Proofpoint has announced two new relationships, one with CyberArk and one with Imperva, both intended to help joint customers quickly prevent data breaches through tight integrations with Proofpoint’s Threat Response threat management platform. Both relationships are a direct result of Proofpoint’s commitment to aligning with other leading next-generation cybersecurity companies to enable better, collaborative protection. During a breach, most cybercriminals go after privileged user accounts to access databases and critical information. There is often a period of time between the actual break-in and when the attacker explores systems, locates sensitive data, attempts to access internal systems—and when the attacker ultimately steals information. It is essential that security teams act immediately to stop the attacker during the gap between compromise and attempted escape.
“Our relationships with CyberArk and Imperva help organizations prevent security alerts and incidents from escalating to full blown breaches,” said Ryan Kalember, senior vice president of Cybersecurity Strategy for Proofpoint. “A typical organization runs dozens of security products, and teams need a way to take urgent action against possible compromises leveraging multiple vendors’ tools. Security teams shouldn't have to spend time creating and maintaining homegrown integrations, which is why we are committed to partnering with leading security organizations to help our customers stay ahead of today’s threats.”
Proofpoint Threat Response, which provides automated incident response within a threat management platform, allows security teams to quickly identify compromised users who have access to privileged accounts, take immediate action to quarantine their critical access and prevent an attack from becoming a successful breach. Proofpoint’s integrations with CyberArk and Imperva enable joint customers to automatically push quarantine group policy changes into each respective system, drastically reducing the window of opportunity for the attacker.
Proofpoint Threat Response is the first threat management platform to provide security teams with the situational awareness to understand their most pressing threats and the tools to act quickly to remedy them. The platform automates incident response, correlates security alerts with rich contextual data to create actionable intelligence, confirms system infections, and enforces protections automatically or with the push of a button. Alert sources include Proofpoint Targeted Attack Protection, FireEye MPS, Palo Alto Networks WildFire, HP ArcSight, QRadar/Juniper STRM, Splunk, Cisco FirePOWER NGIPS and Suricata.
“CyberArk is partnering with Proofpoint to deliver value to joint customers through our combined detection, response and recovery capabilities,” said Adam Bosnian, executive vice president, Global Business Development at CyberArk and head of the C3 Alliance. “While the motivation and breach methods may vary, compromised privileged accounts remain a common denominator in nearly all damaging attacks. It’s through this type of security vendor collaboration, which emphasizes privileged account security, that customers will be able to improve their response and resiliency to cyber attacks.”
Armed with Proofpoint Threat Response insight, a cyber defender can quarantine a suspected spearphished user. When that quarantined user tries to utilize privileged credentials, the CyberArk Privileged Account Security Solution can immediately implement higher security controls around that user’s privileged access rights and capabilities on critical assets.
The integration between Proofpoint Threat Response and the CyberArk Solution helps mitigate the risk of a potential breach by making it difficult for attackers to access an organization’s IT infrastructure, disable security controls, steal confidential information, commit financial fraud and disrupt operations.
Imperva and Proofpoint Threat Response customers can also proactively pinpoint a database administrator (DBA) compromise and automatically lock that DBA’s credentials. The integration enables Imperva SecureSphere to incorporate Proofpoint Threat Response findings into any SecureSphere policy, providing an orchestrated response. For example, SecureSphere can dynamically block the DBA from accessing any data directly at the database level.
“Imperva customers use our data security solutions to monitor who accesses what data, identify database users that act maliciously or who are compromised, and ultimately control who can access what data,” said Ayelet Steinitz, vice president of Business Development at Imperva. “Bringing together two best of breed solutions creates the effective safeguards that our joint customers have come to expect of our two companies.”