Detect, investigate, and respond to account takeovers
Stop account takeovers from causing major security incidents
Without timely detection and clear visibility, account takeovers are difficult to find and fix
Most organizations regularly experience compromises of their users’ Microsoft 365 and Google Cloud accounts. While using MFA is an important security defense, it can easily be bypassed. Without specialized defenses against account takeovers attacker dwell times extend, investigative processes grind forward slowly, and related email and account data resources get abused.
Detect and remediate cloud account takeovers immediately
Account Takeover Protection applies threat intelligence, sophisticated behavior and machine learning-based analytics, and automation to quickly detect, investigate, and remediate . Account Takeover Protection leverages Proofpoint Targeted Attack Protection (TAP) to correlate between email and cloud threats to detect the most current threats.
Account Takeover Protection protects over 50M users at nearly 5000 organizations and detects hundreds of thousands malicious login and subsequent resource abuse incidents.
Key Benefits
Provides high-fidelity account takeover detection
Detective alerts that turn out to be false positives are almost as bad as missing real active threats. Incident investigative time that is wasted cannot be claimed back. Excessive false positives lead to distrust and ignoring the alert source. Account Takeover Protection's continuously curated threat detection techniques deliver high-fidelity detection verdicts.
Accelerates investigations to shorten dwell times
Slow incident investigations allow attackers to extend their undetected dwell times. Excessive attacker dwell times dramatically increases the probability that significant business impacting breaches will result. Proofpoint Account Takeover Protection enables security analysts to quickly see and understand mailbox rule, file, MFA, and 3rd-party application changes so that immediate remediation steps can be taken.
Automates the remediation of malicious actions
Without automation the cleanup of security incidents can often take as long as the detection and investigation stages. Account Takeover Protection applies automation to the remediation steps required to bring the compromised accounts back under the control of the legitimate user and to reverse the malicious, post-compromise changes, such as MFA settings, conducted by the threat actor.
Provides continuous visibility of the cloud accounts
All detection and response effectiveness begins with visibility. Through extensive API-based integrations with cloud services, Account Takeover Protection can monitor and analyze what is occurring in your organization’s Microsoft 365, Google Cloud, and Okta accounts.
Key features
Provides comprehensive visibility
Account Takeover Protection surfaces compromised accounts and suspicious post-access activity in the organization’s cloud environments. Security analysts can see whose account has been compromised and how. It can show investigators how attackers accessed the accounts as well as what they did after logging in via the attack sequence timeline. All as a natural extension of Proofpoint Targeted Account Protection.
Correlates threat intelligence with AI/ML and behavioral analytics
Proofpoint Account Takeover Protection leverages extensive threat intelligence, behavioral and machine learning analytics, and cloud monitoring to provide low false-positive detections of account takeovers and of specific malicious actions. Account Takeover Protection issues automated alerts in the Account Takeover Protection dashboard when an account is compromised, enabling comprehensive visibility.
Displays the full attack sequence
Account Takeover Protection's attack sequence timeline displays an overview of account takeover activity. It also shows impacted accounts and malicious activities pre- and post-takeover. It can show security analysts how attackers accessed the account as well as what they did after taking control. It can show the investigator the threat actor’s file activities and flags changed mailbox rules, mail-sending activities, MFA settings, and when application trust relationships are established with malicious third-party apps.
Extends Proofpoint Account Takeover Protection's investigative processes
With Account Takeover Protection security analysts can quickly understand what has happened and how to immediately limit risk. Information about account takeovers is integrated with the Proofpoint Account Takeover Protection investigation system. The investigator can see if the user is a Very Attacked Person (VAP) and can learn about other users who have been hit by similar threats.
Re-sets malicious mailbox rules, revokes 3rd-party apps, reverses attacker-controlled MFA changes, and quarantines malicious files
Account Takeover Protection automatically detects and remediates when attackers make changes to mailbox rules. Attackers often change these rules to hide their existence before they stage a BEC or phishing attack. Account Takeover Protection also detects and revokes malicious third-party apps that can help attackers control an account without being detected. And incident responders can automatically or manually delete malicious files that attackers have inserted into the environment.
The latest developments in Identity Protection
Identity Protection
Read More
Mitigating Identity Risks, Lateral Movement and Privilege Escalation
Proofpoint Account Takeover Protection
Account Takeover – Bypassing Multifactor Authentication
Turn people into your best defense
Get Started
