Being able to identify the people in an organization most likely to be attacked – who are often not the obvious C level execs – provides a compelling new value proposition that Proofpoint is highlighting as an industry-first.
Cybersecurity vendor Proofpoint has announced the availability of a new Attack Index Capability within their Targeted Attack Protection solution. It lets security admins identify specific individuals – who Proofpoint terms Very Attacked People [VAPs] within the organization – so that they can take measures to better protect them.
Role-based attack protection has become a common innovation in the cybersecurity industry, but Proofpoint said that what they are doing here is quite different.
“This is individualized cybersecurity, not role-based,” said Mark Guntrip, director of product marketing at Proofpoint.
Guntrip described the Attack Index solution as a logical extension of Targeted Attack Protection.
“Targeted attack protection is something that we have had for 6-7 years,” he said. “It is very threat-focused. All the vendors in this space can provide a list of all the threats. For security teams though, the next issue is what do you do with that information. There really hasn’t been a concrete next step.”
That’s the goal here, to provide that logical next step.
“We score every single threat that comes into an organization, from run of mill stuff like a stock phishing email that would get a 0, up to 1000 for an attack by a state actor,” Guntrip said. The scoring is based on four key factors: cybercriminal sophistication; spread and focus of attack targeting; attack type; and overall attack volume.
“With this, we can assess where the attacks are going, and where the dangerous attacks are going,” Guntrip added. “So we developed this people-centric Attack Index to both identify the most targeted people in an organization, as well as determine the specific type of attacks that target each employee. Organizations can then determine strategies to protect their most attacked people – not just roles – so they can take that concrete next step. This is the first offering like this in the industry.”
Guntrip said that being able to identify particular individuals as likely targets as certain types of attacks has multiple advantages.
“You can tell them they are at the top of the list, and what tactics the attackers are using,” he said. “You can get them additional security training if they are getting ransomware, for example. You can even push their Web content out to browser isolation if necessary, for additional protection.”
Guntrip noted that the Attack Index does not typically find that the most targeted individuals are C-level execs, which increases its value.
“The C level people are ones who the security team would normally look at more closely anyway,” he said. “However, the CEO and CFO are rarely close to the top on the most-attacked list. Many of the attackers are very sophisticated at going after people who you wouldn’t suspect, unless you dig deep on who they are. For example, at a drug company, the person who communicated with the FDA about the new drugs being manufactured was targeted. They went after the communicator, not the people responsible for the research. With a car manufacturer the guy in IT who managed all the codes for the keyless entry on the cars was at the top of the list. With his data, you could open the cars and steal what you want.”
Several aspects of the new Attack Index capability are relevant to channel partners.
“First, it shows the level of investment we are putting into our research and our products, which involves 20 per cent of our revenue going into R&D,” Guntrip said. “No other vendor has done this before, It’s a different way of looking at the problem.”
It’s also something that has explicit meaning to customers, which should make the Proofpoint solution easier to sell, and more likely to renew.
“It’s an easy story for the customer to understand,” Guntrip noted. “Being to tell a prospect that you can identify the 20 most attacked people in their company is very direct. It’s much more valuable in that sense than talking to them about polymorphic threats.”
Proofpoint’s Attack Index is now included at no additional cost within the Proofpoint Targeted Attack Protection product.