3 min Security

Proofpoint strengthens DLP capabilities through new framework and solution

Proofpoint strengthens DLP capabilities through new framework and solution

The Information Protection framework helps design and execute Data Loss Prevention (DLP) implementations. In addition, Proofpoint introduces Digital Communications Governance, a solution for data governance and enterprise archiving.

Proofpoint is positioning itself as a security company that aims to reduce the risk of humans around cyber incidents. Security awareness training has long been central to that offering. However, operations have expanded considerably toward a broader security platform focusing on reducing and eliminating three key risks: attacks on people, data loss, and human error.

Information Protection

The latest additions focus primarily on preventing data loss. The Information Protection framework helps design, implement, and develop DLP programs. Proofpoint bases Information Protection on the NIST framework, which follows industry standards for identification, protection, detection, response, and recovery.

Information Protection primarily includes tools for planning, visibility and rule setting. This is done through in-depth assessments of the maturity of a company’s DLP program. It also provides benchmarking against industry peers, giving a company insight into how it compares to the market. Then Proofpoint, or a Proofpoint partner, guides the design of the DLP program and makes recommendations for implementation. This phase also includes understanding behavior and content, which helps with rule setting.

Much of the program additionally focuses on prevention and adaptive response. This includes support for investigating new exfiltration, threat tactics, and impact assessments. Information Protection can also better align rules and policies to align detection and data protection with business goals. For security experts in the security operations center (SOC), there is the ability to optimize analytics, event investigation, incident escalation, and response.

Finally, Information Protection includes features for metrics and governance reporting. This is done through daily system checks and monitoring, reporting to management, and documentation of results.

Digital Communications Governance

Proofpoint’s security platform now also offers more in the area of compliance. Digital Communications Governance is generally available as a unified security and compliance risk management solution. It does this by centralizing communications content, enforcing proactive and adaptive data controls, and streamlining oversight and e-discovery. To do this, Digital Communications Governance relies on an AI engine that creates insights with context for each channel and facet of communications data.

The solution covers context-aware data capture across more than 80 channels to strengthen governance capabilities for communications channels. Examples include mobile communication streams (SMS, WhatsApp, and WeChat), interactions via social platforms (YouTube), and communication via collaboration tools (Slack, Microsoft Teams, Zoom, and WebEx). Digital Communications Governance also features real-time policy enforcement for social media to prevent compliance violations and reputational damage. In addition, there is a search option to contextualize types such as wildcards and emojis.

Another important aspect of Digital Communications Governance is allowing organizations to respond quickly to compliance risks. This is done in part through the AI engine, which provides pre- and post-review of communications data and content. The solution thus aims to increase the relevance of alerts and can detect more than 200 different risks using industry-developed scenarios for communication channels. Through configurable models, AI can provide assessment support. Policy-based, custom models can also be created and implemented to address industry- and company-specific risks.

Tip: Tsunami of spoof emails due to abuse of Proofpoint service