Data Privacy and Security Information Sheet:
Proofpoint Targeted Attack Protection

View Data Map

The purpose of this document is to provide customers of Proofpoint’s Targeted Attack Protection (TAP) with the information necessary to assess how the service can support and enhance their data privacy strategy.

TAP – Product Statement

TAP, a module that integrates with Email Protection and certain cloud-based services, helps detect and defend against threats that occur through URLs, attachments, and email SaaS applications. Powered by Proofpoint’s advanced email security and cloud platforms, TAP uses static and dynamic techniques to continually learn, adapt, and detect new cyber-attack patterns early in the attack chain. The TAP family of products and services includes:

URL Defense: Applied to inbound emails only, messages that contain URLs are reviewed to prevent end users from inadvertently accessing malicious URLs. To prevent such access, TAP rewrites and inspects the URLs for harmful content. Depending on the outcome of the inspection, TAP will either direct the recipient to the safe website or block the end user from accessing the harmful website content.

Attachment Defense: Designed to stop the delivery of malicious content through email attachments, TAP directs emails with certain attachment types to a sandbox where they are scanned for threats. Emails with malicious attachments are quarantined while safe emails are routed to the end user. Attachments are encrypted at rest and are immediately deleted after analysis.

TAP Threat Insight Dashboard: Information gathered by Proofpoint in its provision of email, cloud, network, and social media cybersecurity services is aggregated and presented in the TAP Threat Insight Dashboard. The collected information provides customers with a unique perspective into targeted and widespread threats, and includes details about impacted end users, in-depth forensics, and screen shots of attacks.

Email Data Processed by TAP

Employing Proofpoint’s people-centric security strategy, TAP helps identify cyber threats that target and exploit your employees. By collecting, analyzing, and correlating data points contained in emails, attachments to emails, and URLs, as well as threat vectors such as cloud, network, endpoint, and social networking sources, TAP provides visibility into who is being targeted for attack and how the attacks aretranspiring. Sources of personal data analyzed include:

  • email sender and recipient names,
  • email addresses,
  • subject lines, and
  • IP addresses.


The following is an example of a dangerous email that could be sent to your employees. Though TAP’s analytic capabilities, this email would be flagged for investigation and mitigation. The text in the blue boxes is representative of the steps taken to determine if the email is safe and is not a comprehensive review.


Customer Access to TAP Data and Privacy Options

Organizational, user, and threat specific analysis results are available to the customer’s authorized users through the TAP Threat Insight Dashboard.

How Proofpoint Retains Records

To protect organizations from on-going threats, Proofpoint analyzes the data collected through TAP and applies the results to the TAP’s scanning and filtering process. Data collected is retained in an aggregated form until securely deleted.

Proofpoint’s Use of Subprocessors

Proofpoint utilizes subprocessors to provide its services. A comprehensive list of the subprocessors may be found on the Trust site at


Proofpoint maintains a documented information security program that is aligned with the requirements of NIST 800-53. Security controls include the following:

  • Data in transit is protected using HTTPS/TLS.
  • Encryption at rest is accomplished using AES 256.
  • Access control mechanisms are present for physical and logical access to the facilities and the infrastructure hosting the services.
  • Proofpoint has implemented policies and procedures for the identification and remediation of vulnerabilities in its products and services. Please see
  • Proofpoint leverages a distributed security monitoring infrastructure to monitor for and alert on security incidents.
  • Security alerts are automatically directed to on-call staff for triage and review 24x7.
  • Proofpoint’s information security program undergoes an annual third-party audit in the form of a SOC 2 Type II audit for the Availability, Confidentiality, and Security trust services principles.

© 2023. All rights reserved. The content on this site is intended for informational purposes only.
Last updated March 09, 2023.