Proofpoint Threat Response

Additional Info

CompanyProofpoint
Websiteproofpoint.com
Company size (employees)1,000 to 4,999

Overview

Proofpoint Threat Response Auto-Pull (TRAP) enables messaging and security administrators to move malicious or unwanted emails to quarantine, after delivery. It follows forwarded mail and distribution lists and creates an auditable activity trail. Security teams using TRAP also receive graphical reports and downloadable data showing email alerts, post-delivery quarantine attempts, and success or failure of those attempts.

In the case of malicious and unwanted emails being forwarded to other individuals, departments, or distribution lists, TRAP features built-in business logic and intelligence that understands when messages are forwarded or sent to distribution lists then automatically expands and follows the wide fan out of recipients to find and retract those messages. This saves time and frustration, and with the added benefit of showing message ‘read’ status, TRAP additionally helps prioritize which users and endpoints to review.

How we are different

• Proofpoint is the only cybersecurity vendor that has taken a people-centric approach to security and offers solutions that address the changing landscape that is increasingly targeting people rather than infrastructure. TRAP’s reports provide granular insight into targeting of internal users, including past histories that display which users have been targeted the most frequently over customizable time periods. Similarly, targeting of departments, groups, or geographic locations are also available as reports.


• Many security alerts lack critical information required to determine the context of a threat and next steps. Threat Response automatically enriches security alerts by collecting important internal and external context, intelligence, and data to create an actionable view of each alert. Armed with this insight, security teams can quickly understand, prioritize, and respond to security threats.


• When a security alert reports a system has been targeted with malware, Threat Response automatically deploys an endpoint collector to pull forensics from the targeted system. This data is compared to a database of known IOCs to quickly confirm whether a system is infected with IOCs related to the current attack. Teams can also gain visibility into IOCs from previous attacks that were not cleaned up. This built-in infection verification can save hours per incident. And it dramatically reduces the number of time-wasting false positives that lead to needless reimaging and backup-restoration cycles.