Threat Intelligence
Enhance your security tools with more visibility, deeper research, fewer false positives, and meaningful analytics. Get fully verified threat intelligence and context around detected threats.
Overview
Proofpoint ET Intelligence delivers the most timely and accurate cyber threat intelligence. Our fully verified intel provides deeper context and integrates seamlessly with your security tools to enhance your decision-making.
Benefits and Features
Rich Threat Intelligence and Context Portal
Knowing what types of cyber threats exist is no longer enough to protect your people, data, and brand. ET Intelligence helps prevent attacks and reduce risk by helping you understand the historical context of where these threats originated, who is behind them, when have they attacked, what methods they used, and what they're after. Get on-demand access to current and historical metadata on IPs, domains, and other related threat intelligence to help research threats and investigate incidents.
In addition to reputation intel, you get condemnation evidence, deep context, history, and detection information. It's all searchable in an easy-to-use portal that includes:
- Trends and timestamps of when a threat was seen and the associated category
- Type of threat and exploit kit names when available
- Related samples used in associated or related attacks.
ET Intelligence Dashboards
Actionable IP and Domain Reputation
ET Intelligence provides actionable threat intelligence feeds to identify IPs and domains involved in suspicious and malicious activity. All feeds are based on behaviour observed directly by Proofpoint ET Labs. And they can all be directly fed to SIEMs, firewalls, intrusion detection systems (IDS), intrusion protection systems (IPS), and authentication systems.
ET Intelligence highlights:
-
Separate lists for IP addresses and domains
-
IP and domains that are classified into over 40 different categories
-
IP and domains are assigned a confidence score for each category
-
Scores indicate recent activity levels and are aggressively aged to reflect current conditions
-
Hourly list updates
-
Multiple formats supported, including TXT, CSV, JSON, and compressed
Easy Integration with security tools
ET Intelligence is easily digested by your existing SIEM tools such as Splunk, QRadar, and ArcSight and by threat intelligence platforms (TIPs).
Subscribers get free use of our Splunk technology add-on (Proofpoint Splunk TA). The add-on integrates ET Intelligence reputation into Splunk to quickly surface log entries that appear on reputation lists and is compatible with existing Splunk reporting. ET Intelligence is directly available for use though Anomali (formerly ThreatStream).
ET Intelligence lists can also be downloaded into the Bro IDS format.
ET Pro Ruleset
Receive our timely and accurate rule set for detecting and blocking advanced threats using your existing network security appliances.
Support, Services & Training
We offer world-class support, services and training to maximise your investment.