Proofpoint introduces targeted URL isolation solutions for high-risk targets

Proofpoint also announces new customizable training, which like the new isolation solutions, is aimed squarely at an organization’s most attacked people.

Ryan Kalember, Proofpoint’s executive vice president of Cybersecurity Strategy

Cybersecurity vendor Proofpoint has made a pair of announcements that they are emphasizing both have a people-centric theme, in focusing on protecting a company’s people who are most likely to be targeted by cyberattacks. One is an enhancement to their email and browser isolation products which specifically limit the isolation protection to these most vulnerable people. The other is new security awareness training customization features that allow tailoring of interactive training modules. While this has multiple advantages, it can also be of value in protecting endangered users.

Isolation technology has been on the market for several years, and protects users by working on Zero Trust principles, examining content within a sandbox environment for threats, while letting the user view a safe mirrored image. It’s an effective complementary security technology – with the caveat that it does have some impact on user experience.

“Isolation technology is extremely powerful, but we believe that it is best used as a scalpel and not a sledgehammer,” said Ryan Kalember, Proofpoint’s executive vice president of Cybersecurity Strategy. “With this, we focus on people who are highly attacked. Of 10,000 people in an enterprise, maybe 100 will get interesting phishing attacks targeted at them. So we leverage a powerful technology in areas where it has the greatest benefit – protecting high value human targets. By focusing on these VAPs – Very Attacked Persons – we limit the isolation to those where it will have the maximum effects, rather than try to isolate everything.”

Isolating everything is the way that this technology has worked, including Proofpoint’s own products, Proofpoint Email Isolation, and Proofpoint Browser Isolation. The catch, Kalember said, is that while isolation is effective, it does change the user experience somewhat.

“Isolation provides a different user experience than going straight to a site itself,” he said. “It’s not necessarily worse but it is different, and for some people, it can break the experience. For example, it doesn’t keep cookies, which can require you having to log back into sites. There is also a financial cost to delivering the isolation.”

The Proofpoint products now have the capability of isolating URLs based on a user’s risk profile, to let isolation technology protect the most targeted people in an organization, while not impacting others.

Kalember said that the likely market for this is larger companies, and those which have dynamics which make them especially security conscious.

“The core of the isolation market is top end, although it is filtering down somewhat,” he indicated. “It’s the kind of thing you do after you have all the basics right. It’s used mainly in industries that have a lot of control over what their users do, like financial services and government, as well as security-focused ones who are willing to take a cost on productivity for additional security. But this is also associated with some companies that aren’t associated with the security bleeding edge. Health care is an example. That’s because they have lots of contractors, who have their own devices, and create additional risk. So you have demand from these kinds of organizations, even if the organization itself isn’t that large.”

In addition to the new isolation capabilities to target VAPs, Proofpoint has also released people-centric improvements to their Security Education Platform that allow security teams to personalize training with customized content.

“Security awareness training has seen only a little innovation in a relatively long history,” Kalember said. “It took a long time to get from training that was once a year done in a room, to a lot more online, and following general learning science principles. Now phishing simulation training has become popular, including giving people a button to report possible phishes, but you find that some people just use it as a delete button.”

Proofpoint now allows each module in the self-service Proofpoint Customization Center to be customized to meet the specific needs of individual departments, roles, and regions. This includes being able to alter training module text, including quiz questions. All edited content is automatically reviewed by the Learning Science Evaluator, which will alert admins if changes do not follow principles designed for maximum learning retention.

“Users’ ability to pay attention benefits from customization, because they tend to give more attention to something that looks like it was crafted for them,” Kalember said. “This is also valuable for role-based training for targeted users. For example, if in health care you have ‘Pharmacy’ or ‘Nursing’ in your title, you get targeted by some very interesting threats because information to which you have access is likely more valuable. Finally, being able to customize training helps when people have done a quiz before, so would have an advantage of knowing it.”

This on-demand customization functionality is available at no additional charge to Security Education Platform customers across North America, Europe, and Asia-Pacific.