Proofpoint Insider Threat Management
Photo Gallery
Proofpoint Insider Threat Management
Additional Info
Company | Proofpoint |
Website | https://www.proofpoint.com/us |
Company size (employees) | 1,000 to 4,999 |
Overview
The powerful forces of the cloud and mobility have spurred greater collaboration and more distributed workforces. At the same time, the 2020 Verizon DBIR report found that 30% of all data breaches involved an insider. Proofpoint provides the leading Insider Threat Management (ITM) solution with more than 1000 customers globally. We help organizations protect against data loss, malicious acts, and brand damage involving insiders acting maliciously, negligently, or unknowingly.
ITM correlates user behavior and data movement at the endpoint, which empowers security teams to detect, investigate, and respond to potential insider threats.
ITM delivers five key capabilities necessary for managing risky behavior on the endpoint:
1. Deliver first-hand visibility and context on user behavior and data activity
2. Detect and alert on risky user behavior and data interaction in real time
3. Prevent risky data exfiltration from the endpoint
4. Accelerate incident response and investigations
5. Simplify deployment with a pure SaaS platform and lightweight endpoint agent architecture
How we are different
- Insider threat focus: Proofpoint ITM collects its own telemetry on user activity across applications, files, data, servers, desktops and applications, whether the applications are hosted in the cloud, on the endpoint or on-premises. We detect risky insider behavior across unauthorized activity and access, risky accidental actions, system misuse and out of policy data movement. Given insiders have legitimate and authorized access to systems, they pose a different threat from external hackers and malware. From a forensics perspective, Proofpoint ITM can best respond to insider risks of the modern workforce, including remote and contract work.
- Context for investigations: Proofpoint ITM correlates all activity by user and visualizes it in an activity timeline. This is backed up by screenshots of activity before, during and after clear and obvious policy violations by the user. In effect, we paint a clear picture of the context of “who, what, where, when and why” with every event, alert and incident. Such evidence is easily understood by cybersecurity and non-cybersecurity teams alike, without any jargon. This accelerates response to user driven incidents. Before, security operations teams had to rely on alerts from traditional DLP products that lacked this level of context into user behavior. A high level of false-positives within these types of alerts slows down the pace of forensics investigations.
- Lightweight endpoint solution: Proofpoint ITM leverages a user-mode endpoint agent that doesn’t hinder users’ productivity or clash with your other security tools at the kernel level. Yet, our endpoint agents provide a granular, app-agnostic view into the user’s activity on the endpoint. These results can be packaged into easy-to-understand reports for other stakeholders, including HR, legal teams, and more. In comparison, digital forensics on endpoints can be time consuming and require repackaging the evidence to collaborate with other teams.