Get automated end-to-end protection against threats across email and devices
Proofpoint and CrowdStrike have partnered to transform your security program and protect your organization from the ever-changing threat landscape. Together, we improve your security efficacy and enhance your visibility and context around threats. Our orchestration and response capabilities make your security team more productive. And we help you to reduce your overall risk against the No. 1 threat vector. These out-of-the-box integrations are free to any joint Proofpoint and CrowdStrike customers.
Integrations and Benefits
Proofpoint leverages CrowdStrike intelligence to block malicious email attachments at the gateway. Our combined visibility and threat detection capabilities protect your inbox and endpoint.
- Proofpoint sandboxes incoming files and queries the CrowdStrike Intelligence API for file reputation
- You get improved protection through our threat intelligence sharing, since we block ransomware, polymorphic malware, keyloggers and zero-day threats from getting to your inbox
- Email with attachement detected at email gateway (PPS).
- Attachement sent to Proofpoint TAP (Sandbox) for analysis, file-hash reputation lookup with CrowdStrike Falcon X.
- CrowdStrike condemns attachment, email is blocked at gateway.
- If CrowdStrike does not respond with verdict but Proofpoint sandbox condemns attachment, email is blocked at gateway.
Learn more about Targeted Attack Protection
Post-Delivery Automated Remediation
Proofpoint automatically detects and quarantines email that turns malicious post-delivery. And we share intelligence about unknown threats with CrowdStrike. This helps to limit future attacks on your endpoints.
- Proofpoint quarantines any messages that have been delivered or forwarded
- If unknown to CrowdStrike, the malicious hash is added to the CrowdStrike list of custom indicators of compromise (IOCs)
- An alert is created if the malicious content tries to execute on the device
- If an attachment delivered is later found to be malicious (weaponized URL etc.), Proofpoint TAP alerts TRAP (Threat Response Auto-Pull).
- IOC created and added to CrowdStrike Customer IOC list for joint customers.
- TRAP then pulls out the email from all customer inboxes (original plus forwards).
- CrowdStrike Falcon platform generates alerts that can be followed up on by security team (also block any future attack directly on the endpoint).
Learn more about Automated Remediation
Enhanced Zero Trust Security
As companies work to achieve zero trust security within their organizations, making sure the endpoint is within security compliance before allowing it to connect is critical. Proofpoint Meta and Crowdstrike Falcon integrate with posture checking to ensure endpoints are in compliance.
- Ensure secure access to confidential systems by using the Proofpoint Meta agent to detect if Crowdstrike Falcon is deployed on the endpoint. If not then several actions, such as disconnecting the endpoint, can take place.
- Proofpoint Meta administrators have flexibility to create a posture checking message for the end user letting them know why they have failed posture checking and provide potential remediation options such a clicking a URL to deploy the Crowdstrike Falcon agent.
Learn more about Zero Trust