Beating BEC

Proofpoint has introduced what it says is the industry’s first integrated, end-to-end solutions that address business email compromise (BEC) and email account compromise (EAC) attacks by combining Proofpoint’s leading secure email gateway, advanced threat protection, threat response, email authentication, security awareness training, and cloud account protection.

  • 4 years ago Posted in

In addition, to help organizations combat advanced cyberattacks that use both email and cloud vectors, Proofpoint also announced multiple Proofpoint Cloud App Security Broker (CASB) innovations to safeguard the cloud applications employees access every day, such as Amazon Web Services, Box, Google G Suite, Microsoft Office 365, and Slack.

 

“BEC and EAC attacks have cost companies over $26 billion worldwide, and have been responsible for more cyber insurance claims than any other threat, including ransomware.1Our new integrated solutions are the first in the market to address the problem with an end-to-end approach that counters the full range of attacker tactics,” said Ryan Kalember, executive vice president of Cybersecurity Strategy for Proofpoint. “Ninety-four percent of data breaches start with attacks targeting people via email.2 Advanced threats are now combining both email and cloud vectors whereby a single malicious email can lead to an infiltrated cloud account, which in turn can lead to phishing or email fraud attacks internally and throughout supply chains. We monitor millions of users in the cloud and our multiple CASB advancements—coupled with our new BEC/EAC integrated solutions– will help our customers ensure their organizations have comprehensive, people-centric protection against these costly attacks.”

 

Stopping BEC and EAC attacks is top of mind for organizations as cybercriminals continue targeting individuals via email with highly personalized social engineering messages. Those messages can take the form of BEC impostor emails that work to trick people into sending money and data to fake accounts and recipients. In the case of EAC, fraudsters work to compromise email accounts via credential phishing, password spraying, and/or malicious third party applications to maintain persistence and profile business activity such as new business partnerships or regular wire transfers to partners or vendors. Armed with this insight, attackers can craft and send convincing and timely emails masquerading as a real employee with what appears to be a legitimate financial request, and can lead to significant financial loss.

 

Cybercriminals are increasingly blending their attacks to span email and cloud vectors, which means organizations need solutions that combine security across all channels. Organizations worldwide look to Proofpoint Cloud App Security Broker (Proofpoint CASB) to help secure applications such as Amazon Web Services, Box, Google G Suite, Microsoft Office 365, Slack, and more. The solution provides a unique risk-aware, people-centered approach that gives organizations visibility and control over cloud applications while allowing security teams to deploy cloud services with confidence. 

 

The latest Proofpoint’s CASB innovations include: 

 

    • New automated detection and remediation of malicious third-party applications in Microsoft Office 365 and Google G Suite. This innovation will help stop attacks that may start by email and launch third-party applications that provide attackers with persistent system permissions and access

 

    • Expanded suspicious file activity detection for Microsoft Office 365 through integration with Proofpoint threat intelligence

 

    • Two risk-based access enhancements that detect if a user device is unmanaged and restricting access—and the ability to determine risk levels during login and respond with adaptive controls, such as multi-factor authentication

 

    • Increased shadow IT visibility into 46,000 applications with more than 50 attributes per application

 

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...