Get automated end-to-end protection against threats across email and devices
Proofpoint and CrowdStrike have partnered to transform your security program and protect your organization from the ever-changing threat landscape. Together, we improve your security efficacy and enhance your visibility and context around threats. Our orchestration and response capabilities make your security team more productive. And we help you to reduce your overall risk against the No. 1 threat vector. These out-of-the-box integrations are free to any joint Proofpoint and CrowdStrike customers.
Integrations and Benefits
Predelivery Protection for External Email
When an email that contains a file is sent to a customer, Proofpoint TAP begins a sandbox analysis. This determines whether or not the email is malicious. At the same time, TAP also queries CrowdStrike intelligence to check the reputation of the file. CrowdStrike informs TAP if it recognizes the file as malicious. When it does, then both the message and file are condemned. They are blocked from ever reaching the user.
- Email with attachment detected at email gateway (PPS)
- Attachment sent to Proofpoint TAP (Sandbox) for analysis, file-hash lookup for reputation with
- CrowdStrike Falcon X 3. CrowdStrike condemns attachment, email is blocked at gateway
- If CrowdStrike does not respond with verdict but Proofpoint sandbox condemns attachment, email is blocked at gateway
Learn more about Targeted Attack Protection
Predelivery Protection for Internal Email
More than ever, internal email traffic must be treated the same as external email. You need a multilayered security approach to scan internal emails for malicious content. Proofpoint Internal Mail Defense scans internal-to-internal email communications. Its integration with CrowdStrike intelligence also helps protect against emails that contain attachments. If Proofpoint or CrowdStrike deems an internal email to be malicious, then Proofpoint Threat Response Auto-Pull (TRAP) can automatically quarantine it and all related messages.
- Internal email (with attachment) sent to PFPT IMD (internal mail defense) cluster
- IMD leverages TAP to ensure the attachment is malicious
- IMD blocks any email from being delivered if attachment is deemed malicious by TAP sandbox or Falcon X
Post-Delivery Automated Remediation
Proofpoint automatically detects and quarantines email that turns malicious post-delivery. And we share intelligence about unknown threats with CrowdStrike. This helps to limit future attacks on your endpoints.
- Proofpoint quarantines any messages that have been delivered or forwarded
- If unknown to CrowdStrike, the malicious hash is added to the CrowdStrike list of custom indicators of compromise (IOCs)
- An alert is created if the malicious content tries to execute on the device
- If an attachment delivered is later found to be malicious (weaponized URL etc.), Proofpoint TAP alerts TRAP (Threat Response Auto-Pull).
- IOC created and added to CrowdStrike Customer IOC list for joint customers.
- TRAP then pulls out the email from all customer inboxes (original plus forwards).
- CrowdStrike Falcon platform generates alerts that can be followed up on by security team (also block any future attack directly on the endpoint).
Learn more about Automated Remediation
Enhanced Zero Trust Security
As companies work to achieve zero trust security within their organizations, making sure the endpoint is within security compliance before allowing it to connect is critical. Proofpoint Meta and Crowdstrike Falcon integrate with posture checking to ensure endpoints are in compliance.
- Ensure secure access to confidential systems by using the Proofpoint Meta agent to detect if Crowdstrike Falcon is deployed on the endpoint. If not then several actions, such as disconnecting the endpoint, can take place.
- Proofpoint Meta administrators have flexibility to create a posture checking message for the end user letting them know why they have failed posture checking and provide potential remediation options such a clicking a URL to deploy the Crowdstrike Falcon agent.
Learn more about Zero Trust
Better protection for Federal Government Agencies
Proofpoint and CrowdStrike combine their extensive threat visibility and detection capabilities to provide unparalleled protection for Federal customers. Through both of our FedRAMP Certified Solutions (Proofpoint TAP and CrowdStrike Falcon X), we can provide federal agencies multi-layered security to safeguard against today’s threat landscape.