Data Privacy Information Sheet:
Proofpoint Targeted Attack Protection

View Data Map

The purpose of this document is to provide customers of Proofpoint Targeted Attack Protection (TAP) with the information necessary to assess how this service can support and enhance their data privacy strategy.

TAP – Product Statement

TAP, a module that integrates with Email Protection and certain cloud-based services, helps detect and defend against threats that occur through email, URLs, attachments, and email SaaS applications. Powered by Proofpoint’s advanced email security and cloud platforms, TAP uses static and dynamic techniques to continually learn, adapt, and detect new cyber-attack patterns early in the attack chain. The TAP family of products and services includes:

URL Defense: Applied to inbound emails only, messages that contain URLs are reviewed to prevent end users from inadvertently accessing malicious URLs. To prevent such access, TAP rewrites and inspects the URLs for harmful content. Depending on the outcome of the inspection, TAP will either direct the recipient to the safe website or block the end user from accessing the harmful website content.

Attachment Defense: Designed to stop the delivery of malicious content through email attachments, TAP directs emails with certain attachment types to a sandbox where they are scanned for threats. Emails with malicious attachments are quarantined while safe emails are routed to the end user. Attachments are encrypted at rest and are immediately deleted after analysis.

TAP Account Takeover (TAP ATO): Applying artificial intelligence, correlated threat intelligence, and behavioral analytics to your email and cloud environments, compromised accounts and suspicious post-access activities such as malicious mailbox rule changes, data exfiltration, and other account takeover attacks are identified and remediated. Detailed reports of suspicious logins, account takeovers, impacted users, and remediations are provided through the TAP Dashboard.

TAP Threat Insight Dashboard: Information gathered by Proofpoint in its provision of email, cloud, network, and social media cybersecurity services is aggregated and presented in the TAP Threat Insight Dashboard. The collected information provides customers with a unique perspective into targeted and widespread threats, and includes details about impacted end users, in-depth forensics, and screen shots of attacks.

Supplier Threat Protection (STP): Employing a combination of threat and behavioral intelligence, emails are analyzed to identify compromised accounts that originate from suppliers or known third-party senders. The results of this analysis are detailed on the TAP Dashboard and are prioritized based on risk, allowing you to quickly defend your supply chain against third-party compromises.

Email Data Processed by TAP

Employing Proofpoint’s people-centric security strategy, TAP helps identify cyber threats that target and exploit your employees. By collecting, analyzing, and correlating data points contained in emails, attachments to emails, and URLs, as well as threat vectors such as cloud, network, endpoint, and social networking sources, TAP provides visibility into who is being targeted for attack and how the attacks are transpiring. Sources of personal data analyzed include:

  • email sender and recipient names,
  • email addresses,
  • subject lines, and
  • IP addresses.


The following is an example of a suspicious email that could be sent to your employees. Though TAP’s analytic capabilities, this email would be flagged for investigation and mitigation. The text in the blue boxes is representative of some of the important inquiries made by TAP to determine if the email is safe.

Proofpoint Targeted Attack Protection


Customer Access to TAP Data and Privacy Options

Organizational, user, and threat specific analysis results are available to the customer’s authorized users through the TAP Threat Insight Dashboard.

How Proofpoint Retains Records

To protect organizations from on-going threats, Proofpoint analyzes the data collected through TAP and applies the results to the TAP’s scanning and filtering process. Data collected is retained in an aggregated form until securely deleted.

Proofpoint’s Use of Subprocessors

Proofpoint utilizes subprocessors to provide its services. A comprehensive list of the subprocessors may be found on the Trust site.


Proofpoint maintains a documented information security program that is aligned with the requirements of NIST 800-53. Security controls include the following:

  • Data in transit is protected using HTTPS/TLS.
  • Encryption at rest is accomplished using AES 256.
  • Access control mechanisms are present for physical and logical access to the facilities and the infrastructure hosting the services.
  • Proofpoint has implemented policies and procedures for the identification and remediation of vulnerabilities in its products and services. Please see
  • Proofpoint leverages a distributed security monitoring infrastructure to monitor for and alert on security incidents.
  • Security alerts are automatically directed to on-call staff for triage and review 24x7.
  • Proofpoint’s information security program undergoes an annual third-party audit in the form of a SOC 2 Type II audit for the Availability, Confidentiality, and Security trust services principles.

© 2024. All rights reserved. The content on this site is intended for informational purposes only.
Last updated May 15, 2024.

Proofpoint Trust

Proofpoint helps companies protect their people from the ever-evolving threats in the digital ecosystem.