Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

9/6/2018
01:37 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Proofpoint Partners with Okta, Boosts Automated Incident Response and Integrated Authentication to Enhance Credential Phishing Defense

Sunnyvale, Calif.—September 5, 2018 – Proofpoint, Inc., (NASDAQ: PFPT), a leading cybersecurity and compliance company, today announced a technology partnership with Okta, the leading independent provider of identity for the enterprise, to provide a better way for joint customers to combat email credential phishing attacks by automating incident response with best-of-breed, cloud-based solutions. By integrating Proofpoint’s Threat Response Auto-Pull (TRAP) and the Okta Identity Cloud, security teams can automatically layer additional authentication security to ensure users who clicked on a phishing URL do not have their accounts compromised.

Every day, security teams are faced with both high volume and highly-targeted credential phishing attacks and unfortunately disjointed security systems add complexity to the challenge. The Proofpoint-Okta partnership makes security orchestration easier and provides a superior user experience for incident responders, security analysts, and system administrators. It reduces the time necessary to clean up credential phishing attacks with an accurate, timely response.

“Credential phishing is an Achilles heel for many organizations because most phishing links are hosted on compromised, legitimate websites with good reputations. Clever attackers even wait until after an email has passed through the gateway and into a user’s inbox before changing the content of the site to a page designed to steal usernames and passwords,” said Ryan Kalember, senior vice president of Cybersecurity Strategy for Proofpoint. “We can detect these phishing sites when a user clicks on them, but containing the risk requires valuable time and security resources. Our Okta partnership helps organizations automatically ensure that users who clicked on these malicious links don’t have their accounts accessed by attackers.”

Once Proofpoint detects that a user has clicked on a malicious URL and has been permitted access to the phishing webpage, administrators can automatically deploy stepped-up authentication via Okta Multi-Factor Authentication (MFA). This additional security layer ensures the user is reauthenticated, using multiple factors, before accessing corporate systems, which will help confirm the user’s identity and prevent compromise.

Proofpoint’s Threat Response Auto-Pull (TRAP) enables messaging and security administrators to move malicious or unwanted messages to quarantine, after delivery. It also tracks forwarded mail and distribution lists and creates an auditable activity trail. Joint Proofpoint-Okta customers can now integrate Proofpoint TRAP with the Okta Identity Cloud, which implements numerous factors for authentication across knowledge, possession, biometric, and contextual elements, to strengthen security and verify user identities.

“Working together, Okta and Proofpoint can help security teams to get the greatest value from their existing technology investments, by assisting with credential phishing attack detection and rapid response,” said Chuck Fontana, vice president of Integrations and Strategic Partnerships, Okta. “Email continues to be the number one threat vector and credential phishing attacks are flooding organizations worldwide. We are committed to helping global teams manage and secure their extended enterprise, and combining Okta and Proofpoint’s best-in-class solutions provides an additional layer of security to detect and mitigate potential malicious activities.”

For more information on the Proofpoint-Okta partnership, please visit https://www.proofpoint.com/us/partners/technology-alliance-partners. For more information on Proofpoint’s Threat Response Auto-Pull solution, please visit https://www.proofpoint.com/us/products/threat-response-auto-pull.

 

About Proofpoint, Inc.

Proofpoint Inc. (NASDAQ: PFPT) is a leading next-generation security and compliance company that provides cloud-based solutions to protect the way people work today. Proofpoint solutions enable organizations to protect their users from advanced attacks delivered via email, social media, mobile, and cloud applications, protect the information their users create from advanced attacks and compliance risks, and respond quickly when incidents occur. More information is available at www.proofpoint.com

Connect with Proofpoint: Twitter | LinkedIn | Facebook | YouTube | Google+

###

Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18214
PUBLISHED: 2019-10-19
The Video_Converter app 0.1.0 for Nextcloud allows denial of service (CPU and memory consumption) via multiple concurrent conversions because many FFmpeg processes may be running at once. (The workload is not queued for serial execution.)
CVE-2019-18202
PUBLISHED: 2019-10-19
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests.
CVE-2019-18209
PUBLISHED: 2019-10-19
templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.
CVE-2019-18198
PUBLISHED: 2019-10-18
In the Linux kernel before 5.3.4, a reference count usage error in the fib6_rule_suppress() function in the fib6 suppression feature of net/ipv6/fib6_rules.c, when handling the FIB_LOOKUP_NOREF flag, can be exploited by a local attacker to corrupt memory, aka CID-ca7a03c41753.
CVE-2019-18197
PUBLISHED: 2019-10-18
In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclo...