Threat Response
Email Security and Threat Protection
Security teams face many challenges when responding to threats that are targeting people in their organization. Those challenges are staff shortages, an overwhelming number of alerts and attempting to reduce the time it takes to respond and remediate threats. Proofpoint Threat Response is a leading security orchestration, automation and response (SOAR) solution that enables security teams to respond faster and more efficiently to the everchanging threat landscape.
Features and Benefits
Seamless Orchestration and Workflow
Threat Response orchestrates several key phases of the incident response process.
It can ingest any alert from any source and automatically enrich and group them into incidents in a matter of seconds. Security teams receive rich and vital context from leveraging Proofpoint Threat Intelligence as well as third-party threat intelligences to help understand the "who, what and where" of attacks, prioritize and quickly triage incoming events.
Using all this information, Threat Response automates workflows and response actions such as quarantine and containment actions across your security infrastructure.
Forensics Collection and IOC Verification
No matter how elusive the malware, infections often leave behind telltale signs on endpoints. When a security alert reports a system has been targeted with malware, Threat Response automatically deploys an endpoint collector to pull forensics from the targeted system. This data is compared to a database of known IOCs to quickly confirm whether a system is infected with IOCs related to the current attack.
Teams can also gain visibility into IOCs from previous attacks that were not cleaned up. This built-in infection verification can save hours per incident. And it dramatically reduces the number of time-wasting false positives that lead to needless reimaging and backup-restoration cycles. The endpoint forensic collectors deploy to systems suspected of being infected on demand—no need to preinstall. The collector runs temporarily in memory and uninstalls itself when finished.
Respond to Incidents Quicker
Threat Response presents a context rich view of threats based on the forensics collected and analyzed. This view allows analysts to take push-button response actions, identify areas for additional investigations or turn on automated response such as retract delivered email from users’ mailboxes, add users to low permission groups, update blocklists of firewalls and web filters and much more. Contain the threat by blocking/quarantining threats across Exchange, Firewalls, EDR, Web Gateway, AD, NAC and other solutions.
Demo
Proofpoint Threat Response
Automated enrichment, forensics, and orchestration. Accelerate investigation, prioritize threats, and resolve incidents with less time and effort.