Proofpoint: Security, Compliance and the Cloud

From the "you asked for it, you got it" department: Previously available only on the Apple iOS (iPhone, iPad) platform, our Proofpoint Mobile Archive app is now available for Android devices.

The Proofpoint Mobile Archive app lets users of Proofpoint Enterprise Archive (our cloud-based email archiving solution) access their archived email from anywhere, at any time. The app lets you search your entire email archive from your iPhone or Android device, allowing you to quickly find messages, view message details, and retrieve messages to your inbox. 

 The new Android version of this app is part of the latest release of the Proofpoint Enterprise platform (announced today in our press release here).

Mobility is a big theme of this new release and, in addition to the Android version of the Mobile Archive app, the release includes enhancements to Proofpoint's support for mobile email encryption and decryption (which were already very strong). The enhanced mobile decryption user interface takes advantage of the latest smartphone and tablet technologies to display a web interface that looks and feels like a native application, making it even easier for Proofpoint Encryption users (and any recipient of a Proofpoint-encrypted email message) to decrypt, read, and respond from mobile devices.

This video overview demonstrates the iPhone/iOS version of the Proofpoint Mobile Archive app, and how it enables anytime/anywhere access to archived messages:

This next video demonstrates the previous version of the "decrypt assist" features of Proofpoint Encryption, which allows any email recipients on any mobile smartphone or tablet with a web browser (including Android, BlackBerry, iPhone and Windows 7 Phone) to easily decrypt and respond to messages encrypted with Proofpoint Encryption:

And while it's not part of today's announcement, I wanted to remind Proofpoint Enterprise administrators that our Proofpoint Mobile Dashboard app (currently available for Apple iOS devices) gives you access to global spam stats, the status of your support tickets and other information on your Proofpoint Enterprise deployments:

Learn more about the latest features of Proofpoint Enterprise in today's press release, "Proofpoint Extends Mobile Enterprise Offerings."

We recently published a new report with Osterman Research, Making Office 365 More Secure and Compliant.

In this report, Osterman describes the various security, compliance and governance features of Microsoft Office 365, and identifies areas where those features may not meet the specialized requirements of organizations in highly-regulated industries or those enterprises with special security requirements.

There is also a good discussion of why the email archiving capabilities of Office 365, while useful, may not be sufficient to satisfy many of the common eDiscovery and regulatory obligations faced by large enterprises.

To download a complimentary copy of this report, follow this link, or simply fill out the mini-form below.

Complete this form to access a PDF copy of Making Office 365 More Secure and Compliant: 

In a press release issued today, Proofpoint announced that it has been positioned by Gartner, Inc. in the 2011 "Magic Quadrant for Enterprise Information Archiving." 

You can read the entire report, compliments of Proofpoint, by visiting:

http://www.proofpoint.com/email-archiving-magic-quadrant 

Writing in the Magic Quadrant for Enterprise Information Archiving, Gartner analysts Sheila Childs, Kenneth Chin and Debra Logan note that:

"The interest in archiving data using cloud or software as a service (SaaS) solutions has intensified," noting further that, "This deployment model is rapidly evolving, and organizations now have solid options for on-premises and SaaS or hybrid solutions. Hybrid solutions consist of some component (usually an appliance) that resides on-premises that can provide additional processing prior to sending data to the cloud, such as bandwidth throttling, encryption or data reduction. In addition, hybrid solutions can provide tight integration with Active Directory or the email system."

Gartner's Magic Quadrant report describes Enterprise Information Archiving (EIA) as follows:

"EIA is the next step in the evolution of archiving that incorporates new products and solutions for archiving user files (email and files on file shares) and, optionally, other content types such as instant messages, structured data and social media content. These products provide features such as data deduplication across content types, retention management, content indexing and at least basic tools for e-discovery, such as search and legal hold. Due to the complexity associated with managing multiple data types within an archive, EIA may more broadly encompass capabilities like federated archive repository management, while delivering common policy management for migration, retention and discovery."

At our recent "Proofpoint Inner Circle" customer events, we had a great opportunity to interview several of our enterprise customers about how and why they use Proofpoint Enterprise solutions for email security, data loss prevention, email encryption, regulatory compliance, archiving and electronic discovery.

I've collected several of them in this YouTube playlist. In these videos, representatives from Amalgamated, Liberty Health, PETCO, Graubard Miller, MED3000, Zions Bank and Scottsdale Healthcare share some of the reasons they rely on Proofpoint.

Thanks again to all of our terrific customers who took the time to share their stories with us... And you can find a lot more Proofpoint video content in our YouTube channel at http://www.proofpoint.com/youtube.

The holiday season — you know, Black Friday, Cyber Monday and those other ones — is once again upon us.

Here at Proofpoint, we celebrate the season with two fine traditions: An inbound email threats webinar (see the bottom of this post for more details) and a reminder about how to stay safe online during the busy holiday shopping season.

At this time of year, both snail mail and email inboxes start to get full of special offers, catalogs and the like.

As the volume of legitimate email marketing increases, Proofpoint also sees the volume of spam, phishing and other forms of scam email increase as well. The chart below shows the relative volume of "obvious" phishing messages in Proofpoint's spam traps over the last month (click the image for a larger view):

Over the course of 2011 we've seen spear phishing messages revealed to be the exploit at the root of many high-profile data breaches.

In the same way that enterprises and government organizations need to be wary of phishing messages and other types of threats, consumers too need to be especially careful around this time of year.

So, once again, let me reiterate our “Seven Simple Rules” for staying safe online during the holidays (or any time of the year) which explain some of the tactics that scammers use and the important steps consumers can take to protect themselves. Keep these tips in mind this holiday season and share them with your friends, family and email users!

Proofpoint's Seven Simple Rules for Staying Safe Online During the Holidays

1. Be aware: View with suspicion any email with requests for personal identification, financial information, user names or passwords, especially during the busy holiday season when spammers and scammers use the increased volume of legitimate promotional email as “cover” for their attacks. Your bank, online services, government agencies or legitimate online stores are extremely unlikely to ask you for this type of information via email. Consumers should also be suspicious of similar emails that appear to come from an employer or friend. Never send personal financial information such as credit card numbers and Social Security numbers via email. 

2. Don’t click: If you receive a suspicious email, don’t click the links in the email or open file attachments. Never click email links or open attachments from anything but 100% trusted sources. Links embedded in emails may take you to fraudulent sites that look similar or identical to the legitimate “spoofed” site. Instead of clicking, open a browser and type the actual Web address for the site into the address bar. Alternatively, call the company using a phone number you already know.

3. Be secure: When you are shopping online, entering important information such as credit card numbers, or updating personal information, make sure you’re using a secure Web site. If you are on a secure Web server, the Web address will begin with “https://” instead of the usual “http://”. Most Web browsers also show an icon (such as Internet Explorer’s “padlock” icon) to indicate that the page you are viewing is secure. 

4. Don’t fill out email forms: Never fill out forms within an email, especially those asking for personal information. Instead, visit the company’s actual Web site and ensure that the page you are using is secure before entering sensitive information. 

5. Keep an eye on your accounts: Check the accuracy of your credit card and bank statements on a regular basis, especially during the holiday shopping season, when cyber attacks typically increase and busy consumers tend to be less attentive. If you see anything suspicious, contact the financial institution immediately.

6. Get social media savvy: Email isn’t the only attack vector used by spammers and scammers. Social media sites like Facebook, LinkedIn and Twitter are commonly used to deliver the same kinds of scams and malicious links to unsuspecting users. Be wary 0f social media notifications—such as friend requests, security notices and message notifications—that arrive via email. Scammers have spoofed these sorts of messages to deliver links that lead to fraudulent sites or malware. 

7. Make security your first stop: If your holiday includes giving or receiving a new computer (or tablet, netbook, operating system upgrade, etc.) always install a good desktop anti-virus or Internet security solution before doing anything else online. Always make sure that your net-connected computers are protected by such a solution—and that you keep your subscription up to date! Reputable vendors include F-Secure, McAfee and Symantec.

There are also reputable free solutions such as Avast, so a lack of resources doesn't mean you have to go without security. But be extremely wary of Web pop-ups that offer “free security scans” or that inform you that your machine is infected with a virus. Such offers usually lead to fraudulent anti-virus solutions that are actually malicious software.

If you'd like to learn more about the latest phishing threats, and new techniques for stopping them, attend our upcoming live web seminar Don't Get Hooked by the Latest Phishing Attacks (December 14th, 11 a.m. PT/2 p.m. ET). To register, visit the link — or simply fill out the form below:

Proofpoint Enterprise Protection and Proofpoint Enteprise Privacy, our SaaS-based email security and data loss prevention suites were named as a finalist in the SC Magazine Awards 2012, in the category Best Email Content Management. 

You can read more about this category and find the complete list of best email content management finalists here, "Best Email Content Management and Best Email Security."

The winners of the SC Awards are revealed annually at the RSA Conference which, this year, will be held at San Francisco's Moscone Center, February 27 - March 2, 2012. Check out my earlier blog post to learn how you can get a free pass to RSA Expo 2012 (the exhibits part of the RSA conference).

Thanks again to our friends at SC Magazine for recognizing Proofpoint Enterprise!