Proofpoint has announced expanded capabilities across its award-winning platform to provide customers with broader, adaptive human-centric security controls. These new solutions and integrations shield organizations from incoming threats across messaging, collaboration and social media apps; secure SaaS applications and identity posture across a vast array of applications; prevent data loss with smarter, more adaptive data security; and steer employees to safer behaviours through adaptive educational security guidance.

Announced today at the company’s flagship Protect conference, these new capabilities set a new standard for how organizations address human risk, by leveraging two key proprietary platform elements: Proofpoint Nexus, an AI, behavioural, and threat detection ensemble that identifies and mitigates risk; and Proofpoint Zen, a set of technologies that deliver world-class, comprehensive protection as people work with email, collaboration apps, the web, and data. Together, they provide an integrated, cohesive experience that brings human-centric protection to end users and security professionals alike.

“From ransomware to Business Email Compromise to data loss, the most damaging cyber risks all centre around humans and their identities,” said Sumit Dhawan, chief executive officer, Proofpoint. “But human risk is difficult to tackle as we all work across email, collaboration apps, the cloud, and the web, creating threat risk, identity sprawl, and data exposure in new ways. Proofpoint pioneered human-centric security, and now we’re redefining it by bringing together previously disparate processes and technologies into one unified platform to protect new digital channels, reduce risk for organizations, and better guide users in real-time, every day.”

Threat actors are increasingly using digital channels such as Slack, Microsoft Teams, Zoom, and LinkedIn to launch phishing attacks, tricking people into divulging personal information or performing certain actions, such as transferring money or revealing sensitive company data. Over the past three years, URL threats delivered by email have increased 119% and those delivered by SMS have skyrocketed by 2,524% according to Proofpoint data.

Powered by industry-leading threat intelligence and Proofpoint’s new ZenWeb browser extension, Proofpoint Collab Protection provides real-time advanced threat protection to block malicious URLs delivered in any messaging, collaboration or social media application and can be deployed across Google Chrome, Microsoft Edge, Apple Safari or any Chromium-based enterprise browser. Leveraging Nexus TI (Threat Intelligence), customers benefit from the collective defences that protect a network of thousands of the most critical organizations around the world.

While corporate identities empower employees to work with ease across Microsoft 365, GenAI, cloud storage and collaboration applications, threat actors have also learned to exploit them to launch ransomware attacks, hijack cloud accounts, and exfiltrate data. According to Proofpoint data, nearly all (96%) organizations have been targeted for cloud account takeover, and more than half have experienced it firsthand. Further, half of all hijacked accounts had multifactor authentication (MFA) enabled, demonstrating how unsecured applications—both enterprise-provided and shadow applications—are valuable stepping stones for attackers to take over corporate cloud accounts.

Proofpoint Nexus maps user identity sprawl and common attack paths and detects configuration and access anomalies to prevent unauthorized access and cloud account takeover; this helps security practitioners understand where an account is located and whether it creates risk due to its privilege, the data it’s linked to, or how well (or how poorly) its security is configured. Based on the posture and risk of an identity, Proofpoint Posture Management makes recommendations and performs configurations to improve it.

Identifying insider threats is a challenge, making internal investigations reactive: cybersecurity administrators concentrate on high-risk users, such as departing employees, those on a performance improvement plan, or contractors, only after being alerted to their potential risk to the company. Proofpoint’s Adaptive Information Protection empowers security teams to take a proactive approach to managing insider risks, shifting the responsibility of the security analyst from building manual policies to automating responses to a user’s risky behaviour. That, in turn, helps analysts work more efficiently.

Further, as GenAI tools have become pervasive in the workplace to accomplish tasks like summarizing meeting transcripts, rewording emails or writing code, careless or unintentional actions can expose business-critical information such as PII, source code and other corporate information. Some of this information is difficult to identify and protect using legacy DLP tools. Proofpoint’s new intent-aware GenAI protection and GenAI prompt redaction help organizations enable GenAI use while protecting both structured and unstructured organizational data from being overshared. It educates end users and guides behaviour change via compliance notifications when interacting with GenAI tools.

Traditional compliance-driven security awareness programs are not effective at mitigating human risk and guiding employees toward safer behaviours. In fact, research shows most employees (68%) knowingly engage in risky behaviours despite 99% of organizations having a security awareness program. Proofpoint is evolving its security awareness solution to empower organizations to reduce security incidents by cultivating real behavioural change and building a strong security culture.

Proofpoint’s ZenGuide (formerly Proofpoint Security Awareness Training) enables lean security teams to automate and scale personalized learning paths based on an individual’s unique risk profile, behaviours and role. It uses people-risk insights across the Proofpoint ecosystem to deliver relevant interventions that build security champions and reduce risky behaviours, enabling organizations to move beyond compliance-driven programs and provide targeted, context-awareness education that addresses specific risks and behaviours.

Proofpoint’s new platform capabilities will be showcased during Proofpoint’s ‘Protect’ event series, which begins today in New York City. Proofpoint’s Collab Protection is expected to be available globally in the first half of 2025. Proofpoint’s Posture Management is expected to be available globally in Q1 2025. Proofpoint’s new Adaptive Information Protection is expected to be available in September 2024. Proofpoint’s new extended GenAI protections are expected to be available in Q1 2025. Proofpoint’s ZenGuide is currently available globally, with the new employee engagement features arriving in Q1 2025.