BSI Cybersecurity and Information Resilience (UK) Ltd

Proofpoint Email Fraud Defence

Proofpoint Email Fraud Defense protects your employees, customers, and business partners from cyber criminals who spoof trusted email domains. It makes email authentication easy and reliable so you can stop email fraud before it reaches the inbox.

Features

  • Owns all security technology in solution
  • Stop email fraud and phishing attacks before reaching the inbox.
  • Full visibility and control of email sent from your organization.
  • Implement email authentication quickly and confidently on domains and gateway.
  • Extend protection to your customers and partners.
  • Stop email fraud targeting your employees, customers, and partners.
  • Maintain the trust people place on your email communications.
  • Complete view into all email in and out your organization.

Benefits

  • Automate the identification of legitimate email sent on your behalf.
  • Understand reasons behind—learn how to fix—each authentication failure.
  • Get ongoing guidance and support from our professional services team.
  • To deploy email authentication efficiently on your domains and gateway
  • Prevent BEC and phishing attacks that target your employees.
  • Account for email to your organization with visibility and control.
  • Authorize for email to your organization with visibility and control.

Pricing

£7.62 to £52.80 per user per year

Service documents

Framework

G-Cloud 11

Service ID

8 9 6 6 1 6 6 7 8 4 7 2 3 5 8

Contact

BSI Cybersecurity and Information Resilience (UK) Ltd

Neil Ryan

+353 (1) 210 1711

gcloud@bsigroup.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Extension to messaging platform services – eg On Premise Exchange, Office 365, Google Apps
Cloud deployment model
Private cloud
Service constraints
See Service Level Agreement
System requirements
Existing mail server, eg; Exchange, o365, Zimbra, Lotus Notes

User support

Email or online ticketing support
Email or online ticketing
Support response times
Dependant on Service Level Purchased
Support Portal - All Levels
Telephone Support Business Hours
Telephone Support 365x24x7
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Self-Service, Platinum, Premium & Global
Self-Service: primary access via portal, phone support limited to business hours P1 issues, 2 authorised support contacts
Platinum: access via portal and phone, phone support for all priorities during business hours plus P1 issues 24x7, 4 authorised support contacts
Premium: access via portal and phone, phone support for all priorities during business hours plus P1 issues 24x7, 6 authorised support contacts, assigned Technical Account Manager 
Global: available to Platinum and Premium only. phone access for all cases, all priorities 24x7x365, 12 authorised support contacts
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Installation and training / knowledge share available with dedicated engineer
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Data extraction tools driven by customer.
End-of-contract process
Services cease to function.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
  • Other
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
There are no functional differences
Service interface
Yes
Description of service interface
From a single portal, you can see all impostor threats – regardless of the tactic used or the person being targeted.

View all inbound impostor threats - such as display name spoofing and lookalike domain spoofing attacks - and block them at the Proofpoint gateway
Enforce DMARC authentication quickly and confidently to block fraudulent emails that spoof trusted domains
Automatically identify and flag lookalike domains that are registered by third parties and are outside of your control
Accessibility standards
None or don’t know
Description of accessibility
N/A
Accessibility testing
N/A
API
Yes
What users can and can't do using the API
Utilisation of a reporting dashboard - eg Palo Alto
API documentation
Yes
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
No
Customisation available
No

Scaling

Independence of resources
All Proofpoint SaaS systems are actively monitored with local agents collecting hundreds of metrics specific to hardware, networking, and OS. All metrics are measured against a baseline compiled from historical data. Acceptable thresholds are defined based on a combination of optimal performance targets and historical baselines.

Analytics

Service usage metrics
Yes
Metrics types
Granular Reporting of message flow, deep analysis into threats
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller (no extras)
Organisation whose services are being resold
McAfee, Z Scaler, Okta, Druva, Alert logic,Qualys, Cyligant, Proofpoint, Bitsight

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Other
Other data at rest protection approach
AES256 is used to encrypt data at rest in proofpoint services
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Data extraction tools driven by customer.
Data export formats
Other
Data import formats
Other

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
Please see this link for Service Level Agreement Details: https://www.proofpoint.com/sites/default/files/general_terms_hosted_services_sla_-_mar_2016.pdf
Approach to resilience
Please see the attached link giving details of hosting services resilience:
https://www.proofpoint.com/sites/default/files/general_terms_hosted_services_sla_-_mar_2016.pdf
Outage reporting
Service level availability is provided for on the service portal

Identity and authentication

User authentication needed
Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels
User permissions
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Third Party
ISO/IEC 27001 accreditation date
Not available
What the ISO/IEC 27001 doesn’t cover
N/a
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
NIST 800-53

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Configuration and Change Management processes follow ITIL framework
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
N/a
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
N/a
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
N/a

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£7.62 to £52.80 per user per year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Full service offering as a Proof of Concept for 2 weeks as standard at customers request
Link to free trial
Provided by a Proofpoint Engineer once requirements are confirmed.

Service documents

Return to top ↑