Proofpoint Insider Threat Management
Photo Gallery
Proofpoint Insider Threat Management
Additional Info
Company | Proofpoint |
Website | https://www.proofpoint.com/us |
Company size (employees) | 1,000 to 4,999 |
Overview
The powerful forces of the cloud and mobility have spurred greater collaboration and more distributed workforces. At the same time, the 2020 Verizon DBIR report found that 30% of all data breaches involved an insider. Proofpoint Insider Threat Management provides the endpoint based solution for insider threats with more than 1000 customers globally. We help organizations protect against data loss, malicious acts, and brand damage involving insiders acting maliciously, negligently, or unknowingly.
ITM correlates user behavior and data movement at the endpoint, which empowers security teams to detect, investigate, and respond to potential insider threats.
ITM delivers five key capabilities necessary for managing risky behavior on the endpoint:
1. Deliver first-hand visibility and context on user behavior and data activity
2. Detect and alert on risky user behavior and data interaction in real time.
3. Accelerate incident response and investigations
4. Simplify deployment with a pure SaaS platform and lightweight endpoint agent architecture
5. Protect user privacy unless clear and obvious evidence of wrongdoing
How we are different
- Insider threat focus: Proofpoint ITM collects its own telemetry on user activity across applications, files, data, servers, desktops and applications, whether the applications are hosted in the cloud, on the endpoint or on-premises. On top of this, we detect risky insider behavior across unauthorized activity and access, risky accidental actions, system misuse and out of policy data movement. Given insiders have legitimate and authorized access to systems, they pose a different threat from external hackers and malware. Insider risk is compounded by the rise in remote and third-party freelancer/contract work. Proofpoint ITM is best-positioned to respond to insider risks of the modern workforce.
- Context: Proofpoint ITM correlates all activity by user and visualizes in an activity timeline. This is backed up by screenshots of activity before, during and after clear and obvious policy violations by the user. In effect, we paint a clear picture of the context of “who, what, where, when and why” that is understood by cybersecurity and non-cybersecurity teams alike, without any jargon. In comparison, most endpoint solutions are focused on logging and visualizing endpoint processes, which are better for compromised user and malware threats.
- Lightweight endpoint solution: Proofpoint ITM leverages a user-mode endpoint agent that doesn’t hinder users’ productivity or clash with your other security tools at the kernel level. Yet, our endpoint agents provide a granular, app-agnostic view into the user’s activity on the endpoint. Legacy endpoint solutions rely on heavy agents that intercept most endpoint application transactions and often result in productivity drags and system crashes.