Proofpoint, Inc. a leading cybersecurity and compliance company, today announced expanded capabilities for its award-winning platform to provide customers with more comprehensive and adaptive people-centric security controls. These new solutions and integrations protect organizations from inbound threats in messaging, collaboration, and social networking applications; protect SaaS applications and identity posture across a wide range of applications; prevent data loss with smarter, more adaptive data security; and guide employees toward more secure behaviors through adaptive educational security guidance.

Announced at the company's flagship 'Protect' conference, these new capabilities set a new standard for how organizations address human risk by leveraging two key elements of the patented platform - Proofpoint Nexus, a suite of AI, behavioral and threat detection that identifies and mitigates risk; and Proofpoint Zen, a group of technologies that deliver world-class, end-to-end protection for people working with email, collaborative applications, the web, and data. They provide an integrated, cohesive experience that brings human-centric protection to end users and security professionals.

"From ransomware to Business Email Compromise and data loss, the most damaging cyber risks focus on humans and their identities," explains Sumit Dhawan, CEO of Proofpoint. "But the human risk is difficult to address, as we all work with email, collaborative applications, the cloud, and the web, creating risk from threats, expanding identities, and exposing data in new ways. Proofpoint has pioneered human-centric security, and now we're redefining it by combining previously disparate processes and technologies into a unified platform to protect new digital channels, reduce the risk for organizations, and better guide users in real-time every day."

Threats

Threats are increasingly using more digital channels such as Slack, Microsoft Teams, Zoom, and LinkedIn to launch phishing attacks, tricking people into divulging personal information or performing certain actions, such as transferring money or disclosing sensitive company data. Over the past three years, URL threats sent via email have increased 119%, and those sent via SMS have skyrocketed by 2,524%, according to data from Proofpoint.

Powered by industry-leading threat intelligence and Proofpoint's new ZenWeb browser extension, Proofpoint Collab Protection provides real-time advanced threat protection to block malicious URLs delivered in any messaging, collaboration, or social networking application. It can be deployed in Google Chrome, Microsoft Edge, Apple Safari or any Chromium-based enterprise browser. Leveraging Nexus IT (Threat Intelligence), customers benefit from collective defenses that protect a network of thousands of the most critical organizations worldwide.

While corporate identities enable employees to work easily across Microsoft 365, GenAI, cloud storage, and collaborative applications, cybercriminals have also learned to exploit them to launch ransomware attacks, hijack cloud accounts, and exfiltrate data.

According to Proofpoint data, almost all organizations (96%) have been targeted by cloud account hijacking attacks, and more than half have experienced it firsthand. In addition, half of all hijacked accounts had multi-factor authentication (MFA) enabled, demonstrating that unsecured applications, both enterprise-provided and shadow applications, are a valuable springboard for attackers to gain control of corporate cloud accounts.

Proofpoint Nexus maps the proliferation of user identities and common attack paths and detects configuration and access anomalies to prevent unauthorized access and takeover of cloud accounts. This helps security professionals understand where an account is located and whether it creates risk due to its privileges, the data it is tied to, or how well (or poorly) its security is configured. Based on an identity's position and risk, Proofpoint's Proofpoint Posture Management makes recommendations and performs configurations to improve it.

Defense

Identifying insider threats is challenging, making internal investigations reactive: cybersecurity administrators focus on high-risk users, such as departing employees, those on a performance improvement plan, or contractors, only after being alerted to their potential risk to the enterprise. Proofpoint's Adaptive Information Protection enables security teams to proactively manage internal risks, shifting the security analyst's responsibility from manual policy creation to automating responses around a user's risk behavior. This, in turn, helps analysts work more efficiently.

In addition, as GenAI tools have become pervasive in the workplace to perform tasks such as summarizing meeting transcripts, rephrasing emails, or writing code, there are careless actions that can expose business-critical information such as personally identifiable information, source code, and other corporate information. Some of this information is difficult to identify and protect using legacy DLP tools. Proofpoint's new intent-aware GenAI protection and GenAI prompt writing help organizations enable the use of GenAI while protecting structured and unstructured organizational data from oversharing. It educates end users and guides behavior change through compliance notifications when interacting with GenAI tools.

Traditional compliance-based security awareness programs are ineffective in mitigating human risk and guiding employees toward more secure behaviors. Research shows that most employees (68%) knowingly engage in risky behaviors despite 99% of organizations having a security awareness program in place. Proofpoint is evolving its security awareness solution to help organizations reduce security incidents by cultivating real behavior change and building a strong security culture.

Proofpoint's ZenGuide (formerly Proofpoint Security Awareness Training) enables security teams to automate and scale personalized learning paths based on each individual's risk profile, behaviors, and role. It uses risk insights from individuals across the Proofpoint ecosystem to deliver relevant interventions that promote security and reduce risky behaviors. This enables organizations to go beyond compliance-based programs and deliver targeted, context-aware education that addresses specific risks and behaviors.