Proofpoint to fight targeted malware in the cloud

security button on keyboard

Security specialist Proofpoint has unveiled a new cloud-based service aimed at protecting business users both when they are behind a corporate firewall and working remotely.

The new Proofpoint Targeted Attack Protection SaaS uses big data analysis techniques, URL interception and malware sandboxing to guard infrastructure against targeted malware.

It combines these various techniques and technologies to pinpoint attacks and defeat them. To identify suspected attacks, the service uses big data analysis techniques to spot and apply additional security controls to suspicious messages.

It examines hundreds of variables in real time - including message properties and the email traffic history of the message recipient - to understand - on a per-user basis - what constitutes "normal" mail traffic, and to identify exceptions that would indicate that an incoming message might be, or later become, a threat.

URLs in suspect messages are then subjected to additional processing. The service re-writes any links in the messages so that browsers are transparently redirected through the Proofpoint cloud for content inspection and malware analysis every time the link is subsequently clicked - a tactic dubbed "URL click-time defence." If URLs that were initially harmless turn malicious after a period of time - a common phishing tactic - users are still protected, whether they access the message from the corporate network, home network, mobile device, or public network.

"Targeted attacks represent one of the most dangerous IT threats facing enterprises today," said David Knight, executive vice president of product management for Proofpoint.

"These sophisticated blended attacks can bypass even the most advanced web, email and end-point security systems by exploiting gaps between these point products."

He added that the new service was designed to close these gaps and stop targeted attacks by "combining previously disparate email security, web security and malware analysis technologies into a comprehensive, cloud-based service."

Analysts said that attackers are increasingly focused on delivering malicious content inside of email and web transactions in order to breach security and pass through existing security controls.

"In the past, signature-based technologies such as antivirus were adequate to protect against a majority of threats," said Gartner analyst Lawrence Pingree.

"However, the emergence of newer attack and payload delivery techniques that bypass these traditional signature-based approaches must be addressed by new emerging security technologies as well as augmentation of our old paradigm of thinking about traditional security technologies."

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.