Threat actors no longer rely on exploiting network ports, instead they target humans. Data doesn’t walk out by itself, it’s people who leak it. Identities and apps are everywhere and humans create them. All this makes human-centric security essential and critical. Unlike networks and hosts, you can’t really lock down people. People work in different ways, with different tools, and in different places. They rely on email, collaboration tools, and an ever-growing array of applications and cloud services. On top of this, threat actors are continuously developing new techniques to target and exploit human vulnerabilities.
Proofpoint Human-Centric Security Platform
In my keynote at our annual Protect conference today, I unveiled our expanded human-centric security platform, designed to empower enterprises to defend against every type of human-centric threat, in every way a user may encounter it. Our human-centric security platform delivers comprehensive solutions to four key areas that every organization must address. At Protect, we introduced new offerings and major enhancements to each of these four solution areas.
Stopping sophisticated targeted threats
Earlier this year, I talked about our approach to detecting sophisticated targeted threats via our ensemble of models, called Proofpoint Nexus. And we launched our inline Nexus LM (Language Model) that can detect the intent behind threat actors issuing a BEC attack. We have had tremendous success with our customers adopting this new model. At Protect, we launched Nexus LM for Phishing which will make the best threat protection solution in the market even better.
In addition, we announced a new offering Proofpoint Collab Protection, expanding our threat protection from email to all forms of collaboration including SMS, WhatsApp, social media and more. Our customers can easily extend Proofpoint’s email protection to protecting the entire collaboration landscape leveraging the benefit of our Nexus models for defending against most comprehensive threats.
Preventing data loss and containing insider threat proactively
Our DLP Transform and Insider Threat products have had tremendous adoption by customers; a majority of Fortune 100 customers are now using our information protection solution and our endpoint DLP protection has grown over 75% year-over-year. All of this is due to our human-centric approach that takes into account users’ activity and intent while protecting the information from leaking across all channels that users may be using. At Protect, we showcased exciting new capability of intent-based information protection for GenAI tools. This new capability helps organizations enable GenAI use while protecting both structured and unstructured organizational data from being shared. It educates end users, and guides behavior to align with acceptable use of AI within our customer environments.
Proofpoint’s new Digital Communications Governance offering provides unified security and compliance risk management that helps organizations centralize all communications content. It enforces proactive, adaptive data controls and streamlines e-discovery and supervision, leveraging Proofpoint’s AI engine to create contextualized insights covering every channel and facet of communications data. This maximizes the efficacy of review by 84% or more when compared to alternatives.
Reacting to Account Takeover and Reversing Posture Drift
The ever-growing universe of cloud applications continues to expand the risk surface to an organization. This exposure applies not only to corporate approved applications like M365, but also to unapproved apps such as cloud file sharing services that employees may have signed up for using corporate credentials.
To help organizations counter account takeover, last year we introduced Proofpoint ATO Protection. Built on top of Proofpoint’s Nexus TI (Threat Intelligence) and Nexus RG (Relationship Graph), security teams can use Proofpoint ATO Protection to detect compromised cloud accounts in minutes, and immediately remediate through automation or a single-click. This ability can only be realized with our market-leading insights into threat actor activity and understanding of anomalous user behavior.
In addition, at Protect, we launched a new offering, Proofpoint Posture Protection. Proofpoint Posture Protection is a proactive solution that reverses the drift in posture of apps and identity, across 5 major areas of posture – identity and privilege, MFA & IDP, app configs, unsanctioned apps & credentials, and SaaS-to-SaaS connections. This empowers security teams to develop a comprehensive understanding of their application and identity posture, helps ensure that employees are only using approved applications and are not reusing corporate credentials on unsanctioned apps. This comprehensive posture control is only possible due to the broadest control points that come with Proofpoint’s human-centric security platform, as part of Zen technologies, as described below.
Providing a guide to every human, which can give assistance and nudge at the time when they need it
Traditional security awareness methods have not been effective. That’s because employees who only receive passive training often struggle to apply their knowledge when faced with real-world security threats.
Proofpoint’s ZenGuide, (expansion from Proofpoint’s Security Awareness Training product), enables lean security teams to automate and scale personalized learning paths based on an individual’s unique risk profile, behaviors and role. It uses people-risk insights across the Proofpoint ecosystem to deliver relevant interventions that build security champions and reduce risky behaviors, enabling organizations to move beyond compliance-driven programs and provide targeted, context-awareness education that addresses specific risks and behaviors.
Our Core Technologies: Nexus & Zen
What powers our platform is our core technologies and intelligence – Nexus and Zen. They work together in a symmetric architecture – bringing together powerful and intelligent models trained with the most relevant set of data, with the control points for every place that end users work – email, web, collab, apps and cloud.
Proofpoint Nexus is completely seamless to our customers – a set of models including sophisticated computer vision, language models, behavior analysis and relationship graphs and threat intelligence, that work together to provide the right intelligence to take the required action in an integrated manner. You entrust us to safeguard your critical information, and we take that responsibility very seriously. We’ve established—and are continuously improving—best practices for securing operational data. Please visit our trust site for further information including our Responsible AI principles.
Proofpoint Zen is a set of technologies that act as control points for technologies that end users use – including email gateway and APIs. ZenWeb browser extension plugs into a broad range of browsers for desktop and mobile devices and Zen for Outlook plugins. Proofpoint also offers Zen light-weight user mode end point agent and ZenConnectors that connect into a wide variety of apps and cloud apps. Zen technologies gather the right intelligence, feeding the Nexus models and act as control points for nudging user behavior or enforcing the desired policies.
Proofpoint Human-Centric Security Modules & Partner Ecosystem
Built upon our core technologies are Proofpoint modules and apps grouped in the four major solution areas. The integrated platform gives our customers ability to pick the modules/apps of their choice and leverage a common technology platform across them. This means lower cost and time to adopt and easier to operate the overall solution.
The platform is also fully integrated with the modern cyber stack including SASE, XDR, identity and automation solutions.
Our Mission: Zen for you
At Proofpoint, we have a bold vision with our human-centric security platform. We envision zero threats – your people never getting compromised by threat actors from any channel; zero DLP alerts – you are never drowning in the sea of alerts which are not complete and impossible to act upon; and zero drift – you know your posture of apps and identities is aligned with your desired baseline. You can access quickly a guide that acts like a “digital angel” on the shoulder of every user, who nudges and coaches them in the right way at the right time. We know we have a way to go, but we are excited about what we announced at Proofpoint Protect. We have taken a big step forward with new offerings and major enhancements to our platform.
Human-centric protection has a lot more variability. This means more uncertainty and anxiety for everyone – leadership, security professionals and every human who works for your organization. Our goal is bold but simple – giving everyone involved an island of serenity in a sea of risks – and a bit of Zen. We have proudly done that for 20 years, while expanding our solutions within human-centric security, and look forward to continuing to offer a bit of zen to all in the future.