New email protection service to be implemented Feb. 24

By Casey Hanson, Information Technology Services

proofpoint-logoPULLMAN, Wash. – Information Technology Services (ITS) will implement a new email protection service provided by ProofPoint on Tuesday, Feb. 24. ProofPoint Targeted Attack Protection (TAP) will check email messages for malicious URLs and/or attachments as they come into the Washington State University central email system.

Why does WSU need to implement this technology?

• Phishing has become an increasingly pervasive security problem, and WSU is attacked on a regular basis.
• Sometimes these attacks are successful and WSU accounts can be compromised. ITS deals with hundreds of compromised accounts throughout the year.
• Proactively protecting users from malicious email attacks costs less than reacting to them.
• Having information to measure attacks and impacts will benefit WSU.

What is the date and plan for implementing this solution?

• ITS staff and others on campus have been piloting TAP since last summer.
• ITS expanded the pilot to include volunteers from among WSU area technology officers.
• ITS plans to roll out to WSU customers already using the ProofPoint solution on Feb. 24.

How does TAP work?

TAP provides near real-time email protection. When a recipient clicks on a URL or attachment included in an email, the link is evaluated and then redirected to the original site unless the site is known to be malicious. Malicious sites typically are hosting an identity phishing page or some form of malware.

The main thing that WSU email users may notice is that the URL will be rewritten to be SSL encrypted and obfuscated, and it will be from the domain like the invalid example URL below.

Example of original URL users currently see:

Normally, users will not notice anything different when ProofPoint TAP is implemented; however, if they hover over a URL or click on a URL contained in an email protected by ProofPoint TAP with the URL redirected, this is an example of what they will see:

Benefits to users

• TAP offers sophisticated protection from, and monitoring for, phishing attacks.

• URLs in incoming email messages are screened.
o Sites determined to be safe will be handled as a redirect – meaning that when a URL contained in an email is clicked and determined to be a safe site, the URL will be redirected and the site will be accessed.
o If a malicious URL is clicked, it is blocked and the user will see a screen indicating that the site is a known malicious site – thus providing proactive protection to the user.
o URLs that are determined to be malicious after the original message is sent are tracked and can be followed up on by ITS security personnel.

What types of email and who will be covered by this solution?

• WSU campus email infrastructure that is covered by the central hosted ProofPoint service. This list includes, but is not limited to:
o email forwarding
o The WSU Central Exchange email service, which includes WSU Pullman, WSU Spokane, WSU Vancouver, WSU North Puget Sound at Everett and other units around the state.
o Electrical engineering and computer science department email service
 + College of Engineering and Architecture departments that utilize the EECS email service
o WSU Tri-Cities email service

What types of email and who will NOT be covered by this solution?

• Email that stays within the WSU Central Exchange and other internal systems

• Outgoing email

• Parts of the WSU campus email infrastructure that are not covered by the central hosted ProofPoint service. This list includes, but is not limited to:
o Student email with Office 365 when email is sent to the address
o College of Veterinary Medicine
o Mathematics department
o WSU Extension Energy Program
o SESRC Puget Sound

ProofPoint is a security-as-a-service vendor that delivers data protection solutions that help organizations protect their data from attack. WSU ITS has utilized ProofPoint products since 2008, beginning with email spam filtering.

For more information, please contact CougTech (formerly the ITS Help Desk) at 509-335-4357 or