Proofpoint Products Exhibit

This Products Exhibit (“Exhibit”) is an exhibit to the Master Subscription Agreement or other applicable license agreement, including but not limited to the Proofpoint General Terms and Conditions, ("Agreement") between each Customer and Proofpoint. In the event of conflict between the Agreement and this Exhibit the terms of this Exhibit shall govern.  Capitalized terms used in this Exhibit without separate definition shall have the meaning specified in the Agreement.

  1. GENERAL TERMS.  Proofpoint shall make each applicable Proofpoint Product available to Customer and its Affiliates in accordance with the Agreement, Purchase Order, this Exhibit and the Documentation. Customer’s right to use the Proofpoint Product is limited to the maximum number of Licenses for each module, the deployment type (Appliance, Software, or Service (SaaS)), and any other limitations specified in this Exhibit, and each Purchase Order and/or Quote.
  2. PRODUCT SPECIFIC TERMS.

Browser & Email Isolation.  Proofpoint’s Browser and Email Isolation products establish an isolated remote web browser or web email environment to protect the Customer from potential threats when Users connect to the Internet or web-based email accounts on Customer owned or controller devices.  Customer will not allow Users to transmit through (or post on) Isolation any infringing, defamatory, threatening or offensive material.

Closed-Loop Email Analysis and Response (CLEAR). CLEAR integrates the functionalities of PhishAlarm and TRAP to streamline Customer’s end user reporting and security response to phishing attacks.

Cloud Account Defense / Cloud Account Security Broker / CASB Protection for IaaS (add-on)Proofpoint Cloud Account Defense helps Customer detect suspicious activities around Customer’s cloud accounts and identify compromised cloud accounts.  Proofpoint Cloud Account Security Broker uses policies to prevent the loss of Customer’s sensitive or confidential data contained in Customer’s cloud accounts. CASB Protection for IaaS is subject to the DLP traffic limitation described in the quote or Order Form.

Cloudmark Products.  Cloudmark Products include Cloudmark Authority, Cloudmark Safe Messaging Cloud (SMC), and Cloudmark Spam Reporting Service (SRS).  Cloudmark Products leverage intelligent threat analysis to provide email and mobile messaging security against spam and malware.  Notwithstanding anything to the contrary in the Agreement, the parties hereby agree that Work Product resulting from Professional Services for Cloudmark Products includes Customer configurations.  Proofpoint grants to Customer a license to such Work Product (including Customer configurations) pursuant to  the Agreement.  Additionally, Customer acknowledges that use of the “Cloudmark Network Feedback System” involves sending unencrypted Customer e-mail and spam samples into this system. This process is optional for the Customer and only occurs for an email message when a User chooses to click on the “This is Spam” button or the “This is NOT spam” button for a given email message.  Proofpoint analyses theses spam reports and unblock reports in order to increase the accuracy of the Proofpoint Product.  Customer’s license to Use Cloudmark Products includes the right to use the Cloudmark Products for the benefit of Customer’s end user customers, pursuant to a written license agreement between Customer and each end user customer that is at least as protective of Proofpoint’s rights as the terms of the Agreement and this Exhibit.

Compliance Gateway.  Compliance Gateway acts as a central hub to filter and route message content to Customer’s archive, supervision and analytic systems.

Content Capture.  Content Capture captures content from supported messaging and Cloud storage platforms and delivers it compliance services such as e-discovery, archive and supervision.

Content Patrol.  Content Patrol allows Customers to monitor, remediate and generate compliance reports about their end users’ activities on Customer controlled social media accounts.

Continuity.  Continuity provides temporary storage of Customer inbound and outbound email within the on-demand, Web-based email.  Continuity is limited to the number of calendar days and the maximum per User data volume set forth in the Order Form or Proofpoint quote. Customer acknowledges that Continuity is only to serve as a secondary, emergency failover option in the event of failure of Customer’s email service, and not to serve as a primary email archive solution or a primary failover solution. Customer is required to have a current subscription for Proofpoint email protection to use Continuity.

Continuity Plus.  Continuity Plus provides temporary storage of Customer inbound and outbound email within the on-demand, Web-based email.  Continuity Plus is limited to the number of calendar days and the maximum per User data volume set forth in the Order Form or Proofpoint quote.  Continuity Plus is licensed on a User basis Customer must: (i) enable the email journaling feature within Customer’s Microsoft Exchange Server, or Microsoft Office 365 service; and (ii) ensure that the Customer’s network has proper policies to allow journaling emails to be transmitted to the Proofpoint hostnames and IP addresses for Continuity Plus. This feature for emergency storage of outbound and intra-domain email is only supported for select versions of Microsoft Exchange Server and Microsoft Office 365.

Data Discover. Data Discover scans emails, files on network shared drives, and cloud storage services to find and track protect sensitive information (such as PII, PHI and GDPR Personal Data) so Customers can identify data risks and determine appropriate remediation.

Domain Discover.  Domain Discover identifies suspicious domains that fraudulently use, impersonate or look like Customer’s legitimate domains and trademarks.  Customer is responsible for acquiring all necessary data subject consents. Customer is responsible for maintaining the user accounts and the security of its user names and passwords at the user level and for promptly changing or deleting any user name or password that Customer believes may have been compromised. Proofpoint reserves the right to institute password requirements (such as the length of password or the required use of numbers, symbols etc.) and to refuse registration of, or cancel passwords it deems inappropriate. The Proofpoint Products may allow Customer to interface with a variety of third party software or services (e.g., Facebook, Twitter, LinkedIn). No endorsement of any such service should be inferred as a result of any integration with the Proofpoint Products and Proofpoint is not responsible for the data, operation or functionality of such third-party services. While Proofpoint may, in its sole discretion, customize the Proofpoint Products to interoperate with various third-party services: (a) Customer is responsible for complying with the terms and policies of each such third-party service including, without limitation, any payment obligations related thereto; and (b) Proofpoint cannot guarantee that such third-party services will continue to interoperate with the Service.

e-Discovery Analytics.  Proofpoint e-Discovery Analytics is an add-on capability to Proofpoint’s Archive service with case management features, advanced visualizations and Technology Assisted Review for classifying electronically stored information (ESI) for legal discovery.

Email Data Loss Prevention (DLP).  Email DLP utilizes policies to prevent the loss of Customer’s sensitive or confidential data through email.

Email Brand Defense (EBD).  Using DMARC and threat intelligence, EBD identifies and blocks malicious emails, spoofing trusted brands and domains, before they hit consumer inboxes.

Email Encryption.  Proofpoint Email Encryption provides a fully integrated message encryption and decryption solution.

Email Fraud Defense (EFD).  EFD blocks spear phishing emails spoofing trusted domains and evaluates the authenticity of senders to block emails from unauthenticated sources.

Email Isolation.  Email Isolation establish an isolated remote webmail environment to protect the Customer from potential threats when Users connect to the Internet on Customer owned or controller devices.  Customer will not allow Users to transmit through Email Isolation any infringing, defamatory, threatening or offensive material.

Email Protection.  Email Protection includes functions such as spam detection functions to identify and classify spam messages; virus protection functions to detect and filter messages containing known viruses; zero-hour anti-virus functions to detect and filter messages containing suspicious content; a quarantine folder to analysis and disposition of suspicious content; and Proofpoint Dynamic Reputation functions to terminates connection from ip addresses that have displayed poor reputation.  Email Protection is for use with normal external business messaging traffic only, and Customer shall not use Email Protection for the machine generated message delivery of bulk or unsolicited emails or emails sent from an account not assigned to an individual. Customer is responsible for maintaining the outbound email filtering Email Protection configuration settings to block emails identified by Proofpoint as either containing a virus or having a spam score of ninety-five (95) or higher. If Proofpoint has reason to believe that Customer has modified the outbound email configuration setting, Proofpoint reserves the right to monitor and reset such settings. If Customer is licensed for the SaaS deployment of Email Protection Customer is prohibited from deactivating the Dynamic Reputation feature.  Each User must be assigned a separate account on Customer’s email server for sending or receiving messages or data within Customer’s email system or network.

Emerging Threats Intelligence.  ET Query, ET Pro Ruleset and ET Reputation are data feeds and may include network intrusion detection signatures, global intelligence portal, intelligence APIs, and reputation lists to enable Customer to detect and investigate network based threats in or against its environment.

Endpoint Data Loss Prevention (Endpoint DLP). Endpoint Data Loss Prevention deploys software (an Agent) onto Customer owned or controlled desktops and servers on supported platforms.  These Agents capture metadata recorded from the activities of licensed Users and store this data in Proofpoint’s Endpoint DLP service.  A licensed User of Endpoint DLP is a unique individual with a unique access credential being monitored by Customer, regardless of whether the Agents are deployed on physical or virtual systems.  If an individual has more than one access credential, then a separate User license for each of that individual’s unique access credentials must be purchased.   A licensed User of Endpoint DLP may also be a unique Server (physical or virtual) with a unique access credential being monitored by the Customer.  Endpoint DLP Metadata Feed allows Customer to export its captured User metadata.  Endpoint DLP Metadata Feed is subject to a maximum monthly export amount as described in the Proofpoint quote or Order Form.  Excessive ingestion of activities may lead to local caching on an Agent or throttling of transmission to the cloud.

Enterprise Archive. Proofpoint Enterprise Archive is a cloud-based archiving solution designed for legal discovery, regulatory compliance and data access for Customer’s end users, and it provides a central, searchable repository that supports a wide range of content types.  Upon termination or expiration of Customer’s license to use the Proofpoint Product, for a period of thirty (30) days after termination or expiration (“Wind Down Period”) subject to payment of a pro-rata fee Customer may continue to access and retrieve its data that has been stored in the Archive product prior to termination.  During the Wind Down Period, Customer may not use the Proofpoint Product to archive new email messages. For an additional fee, Proofpoint will export customer’s data for delivery to Customer on standard storage media.  If Proofpoint has not received a written request from Customer to export customer’s data prior to the end of the Wind Down Period, Proofpoint will initiate the removal of customer’s data in such a manner that it cannot be restored in human readable form from any and all storage mediums (including backups), which will be completed within thirty (30) days.

Intelligent Supervision. Proofpoint Intelligent Supervisor is a cloud based solution that helps Customer identify, review, address and maintain audit trails from the Customer’s regulatory data archive, including all incoming, outgoing and internal correspondence captured bay Customer’s archive.

Insider Threat Management (ITM)ITM SaaS deploys software (an Agent) onto Customer owned or controlled desktops and servers on supported platforms.  These Agents capture metadata (Metadata Capture) and visual screen content (Visual Capture) recorded from the activities of monitored Users and store this data in Proofpoint’s ITM SaaS service.  ITM SaaS Metadata Feed allows Customer to export its captured User metadata.  A licensed User of ITM SaaS is a unique individual with a unique access credential being monitored by Customer, regardless of whether the Agents are deployed on physical or virtual systems.  If an individual has more than one access credential, then a separate User license for each of that individual’s unique access credentials must be purchased.   A licensed User of ITM SaaS may also be a unique Server (physical or virtual) with a unique access credential being monitored by the Customer.  ITM SaaS Metadata Capture, and ITM SaaS Metadata Capture with Visual Capture, are subject to the activity ingestion rate(s) and retention time tiers described in the Proofpoint quote or Order Form.  Additionally, both the ITM SaaS Metadata Capture with Visual Capture and ITM Additional Visual Capture are further subject to the aggregate data storage limit(s) described in the Proofpoint quote or Order Form.  ITM SaaS Metadata Feed is subject to a maximum monthly export amount as described in the Proofpoint quote or Order Form.  Excessive ingestion of User activities may lead to local caching on an Agent or throttling of transmission to the cloud.  Proofpoint reserves the right to require that the Customer pay additional fees when any ingestion, storage, and/or export limit is exceeded. 

Internal Mail Defense (IMD).  IMD leverages Email Protection and TAP features to protect Customer’s internal email communications against spam and malicious content.

Meta. Proofpoint Meta is a Cloud based zero trust network overlay to Customer’s existing corporate network, providing a software defined perimeter with granular access controls to Customer’s corporate network.

NexusAI for Compliance.  NexusAI for Compliance uses machine learning to evaluate supported archived messages (such as email, social media, collaboration platforms, and mobile messages) flagged for Customer’s review by Proofpoint’s Intelligent Supervision product.  This helps Customer improve its regulatory supervision decision making and automate key parts of Customer’s supervision workflow.

Nexus People Risk Explorer.  Proofpoint Nexus People Risk Explorer leverages people centric security data from Proofpoint’s Targeted Attack Protection, Security Awareness Training, Cloud Account Defense and Cloud Account Security Broker to provide insights into the types, severity and frequency of threats targeted at Customer and its employees.

PhishAlarm & PhishAlarm Analyzer. PhishAlarm allows end users to report phishing emails and other suspicious messages.  PhishAlarm Analyzer delivers highly responsive identification of phishing attacks in real time. Emails reported via PhishAlarm & PhishAlarm Analyzer are accessed and categorized and they are immediately available to Customer’s response teams.        

Secure Email Relay.  Secure Email Relay (SER) is a hosted, multi-tenant solution that puts Customer in control of applications that send email using Customer’s owned or controlled domains. It adds a layer of security to each application and distributes the email to the Internet in a DMARC-compliant fashion after Proofpoint AS/AV checks are performed. SER may only be used for delivery of emails that comply with applicable bulk or unsolicited message laws.  The number of messages processed through SER is limited to the annual amount identified in the Proofpoint quote or Order Form and Proofpoint reserves the right to require that the Customer pay additional fees when such limit is exceeded.  Additionally, any processing of messages in excess may lead to throttling of message transmission. Customer must protect SER credentials and only use SER for the intended application.

SecureShare.  SecureShare is a secure method for the sharing of files and temporary storage of such files, but is not a back-up service.  SecureShare is limited to the number of Users, the maximum storage capacity and maximum retention period set forth in the Order Form or Proofpoint quote.

Social Discover.  Social Discover scans the Internet to identify accounts using Customer’s brands on social media networks, including unauthorized accounts.

Social Patrol.  Social Patrol automatically scans Customer’s social media account posts and comments for high-risk content such as malware, phishing links, hate speech, pornography and piracy.

Targeted Attack Protection (TAP).  TAP identifies and protects against malicious URLs and malicious attachments in emails using a dynamic malware analysis engine.  

Threat Response.  Threat Response is an incident management platform that leverages event source alerts, automation, reporting, threat intelligence and IOC agents to enable Customer to manage cybersecurity threats.  Threat Response interoperates with certain supported: (i) third-party data sources (“Event Source”); (ii) quality and data enrichment sources (“Enrichment Sources”), and (iii) third-party security enforcement platforms (e.g. firewalls, and web proxy servers) (“Enforcement Device”).  As between Proofpoint and Customer, Proofpoint shall have no liability whatsoever with respect to the accuracy, availability, or quality of Event Sources, Enrichment Sources or Enforcement Devices. Customer may configure additional Event Sources and Enforcement Devices as needed by Customer in connection to Customer’s use of Threat Response. 

Threat Response Auto Pull (TRAP).  TRAP is an incident management platform that includes automation to analyze and remove unwanted emails.  Threat Response Auto Pull may only be integrated with Event Sources,  (ii) Enrichment Sources, or (iii) Microsoft Exchange Server, Microsoft Office 365, Google Gmail or IBM Domino as an Enforcement Device; and can only be used with the following data Event Sources: Proofpoint TAP, Abuse Mailbox Monitor, FireEye EX, Proofpoint Smart Search results, Splunk (events for email quarantine only) and JSON (events for email quarantine only). Upon written notice (via email) to Customer’s Named Support Contact from Proofpoint, Customer will send a copy of its specific TRAP system configuration to Proofpoint for review.

ThreatSimThreatSim enables quick and easy sending of phishing simulation assessments and results tracking.  Customer may only conduct simulated phishing emails to domains owned or controlled by the Customer as set forth in the Purchase Order. Customer may include in the simulated phishing emails logos, customer names, e-mail addresses of Users and any other identifying information (“Customer Information”). Customer represents and warrants that it has the right to distribute, reproduce, publish, upload, and use the Customer Information.

Security Training Modules. Security Training Modules enable Customer to send security awareness training to Users to teach Users secure behavior.  Customer may include additional content in the Training Modules, and hereby represents and warrants that it has the right to distribute, reproduce, publish, upload and use any such additional content.

Virtual TakeDown.  Proofpoint Virtual TakeDown is an optional add-on to Domain Discover. Through it Customer can submit malicious and criminal domains, including domains engaged in phishing, propagation of malicious content, or engaged in criminal activity, to leading blocklists used by a wide array of ISPs, devices, web services and security products.