Talk to sales

Ask a member of our sales team about our products or services:

Cloud App Security Broker

Protect users of cloud apps and their data from advanced threats, data loss and compliance risks.


Proofpoint Cloud App Security Broker (Proofpoint CASB) helps you secure applications such as Microsoft Office 365, Google’s G Suite, Box, and more. Our unique risk-aware, people-centered approach gives you visibility and control over your cloud apps, so you can deploy cloud services with confidence. Our powerful analytics help you grant the right levels of access to users and third-party add-on apps based on the risk factors that matter to you.

Features and Benefits

User-Centered Visibility

Proofpoint CASB provides granular visibility into users and data at risk. You get a people-centered view of cloud access and sensitive-data handling. With Proofpoint CASB, you can:

  • Gain insight into cloud usage at global, app, and user level
  • Identify SaaS files at risk, ownership, activity, and who they were shared with
  • Check suspicious logins, activity, and DLP alerts via drill-down dashboards


Proofpoint Cloud App Security Broker Demo

cyber security

Proven Advanced Threat Protection

An unsafe file uploaded to a cloud-based collaboration app can spread instantly to your entire organization. Our sandboxing and analytics detect potential risks of SaaS apps in your cloud environment. Then we help you contain those risks in real time through automated quarantine and other mitigation steps.

Proofpoint CASB combines user-specific risk indicators with our rich cross-channel threat intelligence, which spans email, SaaS, and more. By connecting these dots, it can analyze user behavior and detect anomalies in cloud apps. These include excessive activities, unusual access attempts, malicious insider behavior, and more.

Robust policy templates alert you to issues in real time, apply risk-based authentication, and reduce privileges when needed. Risk-based access controls protect your SaaS cloud apps from unauthorized or risky access.

Risk-Aware Data Security

As more of your organization’s data is stored in the cloud, so is sensitive content. Proofpoint CASB shares DLP classifiers with other Proofpoint products, including built-in smart identifiers, dictionaries, rules, and templates. Custom rules allow you to build your own DLP policies to control how your data is shared or downloaded. You can encrypt, mask data, quarantine, or leverage context to stay in compliance.

Proofpoint CASB helps you identify and protect data that’s at risk because of broad permissions and unauthorized data sharing. User-centered visibility and behavior monitoring quickly reveal activity on orphaned and compromised accounts. Proofpoint CASB correlates user-level risk indicators with DLP detection. This insight means more useful DLP alerts and access-level changes.

Proofpoint CASB enables IT teams to:

  • Stop employees from sharing sensitive company data broadly or with personal accounts
  • Speed up securing PCI, PII, PHI, and GDPR compliance data with built-in smart identifiers and templates
  • Uncover orphaned and compromised accounts to protect corporate data

Third-party Apps Controls and Shadow IT

Our in-depth analysis helps you understand your risks on a per-app and per-user view.

Many useful third-party apps add more features to Office 365, G Suite, Box, and other platforms. But some are poorly built or overtly malicious. Attackers use third-party add-ons and social engineering to trick users into granting broad access to your SaaS apps. Once a OAuth token is authorized, access continues until it’s manually revoked.

Proofpoint CASB helps you discover and control third-party add-ons and detect unsanctioned cloud apps. Our powerful analytics allow you to grant the right levels of access to third-party add-on apps based on the risk factors that matter to you.

Proofpoint CASB app controls let IT teams:

  • Define or automate actions based on analysis results for each app
  • Create policies for privileged users, defining read and write permissions for an access token
  • Deny a request from an app that exceeds defined thresholds

Start with a Free Proofpoint Trial