Proofpoint Cloud App Security Broker (Proofpoint CASB)

Additional Info

Company size (employees)1,000 to 4,999
Type of solutionCloud/SaaS


Proofpoint provides the only CASB to meet the needs of security people serious about cloud threats, data loss and app governance. Proofpoint CASB protects you from account compromise, oversharing of data and compliance risks in the cloud. Our multi-mode solution combines:

● Compromised account detection and automated response,
● Protection against malicious files uploaded or created within cloud apps,
● Data security including real-time DLP,
● Cloud and third-party apps governance including third-party OAuth apps
● IaaS protection,
● Real-time detection of malicious files,
● Adaptive access controls,
● Controls over IT-approved and tolerated cloud apps that are used in the browser or within native clients

We secure Azure, AWS, Google Cloud, and Okta cloud environments as well as cloud apps using Azure services. People-centric visibility to email and cloud threats helps organizations identify at-risk users and protect their accounts and data.

With Proofpoint, organizations can deploy consistent DLP policies across cloud, email and endpoint. You can also centralize alert management across these channels on a single console. Our powerful analytics and adaptive controls help companies grant the right levels of access to users and third-party apps based on the risk factors that matter most.

To protect your IaaS environments and ensure compliance, Proofpoint CASB IaaS Protection (IaaS Protection) provides:

● IaaS discovery
● Cloud Security Posture Management (CSPM)
● Data security, including DLP for IaaS buckets and containers
● Threat protection, including cloud account compromise detection
● Adaptive access controls

With our IaaS Protection add-on module, you can:

● Identify misconfigurations in IaaS environments
● Monitor and control privileged user activity
● Discover all IaaS resources and un-provisioned IaaS accounts
● Discover sensitive data in cloud storage and remediate excessive sharing of buckets with sensitive data
● Prevent unauthorized access to IaaS environments

How we are different

● Proofpoint CASB differentiates from competitors with people-centric and high-efficacy security analytics that excel at protecting users from threats, such as account compromise, malicious files, malicious apps, abuse of third-party OAuth app access, abuse of IaaS resources and initial access and preparation of ransomware attacks. Competitors fall short in the following areas: shallow depth in detecting account compromise, inability to correlate compromise with post-compromise activity that dramatically slows down security response and incomplete account takeover remediation capabilities across Microsoft, Google and Okta federated applications

● Data loss originates with people. They can be negligent, compromised, or malicious. Understanding user intent enables you to apply the appropriate DLP response to mitigate risk. Proofpoint is the only vendor that brings together the telemetry of content, user-behavior and threats across the most critical DLP channels – cloud (SaaS and IaaS storage), email, endpoint and web. Competitors fall short in either their inability to bring together the DLP channels into one console for triage and response or can’t correlate threat and user behavior to the data movement.

● With Proofpoint CASB, you can govern SaaS apps and IaaS services in a centralized management console with prioritized context into the apps with the most app vulnerabilities, the most attacked or abused and contain the most sensitive data or accessed by the privileged users. This includes first-party cloud apps (such as Microsoft OneDrive and Salesforce) as well as third-party (such as those created within Google Workspace, Microsoft appStore or federated through OAuth tokens). Competitors fall short by either missing the context of which apps are most abused or attacked in the real-world or lack the depth of detection capabilities in third-party apps such as OAuth authenticated apps.