Proofpoint has introduced Active Exploits Protection, a solution designed to help organisations address the increasing threat of AI-accelerated cyber attacks. The initiative is based on threat patterns identified through Proofpoint’s telemetry data.
Advances in AI models have increased the speed at which software vulnerabilities can be identified and exploited. In the current threat landscape, traditional security approaches such as patch management may struggle to match the pace of exploitation, reducing the time between vulnerability discovery and active targeting.
Proofpoint’s approach is based on visibility from multiple data sources, including the detection of vulnerability misuse that may appear before it is reflected in public vulnerability registries. Its telemetry, covering a large volume of daily email activity and supported by a global sensor network, has produced a high number of exploit-related alerts used to identify emerging threats.
Although many vulnerabilities are reported, only a small proportion are actively exploited in real environments. Security teams therefore face the challenge of prioritising relevant risks among large volumes of alerts. The approach emphasises focusing on observed exploitation activity rather than relying primarily on severity scores or theoretical risk assessments.
Key aspects of the approach include:
- Prioritising observed threats: focusing on vulnerabilities that show evidence of active exploitation to help allocate resources toward higher-confidence risks.
- Faster response cycles: translating exploit intelligence into protective measures to reduce exposure time to emerging threats across large-scale email environments.
- Context for decision-making: providing real-time threat context to support investigation and response within existing security systems.
- Integration of automated processes: incorporating threat intelligence into workflows to support operational efficiency and exposure management.
Overall, the solution is intended to help organisations prioritise vulnerability management based on observed attacker activity and reduce exposure to actively exploited threats.
