Proofpoint Insider Threat Management
Photo Gallery
Proofpoint Insider Threat Management
Additional Info
Company | Proofpoint |
Website | https://www.proofpoint.com/us |
Company size (employees) | 1,000 to 4,999 |
Overview
The powerful forces of the cloud and mobility have spurred greater collaboration and more distributed workforces. At the same time, the 2020 Verizon DBIR report found that 30% of all data breaches involved an insider. Proofpoint provides the leading Insider Threat Management (ITM) solution with more than 1000 customers globally. We help organizations protect against data loss, malicious acts, and brand damage involving insiders acting maliciously, negligently, or unknowingly.
ITM correlates user behavior and data movement that empowers security teams to detect, investigate, and respond to potential insider threats by delivering real-time alerts, contextual intelligence on users, data and threats and easy to understand evidence of wrongdoing.
ITM delivers five key capabilities necessary for managing risky behavior on the endpoint:
1. Deliver visibility and context on user behavior and data activity
2. Detect and alert on risky user behavior and data interaction in real time.
3. Accelerate incident response and investigations
4. Simplify deployment with a pure SaaS platform and lightweight endpoint agent architecture
5. Protect user privacy unless clear and obvious evidence of wrongdoing
How we are different
- Rapid time to value: Proofpoint ITM collects its own telemetry on user activity across applications, files, data, servers, desktops and applications, whether the applications are hosted in the cloud, on the endpoint or on-premises. This provides visibility as soon as the data is collected, which can be trusted coming from one source. Instead, most monitoring solutions are focused on specific technologies, requiring more manual work for security teams. Or they require integrations with many other technologies to provide any visibility, which creates unclean and noisy telemetry.
- Real-world insider threat detection: Proofpoint ITM detects risky insider behavior across unauthorized activity and access, risky accidental actions, system misuse and out of policy data movement. We use out of the box and easily customizable rules based on the expertise of 1000+ customers and research institutions such as CERT Insider Threat division, NIST and NITTF. In comparison, most monitoring solutions simply create logs and have rudimentary insider threat detection capabilities.
- Context: Proofpoint ITM correlates all activity by user and visualizes it in an activity timeline. In effect, we paint a clear picture of the context of “who, what, where, when and why” that is understood by cybersecurity and non-cybersecurity teams alike, without any jargon. Security monitoring solutions provide logs on the collected activity, while leaving the correlations and analysis to the manual efforts of the security teams.