Email Security

Interview: Proofpoint VP On Why You Should Prioritize Continuous, Complete Email Security

Expert Insights interviews Tim Choi, VP Product Marketing at Proofpoint at RSAC 2024.

Tim Choi

The threat landscape is moving rapidly in the email space, Tim Choi, VP Product Marketing at Proofpoint tells Expert Insights. “We see an increase, no doubt, in business email compromise… Business email compromise messages are much better written. It’s evidence that the threat actors are utilizing tools, generative AI, ChatGPT, to help craft these messages.”

“Microsoft continues to be the number one abused brand. In particular, their cloud applications, like OneDrive and SharePoint. Because, if you think about it, every time there’s an update on these apps, they send an email to all parties. In spite of all of the cloud applications that are growing in the world, email continues to be where notification updates are sent, and the threat actors know that.”

Proofpoint has over 500,000 clients globally, and they secure over 85% of Fortune 500 companies with their ‘human-centric’ security solutions covering email, identity, and data protection. Proofpoint made several key announcements at RSAC 2024, making additions to their email security product portfolio and a new cross-channel DLP product.  

Proofpoint’s key announcements included:

  1. A new AI, machine learning (ML), and large language model (LLM)-based feature that understands the intent of an email message before it reaches inboxes, analyzing the language used, URLs, QR codes, and attached files.
  2. An ML-based detection engine that uses over 600 behavioral attributes from known-malicious emails to self-learn and stop new variations of the same threat.
  3. A new DLP solution that enforces generative AI Acceptable Usage Policies by allowing and disallowing interactions with GenAI tools based on user behavior.

In releasing these new solutions Proofpoint are doubling down on what they describe as ‘continuous and complete’ email security, Choi says.  “We really want to ensure that we set a new standard in terms of what email security needs to be. And when we say a new standard, there are two keywords: complete and continuous.”

“When we say complete, it is utilizing all types of technology or methodologies to detect  threat intel, following the threat actors understanding what the threat actors are doing, utilizing machine learning semantics and using large language models to detect particular messages, for example and behavior.”

“With a network of over 500,000 customers around the world, many of them are actually interlinked between each other, suppliers, vendors, business relationships. So, we actually have a powerful network that we see anomalous activity that’s happening within the email, email network around the world.”

“We are also applying large language models, semantic analysis, on emails. We are scanning them, before it even enters into Microsoft 365 or Google Workspace. It’s a major breakthrough from a technology from an engineering perspective because these operations are costly. Every email, you’re trying to understand what’s written, and not just keywords, but intent. So, by applying large language models, we’re actually able to understand the threat actor’s intent, and then stop it based on that intent.”

In December 2023, Proofpoint closed its acquisition of Tessian, an API-based email security service that offered post-delivery protection against inbound phishing, and a DLP component that prevented users from leaking sensitive information via email. 

“We want to make sure [email protection] is unified and continuous. We’re now offering all of our Proofpoint customers pre-delivery-to-click time protection via a post-delivery API based solution that integrates directly into Microsoft 365. That was realized via our acquisition of Tessian last year,” Choi explains. Part of this feature set includes applying machine learning behavioral analytics to create risk scores of all users, including your most at risk users. 

“If you’re able to identify who those people are, you can then apply additional adaptive control. That’s why we call it adaptive email security because it’s an extra layer of protection. And because we know who the at-risk users are, we can apply isolation, we can apply security awareness training, and we can apply our integrations with OKTA. You don’t have to take this hammer and hit everything, you can be very specific and surgical.”