Business Has Changed. The Threat Landscape Has Changed. Are You Prepared? Today’s workers have gone beyond the network, using multiple devices to conduct business, anywhere, any time. The move has resulted in greater productivity and collaboration—and a greater risk of attack by cyber criminals. How can you protect your business today?

1. 1 © 2016 Proofpoint, Inc.
SEEING IS
SECURING
Adapted from ESG report “Proofpoint:
Protecting Against Advanced Threats
and Compliance Risks,” October 2016

2. 2 © 2016 Proofpoint, Inc.
Conventional Cybersecurity: Blind to Today’s Threats
 People collaborate in new ways, much of it outside the
network perimeter
- Email
- Social
- Mobile
 Because cyber attacks target people, your biggest
threats are outside your network
- Malicious attachments
- Infected URLs
- Impostor social accounts
- Malicious and risk apps
 Traditional security focuses on the network, leaving
organizations blindsided by new threats

3. 3 © 2016 Proofpoint, Inc.
Most Likely Compromise: Malicious Email
0% 10% 20% 30% 40% 50% 60%
Malicious URL in email
Malicious email attachment
Malicious URL on web
Infected USB device
Trusted website compromised
Infected system connects to network
Compromised web app
Insider attack by IT employee
Insider attack by other employees
Q: In your opinion, which of the following would be the most likely way
for a malware attack to compromise one of your organization's systems?

4. 4 © 2016 Proofpoint, Inc.
Advanced Threats Are Unfolding Beyond Your Sightline
 The attack surface has expanded dramatically
 Cyber criminals have taken notice
 The upshot: downtime, disruption, and data loss

5. 5 © 2016 Proofpoint, Inc.
CONSIDER THESE STEPS
TO MANAGE TODAY’S THREATS

6. 6 © 2016 Proofpoint, Inc.
Step 1: Look Beyond the Network
 IT professionals may believe they have this visibility today, but
ESG continuously observes otherwise.
 It’s unrealistic to believe that IT teams can keep pace with
existing and new threats on their own.
 Consider help from technology partners that spend every
waking moment detecting, interpreting, and evaluating
potentially dangerous activity.

7. 7 © 2016 Proofpoint, Inc.
Step 2: Protect Email, Social, and Mobile Vectors
 These are new vectors that threat actors see as ripe opportunities,
and they aren’t being effectively protected.
 Businesses must defend against these common threats.
 You can’t leave it to employees to determine how to
react to attacks on their devices.

8. 8 © 2016 Proofpoint, Inc.
Step 3: Be Ready to Respond
 The remediation process should happen before a threat “walks”
through the door.
 Ideally, this process can be automated without requiring manual
intervention from an IT administrator.
 Reacting after a threat has landed is often too late, and can put
undue strain on an already under-resourced IT organization.

9. 9 © 2016 Proofpoint, Inc.
Step 4: Get a Full Picture
 Organizations require visibility through constant monitoring,
reporting, and use of dashboards.
 Business owners and executive teams need insight into their level
of risk, remediation activity, and defense activity.
 To get a full picture, you need real-time and historical
views into the frequency of threats, and the impact of
proactive detection and remediation across your
organization.

10. 10 © 2016 Proofpoint, Inc.
HOW PROOFPOINT
CAN HELP
THE THREAT INTELLIGENCE PIPELINE

11. 11 © 2016 Proofpoint, Inc.
Stopping Threats Where They Start
 Proofpoint has combined its years of capturing intelligence
and its experience remediating threats to help protect
customers from advanced threats:
- In more than 1 billion emails
- Across more than 4,000 companies
- Among piles of personal data every day
 Proofpoint has scanned more than 21 million iOS and
Android applications to identify high-risk behaviors.
 This can be a formidable for any IT organization without
the depth of knowledge of a company razor-focused on
capturing and remediating potential threats before they
can do real damage.

12. 12 © 2016 Proofpoint, Inc.
The Proofpoint Threat Intelligence Pipeline
The Proofpoint threat intelligence pipeline analyzes threats, extracts malicious
behavior, and correlates data across a fabric of attackers and attack campaigns.

13. 13 © 2016 Proofpoint, Inc.
The Proofpoint Nexus Threat Graph
 The Proofpoint Nexus
Threat Graph is a
massive database of
more than 800 billion data
points providing in-depth,
real-time, forensic
information for more
effective threat detection
and mitigation.

14. 14 © 2016 Proofpoint, Inc.
Information Protection/Discover
 While a number of threats are built for destructive purposes,
others are seeking to steal information.
 Proofpoint helps companies protect the information attackers
are after before they have an opportunity to steal it.
 During this process, Proofpoint identifies where sensitive
data lives within the organization to properly protect it.

15. 15 © 2016 Proofpoint, Inc.
Threat Response
 When something does go wrong, you need the process and the tools
to triage and diagnose alerts to quickly determine the right response.
 Proofpoint Threat Response provides the platform to respond to an
individual alert by correlating it with other alerts, collecting indicators
of compromise (IOC) to:
- Confirm infections
- Responding by pushing controls out to enforcement devices
(such as updating firewalls and proxies)
- Take other other remediation actions
(removing email from inboxes, locking down access for the affected users, and so on).

16. 16 © 2016 Proofpoint, Inc.
Closing Thoughts
 Consider the best means to protect sensitive corporate information,
employee data, and the company’s reputation and brand from cyber threats.
 Partnering with a vendor like Proofpoint enables organizations to effectively
manage the time spent monitoring risk levels and remediation processes.
They can focus their time and resources on employee productivity, business
initiatives, and growing your business.
Read the full report at:
https://www.proofpoint.com/us/solution-showcase

17. 17 © 2016 Proofpoint, Inc.