Proofpoint is developing a pioneering, integrated threat response and advanced threat intelligence platform. The Proofpoint Threat Response 3.0 solution will be a uniquely powerful combination of technologies that provides security teams with the situational awareness to understand their most pressing threats and the tools to act quickly to remedy them.
New features will include enhanced cloud-based intelligence, boosted by recently-acquired Emerging Threats advanced threat intelligence, support for STIX/TAXII and automatic alert integration across multiple security solutions.
"Proofpoint Threat Response 3.0 will provide rich threat intelligence combined with the ability to make that intelligence immediately actionable," said Mike Horn, vice president of Threat Response for Proofpoint. "By providing situational awareness about threats targeting an organization, and integrating that data with multiple response actions, organizations will be able to quickly stop data exfiltration and lateral movement. This new release will be a significant step forward in advancing threat detection and response, across the complete attack chain."
According to the 2014 Verizon Data Breach Investigations Report, nearly 90 percent of point-of-sale intrusions saw data exfiltration in minutes or seconds after compromise. Historically, organizations have struggled with manual incident response because it can take hours or days to decipher thousands of alerts to figure out what is attacking an organization—and often even longer to fix it.
The Proofpoint Threat Response 3.0 release will deliver capabilities organizations need to stop today’s advanced cyber threats: superior speed, pinpoint accuracy and necessary context. Proofpoint customers will have deeper insight across the entire cyberattack chain, enabling them to react faster to inbound attacks, and to identify, block, and disable previously undetected malware already embedded in their organizations. New key features will include:
Advanced Threat Correlation in the Cloud: Powered by the cloud-based Proofpoint threat intelligence service, Proofpoint Threat Response will correlate sandbox and IDS alerts with in-depth campaign and cybercriminal context. The system will make it easy to access attacker details, including threat type, sandbox analysis results, and reputation data, along with visibility into attacker targets and information by group, department, location and more.
Emerging Threats Integration: Adding to its existing rich threat intelligence, Proofpoint’s recent acquisition of Emerging Threats gives customers access to millions of malware samples and other global threat indicators per day. Proofpoint’s threat intelligence service will include the capability to correlate events across a trillion nodes, in real time. This will enable teams to develop intelligence about advanced cybercriminal malware distribution and command and control (C&C) infrastructure.
STIX™/TAXII Support: Customers will be able to add their own threat intelligence data to Proofpoint Threat Response using the industry standard Structured Attack Information Expression (STIX) format and, optionally, the Trusted Automated Exchange of Indictor Information (TAXII) protocol.
Integrated alert support for HP Tipping Point: Proofpoint Threat Response accelerates automated response time from hours to minutes while unifying alerts across multiple security solutions including Proofpoint, FireEye, Palo Alto Networks, Cisco SourceFire, Splunk and soon HP Tipping Point.
Proofpoint Threat Response utilizes Proofpoint’s expertise in detecting and stopping advanced malware propagated through email and social media messaging systems. Those detection capabilities include Proofpoint Threat Response’s indicators of compromise (IOC) confidence scores, which let security teams know instantly whether or not a user system is infected based on data collected from endpoints and detection sandbox reports. Armed with this information, organizations can automatically contain the threats and cut off data exfiltration.
In addition, Proofpoint Threat Response includes advanced reporting to provide security teams with a detailed view of the threat landscape facing their organization. Supplemental reports provide a complete view of the time it takes security teams to review, assign and close cases. This insight allows management teams to streamline workflow and accelerate decision-making.