Proofpoint, Inc.



Proofpoint, Inc. is an American enterprise cybersecurity company based in Sunnyvale, California that provides software as a service and products for email security, identity threat defense, data loss prevention, electronic discovery, and email archiving.

In 2021, Proofpoint was acquired by private equity firm Thoma Bravo for $12.3 billion.

Company
The company was founded in July 2002 by Eric Hahn, formerly the CTO of Netscape Communications. It launched July 21, 2003, after raising a $7 million Series A funding round, releasing its first product, and lining up six customers as references, and was backed by venture investors Benchmark Capital and Stanford University. An additional $9 million in Series B funding led by New York-based RRE Ventures was announced in October, 2003.

Proofpoint became a publicly traded company in April 2012. At the time of its initial public offering (IPO), the company's shares traded at $13 apiece; investors purchased more than 6.3 million shares through the IPO, raising more than $80 million.

On April 26, 2021, Proofpoint announced that it had agreed to be acquired by the private equity firm Thoma Bravo.



Product history
The company's first product was the Proofpoint Protection Server (PPS) for medium and large businesses. It incorporated what was described as "MLX Technology", proprietary machine learning algorithms applied to the problem of accurately identifying spam email using 10,000 different attributes to differentiate between spam and valid email. The company joined dozens of other anti-spam software providers in a business opportunity fueled by an exponential increase in spam volume that was threatening worker productivity, making spam a top business priority. According to the 2004 National Technology Readinesed the number of spam detection attributes to more than 50,000.

In 2004, strict new HIPAA regulations governing financial disclosures and the privacy of health care data prompted Proofpoint to begin developing new products that would automatically identify and intercept outbound email containing sensitive information.

In March 2004, Proofpoint introduced its first hardware appliance, the P-Series Message Protection Appliance (later renamed Proofpoint Messaging Security Gateway), using a hardened Linux kernel and Proofpoint's Protection Server 2.0 software. It was tested by Infoworld and found to stop 94% of spam.

Another product introduction in November 2004 included Protection Server 3.0, with Email Firewall and MLX-based Dynamic Reputation Analysis, and the Content Security Suite, plug-in modules designed for scanning outbound messages and their attachments to assist in compliance with data protection regulations such as Sarbanes–Oxley, HIPAA, and Gramm–Leach–Bliley. In combination, this was known as the Proofpoint Messaging Security Gateway Appliance. It was reviewed by ChannelWeb, which observed that it used a "combination of technologies: policy-based management, a spam-filtering engine and adaptive learning technology."

Proofpoint introduced a new product, the Network Content Sentry, as an add-on appliance to the Content Security Suite in August 2005. Designed to monitor online messaging other than email, the appliance monitors Web mail, message boards, blogs and FTP-based communications. Proofpoint also introduced policy-based email encryption features, using identity-based encryption technology licensed from Voltage Security.

Virtual appliance development
In a step towards simpler operational requirements, the Proofpoint Messaging Security Gateway Virtual Edition was released in April 2007. The product runs as a virtual appliance on a host running VMware's virtual server software. Moving a dedicated hardware appliance to a virtual server eliminates problems associated with proprietary hardware and reduces upgrade costs, though it does require knowledge of VMware's virtual server architecture.

Proofpoint Messaging Security Gateway V5.0 was released in June 2007, and was based on a new, integrated architecture, combining all its capabilities into a single platform. It could be run either as a dedicated appliance, virtual appliance, or software suite.

ICSA Labs, an independent division of Verizon Business, announced in April 2007, that it had certified six anti-spam products under their new testing program, one of which was the Proofpoint Messaging Security Gateway. The goal of ICSA Labs' anti-spam product testing and certification is to evaluate product effectiveness in detecting and removing spam. The guidelines also address how well the products recognize e-mail messages from legitimate sources.

Software as a service
Moving into the software-as-a-service business, Proofpoint introduced Proofpoint on Demand, a hosted version of its email security and data loss prevention offerings. In May, 2008, the company's hosted offerings were expanded with the introduction of Proofpoint on Demand—Standard Edition. The product is targeted at small-to-medium size businesses that need email security but do not run their own servers or have on-site IT personnel.

Products
Proofpoint products are designed to solve three business problems: advanced cybersecurity threats, regulatory compliance, and brand-impostor fraud (which it calls "digital risk"). These products work across email, social media, mobile devices, and the cloud.

Email security
Proofpoint offers software or SaaS aimed at different facets of email security. Its flagship product the Proofpoint Messaging Security Gateway. The Messaging Security Gateway is a web-based application that offers spam protection; based on both user defined rules as well as dynamically updated definitions, anti-virus scanning, and configurable email firewall rules. The spam-protection service, however, results in many false positives of legitimate email servers and blocks IPs. A webform is provided to request an IP be unblocked, but they are non-responsive.

Additionally, in June 2008, Proofpoint acquired Fortiva, Inc., a provider of on-demand email archiving software for legal discovery, regulatory compliance and email storage management. Fortiva used Exchange journaling to automatically archive all internal and external communications so that end users can search all archived messages, including attachments, directly from a search folder in Outlook.

Cybersecurity
Proofpoint's security portfolio includes products that stop both traditional cyberattacks (delivered via malicious attachments and URLs) and socially engineered attacks—such as business email compromise (BEC) and credential phishing—that do not use malware. It uses a blend of sandbox analysis, reputational analysis, automated threat data, human threat intelligence and attributes such as sender/recipient relationship, headers, and content, and more to detect potential threats. Automated encryption, data-loss prevention and forensics-gathering tools are designed to speed incident response and mitigate the damage and costs of any threats that do get through. The portfolio also includes protection from social-media account takeovers, harmful mobile apps, and rogue Wi-Fi networks.

Regulatory compliance
Proofpoint's compliance products are designed to reduce the manual labor involved in identifying potentially sensitive data, managing and supervising it in compliance with government and industry rules, and producing it quickly in e-discovery legal requests.

Digital risk
Proofpoint's digital risk products are aimed at companies seeking to stop cybercriminals from impersonating their brand to harm customers, partners, and the brand's reputation. Its email digital risk portfolio includes authentication technology to prevent email domain spoofing. On social media, it stops scams in which fraudsters create fake customer-service accounts to find people seeking help over social media and trick them into handing over account credentials or visiting a malicious website. And in mobile, it finds counterfeit apps distributed through mobile app stores.

In the 2016 Forrester Wave for Digital Risk Monitoring, Q3 2016 the Proofpoint digital risk / social media product was included in an evaluation of the nine top vendors in this emerging market. These monitor "digital" (i.e. social, mobile, web, and dark web) channels to detect, prevent, malicious or unwanted content from undermining organizational efforts to build brand across all major social media platforms. On October 23, 2014 Proofpoint acquired Nexgate, Inc., a social media and security compliance vendor. On November 4, 2015 Proofpoint acquired Socialware Inc., a compliance workflow & content capture and review technology company.