Proofpoint and Crowdstrike Partnership

Unparalleled protection for your users and their endpoints

Nearly 100% of threats are human activated. Transform your security program by deploying automated remediation for attacks targeting your people and their devices.

Address Your Security Program Challenges

  • Security Efficacy
  • Solution Complexity
  • Attacker Sophistication
  • SOC Productivity
  • Threat Visibility
  • Time to Deploy
  • Talent Shortage
  • Manual Workflows
Download the Solution Brief

Get automated end-to-end protection against threats across email and devices

Proofpoint and CrowdStrike have partnered to transform your security program and protect your organization from the ever-changing threat landscape. Together, we improve your security efficacy and enhance your visibility and context around threats. Our orchestration and response capabilities make your security team more productive. And we help you to reduce your overall risk against the No. 1 threat vector. These out-of-the-box integrations are free to any joint Proofpoint and CrowdStrike customers.

Integrations and Benefits

Pre-Delivery Protection

Proofpoint leverages CrowdStrike intelligence to block malicious email attachments at the gateway. Our combined visibility and threat detection capabilities protect your inbox and endpoint.

  • Proofpoint sandboxes incoming files and queries the CrowdStrike Intelligence API for file reputation
  • You get improved protection through our threat intelligence sharing, since we block ransomware, polymorphic malware, keyloggers and zero-day threats from getting to your inbox


Proofpoint and CrowdStrike
  1. Email with attachement detected at email gateway (PPS).
  2. Attachement sent to Proofpoint TAP (Sandbox) for analysis, file-hash reputation lookup with CrowdStrike Falcon X.
  3. CrowdStrike condemns attachment, email is blocked at gateway.
  4. If CrowdStrike does not respond with verdict but Proofpoint sandbox condemns attachment, email is blocked at gateway.

Learn more about Targeted Attack Protection

Post-Delivery Automated Remediation

Proofpoint automatically detects and quarantines email that turns malicious post-delivery. And we share intelligence about unknown threats with CrowdStrike. This helps to limit future attacks on your endpoints.

  • Proofpoint quarantines any messages that have been delivered or forwarded
  • If unknown to CrowdStrike, the malicious hash is added to the CrowdStrike list of custom indicators of compromise (IOCs)
  • An alert is created if the malicious content tries to execute on the device


Proofpoint and CrowdStrike
  1. If an attachment delivered is later found to be malicious (weaponized URL etc.), Proofpoint TAP alerts TRAP (Threat Response Auto-Pull).
  2. IOC created and added to CrowdStrike Customer IOC list for joint customers.
  3. TRAP then pulls out the email from all customer inboxes (original plus forwards).
  4. CrowdStrike Falcon platform generates alerts that can be followed up on by security team (also block any future attack directly on the endpoint).

Learn more about Automated Remediation

Enhanced Zero Trust Security

As companies work to achieve zero trust security within their organizations, making sure the endpoint is within security compliance before allowing it to connect is critical.  Proofpoint Meta and Crowdstrike Falcon integrate with posture checking to ensure endpoints are in compliance.

  • Ensure secure access to confidential systems by using the Proofpoint Meta agent to detect if Crowdstrike Falcon is deployed on the endpoint.  If not then several actions, such as disconnecting the endpoint, can take place.
  • Proofpoint Meta administrators have flexibility to create a posture checking message for the end user letting them know why they have failed posture checking and provide potential remediation options such a clicking a URL to deploy the Crowdstrike Falcon agent.

Learn more about Zero Trust

Better protection for Federal Government Agencies

Proofpoint and CrowdStrike combine their extensive threat visibility and detection capabilities to provide unparalleled protection for Federal customers. Through both of our FedRAMP Certified Solutions (Proofpoint TAP and CrowdStrike Falcon X), we can provide federal agencies multi-layered security to safeguard against today’s threat landscape.


Gain real-time insight into threats to help you prioritize and act on them

Email threats are constantly evolving. Proofpoint Targeted Attack Protection (TAP) evolves with them to detect and resolve new threats as they arise.

Watch the Demo

Ready to give Proofpoint a try?

Let us walk you through our Targeted Attack Protection and answer any questions you have about email security.