Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

9/6/2018
01:37 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Proofpoint Partners with Okta, Boosts Automated Incident Response and Integrated Authentication to Enhance Credential Phishing Defense

Sunnyvale, Calif.—September 5, 2018 – Proofpoint, Inc., (NASDAQ: PFPT), a leading cybersecurity and compliance company, today announced a technology partnership with Okta, the leading independent provider of identity for the enterprise, to provide a better way for joint customers to combat email credential phishing attacks by automating incident response with best-of-breed, cloud-based solutions. By integrating Proofpoint’s Threat Response Auto-Pull (TRAP) and the Okta Identity Cloud, security teams can automatically layer additional authentication security to ensure users who clicked on a phishing URL do not have their accounts compromised.

Every day, security teams are faced with both high volume and highly-targeted credential phishing attacks and unfortunately disjointed security systems add complexity to the challenge. The Proofpoint-Okta partnership makes security orchestration easier and provides a superior user experience for incident responders, security analysts, and system administrators. It reduces the time necessary to clean up credential phishing attacks with an accurate, timely response.

“Credential phishing is an Achilles heel for many organizations because most phishing links are hosted on compromised, legitimate websites with good reputations. Clever attackers even wait until after an email has passed through the gateway and into a user’s inbox before changing the content of the site to a page designed to steal usernames and passwords,” said Ryan Kalember, senior vice president of Cybersecurity Strategy for Proofpoint. “We can detect these phishing sites when a user clicks on them, but containing the risk requires valuable time and security resources. Our Okta partnership helps organizations automatically ensure that users who clicked on these malicious links don’t have their accounts accessed by attackers.”

Once Proofpoint detects that a user has clicked on a malicious URL and has been permitted access to the phishing webpage, administrators can automatically deploy stepped-up authentication via Okta Multi-Factor Authentication (MFA). This additional security layer ensures the user is reauthenticated, using multiple factors, before accessing corporate systems, which will help confirm the user’s identity and prevent compromise.

Proofpoint’s Threat Response Auto-Pull (TRAP) enables messaging and security administrators to move malicious or unwanted messages to quarantine, after delivery. It also tracks forwarded mail and distribution lists and creates an auditable activity trail. Joint Proofpoint-Okta customers can now integrate Proofpoint TRAP with the Okta Identity Cloud, which implements numerous factors for authentication across knowledge, possession, biometric, and contextual elements, to strengthen security and verify user identities.

“Working together, Okta and Proofpoint can help security teams to get the greatest value from their existing technology investments, by assisting with credential phishing attack detection and rapid response,” said Chuck Fontana, vice president of Integrations and Strategic Partnerships, Okta. “Email continues to be the number one threat vector and credential phishing attacks are flooding organizations worldwide. We are committed to helping global teams manage and secure their extended enterprise, and combining Okta and Proofpoint’s best-in-class solutions provides an additional layer of security to detect and mitigate potential malicious activities.”

For more information on the Proofpoint-Okta partnership, please visit https://www.proofpoint.com/us/partners/technology-alliance-partners. For more information on Proofpoint’s Threat Response Auto-Pull solution, please visit https://www.proofpoint.com/us/products/threat-response-auto-pull.

 

About Proofpoint, Inc.

Proofpoint Inc. (NASDAQ: PFPT) is a leading next-generation security and compliance company that provides cloud-based solutions to protect the way people work today. Proofpoint solutions enable organizations to protect their users from advanced attacks delivered via email, social media, mobile, and cloud applications, protect the information their users create from advanced attacks and compliance risks, and respond quickly when incidents occur. More information is available at www.proofpoint.com

Connect with Proofpoint: Twitter | LinkedIn | Facebook | YouTube | Google+

###

Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Ransomware Damage Hit $11.5B in 2019
Dark Reading Staff 2/20/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5243
PUBLISHED: 2020-02-21
uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overlapping capture groups. This allows remote attackers to overload a server by setting the User-Agent hea...
CVE-2019-14688
PUBLISHED: 2020-02-20
Trend Micro has repackaged installers for several Trend Micro products that were found to utilize a version of an install package that had a DLL hijack vulnerability that could be exploited during a new product installation. The vulnerability was found to ONLY be exploitable during an initial produc...
CVE-2019-19694
PUBLISHED: 2020-02-20
The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family of products is vulnerable to a denial of service (DoS) attack in which a malicious actor could manipulate a key file at a certain time during the system startup process to disable the product's malware protection functions or the ...
CVE-2020-5242
PUBLISHED: 2020-02-20
openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB. Starting with version 2.5.2 all commands need to be whitelisted in a local file whic...
CVE-2020-8601
PUBLISHED: 2020-02-20
Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack to use the product installer to load other DLL files located in the same directory.