Proofpoint Targeted Attack Protection (TAP) and Threat Response

Additional Info

CompanyProofpoint
Websitehttps://www.proofpoint.com/us
Company size (employees)1,000 to 4,999

Overview

Targeted Attack Protection (TAP) protects against ransomware and advanced threats that target people and their data via the tools they use to conduct business. TAP uses static and dynamic techniques to continually adapt and detect new cyber-attack patterns. We analyze potential threats using multiple approaches to examine behavior, code and protocol. This enables us to detect threats early in the attack chain. This sandboxing and analysis take place in virtual environments, bare-metal hardware, and they leverage analyst-assisted execution to maximize detection and intelligence extraction. TAP also detects threats and risks in cloud apps and connects email attacks related to credential theft or other attacks. Our technology doesn’t just detect threats and ransomware—it also applies machine learning to observe the patterns, behaviors, and techniques used in each attack. Armed with that insight, TAP learns and adapts.

Proofpoint Threat Response is a force multiplier for security operations that orchestrates and automates incident response. The platform surrounds security alerts with rich contextual data to help security teams prioritize and execute response actions. It collects and analyzes security event context around incidents and investigations, and it collects endpoint forensics to confirm system infections to create actionable profiles of incidents. Based upon the enhanced context, it enables enforcement and quarantine actions automatically or at the push of a button leveraging existing infrastructure.
Threat Response collects and analyzes endpoint forensics from targeted systems to yield a rich snapshot of indicators of compromise. Based on the forensics collected and analyzed by the system, Threat Response presents a context rich view of the threat that allows analysts to take push-button response actions, identify, areas for additional investigation, or turn on automated response such as retract delivered email from users’ mailboxes, add users to low permission groups, or update blocklists of firewalls and web filters.

How we are different

• Unparalleled Protection – TAP leverages numerous techniques to protect against the everchanging threat landscape. This includes leveraging both our Nexus Threat Graph and NexusAI which provides real-time sharing of threat intelligence from the number 1 deployed solution across the F100, F1000, and G2000 as well as being the market leader in email and leading in other vectors such as cloud, network and social.


• Unmatched Visibility – TAP provides detailed information on threats and campaigns in real time. You gain visibility into both widespread and targeted attacks. It gives you details around the threat itself from impacted users, attack screenshots, and very in-depth forensics. Your security teams need to know who your most attacked people, or VAPs, are in order to protect them against the threats and ransomware that target them. The Proofpoint Attack Index helps identify these VAPs. This index is a weighted composite score of all threats sent to an individual in your organization. It scores threats on a scale of 0-1000 based on four factors: threat actor sophistication, spread and focus of attack targeting, type of attack, overall attack volume. By better understanding your VAPs, you can then prioritize the most effective ways to resolve threats.


• Automated Response: Many security alerts lack critical information required to determine the context of a threat and next steps. Proofpoint Threat Response automatically enriches security alerts by collecting important internal and external context, intelligence, and data to create an actionable view of each alert. Armed with this insight, security teams can quickly understand, prioritize, and respond to security threats. It automatically checks every domain and IP provided in security alerts and sandbox reports against its built-in premium intelligence feeds. This step removes hours of work and manual one-by-one searching against intelligence services to find attacking IPs and hosts leveraging known bad sites.