A unified way to view insider threats and get visibility into data exfiltration

The Proofpoint and Splunk partnership provides security teams a unified way to view insider threats, determine the lateral spread of threats and get visibility into data exfiltration.

Leverage Proofpoint On-Demand Email Security App and Add-On

Joint customers of Proofpoint and Splunk can leverage the integration of this partnership to:

  • Obtain visibility into insider threats, lateral, spread and data exfiltration
  • Be alerted of external social risks to the organization
  • Create consolidated reports for both security and compliance
  • Get SIEM visibility into malware-free threats, like credential phishing and BEC/email fraud attacks and related forensics
  • Use Adaptive Response integration that helps defenders leverage Proofpoint intel when threat hunting

Integrations with Splunk include the following Splunk Certified apps and add-ons:​

Email Security App

The Proofpoint On-Demand Email Security App for Splunk provides detailed visibility into advanced threats such as email fraud and credential phishing attacks using customizable reports and dashboards. It incorporates data from the On-Demand Email Security Add-On and the TAP Modular Input to allow security researchers an easier way to quickly find and act upon threats.

TAP Modular Input

The Proofpoint TAP Modular Input add-on enables a seamless integration between Proofpoint’s Targeted Attack Protection (TAP) service and Splunk. This allows security operations professionals to simplify their workflow by ingesting TAP events for the following scenarios into Splunk:

  • Blocked or permitted clicks to threats recognized by Proofpoint URL Defense
  • Blocked or delivered messages that contain threats recognized by Proofpoint URL Defense or Proofpoint Attachment Defense
Read the Email Security Splunk integration brief