Digital Risk Protection

Proofpoint and CrowdStrike Release Second Integration for Enhanced Protection

Share with your network!

Proofpoint and CrowdStrike continue leading with innovative integrations to protect an organization’s people and their devices. Last year, Proofpoint and CrowdStrike announced a partnership to provide organizations with advanced threat protection across email and endpoints. The initial integration provides multi-layered protection with Proofpoint TAP checking potentially malicious attachments with CrowdStrike Falcon Intel and adds unique new hashes to the customer’s custom intelligence. From there, an alert is then created if new related malicious content tries to execute on the device.

The second integration released this week, allows Proofpoint TAP and the CrowdStrike Falcon platform to share threat intelligence. When an email that contains a file is sent to a customer, Proofpoint TAP will begin its sandbox analysis to determine if it is malicious. At the same time, Proofpoint TAP will query the CrowdStrike Intelligence for file reputation. If CrowdStrike knows the file to be malicious, it will inform Proofpoint TAP. From there, the message and file will be condemned and blocked from ever reaching the end user. This shared intelligence will help defend against advanced targeted attacks by leveraging two best-of-breed solutions. 


  1. Proofpoint TAP Attachment Defense will inspect the file and also query CrowdStrike Intelligence API.
  2. If file known to be malicious by CrowdStrike, Proofpoint TAP will quarantine the file and it won’t be delivered to the end user.
  3. If file is not known to CrowdStrike, however found to be malicious by Proofpoint TAP, it will be quarantined and not delivered to end user.
  4. Improved protection for customer through threat intelligence sharing.

The Proofpoint and CrowdStrike integration makes it easy to detect, investigate and remediate email threats—providing an enhanced level of protection for your organization and your people at no additional cost. To take advantage of this integration, customers will need to have both Proofpoint TAP and CrowdStrike Intelligence licensed. To activate this integration, follow the steps below:

  1. Obtain the API key from the CrowdStrike Falcon Platform:
    1. Log on to your Falcon account, then proceed to Support and then to API Clients and Keys.
    2. Click on Add New API Client under API Clients.
    3. Provide an appropriate name and description.
    4. Select Indicators (CrowdStrike Intelligence) with read-only permission, as well as IOCs (Indicators of Compromise) with read/write permissions. Click on Add.
    5. Keep a record of the generated client ID and secret.
    6. Note that both must be shared with Proofpoint. Then simply log-in to your TAP Dashboard 
  2. Then, simply log-in to the Proofpoint TAP Dashboard
  3. Go to the “Settings” tab
  4. Click the “Connected Applications” Tab
  5. Enter in the API Key in the CrowdStrike Intelligence section

To learn more , click here.