Cybersecurity and compliance firm Proofpoint has introduced a number of new options and capabilities in its security options to assist thwart threats throughout probably the most essential levels of the cyberattack kill chain. The brand new capabilities, introduced at Proofpoint Defend 2023, span the corporate’s Aegis Menace Safety, Identification Menace Protection, and Sigma Info Safety platforms. They’re constructed to assist companies deal with threats together with enterprise e mail compromise (BEC), ransomware, and knowledge exfiltration, Proofpoint mentioned in a press launch.
The options use synthetic intelligence (AI) and machine studying (ML) know-how to equip security practitioners with visibility, flexibility, and depth to detect and disrupt adversaries throughout their organizations’ assault surfaces, in accordance with Proofpoint.
The cyberattack/cyber kill chain
The cyberattack chain is a option to perceive the sequence of occasions concerned in an exterior assault on a corporation’s IT atmosphere. It could assist IT security groups put methods and applied sciences in place to cease or include assaults at numerous levels. The cyberattack chain is sometimes called the cyber kill chain – an idea mannequin first developed by Lockheed Martin to interrupt down the construction of a cyberattack. It identifies what adversaries should full to attain their goal over identifiable levels, breaking down an exterior cyberattack into seven distinct steps to hep enrich defenders’ data of an attacker’s techniques, strategies, and procedures.
The seven steps outlined in Lockheed Martin’s cyber kill chain are:
- Reconnaissance: The intruder picks a goal, researches it, and appears for vulnerabilities.
- Weaponization: The intruder develops malware designed to use the vulnerability.
- Supply: The intruder transmits the malware by way of a phishing e mail or one other medium.
- Exploitation: The malware begins executing on the goal system.
- Set up: The malware installs a backdoor or different ingress accessible to the attacker.
- Command and management: The intruder beneficial properties persistent entry to the sufferer’s techniques/community.
- Actions on goal: The intruder initiates finish aim actions, akin to knowledge theft, knowledge corruption, or knowledge destruction.
Aegis platform enhanced with LLM-powered BEC assault detection, visibility options
Proofpoint’s Aegis Platform is designed to disarm assaults akin to BEC, ransomware, weaponized URLs, and multifactor authentication (MFA) bypass for credential phishing. New enhancements and options in Aegis embody:
- An massive language model-based pre-delivery BEC risk detection and prevention by way of implementation of the BERT LLM inside Proofpoint’s CLEAR answer has confirmed profitable at detecting malicious messages, each these created historically and with generative AI, Proofpoint mentioned.
- Enhanced visibility into blocked threats with new summaries within the focused assault prevention (TAP) Dashboard will present enhanced clarification on BEC condemnations carried out by Proofpoint’s CLEAR answer, together with threats condemned by the brand new LLM-based detection. Summaries will embody why a risk was decided to be a BEC assault and its corresponding response timelines, in accordance with Proofpoint.
Unified knowledge reveals ransomware, knowledge exfiltration assault paths
Proofpoint’s new Attack Path Danger function brings collectively knowledge throughout the assault chain between Proofpoint’s Aegis and Identification Menace Protection platforms, the agency mentioned. This can assist security practitioners higher perceive the variety of assault paths for ransomware and knowledge exfiltration ought to an worker’s id be compromised for privileged id abuse and lateral motion. Out there in This fall inside Proofpoint’s TAP dashboard, organizations that add Proofpoint’s Identification Menace Protection to their Proofpoint Aegis implementation can empower their analysts to swiftly prioritize remediation and adaptive controls, in accordance with the corporate.