Why Testing Proofpoint Email Security Solutions is Important

In 2024, email-based attacks such as phishing and ransomware were responsible for over 80% of cybersecurity breaches globally (Verizon DBIR 2024). Despite Proofpoint's status as a leading email security solution, 82% of soft email threats bypass secure email gateways (SEGs) (Keepnet Labs, 2024). Misconfigurations, evolving threats, and inadequate customization often lead to:

• Data breaches – Phishing and malware can infiltrate systems, resulting in critical data leaks.
• Compliance failures – Industry regulations like GDPR and ISO 27001 require stringent security testing.
• Reputation damage – Customer trust erodes when preventable breaches occur.

In September 2024, Kaiser Permanente experienced an email data breach, exposing sensitive information of over 40,000 individuals due to unauthorized access to its email servers. The incident highlights the critical need for rigorous email security measures and continuous testing.

This blog post examines how organizations can enhance their email security to prevent costly breaches and stay ahead of evolving threats. It also highlights how Keepnet’s Email Threat Simulator (ETS) uncovers vulnerabilities and helps businesses optimize their email protection strategies effectively.

Example Threats that Proofpoint Missed

Proofpoint is a leading email security platform, but as cyber threats evolve, even the most advanced solutions can miss emerging and sophisticated attack vectors. Modern adversaries leverage AI, deepfake technology, and social engineering to bypass traditional defenses, often avoiding detection by blending into legitimate communication channels. From QR phishing and MFA bypasses to voice phishing and deepfake-driven impersonation, attackers exploit gaps that standard email filters cannot catch.

Below are real-world examples of recent phishing emails that successfully bypassed Proofpoint Secure Email Gateways, even those powered by the latest AI-driven models. These threats made their way into employee inboxes, posing significant risks to both your revenue and organizational reputation. These incidents underscore the importance of enhancing security with additional protective layers and continuously refining detection capabilities to stay ahead of evolving attack methods.

1. QR Phishing (Quishing)

Malicious QR codes embedded in emails or documents that redirect users to phishing sites or download malware.

• Why Missed: Traditional email security solutions often focus on malicious URLs or attachments, while QR codes bypass detection by concealing the payload in an image.

2. MFA Phishing (Multi-Factor Authentication Phishing)

Phishing attacks that trick users into providing MFA codes on fake login pages, or use adversary-in-the-middle techniques to capture session tokens.

• Why Missed: Proofpoint may not intercept traffic between the victim and attacker during the session, allowing real-time credential interception.

3. Callback Phishing (Hybrid Vishing)

Emails instructing recipients to call a number, where attackers pose as IT support or vendors to extract sensitive information or install malware.

• Why Missed: This method lacks malicious links or attachments, focusing on social engineering, which can bypass email filters.

4. Social Media Phishing

Attackers impersonate colleagues or executives on LinkedIn, WhatsApp, or other social platforms to steal credentials or request wire transfers.

• Why Missed: Email gateways do not monitor social platforms, creating a blind spot for lateral attacks.

5. Supply Chain Impersonation

Attacks targeting vendors and partners to impersonate them in emails, requesting fraudulent payments or sensitive data.

• Why Missed: Subtle differences in domain names (lookalike domains) or compromised legitimate accounts bypass DMARC and SPF checks.

6. Browser-in-the-Browser (BitB) Attacks

Fake login pop-ups within browsers that capture credentials, mimicking trusted single sign-on (SSO) windows.

• Why Missed: No malicious link or malware is involved—only clever visual manipulation that email filters cannot detect.

What is Keepnet's Email Threat Simulator (ETS)?

Keepnet’s Email Threat Simulator (ETS) is a cutting-edge solution that simulates real-world email attacks to test your organization’s email defenses. ETS evaluates security against:

• Malicious attachments – Files that contain hidden malware which activates upon opening.
• Ransomware attacks – Email-based malware that encrypts data and demands payment for decryption.
• Business Email Compromise (BEC) – Emails that impersonate executives to trick employees into transferring funds or data.
• Advanced Persistent Threats (APT) – Long-term, targeted email attacks designed to infiltrate sensitive networks.
• AI-generated phishing attempts – Emails created using AI to mimic legitimate messages, making them harder to detect.

ETS offers actionable insights, helping you fine-tune Proofpoint configurations and enhance your email security posture.

Watch the video below to see how Keepnet's ETS can protect your organization from sophisticated email threats.

How to Test Proofpoint Email Security Solutions Using ETS

Testing Proofpoint with ETS is a simple, streamlined process that involves four key steps:

1. Create a Test Email Address

• Set up a dedicated test email address within your environment.
• Ensure permissions allow for test email delivery and scanning.

2. Launch the ETS Scan

• Go to the Email Threat Simulator dashboard. To access the free email threat simulator, you need to request a demo from our team and create a free account. Visit https://keepnetlabs.com/products/email-threat-simulator to request access.
• Click on +NEW to initiate a new scan.
• Choose email settings and enter the designated test email address.

For automated scans, select:

• Outlook Web Access (OWA) – Ideal for Office 365/Exchange.
• IMAP – Compatible with Google Workspace, Postfix, and others.
• Adjust delivery intervals and enable Continuous Scan to monitor for new threats.

3. Send Test Emails

Simulate different email attacks such as:

• Malicious attachments in PDF, Excel, and ZIP formats.
• BEC attempts – Spoof executives and suppliers to test detection.

4. Analyze the Results

ETS generates comprehensive reports detailing:

• Threats that bypassed Proofpoint’s filters.
• Security strengths and weaknesses.
• Recommended actions to improve configurations and policies.

5. Optimize and Retest

• Implement recommendations from ETS to adjust Proofpoint settings.
• Conduct regular tests to stay updated with emerging email threats.

Video Tutorial

Watch this detailed tutorial for a step-by-step video guide on using Keepnet's Email Threat Simulator.

Full Technical Documentation

For in-depth instructions and technical insights, visit the full documentation: https://doc.keepnetlabs.com/next-generation-product/platform/email-threat-simulator.

Benefits of Using Keepnet ETS to Test Proofpoint

Ensuring the effectiveness of your Proofpoint email security solutions is essential in mitigating risks from phishing, ransomware, and other email-based attacks. Keepnet’s Email Threat Simulator (ETS) offers a comprehensive way to evaluate and strengthen Proofpoint and similar SEG configurations, providing real-world insights that enhance overall protection.

1. Investment Payoff

Boost email blocking efficiency from 28% to 96% by fixing vulnerabilities in your Proofpoint email security solutions.

2. Harden Your Secure Gateway

Test your Proofpoint email security gateway solution by sending 4000+ real-world attacks to a test inbox and measuring your defenses against the latest attacks.

3. Fix Misconfigurations

Check for issues such as Open Relay, Reverse DNS, or DNSBL that may be missing or incorrectly configured on your email gateway or Proofpoint.

4. Monitor Progress

Generate a report of email security scan results over time, tracking improvements and readiness against email attacks on Proofpoint secure email gateway solution.

Key Takeaways

Organizations with the lowest email breach rates conduct regular security testing.

By leveraging ETS, you ensure Proofpoint performs at peak efficiency, enhancing overall cybersecurity resilience and protecting against sophisticated email attacks.