1. Proofpoint mail security

2. Proofpoint at a Glance 58% 100+ 20B+ 9 5000+ ~20% 500B+ 90%+ 300K+
LEADING CUSTOMERS
DEEP SECURITY DNA
UNIQUE VISIBILITY
ENTERPRISE CLASS
58%
of the
Fortune 100
100+
threat ops and research team
20B+
messages processed daily 9
straight years of MQ leadership
5000+
enterprise
customers
~20%
revenue invested
in R&D
500B+
node threat
graph
90%+
renewal
rate
300K+
daily malware samples
50M+
mobile apps
scanned
strategic ecosystem integrations

3. Attacks Increasingly Target Individuals, Not Infrastructure
Threats use social engineering, not vulnerabilities
BEC/impostor fraud becomes board-level issue
Mobile, social, SaaS
threats ramp and evolve
99%+
Rely on user to run malicious code
150%
$5B
Increase in social media phishing
Direct losses since January 2015, up 2,370% year over year
Threats have shifted to target people, not infrastructure
- Attackers are relying on users to run malicious code for them
Shifting to also attack through mobile applications, social media
- The rapid rise in malware-free BEC and fraud has cost organizations globally billions of dollars
RATs become common in mobile apps
22,292
74%
Malicious links are credential phishing
Organizations victimized in the US alone
Source: FBI

4. Threat Landscape is Dynamic
32%
Fraud Increase YoY
400%
New Ransomware YoY
2200%
Malicious URL Increase YoY
Source: Proofpoint Threat Report Q3 2017
Source: 3Q17 Proofpoint Threat Report

5. Protecting Your People is the Key
Trust
Data
Money
SaaS Apps
Accounts
Process
Enterprises of all sizes face similarly sophisticated, targeted attacks
4.6% of all malicious URLs clicked on, 75% within the 1st hour
45% from mobile devices
Organisations without large security teams can’t throw bodies at the problem
World-class effectiveness against human-targeted attacks gives small teams a fighting chance
If these attacks are successful, they don’t just impact the immediate action - there can be much wider consequences. This means small security teams need even better security than larger organizations that can throw money, people, and other resources at their problems. If you don’t have the expertise on staff to analyze malware and look at threat intelligence to understand the campaigns and threat actors targeting your organization, your security provider needs to be able to.
Attackers could gain access all of the systems that the victim can. This includes local data, business accounts and network data, and even SaaS applications such as Google Docs or One Drive, Box, or salesforce.com. If the credentials of the victim are taken, then attackers can also gain access to internal processes, such as financial or purchasing systems, and access and exploit the trust that is implicitly linked to the person.
This problem cannot be solved by manual effort – there are not enough hours in the day, talent, or money for effective incident response at smaller organizations

6. 90% Industry Is Not Aligned with the Threats Budget spending
Attack Vectors
Budget spending
90% 8%
of sophisticated attacks
target people, largely via
Network
62%
Endpoint
18%
Source: Verizon DBIR, Trend Micro, FEYE, etc.
Source: Gartner

7. We have a Growing Portfolio
Advanced Security
Malicious Attachments
Malicious URLs
Protection
Targeted Attack Protection
Security
Advanced Threats
arrives
Cloud App Security Broker
Anti-Virus
Impostor Classification
Dynamic Reputation
Attachment Defense
URL Defense
Advanced Threats
SPAM
Virus
Malware
DDOS
Phishing
Business Continuity
Fraud Protection
Executive Impersonation
Supply-chain Phishing
TRAP
Continuity
Fraud Defense
Domain Discover
Business Continuity
Fraud (BEC)
Remediation
Response
Consumer Phishing
Look Alike
Information Protection
leaves
Exfiltration
Encryption
Protecting Sensitive Information
Insider Threats
DLP
Regulatory Compliance
SaaS Protection

8. Advanced Email: Better Protection at Delivery
Recon
Weaponize
Deliver
Exploit
Install
Command
&
Control
Action
Endpoint and network defenses
Better to stop attack before damage
Better chance of detection
Better intel and context for actors, campaigns
Target already clicked, attacker has foothold
Detection challenging, especially for malware-free attacks
Difficult to put attack in context and link to campaign/actor
If we look at the threat chain, we can again see benefits of protecting against threats at the gateway – blocking malicious before it gets to the network or endpoint.
By detecting and blocking threats at the network or the endpoint, you know for a fact that the threat was on your network, and you have to hope that when you block it, you get rid of ALL threats to make sure it doesn’t continue to reside.
If you block it at the gateway, before the threat gets to the network and endpoint then you know for sure that you are secure and there is no threat of infection.

9. Blocking Malware & Security Intelligence

10. The Industry’s Most Effective Sandbox
NON-MALWARE
The Industry’s Most Effective Sandbox
Detection
Intel Extraction
Analysis and Correlation
POTENTIAL THREATS
ALL THREATS
Mutli-Platform Intel Extraction Sandboxes
Composite Reputation Correlation
IOC Curation + Actor/Campaign Analysis
TAP Intel Team
Threat Ops
MALWARE
Bare Metal
Alerts from Campaign Correlation
Code Analysis
Multi-Platform
Malware Sandboxes
Network Detection
Analyst-Assisted Execution
SaaS
TAP Ops
Customer-Initiated Research (PTS)
Threat Ops
NON-MALWARE
Classifiers (Phishing, BEC)
TAP Ops
Credential Phish Sandbox
TAP Ops
Let’s talk through how to be effective against the modern threat landscape. It is a combination of 3 different concepts:
Having the right technology to detect the threats wherever they are
Having the right people operating that technology
Translating that into the right intelligence to both understand those attacks and best improve the defenses as the threats themselves evolve over time
As we have discussed, the first step in being effective is to be where the threats are: , social media, mobile apps, and in SaaS applications.
Proofpoint Nexus Platform
Effectiveness

11. TAP Attachment Defense
End-to-End Insight
Proofpoint Protection Server
Reputation
Hash
arrives
Attachment Defense Module
Hold files until receive verdict.
Quarantines threats.
Real Time Intelligence
Sandbox
Malware
Behavior
Code
arrives containing the attachment, which is then sent to the Proofpoint Protection Server (PPS). PPS can be deployed as a on-premise appliance, virtual appliance or in the cloud.
PPS contains optional modules, in this case it would be the Attachment Defense Module.
The Attachment Defense Module would send a copy of the file to the Proofpoint Cloud to check its reputation, meaning whether we have seen the file hash before. A verdict would be returned as “threat”, “clean” or “unknown”.
If the response is “unknown”, the file is preemptively sent to the sandbox which uses dynamic and static analysis techniques to identify malware, abnormal behavior and suspicious code.
If the response is “clean” then the file can be downloaded, as expected. If the response is “threat” then the file is blocked from download and quarantined.
End-to-end insight gives administrators a view across the entire attack chain, so you can still see after the asset has been checked and clicked. So if an asset has been delivered an clicked (which can happen for a number of reasons: audit mode or delivered before sandbox successfully completed analysis), TAP still tracks that so that administrators can see the IPs or users to further investigate. This forensic information is visible on the TAP dashboard or can be fed into Threat Response.
Real time intelligence – Discuss graph database and Emerging Threats
Protect anywhere – On and off network, on any device (PC, mobile)
Protect Anywhere
Threat Detection Analytics
{ Clean }
{ Threat }

12. TAP URL Defense Reputation Sandbox
arrives
Reputation
End-to-End Insight
Proofpoint Protection Server
Check reputation. Quarantine known threats.
URL Defense Module
Rewrite URLs. Send to user.
Blacklist
Redirector
(urldefense.
proofpoint.com)
Sandbox
Real Time Intelligence
Malware
Behavior
Code
Predictive sandboxing
arrives containing the attachment, which is then sent to the Proofpoint Protection Server (PPS). PPS can be deployed as a on-premise appliance, virtual appliance or in the cloud.
PPS contains optional modules, in this case it would be the Attachment Defense Module.
The Attachment Defense Module would send a copy of the file to the Proofpoint Cloud to check its reputation, meaning whether we have seen the file hash before. A verdict would be returned as “threat”, “clean” or “unknown”.
If the response is “unknown”, the file is preemptively sent to the sandbox which uses dynamic and static analysis techniques to identify malware, abnormal behavior and suspicious code.
If the response is “clean” then the file can be downloaded, as expected. If the response is “threat” then the file is blocked from download and quarantined.
End-to-end insight gives administrators a view across the entire attack chain, so you can still see after the asset has been checked and clicked. So if an asset has been delivered an clicked (which can happen for a number of reasons: audit mode or delivered before sandbox successfully completed analysis), TAP still tracks that so that administrators can see the IPs or users to further investigate. This forensic information is visible on the TAP dashboard or can be fed into Threat Response.
Real time intelligence – Discuss graph database and Emerging Threats
Protect anywhere – On and off network, on any device (PC, mobile)
Protect Anywhere
Threat Detection Analytics
URL clicked
302 Redirect
{ Clean }
{ Threat }

13. Overview Essentials

14. Proofpoint Essentials:
36,000
Europe
BEST SME SECURITY SOLUTION – June 2017
#1 in 3rd PARTY TESTS SE LABS - AUGUST 2017
CUSTOMERS
150%
18,000
1.6M+
YoY INCREASE IN CUSTOMERS
Office 365 CUSTOMERS
USERS

15. What is Proofpoint Essentials?
security, advanced threats, encryption, archiving & more
Cloud-based security for SMBs
Leverages protection capabilities used by the largest, most security focused companies
Enterprise-class protection
Security with limited staff & resources
Addressing challenges of SMB

16. Must have SMB features Impostor DLP Classifier Archiving
Protection
Impostor
Classifier
DLP
AD/UD
Sandboxing
Social
Protection
Archiving
Encryption

17. Email Protection Deep Content Analysis Enterprise-class Protection
Advanced anti-spam, phishing & fraud
Inbound & outbound content filtering
Enterprise-class Protection
Dynamic reputation service leverages Global IP and URL Reputation
Behavioral based zero-hour protection
Flexible Controls
Easy to define controls
Configurable by user, group and company-wide

18. Advanced Threat Protection
WWW.
URL Defense
Next Generation URL Sandboxing
Follow-Me Protection (URL Rewrite)
Attachment Defense
Next Generation Attachment Sandboxing
Utilizes visibility across all ADS customers
Social Media Protection
Protect up to 3 company social media accounts
Automated removal of spam, malicious links or inappropriate content
Protection and correlation across all major vectors – Proofpoint Nexus Threat Graph

19. Information Protection: Email Encryption & Data Loss Prevention
Smart Identifiers
Detects content such as driving license numbers, credit cards or social security numbers
Over 100 defined by default
Defined dictionaries
Detects specific terms within content such as PHI, Source Code, Trading
Over 20 defined dictionaries
Analyze Content
Includes message, attachments, attributes
Detect, block, and alert if confidential information is entering or leaving organization.

20. Email Archiving Unlimited Storage Retention and Legal Hold
Fixed cost per user per year
Retention and Legal Hold
Up to 10 year retention
Company and user-based legal hold
Powerful Discovery Tools
Company or individual user user search
Export archived
Easily capture and search communications across the company in minutes.

21. Disaster Recovery / Message Continuity
Spooling & Failover
Instant and automatic activation
Always-on SMTP Deferral, Failover & Queue protection
Emergency Inbox
“Webmail” interface to send & receive during server outages
Instant Replay
Redeliver inbound s lost or deleted from your server
Automated spooling means that no messages get dropped in the event of an outage
The Emergency Inbox is a web-based mail client that can allow users to send and receive mail when their server is out of service. Once the server is restored, all mail is synchronized, and the regular mail client can again be used.
With Instant Replay, our customers have the ability to easily restore that might have been inadvertently deleted. Never again… will that important , disappear without a trace. Continuity features help an enterprise keep operating, even in the event of an outage.
Maintain business during planned or unplanned outage and downtime

22. Easy to setup and management
Simple setup
“Best practice” policies are enabled by default
Embedded documentation and videos
Setup assistance provided
Multiple ways to import and manage users
Auto-discovery users
Sync users with AD Sync, Azure AD
Unified experience
Single UI for admins, users; managing all components ( security, encryption, archiving)

23. Proofpoint Essentials Packages
BEGINNER
BUSINESS
ADVANCED
PRO
Security
Anti Virus ✔
Spam Filtering
Reporting
Content Filtering
Outbound Filtering
Impostor Protection
Targeted Attack Protection – URL & Attachment Defense
Data Loss Prevention
Encryption
Social Media Account Protection
Continuity
Emergency Inbox
30 Days
Spooling
Instant Replay
Archive
Tamper-Proof and Offsite
Search and eDiscovery
Unlimited Storage (10yr Archive)
So, now that we’ve have gone through all of the features that Essentials has to offer for our Small and medium sized businesses, let’s take a look at the different packages and how they break down. We all know every organization is different and has different needs, that’s why we have packaged Essentials into different offerings.
As you can see, we offer a Beginner package, offering filtering (both inbound and outbound), anti-virus (in which we use 3 different engines) as well as phishing and impostor protection. The Business package, and our most popular, adds in advanced targeted attack protection in the form of the URL and Attachment Defense and DLP. Customers needing Encryption and/or Social Media Account Protection can take advantage of our Advanced package and our Professional package that provides all of the available features within Essentials as well as Archiving. Based on the needs of the customer, you can select which package is best for them.

24. Competitively priced across all packages
Proofpoint Essentials - Best Overall Value
Superior Protection
More Effective in all 3rd party tests*
Competitive Pricing
Competitively priced across all packages
Rapid On-boarding
<60 minutes to full protection
Easy Management
Default policies, minimum configuration
Fully Integrated Solution
Integrated: security, privacy, continuity and archiving
*See appendix

25. Demonstration

26. Discovering Threats Pre-POC

27. POC Challenges I’m Sure I’m Already Protected!
I’m Generally Happy With my Solution!
Incumbent Solution Embedded in Network Infrastructure!
Lengthy Change Control / Need a Compelling Reason to Move!

28. Threat Discover for Email
Identifies malicious URLs and attachments residing in Exchange environments
Runs as an on-premise virtual appliance
Provides full report of the malicious messages with campaign intelligence
Reports exportable for further custom analysis

29. Scan Results Progress and Results displayed in Real Time
Results contain:
#Infected Mailboxes
#Malicious Messages
#Malicious URLs
#Malicious Attachments
Top Campaigns
Top Malwares
Top Departments
Top Users
Export result to Excel

30. Q & A