Proofpoint ET Pro Ruleset is a timely and accurate rule set for detecting and blocking advanced threats. Updated daily, it covers malware delivery, command and control, attack spread, in-the-wild exploits and vulnerabilities and credential phishing. It also detects and blocks distributed denial-of-service attacks (DDoS), protocol and application anomalies, exploit kits and supervisory control and data acquisition (SCADA) attacks.
     Why Proofpoint ET Pro Ruleset?
     Cyber criminals with many different motives, launch today’s advanced attacks with increasing frequency. Some focus on making a profit, while others engage in espionage. The tools they use have a lot in common. But each campaign is different. It uses botnets, proxies, attack vectors and command-and-control systems. This makes it nearly impossible to keep pace with changes in the threat landscape. That’s where Proofpoint comes in.
     ET Pro Ruleset signature writing is based on real-world threats that surface every day. Most security teams have few good options for network detection rules. For ET Pro Ruleset, we leverage our massive international malware exchange, an automated virtualization and our bare metal sandbox environment. In addition, we take advantage of our global sensor network and more than a decade of anti-evasion and threat intelligence experience. ET signature writers also contribute to other Proofpoint products, such as Email Protection and Targeted Attack Protection. This helps us identify threats from other vectors, such as mobile, social, cloud applications, abuse mailboxes and more. That means we have ET Pro Ruleset coverage for all of these.
     Email is the primary attack vector. But not all threats come in through corporate email. Some are web-based attacks, personal email or social media attacks and lateral network spread. Also, there are supply chain attacks and attacks against applications on servers. ET Pro Ruleset helps with all of these.

Network-based advanced threat detection
     Your security team may be dissatisfied with their network IDS, intrusion prevention system (IPS) and next-generation firewall (NGFW) deployments. This is due to the overwhelming number of false positives. Plus, these network security solutions often fail to notify your security team when a breach takes place. This is because standard IDS and IPS signatures detect exploits against known vulnerabilities in hosts on the network. This happens even if the systems are patched and not really vulnerable. But these security platforms are well positioned on your network to monitor for malware activity, including stealth communication to and from remote command and control sites.
Features include:
• Emphasis on compromises that traditional prevention methods miss
• Support for both Snort and Suricata IDS and IPS formats.
• Over 65,000 rules in over 50 categories
• 30 to 50 new rules released each day
• Includes ET Open Ruleset. Benefit from the collective intelligence provided by one of the largest and most active IDS and IPS rulewriting communities. We receive rule submissions from all over the world that cover threats that have never been seen before. The Proofpoint ET Labs research team tests these rule sets to ensure the best possible performance and accurate detection.
• Low false positive rates through our state-of-the-art malware sandbox and global sensor network feedback loop.
• Extensive signature descriptions, references and documentation.
 The five requirements for quality network-based detection are:
  1. Early access to the latest malware samples from around the world, a global network of intrusion detection system (IDS) sensors and access to the latest attacks
  2. An automated sandbox environment that can evaluate millions of new malware samples every day and capture the network behavior that follows
  3. Detecting how a compromised organization interacts with attackers’ command and control systems
  4. A commitment to writing and testing accurate detection signatures to reduce false positives
  5. Daily updates
ET Pro Ruleset delivers on all five.