Proofpoint Threat Response Reviews

Name: Proofpoint Threat Response
Brand: Proofpoint
Rating: 4.0 (5 reviews)

4.0 out of 5

5 reviews
80% willing to recommend

What is Proofpoint Threat Response?

No defense can stop every attack. When something does get through, Proofpoint Threat Response takes the manual labor and guesswork out of incident response to help you resolve threats faster and more efficiently. Get an actionable view of threats, enrich alerts, and automate forensic collection and comparison. For verified threats, quarantine and contain users, hosts, and malicious email attachments - automatically or at the push of a button.

Get the Proofpoint Threat Response Buyer's Guide and find out what your peers are saying about Proofpoint Threat Response, ServiceNow Security Operations, IBM Resilient and more!

Proofpoint Threat Response is the #5 ranked solution in top Security Incident Response solutions. PeerSpot users give Proofpoint Threat Response an average rating of 8.0 out of 10. Proofpoint Threat Response is most commonly compared to ServiceNow Security Operations: Proofpoint Threat Response vs ServiceNow Security Operations. Proofpoint Threat Response is popular among the large enterprise segment, accounting for 79% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 16% of all views.

Buyer's Guide

Proofpoint Threat Response

April 2025

Get the report

Helped 851,371 peers since 2012

Featured Proofpoint Threat Response reviews

Giuseppe Sgroi

Senior Project Manager at CAP Holding S.p.A.

We use the product to verify and manage emails sent and received through our Microsoft Exchange server, focusing on blocking potential spam emails The platform's most valuable include the ability to check emails and block potential spam. The platform's technical support services and pricing need…

Read full review

reviewer86589

Senior Information Security Analyst at a healthcare company with 1-10 employees

The interface within Threat Response could be made simpler. To give a specific example, let's say you have uploaded the details of a malicious email to Threat Response in order to pull all the instances of that email being delivered internally, and it turns out that there have been something like 10,000 emails delivered already. When you dig into "patient zero" (i.e. the mailbox that first received the malicious email and forwarded it onward) within Threat Response, Threat Response will synthesize the data and you will be able to see the user's vectors such as who the sender is (e.g. some attacker at example.com) and all 10,000 recipients of the email. Now, if this incident was set up with alerts, then for every single user it creates a corresponding alert, such that you now have 10,000 separate alerts that you have to scroll through to view. I propose that Threat Response should be able to simplify this a bit, even though I don't know what kind of solution it would entail. That's for them to figure out; I just know that scrolling through 10,000 alerts doesn't make things simple for me. Going further with the idea of improving the interface, when you look at any big company, most of them already have some kind of a centralized platform when it comes to ticketing tools, such as ServiceNow, BMC Remedy, Jira, or Splunk. The platform is there to provide a single pane of glass, where you can integrate everything and assign tickets to the team from that platform. When it comes to Threat Response, it has its own separate portal and once you have set up your security team in there, you can assign tickets within it. However, I think that this is an unnecessary extra dashboard and there should be more opportunities to tie the portal data into something like ServiceNow and then simplifying from there onward. Again, I can only wonder what the solution here would look like, but let's take the incident with 10,000 alerts; how could we sync or integrate that incident in ServiceNow, and what would it look like? Ultimately, I think being able to more easily integrate Threat Response incident data into other kinds of ticketing platforms would really help improve our experience.

Read full review

reviewer2460363

Chief Engineer at a healthcare company with 10,001+ employees

Auto pull and auto restore are valuable features. Auto restore isn't quite what it should be, but it's a lot better than someone having to manually release mail back to everyone. If something's pulled and then it's later declared a false positive, it will automatically restore. They also take automatic feeds from their advanced threat detection modules. Anytime Advanced Threat Protection finds something that was allowed to go through, either a URL or attachment, it will send out a signal, and Threat Response will automatically pull all of that out of the mail files. The automation is the big thing for us. Integration capabilities: There's an API, but most of it is around how you handle incidents. We're also not using the whole Threat Response suite, just the subset. So, we've never had to or could integrate anything else. We're limited to the Exchange portion only. The whole Threat Response should be labeled as a SOAR tool. The portion we have, I would call it "SOAR-lite." I know there are a couple of others that offer a SOAR-lite, but we're just starting to look at them.

Read full review

Proofpoint Threat Response mindshare

As of May 2025, the mindshare of Proofpoint Threat Response in the Security Incident Response category stands at 17.6%, up from 7.8% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Security Incident Response

PeerResearch reports based on Proofpoint Threat Response reviews

Type	Title	Date
Category	Security Incident Response	May 16, 2025	Download
Product	Reviews, tips, and advice from real users	May 16, 2025	Download
Comparison	Proofpoint Threat Response vs VMware Carbon Black Endpoint	May 16, 2025	Download
Comparison	Proofpoint Threat Response vs ServiceNow Security Operations	May 16, 2025	Download
Comparison	Proofpoint Threat Response vs IBM Resilient	May 16, 2025	Download

Title	Rating	Mindshare	Recommending
ServiceNow Security Operations	4.0	18.2%	94%	20 interviews Add to research
IBM Resilient	3.7	10.7%	75%	18 interviews Add to research

Valuable Features

Proofpoint Threat Response's Auto-Pull feature is highly valued, allowing instant removal of emails from users' mailboxes. This capability outshines competitors like Cisco and Barracuda. Automation and integration, including auto-restore for false positives and leveraging advanced threat detection feeds, enhance its efficiency. Users appreciate email checking and spam blocking, describing it as SOAR-lite functionality. It streamlines managing incidents, providing swift responses to security threats impacting large numbers of users.

"The platform's most valuable include the ability to check emails and block potential spam."
"If something's pulled and then it's later declared a false positive, it will automatically restore. They also take automatic feeds from their advanced threat detection modules."
"The best part of Proofpoint Threat Response is the Auto-Pull feature. Being able to pull an email back from a user's mailbox is very useful, yet I have noticed that not a lot of organizations use this kind of feature."

Room for Improvement

"The platform's technical support services and pricing need improvement."
"The on-premise version doesn't scale well for large companies."
"The interface within Threat Response could be made simpler."

Pricing

"The way most big companies work with Proofpoint is that they try to tie everything into an enterprise license. I can't comment on the actual costs, however I do know that alternative solutions such as Abnormal Security can be much more expensive than Proofpoint Threat Response."
"It's quite affordable to have it with this much functionality and ease to administrate."

Stability

Proofpoint Threat Response is praised for its stable performance and efficient resource management, with many noting no issues for two years and a 99.9% stability rating. Users appreciate its dashboard simplicity, even when processing large volumes of emails without freezing. Some, however, mention challenges related to company size and database scalability, rating stability at six out of ten, while others give it a nine.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Proofpoint Threat Response Buyer's Guide for additional reliable information.