Proofpoint Insider Threat Management
Photo Gallery
Proofpoint Insider Threat Management
Additional Info
Company | Proofpoint |
Website | http://www.proofpoint.com |
Company size (employees) | 1,000 to 4,999 |
Headquarters Region | North America |
Overview
The modern, distributed workforce works from anywhere and everywhere. Employees, third parties and contractors have access to more data than ever—whether that data is on their laptop, email or in the cloud. The risk of data loss and insider threats is thus at an all-time high.
As the leading human-centric Insider Threat Management (ITM) solution, Proofpoint’s ITM protects against brand and financial damage involving insiders acting maliciously, carelessly, or unknowingly. It can streamline security team responses to insider-led incidents and provide insights that help prevent further business disruption and revenue loss. The solution correlates user activity and sensitive data movement, enabling organizations’ teams to identify user risk, detect insider-led data breaches and accelerate investigations.
Key Capabilities / Features
Proofpoint Insider Threat Management (ITM) correlates user behavior and data movement that enables security teams to detect, investigate, and respond to potential insider threats. Proofpoint ITM delivers real-time alerts, contextual intelligence on users, data and threats, and helps accelerate investigations with easy-to-understand evidence of wrongdoing.
Proofpoint Insider Threat Management delivers six key capabilities necessary for managing risky behavior on the endpoint:
1. Visibility and context on user behavior, file activity and file content in a clear timeline
2. Detection and alerting on risky user behavior and data interactions in real time
3. Prevention against data loss through common endpoint channels such as print, web uploads, cloud sync folders, USB connected devices, network shares, etc.
4. Accelerated incident response and investigations with collaborative workflows, user risk reports and a centralized dashboard
5. Simple deployment with a cloud-native platform and a single lightweight endpoint agent that monitors risky and everyday users
6. Protection of user privacy with attribute-based access controls, anonymization, snippet masking and multi-region data center support
How we are different
• Rapid time to value: Proofpoint ITM collects its own telemetry on user activity across applications, files, data, servers, desktops and applications, whether the applications are hosted in the cloud, on the endpoint or on-premises. This provides visibility as soon as the data is collected, which can be trusted coming from one source. Instead, most monitoring solutions are focused on specific technologies, requiring more manual work for security teams. Or they require integrations with many other technologies to provide any visibility, which creates unclean and noisy telemetry.
• Real-world insider threat detection and endpoint data loss prevention (DLP): Proofpoint ITM detects risky insider behavior across unauthorized activity and access, risky accidental actions, system misuse and out of policy data movement. We use out-of-the-box and easily customizable rules based on the expertise of 1,000+ customers and research institutions such as CERT Insider Threat division, NIST and NITTF. ITM also prevents sensitive data exfiltration through common endpoint channels such as USB connected devices, web uploads, print, cloud sync folders, etc. We detect sensitive data using out-of-box data classifiers and Microsoft Information Protection sensitivity labels. In comparison, most monitoring solutions simply create logs and have rudimentary insider threat detection capabilities.
• Context: Proofpoint ITM correlates all activity by user and visualizes it in an activity timeline. In effect, we paint a clear picture of the context of "who, what, where, when, and why" that is understood by cybersecurity and non-cybersecurity teams alike, without any jargon. You can search through security events with keywords and filters across all the collected metadata and screen captures. The sophisticated analytics, role-based workflows and user risk reports accelerate investigations and response. Security monitoring solutions provide logs on the collected activity, while leaving the correlations and analysis to the manual efforts of the security teams.