Proofpoint acquires Nuclei to boost AI workplace compliance tools

Proofpoint has acquired Nuclei, a technology company specialising in compliance archiving and AI-driven data enrichment for workplace communications.
The acquisition will see Proofpoint extend its digital communications governance offering with additional capabilities to capture, retain, and analyse communications data across collaboration platforms such as Microsoft Teams, Slack, Zoom, Webex, WhatsApp, and RingCentral Voice.
Proofpoint has outlined that it will continue to support integration with a broad range of archive and data governance platforms, ensuring its connectors can deliver compliant interoperability for a wide variety of customer environments.
Harry Labana, Senior Vice President and General Manager of Proofpoint's DCG Business Unit, said: "This acquisition enables us to accelerate our mission to deliver the most advanced and comprehensive AI-powered digital communications compliance platform in the market today, and we are excited to welcome Nuclei's talented team to Proofpoint.
"By combining Proofpoint's leading human-centric security platform with Nuclei's pioneering technology, we can provide our customers with enhanced regulatory compliance while unlocking valuable insights from conversational data, which will be a game changer, particularly for highly regulated industries."
The Nuclei platform offers several features for organisations, including the ability to capture and archive data from more than 100 applications. It can automatically collect messages, attachments, and metadata from a wide range of collaboration tools.
AI transformation tools available through Nuclei include speech recognition in over 120 languages, real-time transcription, automatic translation, and video analysis. These functions are intended to help organisations derive actionable insights from their communication data.
The platform is also designed for seamless integration with several major compliance archives, including Proofpoint, Smarsh, Global Relay, Arctera, and Microsoft Purview, to support organisations in meeting regulatory requirements.
Nuclei's infrastructure is built on a serverless architecture on Amazon Web Services. It incorporates real-time compliance and security measures such as third-party audits by firms like Vanta, as well as end-to-end encryption that protects data in transit and at rest from capture through to storage.
The value of human communication as a source of insight, process automation, and risk identification is a key area that Nuclei seeks to address by enabling capture, archiving, and analysis of communications data for intelligence extraction and compliance assurance.
Eric Franzen, Chief Executive Officer of Nuclei, said: "At Nuclei, our mission is to democratise access to the world's most valuable data by transforming workplace communications into structured, compliant, and actionable information.
"This vision has fuelled our innovation from the start. Partnering with Proofpoint allows us to extend that impact by helping the world's largest organisations boost productivity across hundreds of collaboration platforms while staying ahead of growing regulatory requirements."
Proofpoint holds the status of a Leader in the 2025 Gartner Magic Quadrant for Digital Communications Governance and Archiving Solutions, based on completeness of vision and ability to execute.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Techday NZ

2 days ago

• Techday NZ

Hornetsecurity launches AI cyber assistant for Microsoft 365

Hornetsecurity has launched a new AI Cyber Assistant to support its 365 Total Protection Plan 4, featuring tools designed to aid IT security teams and protect Microsoft Teams users from cyber threats. The new solution includes the Email Security Analyst, which automates the handling of reported suspicious emails, and Teams Protection, which is intended to detect and block malicious messages and impersonation attacks within the Microsoft Teams platform. Hornetsecurity has also confirmed updates to its AI Recipient Validation, aimed at preventing email misdirection and data leaks, now integrated into the 365 Total Protection Plan 4 suite. The AI Cyber Assistant is designed to ease workloads for security personnel while equipping end users with information to make informed decisions about potential threats. According to Hornetsecurity, the assistant continually evolves by deploying machine learning technology to support both end users and IT teams within their daily operations. Daniel Hofmann, Chief Executive Officer of Hornetsecurity, said: "To continue enhancing the next-gen security we provide, our new AI-powered Email Security Analyst automates responses to user queries about potential threats, alleviating the workload on SOC and service desk teams, while educating end users on the nature of attacks. IT security personnel benefit by gaining more time to focus on other pressing issues, while end users receive instant feedback, which also encourages them to continue reporting suspicious emails and contribute to the organisation's overall security." Email response automation The Email Security Analyst leverages a large language model to provide automated analysis and response to user-reported emails, reducing the manual review burden on Security Operations Centre (SOC) and IT Admin teams. This automation is intended to improve efficiency in handling suspicious emails flagged by users. As Hofmann explained: "Thanks to growing media attention, end users are becoming more suspicious about incoming emails. While this a welcome and positive development, each email they flag increases the burden on SOC and Service Desk teams to analyse and verify them on a case-by-case basis. Email Security Analyst replaces this traditional manual analysis and significantly reduces the time SOC teams spend on false-positive and negative reports." Providing AI-driven insights for each reported email, the tool assists in training employees to better discern malicious activity, while guiding them on necessary precautions to help strengthen organisational cybersecurity. Hofmann stated further: "Organisations have to strengthen their 'human firewall' by empowering employees to become active participants in their organisation's cybersecurity strategy. Cyber-attacks are constantly increasing, so CISOs and security teams need to strategically allocate resources that strengthen organisational security while upskilling end users to cover any blind spots." Microsoft Teams threat detection The Teams Protection feature aims to provide continuous monitoring and analysis of messages within Microsoft Teams, identifying and alerting users to potential threats using AI-driven detection methods. The technology analyses URLs and pictures within messages, employing supervised and unsupervised machine learning algorithms as well as computer vision models. These models scan for indicators of phishing such as brand logos, QR codes, and suspect text embedded in images. Administrators can remove conversations found to contain malicious messages and block compromised users from accessing Teams, helping to manage threats across Microsoft 365 tenants. Hofmann said: "Instant messaging platforms like Microsoft Teams are increasingly used as a main channel of business communications, and yet they tend to be overlooked as a potential attack vector. However, attackers are sending malicious links and malware both through Teams that are open externally and also via compromised internal Teams accounts. We have therefore developed Teams Protection to address this growing cybersecurity threat." User experience updates The release also brings a redesigned, multitenant control panel for 365 Total Protection, offering a streamlined interface intended to facilitate easier access to security, backup, and compliance features for Microsoft 365 users. The aim is to make administration more efficient while bringing multiple security functions together in a single platform. Hornetsecurity reports that it delivers its products and services through a global partner network, with organisations using the platform for a range of needs including email protection, backup, governance, risk and compliance, and security awareness training.

Techday NZ

13-06-2025

• Techday NZ

Voitec appointed to distribute Heedify Teams console in ANZ

Voitec has been appointed as the official distributor for Heedify's attendant console solution for Microsoft Teams in Australia and New Zealand. Heedify offers an attendant console designed specifically for Microsoft Teams, allowing organisations to manage their frontline communications entirely within the Teams environment. The solution is intended to help receptionists, call handlers, and customer service staff operate more efficiently and deliver improved customer satisfaction. Unlike some attendant consoles that require third-party plugins or additional infrastructure, Heedify is installed natively and can be set up in less than sixty minutes. This approach aims to simplify both deployment and ongoing management for IT teams in a variety of organisations, from single-site enterprises to distributed, multi-location companies. Product features Heedify's core features include full integration with Microsoft Teams, meaning organisations can adopt the solution without having to configure external components or adapt existing workflows. Users benefit from intelligent call queueing, skill-based routing, and advanced IVR (Interactive Voice Response) navigation, which are designed to connect callers with the appropriate representative as quickly as possible. For customer-facing employees, Heedify also integrates with customer relationship management (CRM) systems, presenting relevant information during interactions and supporting more personalised service. Administrative controls are simplified, featuring delegated access along with real-time tracking of queue activity. Information such as wait times, call volumes, and call outcomes is accessible through standard reporting and can also be integrated into Power BI dashboards for more detailed analytics. Partnership rationale Mefteh Werghemmi, Co-founder of Heedify, described the solution's benefits for organisations seeking to improve frontline communication. "Heedify enables organisations to elevate their first impressions. It was built from the ground up for Microsoft Teams to streamline call flow, reduce wait times, and improve service levels. Customers such as NHS Royal Marsden and Endrix in Europe are already seeing measurable results. We're excited to partner with Voitec to bring these benefits to the ANZ market." For Heedify, working with Voitec is seen as an opportunity to reach a broader audience in the Australia and New Zealand region, supported by a distributor with longstanding relationships in the enterprise and government sectors. Mark Owens, Managing Director at Voitec, commented on the suitability of Heedify for current market needs. "Heedify brings a level of simplicity and integration that fits naturally into how many organisations already use Microsoft Teams. At Voitec, we've spent over a decade working closely with IT teams to understand their environments and help them overcome the real-world challenges of managing voice communications. Heedify offers a compelling solution that enhances the way frontline staff handle calls and interactions - without the complexity of disconnected systems or time-consuming deployments." Regional availability With the appointment, Heedify is now available across Australia and New Zealand through Voitec's distribution channels. The product is designed to address the requirements of both small-scale reception areas and larger, geographically dispersed call handling teams. The aim is to provide a functional and scalable solution for organisations seeking to align their communications infrastructure more closely with Microsoft Teams. Voitec's role will include supporting implementation, training, and ongoing customer service, drawing on its local presence and technical expertise. The company has a history of assisting businesses and public sector bodies in upgrading their communication systems and supporting integrations with Microsoft products and platforms. Voitec states that the partnership is intended to allow organisations in the region to adopt Heedify with confidence, with a focus on minimising deployment time and optimising call management processes for better overall customer interaction.

Techday NZ

12-06-2025

• Techday NZ

Over 80,000 Microsoft Entra ID accounts hit by major takeover campaign

Proofpoint has identified an active account takeover campaign targeting Microsoft Entra ID users and exploiting the TeamFiltration penetration testing framework. The campaign, which Proofpoint has named UNK_SneakyStrike, has involved attackers gaining unauthorised access to native applications including Microsoft Teams, OneDrive, and Outlook. According to the company's research, since December 2024 this activity has impacted over 80,000 user accounts across hundreds of organisations, resulting in several instances of successful account takeover. Attack methods UNS_SneakyStrike deploys the TeamFiltration pentesting framework to carry out its attacks, leveraging the Microsoft Teams API and Amazon Web Services (AWS) servers in multiple geographical regions. The attackers execute user-enumeration and password-spraying attacks to identify and compromise target accounts. TeamFiltration, which was first released in January 2021, is a post-exploitation tool originally designed for legitimate penetration testing and risk evaluation of Microsoft 365 environments. The tool automates a variety of tactics, techniques, and procedures (TTPs) associated with account takeover campaigns, including account enumeration, password spraying, and data exfiltration. The attackers have exploited access to specific resources and applications with TeamFiltration's features for persistent access. These include "backdooring" via OneDrive, accomplished by uploading malicious files to a user's OneDrive and replacing desktop files with rogue versions, potentially containing malware or macros for ongoing access. Proofpoint noted, "TeamFiltration helps automate several tactics, techniques, and procedures (TTPs) used in modern ATO attack chains. As with many security tools that are originally created and released for legitimate uses, such as penetration testing and risk evaluation, TeamFiltration was also leveraged in malicious activity." Identifying the activity Proofpoint researchers analysed TeamFiltration's public GitHub documentation and configuration files to identify a rare user agent string — representing an outdated Teams client — being used during suspicious activity. This served as a key indicator for tracking unauthorised uses of the tool. They also observed attempts by attackers to access sign-in applications from devices incompatible with those services, suggesting the use of user agent spoofing as a means to disguise the source of the attacks. Another indicator was the pattern of attempted access to a defined list of Microsoft OAuth client applications. The applications are capable of obtaining special "family refresh tokens," allowing attackers to exchange them for access tokens to exploit various native Microsoft applications. Proofpoint found that TeamFiltration's most recent client ID list contained some inaccuracies, with incorrect mappings for 'Outlook' and 'OneNote'. Despite this, the tool's configuration closely aligned with a known family of client IDs published publicly by another cyber security research initiative. AWS infrastructure and behaviour TeamFiltration requires an AWS account to conduct its simulated attacks. Its password spraying function systematically rotates through different AWS Regions, and its enumeration features rely either on a disposable Microsoft 365 Business Basic account or, following recent updates, on a OneDrive-based method. Proofpoint stated, "TeamFiltration's enumeration function leverages the disposable account and the Microsoft Teams API to verify the existence of user accounts within a given Microsoft Entra ID environment before launching password spraying attempts. A recent update to the tool's code introduced a OneDrive-based enumeration method, enhancing its enumeration capabilities." Attacks attributed to TeamFiltration have been observed originating from AWS infrastructure and rotating across multiple AWS regions, with password spraying attempts systematically spread for wider impact and to hinder detection. Campaign analysis Proofpoint began tracking a distinct activity set, UNK_SneakyStrike, after differentiating malicious use of TeamFiltration from legitimate penetration testing activity. The main difference was that attackers operated in indiscriminate, high-volume bursts across many cloud tenants, while security assessments tend to be more targeted and controlled. Proofpoint threat researchers have recently uncovered an active account takeover (ATO) campaign, tracked as UNK_SneakyStrike, using the TeamFiltration pentesting framework to target Entra ID user accounts. Using a combination of unique characteristics, Proofpoint researchers were able to detect and track unauthorized activity attributed to TeamFiltration. According to Proofpoint findings, since December 2024 UNK_SneakyStrike activity has affected over 80,000 targeted user accounts across hundreds of organizations, resulting in several cases of successful account takeover. Attackers leverage Microsoft Teams API and Amazon Web Services (AWS) servers located in various geographical regions to launch user-enumeration and password-spraying attempts. Attackers exploited access to specific resources and native applications, such as Microsoft Teams, OneDrive, Outlook, and others. The volume of login attempts linked to TeamFiltration saw a marked increase starting in December 2024, peaking in January 2025. Over 80,000 user accounts across approximately 100 cloud tenants were targeted, with multiple cases of account takeover observed. Patterns and regional targeting UNK_SneakyStrike activities typically occur in concentrated bursts, focusing on numerous users within a single cloud environment, and then pausing for periods of four to five days. The apparent strategy varies by organisation size: all users within smaller tenant environments are targeted, but only specific user subsets are selected among larger tenants. The primary sources for malicious login activity were traced to AWS infrastructure in three regions: the United States (42% of IP addresses), Ireland (11%), and Great Britain (8%). Tool risks and future outlook Proofpoint noted that penetration testing tools such as TeamFiltration are intended to benefit defensive security operations, but acknowledged their potential for malicious use. "While tools such as TeamFiltration are designed to assist cyber security practitioners in testing and improving defense solutions, they can easily be weaponized by threat actors to compromise user accounts, exfiltrate sensitive data, and establish persistent footholds." The company expects such advanced tools to become more common among attackers. "Proofpoint anticipates that threat actors will increasingly adopt advanced intrusion tools and platforms, such as TeamFiltration, as they pivot away from less effective intrusion methods." Proofpoint has provided security indicators, including a list of observed IP addresses and user agent strings, to aid organisations in detecting potential unauthorised access related to this campaign. The company recommends correlating these indicators with additional context and behavioural analytics for accurate detections.