Proofpoint Insider Threat Management

Additional Info

CompanyProofpoint
Websitehttps://www.proofpoint.com/us
Company size (employees)1,000 to 4,999

Overview

The powerful forces of the cloud and mobility have spurred greater collaboration and more distributed workforces. At the same time, the 2020 Verizon DBIR report found that 30% of all data breaches involved an insider. Proofpoint provides the leading Insider Threat Management (ITM) solution with more than 1000 customers globally. We help organizations protect against data loss, malicious acts, and brand damage involving insiders acting maliciously, negligently, or unknowingly.

ITM correlates user behavior and data movement at the endpoint, which empowers security teams to detect, investigate, and respond to potential insider threats.

ITM delivers five key capabilities necessary for managing risky behavior on the endpoint:
1. Deliver first-hand visibility and context on user behavior and data activity
2. Detect and alert on risky user behavior and data interaction in real time
3. Prevent risky data exfiltration from the endpoint
4. Accelerate incident response and investigations
5. Simplify deployment with a pure SaaS platform and lightweight endpoint agent architecture

How we are different

- Insider threat focus: Proofpoint ITM collects its own telemetry on user activity across applications, files, data, servers, desktops and applications, whether the applications are hosted in the cloud, on the endpoint or on-premises. On top of this, we detect risky insider behavior across unauthorized activity and access, risky accidental actions, system misuse and out of policy data movement. Given insiders have legitimate and authorized access to systems, they pose a different threat from external hackers and malware. Insider risk is compounded by the rise in remote and third-party freelancer/contract work. Proofpoint ITM is best-positioned to respond to insider risks of the modern workforce.


- Context for investigations: Proofpoint ITM correlates all activity by user and visualizes it in an activity timeline. This is backed up by screenshots of activity before, during and after clear and obvious policy violations by the user. In effect, we paint a clear picture of the context of “who, what, where, when and why” with every event, alert and incident. Such evidence is easily understood by cybersecurity and non-cybersecurity teams alike, without any jargon. This accelerates response to user-driven incidents.


- Lightweight endpoint solution: Proofpoint ITM leverages a user-mode endpoint agent that doesn’t hinder users’ productivity or clash with your other security tools at the kernel level. Yet, our endpoint agents provide a granular, app-agnostic view into the user’s activity on the endpoint.