Proofpoint, a cybersecurity and compliance company, has announced several new features and capabilities in its security solutions to enhance protection against threats throughout the cyberattack kill chain. These updates, unveiled at Proofpoint Protect 2023, are aimed at helping businesses combat threats such as business email compromise (BEC), ransomware, and data exfiltration, according to a press release from Proofpoint.
The newly introduced capabilities utilize artificial intelligence (AI) and machine learning (ML) technology to provide security practitioners with increased visibility, flexibility, and depth to detect and disrupt adversaries across their organizations’ attack surfaces. By leveraging these advanced technologies, Proofpoint aims to equip organizations with the necessary tools to defend against cyberattacks effectively.
To understand the significance of Proofpoint’s latest innovations, it is essential to explore the concept of the cyberattack kill chain. The cyber kill chain is a model that enables organizations to comprehend the sequence of events involved in an external attack on their IT environment. By understanding this chain, IT security teams can develop strategies and implement technologies to prevent or mitigate attacks at various stages. Lockheed Martin, a global security and aerospace company, first developed the concept model of the cyber kill chain to deconstruct the structure of a cyberattack. It outlines the seven distinctive steps that adversaries must complete to achieve their objectives, thereby enhancing defenders’ knowledge of attackers’ tactics, techniques, and procedures.
The seven steps of the cyber kill chain, as outlined by Lockheed Martin, are as follows:
1. Reconnaissance: The intruder selects a target, researches it, and identifies vulnerabilities.
2. Weaponization: The intruder creates malware specifically designed to exploit the identified vulnerabilities.
3. Delivery: The intruder deploys the malware through various mediums such as phishing emails.
4. Exploitation: The malware begins executing on the target system, exploiting the identified vulnerabilities.
5. Installation: The malware installs a backdoor or other methods to maintain access to the compromised system.
6. Command and Control: The intruder establishes persistent access to the victim’s systems/network.
7. Actions on Objective: The intruder initiates their intended actions, such as data theft, corruption, or destruction.
Proofpoint’s Aegis Platform, which focuses on disarming attacks such as BEC, ransomware, weaponized URLs, and multifactor authentication (MFA) bypass for credential phishing, has been enhanced with several new features and capabilities. One noteworthy addition is the implementation of the BERT LLM (large language model) within Proofpoint’s CLEAR solution, which provides pre-delivery BEC threat detection and prevention. This technology has proven successful in detecting malicious messages, including those created using generative AI.
Moreover, Proofpoint has introduced enhanced visibility features in its targeted attack prevention (TAP) Dashboard, which provide detailed summaries of blocked threats. These summaries aim to provide a deeper understanding of BEC condemnations, particularly those identified by the new LLM-based detection. Security practitioners will have access to information regarding why a threat was classified as a BEC attack and the corresponding response timelines.
Another critical development by Proofpoint is the Attack Path Risk feature, which combines data from both the Aegis and Identity Threat Defense platforms. By analyzing this unified data, security practitioners can gain insights into the various attack paths for ransomware and data exfiltration when an employee’s identity is compromised. This information is crucial for organizations to prioritize remediation and implement adaptive controls swiftly. The Attack Path Risk feature is set to be available in the fourth quarter within Proofpoint’s TAP dashboard.
Proofpoint’s latest advancements showcase the company’s commitment to providing robust cybersecurity solutions that address the evolving threat landscape. By leveraging AI and ML technologies, Proofpoint aims to empower organizations to detect and disrupt cyberattacks effectively. These new features within the Aegis Threat Protection, Identity Threat Defense, and Sigma Information Protection platforms signify Proofpoint’s continued dedication to helping businesses safeguard their critical assets against sophisticated cyber threats.