More than 90% of targeted attacks start with email—and these threats are always evolving. Proofpoint Targeted Attack Protection (TAP) helps you stay ahead of attackers with an innovative approach that detects, analyzes and blocks advanced threats before they reach your inbox. This includes ransomware attacks and other advanced email threats delivered through malicious attachments and URLs. And zero-day threats, polymorphic malware, weaponized documents and phishing attacks. TAP also detects threats and risks in cloud apps, connecting email attacks related to credential theft or other attacks.
Features and Benefits
Targeted Attack Protection (TAP) is built on our next-generation email security and cloud platforms. This gives you a unique architectural advantage. You get clear visibility into all email communications and files in your SaaS file stores for a far-reaching view of the network threat landscape. See everything—from banking Trojans and ransomware to attacks targeted at your organisation and resulting credential theft. Deep user-level and message-level context across email and SaaS makes TAP especially effective at identifying hard-to-catch threats that other solutions miss.
TAP equips you to:
- Block and quarantine messages with malicious attachments or URLs. With emails kept out of inboxes, users never click and become compromised.
- Submit attachments and URLs to our cloud-based scanning service to detect and inspect malicious content.
- Transparently rewrite all embedded URLs to protect users on any device or network. Track and block clicks to malicious web pages without affecting the user experience or other URL-filtering technologies you're using.
- Detect ransomware and malicious files in SaaS file stores and surface account compromise from brute-force attacks and more.
Proofpoint Email Protection, Targeted Attack Protection, and Threat Response Auto Pull Demo
Sophisticated Threat Analysis
Targeted Attack Protection (TAP) stops threats quickly and accurately. It applies multi-stage analysis to inspect the full attack chain. And it uses a combination of static, dynamic and protocol analysis techniques to catch even the most advanced ransomware threats. Our technology doesn't just detect threats—it also applies machine learning to observe the patterns, behaviors and techniques used in each attack. Armed with that insight, TAP learns and adapts to make the next attack easier to catch.
TAP technology stands out because:
- The cloud-based sandbox constantly adapts to detect new attack tools, tactics and targets. Our technology handles evasive attacker techniques: virtual-machine detection, time-delay malware activation, geographically bound threats and more.
- Threats like credential phishing attacks leave no obvious digital traces. Our template, reputation-based, and machine learning detection helps you efficiently catch these attacks.
- Unique predictive analysis preemptively identifies and sandboxes suspicious URLs based on email traffic patterns. This drastically minimises the risk of a patient-zero case from a previously unknown malicious URL.
- User activity analysis beyond login information is used to surface account compromise.
"Without Proofpoint, I had zero visibility into thousands of emails targeting us. We would have missed 450 to 475 potential clicks. Now we have the level of visibility we need to protect our environment."
—Mark Freed, CISO, FMC Corporation
Superior Intel and Visibility
Only Proofpoint provides threat intelligence that spans email, cloud, network, mobile apps and social media. Our threat graph of community-based intelligence contains more than 600 billion data points that correlate attack campaigns across diverse industries and geographies. You can easily leverage this insight through the TAP Threat Dashboard.
The TAP Threat Dashboard:
- Can be accessed through a web browser. Get visibility into the threats entering your organisation. See who is attacking, how they're attacking and what they're after.
- Provides data at organisation, threat and user level. This helps you prioritise alerts and act on them.
- Highlights broad attack campaigns and targeted ransomware threats. You can see attacks directed at your executive leadership and other high-value employees.
- Surfaces account compromises connected to email attacks.
- Highlights brute-force attacks and suspicious user behaviour.
- Provides detailed forensic information on threats and campaigns in real time. You get downloadable reports and can integrate with other tools through application programming interfaces (APIs).
Targeted Attack Protection (TAP) Attack Index
Your cybersecurity teams need to know who your most attacked people are in order to protect them against the threats that target them.
The Proofpoint Attack Index helps identify these targeted people. It also surfaces targeted or interesting ransomware threats from the noise of threat activity that you see every day. This index is a weighted composite score of all threats sent to an individual in your organisation. It scores threats on a scale of 0-1000 based on four factors:
- Threat actor sophistication
- Spread and focus of attack targeting
- Type of attack
- Overall attack volume
With the Attack Index, you can understand the risks your users face. You can then prioritise the most effective way to resolve threats. You also receive reporting and metrics to assess both individual and overall user risk.
Protection Beyond the Network
To protect your people, your defences must work where they do—at the pace they do.
With TAP, you can:
- Protect users on any network, on any device and in any location where they check their email. TAP works on internal or external networks (both public and private) on mobile devices, desktop PCs and the web.
- Surface file-based threats in your SaaS file stores and detect account compromise.
- Deploy quickly and derive value immediately. You can protect hundreds of thousands of users in days—not weeks or months. TAP can be easily configured as an add-on module to the Proofpoint Protection Server, which can be deployed as a virtual appliance, hardware appliance or cloud service.
- Stay ahead of attackers with frequent, daily updates to our cloud analysis services.
- Enhance the security of any email platform—even for Microsoft Office 365 or hybrid Exchange environments.