Proofpoint targeted attack protection

According to the 2014 Verizon Data Breach Investigations Report, nearly 90% of point-of-sale intrusions saw data exfiltration in minutes or seconds after compromise. Historically, organisations have struggled with manual incident response because it can take hours or days to decipher thousands of alerts to figure out what is attacking an organisation - and often even longer to fix it.

The Proofpoint Threat Response 3.0 release will deliver capabilities organisations need to stop today's advanced cyber threats: superior speed, pinpoint accuracy and necessary context. Proofpoint customers will have deeper insight across the entire cyber attack chain, enabling them to react faster to inbound attacks, and to identify, block, and disable previously undetected malware already embedded in their organisations. New key features will include:

* Advanced Threat Correlation in the Cloud: Powered by the cloud-based Proofpoint threat intelligence service, Proofpoint Threat Response will correlate sandbox and IDS alerts with in-depth campaign and cyber criminal context. The system will make it easy to access attacker details, including threat type, sandbox analysis results, and reputation data, along with visibility into attacker targets and information by group, department, location and more.
* Emerging Threats Integration: Adding to its existing rich threat intelligence, Proofpoint's recent acquisition of Emerging Threats gives customers access to millions of malware samples and other global threat indicators per day. Proofpoint's threat intelligence service will include the capability to correlate events across a trillion nodes, in real time. This will enable teams to develop intelligence about advanced cyber criminal malware distribution and command and control (C&C) infrastructure.
* STIX/TAXII Support: Customers will be able to add their own threat intelligence data to Proofpoint Threat Response using the industry standard Structured Attack Information Expression (STIX) format and, optionally, the Trusted Automated Exchange of Indicator Information (TAXII) protocol.
* Integrated alert support for HP Tipping Point: Proofpoint Threat Response accelerates automated response time from hours to minutes while unifying alerts across multiple security solutions including Proofpoint, FireEye, Palo Alto Networks, Cisco SourceFire, Splunk and soon HP Tipping Point.

Proofpoint Threat Response utilises Proofpoint's market-leading expertise in detecting and stopping advanced malware propagated through e-mail and social media messaging systems. Those detection capabilities include Proofpoint Threat Response's indicators of compromise (IOC) confidence scores, which let security teams know instantly whether or not a user system is infected based on data collected from endpoints and detection sandbox reports. Armed with this information, organisations can automatically contain the threats and cut off data exfiltration.

In addition, Proofpoint Threat Response includes advanced reporting to provide security teams with a detailed view of the threat landscape facing their organisation. Supplemental reports provide a complete view of the time it takes security teams to review, assign and close cases. This insight allows management teams to streamline workflow and accelerate decision-making.

General availability for Proofpoint Threat Response 3.0 is planned for the third quarter of 2015. For more information about Proofpoint Threat Response, please contact Condyn: info@condyn.net.