

Free download

Recommended

Alkira offers Check Point CloudGuard Security to secure virtual cloud networks
Cloud

Alkira offers Check Point CloudGuard Security to secure virtual cloud networks

29 Sep 2021
Iboss protects web sessions with remote browser isolation
Cloud

Iboss protects web sessions with remote browser isolation

16 Aug 2021
Most CISOs worry cloud software flaws aren’t being caught
cloud security

Most CISOs worry cloud software flaws aren’t being caught

7 Jun 2021

Most Popular

How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

4 Jan 2022
Microsoft Exchange servers break thanks to 'Y2K22' bug
email delivery

Microsoft Exchange servers break thanks to 'Y2K22' bug

4 Jan 2022
Solving cyber security's diversity problem
Careers & training

Solving cyber security's diversity problem

5 Jan 2022