www.proofpoint.com
Open in
urlscan Pro
2a02:e980:107::cf
Public Scan
URL:
https://www.proofpoint.com/us/blog/email-and-cloud-threats/behavioral-analysis-and-aiml-threat-detection-going-behind-scenes
Submission: On September 01 via manual from IN — Scanned from DE
Submission: On September 01 via manual from IN — Scanned from DE
Form analysis 3 forms found in the DOM
/us
<form action="/us" data-region="us" data-language="en">
<input type="text" name="search_block_form" placeholder="Search">
<input type="submit">
</form><form id="mktoForm_10895" data-mkto-id="10895" data-mkto-base="//app-abj.marketo.com" data-munchkin-id="309-RHV-619" data-submit-text="" data-redirect-link="" data-prefill="" data-event-label=""
class="mk-form__form marketo-form-block__form mktoForm mktoHasWidth mktoLayoutLeft js-visible mkto-form-processed" novalidate="novalidate" style="font-family: inherit; font-size: 16px; color: rgb(51, 51, 51); width: 1601px;">
<style type="text/css"></style>
<div class="mktoFormRow">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 5px;">
<div class="mktoOffset" style="width: 5px;"></div>
<div class="mktoFieldWrap mktoRequiredField"><label for="Email" id="LblEmail" class="mktoLabel mktoHasWidth" style="width: 150px;">
<div class="mktoAsterix">*</div>Business Email:
</label>
<div class="mktoGutter mktoHasWidth" style="width: 5px;"></div><input id="Email" name="Email" placeholder="Business Email *" maxlength="255" aria-labelledby="LblEmail InstructEmail" type="email"
class="mktoField mktoEmailField mktoHasWidth mktoRequired" aria-required="true" style="width: 200px;"><span id="InstructEmail" tabindex="-1" class="mktoInstruction"></span>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow">
<div class="mktoFieldDescriptor mktoFormCol" style="margin-bottom: 5px;">
<div class="mktoFieldWrap mk-form__checkbox-field">
<div class="blog-subscribe__select-box">Select</div><label for="blogInterest" id="LblblogInterest" class="mktoLabel mktoHasWidth mk-form__checkbox-label" style="width: 150px;">
<div class="mktoAsterix">*</div>Blog Interest:
</label>
<div class="mktoGutter mktoHasWidth" style="width: 5px;"></div>
<div class="mktoLogicalField mktoCheckboxList mktoHasWidth" style="width: 200px;"><input name="blogInterest" id="mktoCheckbox_185044_0" type="checkbox" value="All"
aria-labelledby="LblblogInterest LblmktoCheckbox_185044_0 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsEngineering InsightsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_185044_0" id="LblmktoCheckbox_185044_0">All</label><input name="blogInterest" id="mktoCheckbox_185044_1" type="checkbox" value="Archiving and Compliance"
aria-labelledby="LblblogInterest LblmktoCheckbox_185044_1 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsEngineering InsightsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_185044_1" id="LblmktoCheckbox_185044_1">Archiving and Compliance</label><input name="blogInterest" id="mktoCheckbox_185044_2" type="checkbox" value="CISO Perspectives"
aria-labelledby="LblblogInterest LblmktoCheckbox_185044_2 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsEngineering InsightsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_185044_2" id="LblmktoCheckbox_185044_2">CISO Perspectives</label><input name="blogInterest" id="mktoCheckbox_185044_3" type="checkbox" value="Cloud Security"
aria-labelledby="LblblogInterest LblmktoCheckbox_185044_3 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsEngineering InsightsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_185044_3" id="LblmktoCheckbox_185044_3">Cloud Security</label><input name="blogInterest" id="mktoCheckbox_185044_4" type="checkbox" value="Corporate News"
aria-labelledby="LblblogInterest LblmktoCheckbox_185044_4 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsEngineering InsightsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_185044_4" id="LblmktoCheckbox_185044_4">Corporate News</label><input name="blogInterest" id="mktoCheckbox_185044_5" type="checkbox" value="Email and Cloud Threats"
aria-labelledby="LblblogInterest LblmktoCheckbox_185044_5 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsEngineering InsightsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_185044_5" id="LblmktoCheckbox_185044_5">Email and Cloud Threats</label><input name="blogInterest" id="mktoCheckbox_185044_6" type="checkbox" value="Engineering Insights"
aria-labelledby="LblblogInterest LblmktoCheckbox_185044_6 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsEngineering InsightsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_185044_6" id="LblmktoCheckbox_185044_6">Engineering Insights</label><input name="blogInterest" id="mktoCheckbox_185044_7" type="checkbox" value="Information Protection"
aria-labelledby="LblblogInterest LblmktoCheckbox_185044_7 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsEngineering InsightsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_185044_7" id="LblmktoCheckbox_185044_7">Information Protection</label><input name="blogInterest" id="mktoCheckbox_185044_8" type="checkbox" value="Insider Threat Management"
aria-labelledby="LblblogInterest LblmktoCheckbox_185044_8 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsEngineering InsightsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_185044_8" id="LblmktoCheckbox_185044_8">Insider Threat Management</label><input name="blogInterest" id="mktoCheckbox_185044_9" type="checkbox" value="Remote Workforce Protection"
aria-labelledby="LblblogInterest LblmktoCheckbox_185044_9 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsEngineering InsightsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_185044_9" id="LblmktoCheckbox_185044_9">Remote Workforce Protection</label><input name="blogInterest" id="mktoCheckbox_185044_10" type="checkbox" value="Security Awareness Training"
aria-labelledby="LblblogInterest LblmktoCheckbox_185044_10 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsEngineering InsightsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_185044_10" id="LblmktoCheckbox_185044_10">Security Awareness Training</label><input name="blogInterest" id="mktoCheckbox_185044_11" type="checkbox" value="Security Briefs"
aria-labelledby="LblblogInterest LblmktoCheckbox_185044_11 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsEngineering InsightsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_185044_11" id="LblmktoCheckbox_185044_11">Security Briefs</label><input name="blogInterest" id="mktoCheckbox_185044_12" type="checkbox" value="Threat Insight"
aria-labelledby="LblblogInterest LblmktoCheckbox_185044_12 InstructblogInterest" class="mktoField"
placeholder="AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsEngineering InsightsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight"><label
for="mktoCheckbox_185044_12" id="LblmktoCheckbox_185044_12">Threat Insight</label></div><span id="InstructblogInterest" tabindex="-1" class="mktoInstruction"></span>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Employees_Picklist__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="State" class="mktoField mktoFieldDescriptor mktoFormCol" value="State/Province" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Most_Recent_Medium__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="Website" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Most_Recent_Medium_Detail__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="www-pfpt" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Industry" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Website" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="AnnualRevenue" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="demandbasesid" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="demandBase_Data_Source" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Primary_Product_Interest__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="UTM_Post_ID__c" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="utmcampaign" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="utmterm" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="db_employee_count" class="mktoField mktoFieldDescriptor mktoFormCol" value="" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoFormRow"><input type="hidden" name="Unsubscribed" class="mktoField mktoFieldDescriptor mktoFormCol" value="0" placeholder="" style="margin-bottom: 5px;">
<div class="mktoClear"></div>
</div>
<div class="mktoButtonRow"><span class="mktoButtonWrap mktoNative" style="margin-left: 110px;"><button type="submit" class="mktoButton">Submit</button></span></div><input type="hidden" name="formid" class="mktoField mktoFieldDescriptor"
value="10895" placeholder=""><input type="hidden" name="munchkinId" class="mktoField mktoFieldDescriptor" value="309-RHV-619" placeholder=""><input type="hidden" name="Website_Conversion_URL__c" class="mktoField mktoFieldDescriptor"
value="https://www.proofpoint.com/us/blog/email-and-cloud-threats/behavioral-analysis-and-aiml-threat-detection-going-behind-scenes"><input type="hidden" name="gAClientID" class="mktoField mktoFieldDescriptor" value="610715544.1693528620">
</form><form data-mkto-id="10895" data-mkto-base="//app-abj.marketo.com" data-munchkin-id="309-RHV-619" data-submit-text="" data-redirect-link="" data-prefill="" data-event-label=""
class="mk-form__form marketo-form-block__form mktoForm mktoHasWidth mktoLayoutLeft" novalidate="novalidate"
style="font-family: inherit; font-size: 16px; color: rgb(51, 51, 51); visibility: hidden; position: absolute; top: -500px; left: -1000px; width: 1600px;"></form>Text Content
Skip to main content Products Solutions Partners Resources Company ContactLanguages Support Log-in Digital Risk Portal Email Fraud Defense ET Intelligence Proofpoint Essentials Sendmail Support Log-in Main Menu Aegis Threat Protection Platform Disarm BEC, phishing, ransomware, supply chain threats and more. Sigma Information Protection Platform Defend your data from careless, compromised and malicious users. Identity Threat Defense Platform Prevent identity risks, detect lateral movement and remediate identity threats in real time. Intelligent Compliance Platform Reduce risk, control costs and improve data visibility to ensure compliance. Premium Services Leverage proactive expertise, operational continuity and deeper insights from our skilled experts. New threat protection solution bundles with flexible deployment options AI-powered protection against BEC, ransomware, phishing, supplier risk and more with inline+API or MX-based deployment Learn More Solutions by Topic Combat Email and Cloud Threats Protect your people from email and cloud threats with an intelligent and holistic approach. Change User Behavior Help your employees identify, resist and report attacks before the damage is done. Combat Data Loss and Insider Risk Prevent data loss via negligent, compromised and malicious insiders by correlating content, behavior and threats. Modernize Compliance and Archiving Manage risk and data retention needs with a modern compliance and archiving solution. Protect Cloud Apps Keep your people and their cloud apps secure by eliminating threats, avoiding data loss and mitigating compliance risk. Prevent Loss from Ransomware Learn about this growing threat and stop attacks by securing today’s top ransomware vector: email. Secure Microsoft 365 Implement the very best security and compliance solution for your Microsoft 365 collaboration suite. Defend Your Remote Workforce with Cloud Edge Secure access to corporate resources and ensure business continuity for your remote workers. Why Proofpoint Today’s cyber attacks target people. Learn about our unique people-centric approach to protection. Solutions by Industry Federal Government State and Local Government Higher Education Financial Services Healthcare Mobile Operators Internet Service Providers Small and Medium Businesses Partner Programs Channel Partners Become a channel partner. Deliver Proofpoint solutions to your customers and grow your business. Archive Extraction Partners Learn about the benefits of becoming a Proofpoint Extraction Partner. Global System Integrator (GSI) and Managed Service Provider (MSP) Partners Learn about our global consulting and services partners that deliver fully managed and integrated solutions. Technology and Alliance Partners Learn about our relationships with industry-leading firms to help protect your people, data and brand. Social Media Protection Partners Learn about the technology and alliance partners in our Social Media Protection Partner program. Proofpoint Essentials Partner Programs Small Business Solutions for channel partners and MSPs. Partner Tools Become a Channel Partner Channel Partner Portal Resource Library Find the information you're looking for in our library of videos, data sheets, white papers and more. Blog Keep up with the latest news and happenings in the ever‑evolving cybersecurity landscape. Podcasts Learn about the human side of cybersecurity. Episodes feature insights from experts and executives. New Perimeters Magazine Get the latest cybersecurity insights in your hands – featuring valuable knowledge from our own industry experts. Threat Glossary Learn about the latest security threats and how to protect your people, data, and brand. Events Connect with us at events to learn how to protect your people and data from ever‑evolving threats. Customer Stories Read how Proofpoint customers around the globe solve their most pressing cybersecurity challenges. Webinars Browse our webinar library to learn about the latest threats, trends and issues in cybersecurity. Watch now to earn your CPE credits Security Hubs Get free research and resources to help you protect against threats, build a security culture, and stop ransomware in its tracks. Threat Hub CISO Hub Cybersecurity Awareness Hub Ransomware Hub Insider Threat Management Hub About Proofpoint Proofpoint is a leading cybersecurity company that protects organizations' greatest assets and biggest risks: their people. Why Proofpoint Today’s cyber attacks target people. Learn about our unique people-centric approach to protection. Careers Stand out and make a difference at one of the world's leading cybersecurity companies. News Center Read the latest press releases, news stories and media highlights about Proofpoint. Privacy and Trust Learn about how we handle data and make commitments to privacy and other regulations. Environmental, Social, and Governance Learn about our people-centric principles and how we implement them to positively impact our global community. Support Access the full range of Proofpoint support services. Learn More English (Americas) English (Europe, Middle East, Africa) English (Asia-Pacific) Español Deutsch Français Italiano Português 日本語 한국어 Products Overview Email Security and Protection Email Protection Email Fraud Defense Secure Email Relay Threat Response Auto-Pull Sendmail Open Source Essentials for Small Business Advanced Threat Protection Targeted Attack Protection in Email Threat Response Emerging Threats Intelligence Security Awareness Training Assess Change Behavior Evaluate Overview Information Protection Enterprise Data Loss Prevention (DLP) Insider Threat Management Intelligent Classification and Protection Endpoint Data Loss Prevention (DLP) Email Data Loss Prevention (DLP) Email Encryption Data Discover Cloud Security Isolation Cloud App Security Broker Web Security Overview Identity Threat Detection and Response Spotlight Shadow Overview Compliance and Archiving Automate Capture Patrol Track Archive Discover Supervision Digital Risk Protection Social Media Protection Domain Fraud Monitoring Executive and Location Threat Monitoring Overview Premium Services Managed Email Threat Protection Managed Information Protection Managed Security Awareness Recurring Consultative Services Technical Account Managers Threat Intelligence Services People-Centric Security Program Products Solutions Partners Resources Company English (Americas) English (Europe, Middle East, Africa) English (Asia-Pacific) Español Deutsch Français Italiano Português 日本語 한국어 Login Support Log-in Digital Risk Portal Email Fraud Defense ET Intelligence Proofpoint Essentials Sendmail Support Log-in Contact Aegis Threat Protection Platform Disarm BEC, phishing, ransomware, supply chain threats and more. Sigma Information Protection Platform Defend your data from careless, compromised and malicious users. Identity Threat Defense Platform Prevent identity risks, detect lateral movement and remediate identity threats in real time. Intelligent Compliance Platform Reduce risk, control costs and improve data visibility to ensure compliance. Premium Services Leverage proactive expertise, operational continuity and deeper insights from our skilled experts. Overview Email Security and Protection Email Protection Email Fraud Defense Secure Email Relay Threat Response Auto-Pull Sendmail Open Source Essentials for Small Business Advanced Threat Protection Targeted Attack Protection in Email Threat Response Emerging Threats Intelligence Security Awareness Training Assess Change Behavior Evaluate Overview Information Protection Enterprise Data Loss Prevention (DLP) Insider Threat Management Intelligent Classification and Protection Endpoint Data Loss Prevention (DLP) Email Data Loss Prevention (DLP) Email Encryption Data Discover Cloud Security Isolation Cloud App Security Broker Web Security Overview Identity Threat Detection and Response Spotlight Shadow Overview Compliance and Archiving Automate Capture Patrol Track Archive Discover Supervision Digital Risk Protection Social Media Protection Domain Fraud Monitoring Executive and Location Threat Monitoring Overview Premium Services Managed Email Threat Protection Managed Information Protection Managed Security Awareness Recurring Consultative Services Technical Account Managers Threat Intelligence Services People-Centric Security Program New threat protection solution bundles with flexible deployment options AI-powered protection against BEC, ransomware, phishing, supplier risk and more with inline+API or MX-based deployment Learn More Solutions by Topic Combat Email and Cloud Threats Protect your people from email and cloud threats with an intelligent and holistic approach. Change User Behavior Help your employees identify, resist and report attacks before the damage is done. Combat Data Loss and Insider Risk Prevent data loss via negligent, compromised and malicious insiders by correlating content, behavior and threats. Modernize Compliance and Archiving Manage risk and data retention needs with a modern compliance and archiving solution. Protect Cloud Apps Keep your people and their cloud apps secure by eliminating threats, avoiding data loss and mitigating compliance risk. Prevent Loss from Ransomware Learn about this growing threat and stop attacks by securing today’s top ransomware vector: email. Secure Microsoft 365 Implement the very best security and compliance solution for your Microsoft 365 collaboration suite. Defend Your Remote Workforce with Cloud Edge Secure access to corporate resources and ensure business continuity for your remote workers. Why Proofpoint Today’s cyber attacks target people. Learn about our unique people-centric approach to protection. Solutions by Industry Federal Government State and Local Government Higher Education Financial Services Healthcare Mobile Operators Internet Service Providers Small and Medium Businesses Partner Programs Channel Partners Become a channel partner. Deliver Proofpoint solutions to your customers and grow your business. Archive Extraction Partners Learn about the benefits of becoming a Proofpoint Extraction Partner. Global System Integrator (GSI) and Managed Service Provider (MSP) Partners Learn about our global consulting and services partners that deliver fully managed and integrated solutions. Technology and Alliance Partners Learn about our relationships with industry-leading firms to help protect your people, data and brand. Social Media Protection Partners Learn about the technology and alliance partners in our Social Media Protection Partner program. Proofpoint Essentials Partner Programs Small Business Solutions for channel partners and MSPs. Partner Tools Become a Channel Partner Channel Partner Portal Resource Library Find the information you're looking for in our library of videos, data sheets, white papers and more. Blog Keep up with the latest news and happenings in the ever‑evolving cybersecurity landscape. Podcasts Learn about the human side of cybersecurity. Episodes feature insights from experts and executives. New Perimeters Magazine Get the latest cybersecurity insights in your hands – featuring valuable knowledge from our own industry experts. Threat Glossary Learn about the latest security threats and how to protect your people, data, and brand. Events Connect with us at events to learn how to protect your people and data from ever‑evolving threats. Customer Stories Read how Proofpoint customers around the globe solve their most pressing cybersecurity challenges. Webinars Browse our webinar library to learn about the latest threats, trends and issues in cybersecurity. Watch now to earn your CPE credits Security Hubs Get free research and resources to help you protect against threats, build a security culture, and stop ransomware in its tracks. Threat Hub CISO Hub Cybersecurity Awareness Hub Ransomware Hub Insider Threat Management Hub About Proofpoint Proofpoint is a leading cybersecurity company that protects organizations' greatest assets and biggest risks: their people. Why Proofpoint Today’s cyber attacks target people. Learn about our unique people-centric approach to protection. Careers Stand out and make a difference at one of the world's leading cybersecurity companies. News Center Read the latest press releases, news stories and media highlights about Proofpoint. Privacy and Trust Learn about how we handle data and make commitments to privacy and other regulations. Environmental, Social, and Governance Learn about our people-centric principles and how we implement them to positively impact our global community. Support Access the full range of Proofpoint support services. Learn More Zeigen Sie weiterhin Inhalte für Ihren Standort an United StatesUnited KingdomFranceDeutschlandEspaña日本AustraliaItaliaFortsetzen Blog Email and Cloud Threats Behavioral Analysis and AI/ML for Threat Detection: Going Behind the Scenes on the Newest Detection Engine from Proofpoint BEHAVIORAL ANALYSIS AND AI/ML FOR THREAT DETECTION: GOING BEHIND THE SCENES ON THE NEWEST DETECTION ENGINE FROM PROOFPOINT Share with your network! July 19, 2022 Mike Bailey Terminology like behavioral analysis and AI/ML (artificial intelligence and machine learning) are so overused in cybersecurity marketing, it’s easy for information security pros to tune them out. And the truth is, it’s probably a good thing to take these terms with a grain of salt. In some respects, these models are nothing new. Proofpoint has been using AI/ML technology all along to block malicious and unwanted emails. This field is also advancing at a stratospheric pace, enabling new capabilities and use cases for organizations to protect themselves. So, it’s not just important to do behavioral analysis and AI/ML, but also do them well. Let’s take a deeper dive into the specifics of how Proofpoint uses these technologies to tackle email threats. (Or feel free to watch our webinar replay, “Using Behavioral Analysis and AI/ML to Stop Phishing Attacks,” featuring our data science team.) NEW SUPERNOVA BEHAVIORAL ENGINE BUILDS ON SUPERNOVA FOR BEC Figure 1. The new Supernova Behavioral Engine analysis from Proofpoint uses language, relationships, cadence, and context to detect anomalies and prevent threats in real-time using AI/ML. In Q2 2022, we released our Supernova Behavioral Engine to all email security customers globally, at no additional cost and with no additional configuration needed. Supernova Behavioral Engine better detects email patterns that fall outside of the norm, improving detection of all threat types, from business email compromise (BEC) to credential phishing and much more. It builds off the work we did with Supernova as part of Advanced BEC Defense in 2021, incorporating signals and learnings from that engine. Here are some of the signals Supernova Behavioral Engine will use to determine if a message is malicious (as the engine evolves, we’ll add more signals): * Unknown sender, i.e. someone who has never communicated with you before * Uncommon language or sentiment, such as discussing a financial transaction for the first time) * Uncommon URL or subdomain * Unusual SaaS (software-as-a-service) tenant, which is often a sign of supplier account compromise * Unusual SMTP infrastructure, which is likewise indicative of possible account compromise Supernova Behavioral Engine doesn’t just include detection, though. It will also tag messages from uncommon senders using email warning tags with “Report Suspicious” to give the user a heads up with valuable context, and even allow them to report the message directly to the incident response team or our automated abuse mailbox solution. And customers will be able to see behavioral insights directly in the Proofpoint Targeted Attack Protection (TAP) Dashboard when messages are condemned. The new Supernova Behavioral Engine improves our already leading efficacy, while ensuring low false positives for customers. We’re also committed to transparency, especially given how much vendor noise there is around the use of AI/ML: our current false positive rate is 1 in over 4.14 million, which leads the industry and which we will continue to investing in improving. And this data science approach is nothing new to Proofpoint. A LEADING DATA SCIENCE TEAM WITH SOME OF THE LARGEST GLOBAL CYBERSECURITY DATA SETS Figure 2. Proofpoint uses a centralized data science team working with some of the largest cybersecurity data sets in the world to train our models. Our centralized data science team has been using advanced techniques for more than 20 years to detect and stop advanced threats. The team works across Proofpoint product lines and includes professionals with advanced degrees in cybersecurity, government, and academia. We partner with Duke University, Washington State University, and Harvey Mudd College among other institutions to ensure our skills and technology are cutting edge. And with the Proofpoint Nexus Threat Graph, which has access to massive cybersecurity data sets across email, cloud, networks, domains and more, our teams can feed and improve our models more effectively. Being the number one deployed solution of the Fortune 100, Fortune 1000, and Global 2000 and having more than 200,000 small and midsize (SMB) customers means we can feed our models with data more quickly and detect threats faster and with greater accuracy. Without a substantial corpus of data, these models become ineffective at identifying threats and sometimes even counterproductive due to excessive false positives. SUPERNOVA FOR BEC AND SUPERNOVA BEHAVIORAL ENGINE CAN IMPROVE DETECTION ACROSS THE BOARD Figure 3. Supernova, released by Proofpoint in 2021 as part of our Advanced BEC Defense capability, now condemns more than just BEC threats; it also effectively stops credential phishing, deceptions (many of which are commodity “scams”, like advanced fee fraud or romance scams), malware, and even TOADs. The results of both engines have been astonishing. Supernova, as part of the Advanced BEC Defense capability that Proofpoint released in 2021, condemns mostly BEC attacks. However, because we’ve been able to feed the engine so much data, it’s been able to learn, adapt and detect much more—including credential phishing, malware attacks and even spam threats. Supernova Behavioral Engine will similarly be able to better detect and prevent all threat types. In early Q1, Proofpoint released the engine in shadow mode and discovered—in less than four weeks—that it improved detection efficacy against invoicing threats by 6x. Now that the new engine is live for all of our global customers, we can’t wait to see how it learns and improves detection for different advanced threats. SAMPLES OF HOW SUPERNOVA BEHAVIORAL ENGINE IMPROVES DETECTION Here are some samples of where Supernova Behavioral Engine signals can improve detection. SAMPLE: LOOKALIKE BEC THREAT: IMPROVED LIKELIHOOD OF DETECTION Proofpoint effectively stops millions of BEC attacks every month. But we’re always aiming to raise the bar on detection. In this sample, our existing Supernova for BEC detection engine would have detected the potential lookalike domain and payment language. Figure 4. Supernova Behavioral Engine from Proofpoint will add additional detection capabilities for BEC attacks, determining the relationship between two parties dynamically. Our new Supernova Behavioral Engine will now detect that this is an unknown sender to the recipient, improving the likelihood of Proofpoint detecting and condemning this attack pre-delivery. It does advanced relationship mapping by looking at inputs like cadence, language and context of inbound and outbound messages to determine the relationship status dynamically over time between the two parties. Even if a dormant, previous sender was compromised and started a fresh attack, Supernova Behavioral Engine would view that communication as anomalous and take a closer look. SAMPLE: COMPROMISED SUPPLIER USING A URL-BASED FILE-SHARING THREAT Figure 5. The Supernova Behavioral Engine will better detect compromised suppliers, even if attackers are using a file-sharing site in their attempts to defraud victims. Let’s say one of your supplier has a compromised Microsoft 365 account. A threat actor takes over the account, does some research on the specifics of your relationship with the supplier and then sets up a lookalike OneDrive SaaS tenant in an attempt to commit fraud. The email the threat actor sends comes from a legitimate, common sender, SharePoint, and passes DMARC. In terms of reputation, this email seems legitimate. And the language, a contract, is not unusual given past OneDrive correspondence with this supplier. But there are some tells here that Supernova Behavioral Engine will pick up on. Supernova Behavioral Engine will notice the subdomain of the file-sharing URL is different and anomalous, and it will sandbox the file-sharing URL to inspect the content. That means Proofpoint can better detect and stop attackers compromising supplier accounts and using lookalike domains or even new subdomains of file-sharing tenants. AI/ML AND BEHAVIORAL ANALYSIS: PART OF A BROADER DETECTION ENSEMBLE Using AI/ML for content inspection and behavioral analysis can improve detection efficacy. Alone, however, we’ve seen these engines create a lot of noise. That’s why they’re just a few of the engines Proofpoint uses in our 26 layer detection ensemble. Figure 6. The Proofpoint detection ensemble includes more than 26 layers, improving the likelihood of condemning malicious messages while not creating false positives Broad reputation classifiers combined with our Nexus Threat Graph intelligence frequently stop more than 80% of all malicious and spam messages from ever reaching end users. For some customers, that can be tens of millions of messages. We build our attachment and URL sandboxing in-house and use ML models to determine malicious URLs, HTML, files and memory left from potential malware or tampering. Proofpoint Emerging Threat (ET) Intelligence feeds can quickly identify high-risk IP addresses even if they’ve only recently become malicious. Our cloud threat data can identify malicious third-party applications or compromised accounts and stop those threats from activating. And our threat intelligence team ties it all together, extracting 7,000+ campaigns annually for a deep dive into emerging, advanced threats to see the latest trends. PUT THE TECH TO THE TEST WITH OUR EMAIL RAPID RISK ASSESSMENT Ultimately, what matters most is how well these technologies translate to your organization’s risk reduction. If you want to understand your organization’s current risk posture, quickly, the Proofpoint Email Rapid Risk Assessment will allow you to: * Understand your risk posture and uncover threats your email security solution is missing * Gain visibility into who in your organization is being targeted by threats * Discover how Proofpoint can provide the best, integrated protection against evolving threats To learn more about this free risk assessment and schedule one for your organization, see this page. Previous Blog Post Next Blog Post Subscribe to the Proofpoint Blog * Business Email: Select * Blog Interest: AllArchiving and ComplianceCISO PerspectivesCloud SecurityCorporate NewsEmail and Cloud ThreatsEngineering InsightsInformation ProtectionInsider Threat ManagementRemote Workforce ProtectionSecurity Awareness TrainingSecurity BriefsThreat Insight Submit About * Overview * Why Proofpoint * Careers * Leadership Team * News Center * Nexus Platform * Privacy and Trust Threat Center * Threat Hub * Cybersecurity Awareness Hub * Ransomware Hub * Threat Glossary * Threat Blog Products * Email Security & Protection * Advanced Threat Protection * Security Awareness Training * Cloud Security * Archive & Compliance * Information Protection * Digital Risk Protection * Product Bundles Resources * White Papers * Webinars * Data Sheets * Events * Customer Stories * Blog * Free Trial Connect * +1-408-517-4710 * Contact Us * Office Locations * Request a Demo Support * Support Login * Support Services * IP Address Blocked? * Facebook * Twitter * linkedin * Youtube * English (US) * English (UK) * English (AU) * Español * Deutsch * Français * Italiano * Português * 日本語 * 한국어 © 2023. All rights reserved. Terms and conditions Privacy Policy Sitemap