Proofpoint to tackle targeted attacks in the cloud
Proofpoint has released a cloud-based security solution to protect against targeted attacks.
Part of its attack protection product range, the Proofpoint Targeted Attack Protection uses big data analysis techniques, URL interception and malware sandboxing to provide protection to users whether they are behind the corporate firewall or working remotely.
David Knight, executive vice-president of product management for Proofpoint, said the challenge with targeted attacks is that they are often low-volume, bypass traditional defences and their payload can be added later.
He said: “We're doing four things: the first is identifying potential malicious activity using Big Data analytics where you look for specific keywords with content filtering. We evaluate the data across 180 dimensions and from that modeling, it may not be enough to block but it is suspicious, so you take the information and call it an anomaly.
“We can also rewrite the URL so that they point to the Proofpoint cloud where you can download the content and analyse it and look for malicious behaviour and, if it is bad, you block it, or if it is good you allow it.“
The company also said that Proofpoint Targeted Attack Protection includes the Threat Insight Service that provides visibility into persistent threats through a web-based dashboard and configurable alerts.
This gives administrators and security professionals the ability to identify targeted attacks, their scope, which individuals are being targeted, the nature of the attacks and what remediation actions, if any, are necessary.
Knight said: “Using Big Data in the cloud will review all malware identified over the past 60 days and determine it with full visibility to know who is targeted. With sandbox analysis you can see who was targeted and what was attempted so you can prioritise patches.”
Asked how it can stop targeted attacks and spearphishing attempts, Knight said that it can detect anomalies, it will know if a suspicious user has registered in the past 48 hours and can block depending on that.
“Our customers are concerned about false positives and we don't want to block everything so we want to do extra analysis and quarantine it, so there are different policies for different users,” he said.
The cloud-based solution is slated for release in the third quarter of 2012.