Proofpoint Threat Response

Automated enrichment, forensics, and orchestration. Accelerate investigation, prioritize threats, and resolve incidents with less time and effort.


Proofpoint Threat Response

Proofpoint Threat Response takes manual guesswork out of incident response and automates resolutions to threats fast and efficient.

Many security alerts lack critical information to determine the next step.

Threat Response combines security alerts from multiple security tools. It collects the context of the threat, it identifies and then collects target histories, it uses data intelligence from multiple Proofpoint and other tool sources. Finally, Threat Response can collect from the targeted endpoint and provide forensics analysis.

This is quite a bit of information. With this information Threat Response will automate a workflow of response actions. Based on policies and rule-based enforcement, a list of enforcement and quarantine or contain actions is provided. Threat Response provides the insights of threats, thereby providing security teams to quickly prioritize and respond.

Threat Response integrates with your current security infrastructure tools to block verified threats, quarantine infected users, and protect other users by stopping the infection’s spread.

Threat Response orchestrates several key phases of the incident response process.

An integrated central console connects to all security alert sources, as well as built-in enforcement and quarantine tools. The integrated design provides at-a-glance views of the incident response process for real-time visibility. All collection, comparisons, and analysis by the platform are performed automatically.

Answers questions such as:

  • Which users are under attack?
  • Have the affected users been infected before?
  • To what department or group do the affected users report?
  • Do any of affected systems contain indicators of a successful attack?
  • Has this attack been seen before in our environment or elsewhere?
  • Where is the attack coming from, and where are the command-and-control (C&C) nodes located?
  • Does the browser or connection history contain anything unusual, such as visits to a suspect website, or open connections to C&C servers?

Proofpoint Threat Response can confirm malware infections: with built-in IOC verification.

  • Processes
  • Mutexes
  • File system changes
  • Registry changes
  • Web page history

When a security alert reports a system has been targeted with malware, Threat Response automatically deploys an endpoint collector to pull forensics from the targeted system.

Learn how you can deploy and use Proofpoint Threat Defense.

Contact H-11 today for your free demonstration and trial period today.

No defense can stop every attack. When something does get through, Proofpoint Threat Response takes the manual labor and guesswork out of incident response to help you resolve threats faster and more efficiently. Get an actionable view of threats, enrich alerts, and automate forensic collection and comparison. For verified threats, quarantine and contain users, hosts, and malicious email attachments—automatically or at the push of a button.

On May 4th, 2017 the United States Federal Bureau Of Investigation issues an official statement citing reported Domestic and international exposed dollar losses of $5.3 Billion due to Business Email Compromise between October 2013 and December 2016 – (BEC, Imposter, Spoofing, Fraudulent Email)

May 04, 2017 | Alert Number I-050417-PSA | FBI Public Service Announcement