Proofpoint announced on Sept. 5 the launch of its new Closed-Loop Email Analysis and Response (CLEAR) technology, as well as a new partnership with Okta to help combat email credential phishing attacks.
The CLEAR offering is the first technology developed by Proofpoint together with its new Wombat security division. With CLEAR, organizations can automatically report, analyze and remediate potential threats that might be present in email messages.
“CLEAR is the evolution of both the Wombat PhishAlarm and PhishAlarm Analyzer products as well as the Proofpoint Threat Response Auto Pull [TRAP] product,” Joe Ferrara, general manager of the Wombat Security product division of Proofpoint, told eWEEK. “This is a new solution and does not replace any existing solutions within either Wombat or Proofpoint.”
Proofpoint announced that it was acquiring Wombat on Feb. 6 in a deal valued at $225 million. Prior to the acquisition, Ferrara was the president and CEO of Wombat. He noted that operating as a division of Proofpoint, Wombat Security is under the same leadership and has continued to deliver on its pre-acquisition strategy.
“It is pretty much business as usual,” Ferrara said. “The one addition to our strategy is the integration with Proofpoint, which delivers additional value to both Wombat and Proofpoint customers.”
How CLEAR Works
With CLEAR, Ferrara said Proofpoint has a complete stack for reporting, analyzing and remediating phishing attacks that get past perimeter defenses.
“End users can easily report a suspicious message with just a single click using the PhishAlarm email reporting button,” he said.
Ferrara added that false positives and noise are kept to a minimum with automatic filtering of whitelisted emails and simulated phishing, making it easier for response teams to prioritize their work. Once a suspicious email has been reported, PhishAlarm Analyzer enriches and prioritizes messages for TRAP utilizing machine learning, he said.
“TRAP automatically analyzes messages against multiple intelligence and reputation systems,” Ferrara said. “Real threats can then be deleted or quarantined with just a click, reducing the time between reporting and remediation from days to minutes.”
Among the most impactful types of email risks today are Business Email Compromise (BEC) attacks, which aim to trick unsuspecting users into paying fraudulent invoices. According to an FBI report released in July, global losses from BEC attacks have now surpassed $12.5 billion. Ferrara said CLEAR can help organizations combat the risk of BEC, especially when combined with a sophisticated email security solution and holistic security education program.
“It goes without saying that reducing the number of emails that reach the end user is the first step,” he said.
That said, he noted that there are many end-user behaviors that can enable BEC, such as sharing work information on social media. By providing the attackers with detailed personal or work information, the attacks can seem more relevant and believable. Ferrara said that when end users are knowledgeable about protecting sensitive information and trained to identify BEC attacks, they can be the last line of defense by identifying and reporting BEC emails.
“With CLEAR, reported emails and copies of the reported emails in other end-user inboxes can be removed before they even see them,” Ferrara said. “The CLEAR solution is a tangible part of delivering on Proofpoint’s people-centric security strategy.”
Among the different industry approaches to help verify the authenticity of email is the Domain-based Message Authentication, Reporting and Conformance (DMARC) set of specifications. DMARC is now being implemented across the U.S. government as part of a mandate to improve email security.
DMARC analysis is not part of the first release of CLEAR, though Ferrara said future enhancements are already in development for the platform. That said, he noted that reported messages are automatically dissected and analyzed against multiple intelligence and reputation systems by TRAP and PhishAlarm Analyzer.
According to Ryan Kalember, senior vice president of Cybersecurity Strategy at Proofpoint, DMARC is an essential security measure for every organization to safeguard their email communications to customers, partners and their own employees.
“It’s also important to remember that DMARC alone is not a silver bullet to preventing email fraud,” Kalember said. “We recommend organizations deploy a multilayered approach to solving the full email fraud challenge, which includes DMARC authentication, dynamic email analysis to block display name spoofing at the gateway, and lookalike domain discovery to search for domains that have recently been registered by third parties.”
In addition to the launch of CLEAR, Proofpoint announced a technology partnership with identity provider Okta that can provide additional layers of security.
Kalember said that as a result of the technology partnership, joint Proofpoint and Okta customers can deploy a layer of automatic authentication security to ensure users that clicked on a phishing URL do not have their email accounts compromised.
“While these capabilities were previously available separately, this integration helps reduce the time and manpower needed to secure systems,” Kalember said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.