Proofpoint - Experts & Thought Leaders

Latest Proofpoint news & announcements

Proofpoint acquires Normalyze to enhance data security

Proofpoint Inc., a cybersecurity and compliance company announced it has entered into a definitive agreement to acquire Normalyze, a Data Security Posture Management (DSPM). The acquisition is expected to close in November 2024, subject to customary closing conditions. With this acquisition, Proofpoint will further enhance its human-centric security platform with Normalyze’s AI-powered DSPM technology, allowing organisations to discover, classify and protect data at scale across SaaS, PaaS, public or multi-cloud, on-prem, and hybrid environments while prioritising the reduction of human-centric risks in data security. Addressing human risk As organisations embrace AI and generative technologies to drive innovation, the human element in data security has become increasingly critical.  The widespread adoption of AI platforms, Databases as a Service (DBaaS), and Continuous Integration/Continuous Development (CI/CD) practices has created a web of interconnected data environments that security teams can struggle to secure. This rapid technological evolution has led to increased complexity and heightened risks of improper data handling as development teams focus on quick outcomes, often bypassing essential security governance. Gaps in visibility and control By implementing DSPM technology, organisations are enabled to fill the security gaps created by their teams As more access to data is granted to people and machines, gaps in visibility and control can emerge without appropriate governance or controls from security teams. This evolving landscape presents complex challenges in discovering, classifying, and securing data, leading to an increased risk of data breaches due to forgotten and misclassified data, as well as overprivileged access. Recent research from Enterprise Strategy Group reveals that over a quarter of businesses don’t know where their sensitive data is. By implementing DSPM technology, organisations are enabled to fill the security gaps created by their teams’ interactions with complex data environments and reduce the total data attack surface.  Data explosion “Today, data is at risk because of human behaviour,” said Mayank Choudhary, executive vice president and general manager, of Data Security & Compliance, at Proofpoint. "Modern applications are rapidly changing, driven by small teams of developers working independently on microservices and various data sources, leading to an explosion of data." Visibility and control “These modern applications are highly interconnected, making it hard for security teams to manage the heterogeneous and ever-growing sprawl of their data." "By combining Proofpoint’s human-centric security platform with Normalyze’s pioneering DPSM technology, we can provide our customers with comprehensive visibility and control of their data posture so they can further mitigate human risk across their organisation.” Data security “With the rapid proliferation of internally developed cloud applications, and use of SaaS applications procured by teams outside of IT, security teams are faced with the daunting challenge of inconsistent visibility and control of their critical data in the cloud,” said Ravi Ithal, cofounder and chief technology officer, Normalyze. “As data has become increasingly difficult to secure, the driving force behind our mission and technology has been to help organisations secure the data they care about, wherever it is. By joining forces with Proofpoint, we can empower organisations to further improve their data security posture, reducing the risk of data breaches caused by human errors and helping them to prioritise data loss threats.” Normalyze DSPM platform It simplifies collaboration between data and security teams, enabling them to create effective security  The Normalyze DSPM platform secures even the most complex data landscapes by combining insights into data, access, and risk. It simplifies collaboration between data and security teams, enabling them to create effective security and governance plans tailored to the business’ needs.  Platform benefits The platform allows organisations to:   Discover and classify data using AI: Normalyze’s agentless One-Pass Scanner™ leverages AI to accurately identify and classify valuable and sensitive data at scale across a wide range of data environments. Scanning is performed in place to keep data under IT control, support compliance with stringent data protection regulations, and enhance operational efficiency. Assess and prioritise risk: Risk is prioritised by impact and likelihood, providing a comprehensive view of risk accurately and at scale. The DataValuator™ assigns a monetary value to data and identifies the data stores with the highest impact of potential data loss. The Data Access Graph visualises access and trust relationships to identify human-centric risk, and the Data Risk Navigator highlights attack paths that can lead to data breaches or loss. Remediate security and compliance issues: Actionable insights and comprehensive recommendations, integrated with alerts into service management platforms, help teams address exposures such as over-permissioned access before they are exploited. The solution also streamlines compliance across 500+ benchmarks, ensuring robust adherence to regulatory standards related to data protection. Scanning and quantified risk analysis Normalyze’s in-place scanning and quantified risk analysis set it apart from other DSPM solutions, providing rapid time-to-value while minimising security and cost challenges for data and security teams.  Normalyze also offers comprehensive on-premises to cloud coverage and excels in human-centric risk remediation. Normalyze’s solutions are expected to become part of Proofpoint’s offering upon the closing of the acquisition.

Proofpoint and CyberArk enhance identity security

Proofpoint, Inc., a pioneering cybersecurity and compliance company, and CyberArk, the identity security company, announced an extended strategic collaboration, working together to help organisations around the world secure identities everywhere. Supporting this joint aim, the expanded partnership includes the launch of new integrations and solutions to address critical cyber challenges. Securing Identities Digital transformation and the cloud have altered infrastructures, while mobile technologies and remote access have changed how people work. Traditional endpoint and network-based controls are inadequate given the threat landscape—one where identities are the new perimeter and have become critical for organisations to secure. 93% of organisations suffered 2 or more identity security breaches in the past year With attackers increasingly exploiting identities thanks to the potential wide-ranging access they enable, 93% of organisations suffered two or more identity security breaches in the past year. The exponential growth of identities coupled with evolving attack techniques underscores the critical need for a paradigm shift towards identity-centric security strategies. Cyber adversaries’ Threat actors continue to target identities as the most effective way to land in and expand their access to the targeted organisation.  From workforce users to IT admins with privileged administration rights, to an executive with access to confidential data, to a developer with access to code repositories or a machine identity such as an IoT device, identities are cyber adversaries’ preferred path to an enterprise-wide breach. Connecting a human-targeted attack with its potential impact has never been more critical. Identity security policies Proofpoint and CyberArk features a blend of layered defences designed to stop threats before they reach users The integration between Proofpoint and CyberArk features a combination of layered defences designed to stop threats before they reach users and applies preventative policies and controls that ensure access accuracy. Proofpoint prevents email attacks from reaching users and helps to identify the individuals and systems that are targeted by the most sophisticated, highest impact threats using its expansive data set comprised of trillions of data points every year. CyberArk takes this insight and applies adaptive controls and identity security policies to ensure legitimate users are only able to access what they need and nothing more. Advancement in identity-centric security “Because attackers now see people and their digital identities as their target of choice, it's time to shift security strategies to protect people and defend the data they create, placing identity at the centre of security,” said Ryan Kalember, chief strategy officer, Proofpoint. “Our strategic partnership with CyberArk represents a significant advancement in identity-centric security, empowering organisations to connect their key platform to understand human risk with their platform to mitigate it.” Centre of security strategies “Approaching how we secure identities must drastically evolve. With a single compromised identity, threat actors can attain an initial foothold that unlocks significant opportunities for all kinds of downstream attacks, including data theft and ransomware,” said Clarence Hinton, chief strategy officer at CyberArk. “Both CyberArk and Proofpoint are innovators in their respective security domains and share a commitment to placing digital identities at the centre of security strategies to deliver better outcomes for our joint customers.” Proofpoint’s ZenWeb browser extension Proofpoint’s ZenWeb browser wing solution protects employees and contractors from cruel URLs Web browsers—often consumer-focused and lacking in essential security, privacy and productivity features—are essential to how organisations operate. They are the connective tissue between identities, applications, and data, making them a primary target for cybercriminals and a prominent vector for security breaches. Powered by Proofpoint’s industry-pioneering threat intelligence, Proofpoint’s ZenWeb browser extension solution protects employees and contractors from malicious URLs that can download malware or steal corporate credentials and sensitive data. When deployed with CyberArk Secure Browser, organisations can, in real-time, detect and block malicious URLs, one of the pioneering attack vectors used by cyber adversaries. Additional benefits Additional benefits of Proofpoint’s ZenWeb and CyberArk’s Secure Browser integration include: Stopping targeted threats and malicious URLs in real-time, independent of how the user encountered the URL Identifying and securing privileged users by applying granular policies and minimising the risk of unauthorised access Enhancing user safety with adaptive controls and policies Reducing the risk of unauthorised access to sensitive data Streamlining incident response and automating remediation processes Deeper integrations Deeper integrations for innovative identity-centric threat remediation include:   Leveraging Proofpoint’s Nexus TI (Threat Intelligence), email threats are identified and dynamically assessed for risk, then passed to CyberArk Identity Flows for adaptive response and remediation. Privileged users with high-risk access are singled out for enhanced layers of protection and real-time remediation when threats occur. Proofpoint also automates privileged account and local admin discovery, integrating with CyberArk to manage and secure them. CyberArk and Proofpoint will be showcasing their latest integration at Proofpoint’s upcoming ‘Protect’ event series, which commences in New York City on September 10, 2024.

Proofpoint boosts digital communications governance with AI

Proofpoint, Inc., a cybersecurity and compliance company announced the general availability of its Digital Communications Governance (DCG) offering, bolstering its existing offerings in pace with the evolving modern data governance and enterprise archiving market. DCG offering The new offering helps organisations simplify the governance of communication data and provides security insights across all major digital channels for conducting risk. It leverages artificial intelligence (AI) to surface key data insights, reducing false positives while facilitating high-efficacy information discovery and supervisory review. Visibility challenges The current data governance and compliance market has evolved from an archive and repository-centric approach to one that is centered on managing an ever-growing number of digital communication channels and collaboration tools. This has created a complex challenge for organisations to gain visibility and context across more disparate data sources and threats than ever before, all while supervising employee behaviours, enforcing corporate policies, and meeting a growing number of regulatory mandates (e.g., FINRA, FCA, HIPAA, GDPR). Unified security and compliance risk management Proofpoint’s DCG offering leverages the company’s AI engine to create contextualised insights Proofpoint’s Digital Communications Governance offering provides unified security and compliance risk management that helps organisations centralise all communications content, enforce proactive, adaptive data controls, and streamline e-discovery and supervision. Proofpoint’s DCG offering leverages the company’s AI engine to create contextualised insights covering every channel and facet of communications data, maximising the efficacy of review by 84% or more when compared to alternatives. Visibility and AI-driven insights "With the rapid proliferation of digital communication channels and increasingly disparate data sources, organisations must consider how to effectively solve security and compliance challenges in a fast and high-efficacy way,” said Harry Labana, senior vice president and general manager of archiving, digital communications governance at Proofpoint. "With significant consequences for non-compliance, Proofpoint’s Digital Communications Governance offering gives organisations the instant visibility and AI-driven insights they need to simplify the delivery of a modern, secure, and compliant environment where employees work and collaborate.” Key capabilities and customer benefits 1) Comprehensive data governance over major communications channels across meetings, mobile, collaboration, emails, social media, voice, videos, and files: Full fidelity, context-aware data capture across 80+ channels including mobile channels such as SMS, WhatsApp, and WeChat, as well as social and collaboration channels including Microsoft Teams, Zoom, WebEx, Slack, RingCentral, and YouTube. Intuitive, native app-like communications and data review experience. Real-time policy enforcement across social media to prevent reputational damage and compliance violations before they occur. Advanced search that contextualises search types such as wildcards and emojis. 2) Fast response to real-time compliance risk with AI-assisted pre-review and post-review of communications data and content: Increase alert relevancy and detect over 200 different risks ‘out-of-the-box' using industry-curated scenarios for any communication channel. Perform AI-assisted review with easily configured models. Quickly create and deploy policy-based custom models that address industry- and corporate-specific risks. Protect event ‘Protect’ event series builds on Proofpoint’s industry recognition in compliance and archiving The solution will be showcased at Proofpoint’s upcoming ‘Protect’ event series, which begins on September 10, 2024, in New York City.  It builds on Proofpoint’s industry recognition in compliance and archiving, with Gartner® naming Proofpoint a Representative Vendor in the 2023 Gartner Market Guide for Digital Communications Governance. Supporting quotes “By 2027, 40% of enterprise customers will proactively assess workstream collaboration and meeting solution content for corporate policy and general business insights, up from less than 5% in 2023.” - 2023 Gartner Market Guide for Digital Communications Governance. “By 2027, 65% of enterprise customers will combine supervision of text- and audio/video-based content to monitor communication governance, up from less than 15% in 2023.” - 2023 Gartner Market Guide for Digital Communications Governance.

Quick poll
What is the most significant challenge facing smart building security today?