Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

9/6/2018
01:37 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Proofpoint Partners with Okta, Boosts Automated Incident Response and Integrated Authentication to Enhance Credential Phishing Defense

Sunnyvale, Calif.—September 5, 2018 – Proofpoint, Inc., (NASDAQ: PFPT), a leading cybersecurity and compliance company, today announced a technology partnership with Okta, the leading independent provider of identity for the enterprise, to provide a better way for joint customers to combat email credential phishing attacks by automating incident response with best-of-breed, cloud-based solutions. By integrating Proofpoint’s Threat Response Auto-Pull (TRAP) and the Okta Identity Cloud, security teams can automatically layer additional authentication security to ensure users who clicked on a phishing URL do not have their accounts compromised.

Every day, security teams are faced with both high volume and highly-targeted credential phishing attacks and unfortunately disjointed security systems add complexity to the challenge. The Proofpoint-Okta partnership makes security orchestration easier and provides a superior user experience for incident responders, security analysts, and system administrators. It reduces the time necessary to clean up credential phishing attacks with an accurate, timely response.

“Credential phishing is an Achilles heel for many organizations because most phishing links are hosted on compromised, legitimate websites with good reputations. Clever attackers even wait until after an email has passed through the gateway and into a user’s inbox before changing the content of the site to a page designed to steal usernames and passwords,” said Ryan Kalember, senior vice president of Cybersecurity Strategy for Proofpoint. “We can detect these phishing sites when a user clicks on them, but containing the risk requires valuable time and security resources. Our Okta partnership helps organizations automatically ensure that users who clicked on these malicious links don’t have their accounts accessed by attackers.”

Once Proofpoint detects that a user has clicked on a malicious URL and has been permitted access to the phishing webpage, administrators can automatically deploy stepped-up authentication via Okta Multi-Factor Authentication (MFA). This additional security layer ensures the user is reauthenticated, using multiple factors, before accessing corporate systems, which will help confirm the user’s identity and prevent compromise.

Proofpoint’s Threat Response Auto-Pull (TRAP) enables messaging and security administrators to move malicious or unwanted messages to quarantine, after delivery. It also tracks forwarded mail and distribution lists and creates an auditable activity trail. Joint Proofpoint-Okta customers can now integrate Proofpoint TRAP with the Okta Identity Cloud, which implements numerous factors for authentication across knowledge, possession, biometric, and contextual elements, to strengthen security and verify user identities.

“Working together, Okta and Proofpoint can help security teams to get the greatest value from their existing technology investments, by assisting with credential phishing attack detection and rapid response,” said Chuck Fontana, vice president of Integrations and Strategic Partnerships, Okta. “Email continues to be the number one threat vector and credential phishing attacks are flooding organizations worldwide. We are committed to helping global teams manage and secure their extended enterprise, and combining Okta and Proofpoint’s best-in-class solutions provides an additional layer of security to detect and mitigate potential malicious activities.”

For more information on the Proofpoint-Okta partnership, please visit https://www.proofpoint.com/us/partners/technology-alliance-partners. For more information on Proofpoint’s Threat Response Auto-Pull solution, please visit https://www.proofpoint.com/us/products/threat-response-auto-pull.

 

About Proofpoint, Inc.

Proofpoint Inc. (NASDAQ: PFPT) is a leading next-generation security and compliance company that provides cloud-based solutions to protect the way people work today. Proofpoint solutions enable organizations to protect their users from advanced attacks delivered via email, social media, mobile, and cloud applications, protect the information their users create from advanced attacks and compliance risks, and respond quickly when incidents occur. More information is available at www.proofpoint.com

Connect with Proofpoint: Twitter | LinkedIn | Facebook | YouTube | Google+

###

Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
How Attackers Infiltrate the Supply Chain & What to Do About It
Shay Nahari, Head of Red-Team Services at CyberArk,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12820
PUBLISHED: 2019-07-19
A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner. Actions performed on the app such as changing a password, and personal information it communicates with the server, use unencrypted HTTP. As an example, while logging in through the app to a Jisiwei account, th...
CVE-2019-12821
PUBLISHED: 2019-07-19
A vulnerability was found in the app 2.0 of the Shenzhen Jisiwei i3 robot vacuum cleaner, while adding a device to the account using a QR-code. The QR-code follows an easily predictable pattern that depends only on the specific device ID of the robot vacuum cleaner. By generating a QR-code containin...
CVE-2019-12453
PUBLISHED: 2019-07-19
In MicroStrategy Web before 10.1 patch 10, stored XSS is possible in the FLTB parameter due to missing input validation.
CVE-2019-12945
PUBLISHED: 2019-07-19
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2018-17792
PUBLISHED: 2019-07-19
MDaemon Webmail (formerly WorldClient) has CSRF.