Proofpoint unveils new features to break cyberattack chain

Cybersecurity and compliance company Proofpoint has announced several new features and capabilities in its security solutions to help thwart threats across the most critical stages of the cyberattack kill chain. The new capabilities, announced at Proofpoint Protect 2023, span the company’s Aegis Threat Protection, Identity Threat Defense, and Sigma Information Protection platforms. They are built to help businesses address threats including business email compromise (BEC), ransomware, and data exfiltration, Proofpoint said in a press release.

The solutions use artificial intelligence (AI) and machine learning (ML) technology to equip security practitioners with visibility, flexibility, and depth to detect and disrupt adversaries across their organizations’ attack surfaces, according to Proofpoint.

The cyberattack/cyber kill chain

The cyberattack chain is a way to understand the sequence of events involved in an external attack on an organization’s IT environment. It can help IT security teams put strategies and technologies in place to stop or contain attacks at various stages. The cyberattack chain is often referred to as the cyber kill chain – a concept model first developed by Lockheed Martin to break down the structure of a cyberattack. It identifies what adversaries must complete to achieve their objective over identifiable stages, breaking down an external cyberattack into seven distinct steps to hep enrich defenders’ knowledge of an attacker’s tactics, techniques, and procedures.

The seven steps outlined in Lockheed Martin’s cyber kill chain are:

  1. Reconnaissance: The intruder picks a target, researches it, and looks for vulnerabilities.
  2. Weaponization: The intruder develops malware designed to exploit the vulnerability.
  3. Delivery: The intruder transmits the malware via a phishing email or another medium.
  4. Exploitation: The malware begins executing on the target system.
  5. Installation: The malware installs a backdoor or other ingress accessible to the attacker.
  6. Command and control: The intruder gains persistent access to the victim’s systems/network.
  7. Actions on objective: The intruder initiates end goal actions, such as data theft, data corruption, or data destruction.

Aegis platform enhanced with LLM-powered BEC attack detection, visibility features

Proofpoint’s Aegis Platform is designed to disarm attacks such as BEC, ransomware, weaponized URLs, and multifactor authentication (MFA) bypass for credential phishing. New enhancements and features in Aegis include:

  • An  large language model-based pre-delivery BEC threat detection and prevention via implementation of the BERT LLM within Proofpoint’s CLEAR solution has proven successful at detecting malicious messages, both those created traditionally and with generative AI, Proofpoint said.
  • Enhanced visibility into blocked threats with new summaries in the targeted attack prevention (TAP) Dashboard will provide enhanced explanation on BEC condemnations performed by Proofpoint’s CLEAR solution, including threats condemned by the new LLM-based detection. Summaries will include why a threat was determined to be a BEC attack and its corresponding response timelines, according to Proofpoint.

Unified data reveals ransomware, data exfiltration attack paths

Proofpoint’s new Attack Path Risk feature brings together data across the attack chain between Proofpoint’s Aegis and Identity Threat Defense platforms, the firm said. This will help security practitioners better understand the number of attack paths for ransomware and data exfiltration should an employee’s identity be compromised for privileged identity abuse and lateral movement. Available in Q4 within Proofpoint’s TAP dashboard, organizations that add Proofpoint’s Identity Threat Defense to their Proofpoint Aegis implementation can empower their analysts to swiftly prioritize remediation and adaptive controls, according to the company.

New misdirected email features, generative AI user interface

Proofpoint’s Sigma Information Protection merges content classification, threat telemetry, and user behavior across channels in a cloud-native interface to help prevent data loss and insider threats, the vendor said. Leveraging behavior anomaly detection ML for content scanning, Proofpoint’s new Misdirected Email solution, available in Q4, prevents users from accidentally sending emails and files to the wrong recipient, which could potentially lead to a data loss incident, Proofpoint said.

Also new for Sigma is Proofpoint Security Assistant, a generative AI user interface which allows analysts to ask natural language questions and receive actionable insights/recommendations based combined data points across Proofpoint’s platforms, the company said. Available in Q4, analysts can pose questions such as “show me John Doe’s exfiltration attempts and recommend which DLP controls we should add,” according to Proofpoint. Over time, Proofpoint’s generative AI-based interface will be expanded to the Aegis and Identity Threat Defense platforms, enabling security practitioners to ask it queries such as “show me the leading very attacked people who have the most attack paths that would result in a ransomware-based data exfiltration.”

Data and Information Security, Email Security, Ransomware

Go to Source