Proofpoint Threat Response OverviewUNIXBusinessApplication

Proofpoint Threat Response is the #7 ranked solution in top Security Incident Response tools. PeerSpot users give Proofpoint Threat Response an average rating of 8.0 out of 10. Proofpoint Threat Response is most commonly compared to Palo Alto Networks Cortex XSOAR: Proofpoint Threat Response vs Palo Alto Networks Cortex XSOAR. Proofpoint Threat Response is popular among the large enterprise segment, accounting for 69% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 18% of all views.
Buyer's Guide

Download the Security Incident Response Buyer's Guide including reviews and more. Updated: November 2022

What is Proofpoint Threat Response?

No defense can stop every attack. When something does get through, Proofpoint Threat Response takes the manual labor and guesswork out of incident response to help you resolve threats faster and more efficiently. Get an actionable view of threats, enrich alerts, and automate forensic collection and comparison. For verified threats, quarantine and contain users, hosts, and malicious email attachments - automatically or at the push of a button.

Proofpoint Threat Response Customers

University of Waterloo, Akorn, Fenwick and West LLP

Proofpoint Threat Response Video

Proofpoint Threat Response Pricing Advice

What users are saying about Proofpoint Threat Response pricing:
"The way most big companies work with Proofpoint is that they try to tie everything into an enterprise license. I can't comment on the actual costs, however I do know that alternative solutions such as Abnormal Security can be much more expensive than Proofpoint Threat Response."

Proofpoint Threat Response Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Senior Information Security Analyst at a healthcare company with 1-10 employees
Real User
Top 20
Tracks and mitigates email security incidents with Auto-Pull, and has good stability and performance
Pros and Cons
  • "The best part of Proofpoint Threat Response is the Auto-Pull feature. Being able to pull an email back from a user's mailbox is very useful, yet I have noticed that not a lot of organizations use this kind of feature."
  • "The interface within Threat Response could be made simpler."

What is our primary use case?

I am a senior information security analyst working with a healthcare company and we use a suite of products from Proofpoint including Proofpoint Threat Response, Proofpoint TAP (Targeted Attack Protection), Proofpoint Browser Isolation, Proofpoint Protection Service (AKA PPS) — essentially, everything except for the DLP solutions.

We mainly use Proofpoint Threat Response along with our main email firewall to pull (i.e. remove) specific emails that get delivered internally. For example, if a user gets any kind of malicious email, such a phishing email or another kind of email that poses a threat to the security of user credentials and which passes through our email filters for some reason, then Threat Response will come into play in one of two ways: either you can do a manual intervention and pull the emails yourself, or it will automatically get pulled by the Targeted Attack Protection part of Proofpoint.

With the automatic intervention, let's say the system was still busy analyzing the email and, before a verdict was reached, the email was released. If, a few minutes later, that email had been found to be malicious, it needs to be pulled back. This is where TAP sends the email ID to Threat Response and signals it to withdraw the email from the user's mailbox. If that same email was delivered or forwarded to anywhere else internally, then it will pull those emails back as well.

The team that uses Proofpoint Threat Response in my company is rather small, consisting of about four or five people, and we are all information security analysts in terms of our job role.

I personally maintain the back-end of our product migrations, and perform duties such as updating and so on. From time to time, we also have to deal with tickets and incident response. As an aside, I'm also a PhD student currently doing my dissertation, and I do research on machine learning, data analytics, and data science.

What is most valuable?

The best part of Proofpoint Threat Response is the Auto-Pull feature. Being able to pull an email back from a user's mailbox is very useful, yet I have noticed that not a lot of organizations use this kind of feature. I've seen organizations that use Cisco Email Security or Barracuda Email Security and while these solutions may also include such a feature, I have very rarely seen any organizations implement it for some reason (possibly because of its perceived downsides).

Compared to these other solutions, I think that Proofpoint's version of the Auto-Pull feature is superior in my experience.

For an example of where it really comes in useful, I have seen a case in one company where a malicious email was delivered to 24,000 users internally. I believe it was auto-forwarded from only one user to all these other 24,000 users at once. Now, imagine how many days it would take for that company to pull the email using a legacy Exchange PowerShell script or by using Exchange Online. It would take forever, and there isn't much you could do to track or analyze how many other users it was being sent to at that moment in real time. It's simply impossible to do all that just by using Exchange PowerShell scripts.

But with Threat Response, all you have to do is input the details of the malicious email (e.g. the email ID) and upload these details via CSV file or similar, at which point Threat Response will call the vectors of the email and it will go in and pull those 24,000 emails instantly.

This is truly a top-notch feature, and I have not seen such good functionality from the same kind of feature in any other tool so far. Looking at four or five of the industry's top email security solutions, none of them even come close to matching Proofpoint's version of this feature.

What needs improvement?

The interface within Threat Response could be made simpler. To give a specific example, let's say you have uploaded the details of a malicious email to Threat Response in order to pull all the instances of that email being delivered internally, and it turns out that there have been something like 10,000 emails delivered already.

When you dig into "patient zero" (i.e. the mailbox that first received the malicious email and forwarded it onward) within Threat Response, Threat Response will synthesize the data and you will be able to see the user's vectors such as who the sender is (e.g. some attacker at example.com) and all 10,000 recipients of the email.

Now, if this incident was set up with alerts, then for every single user it creates a corresponding alert, such that you now have 10,000 separate alerts that you have to scroll through to view. I propose that Threat Response should be able to simplify this a bit, even though I don't know what kind of solution it would entail. That's for them to figure out; I just know that scrolling through 10,000 alerts doesn't make things simple for me.

Going further with the idea of improving the interface, when you look at any big company, most of them already have some kind of a centralized platform when it comes to ticketing tools, such as ServiceNow, BMC Remedy, Jira, or Splunk. The platform is there to provide a single pane of glass, where you can integrate everything and assign tickets to the team from that platform.

When it comes to Threat Response, it has its own separate portal and once you have set up your security team in there, you can assign tickets within it. However, I think that this is an unnecessary extra dashboard and there should be more opportunities to tie the portal data into something like ServiceNow and then simplifying from there onward.

Again, I can only wonder what the solution here would look like, but let's take the incident with 10,000 alerts; how could we sync or integrate that incident in ServiceNow, and what would it look like? Ultimately, I think being able to more easily integrate Threat Response incident data into other kinds of ticketing platforms would really help improve our experience.

For how long have I used the solution?

I have used Proofpoint Threat Response for more than three years.

Buyer's Guide
Security Incident Response
November 2022
Find out what your peers are saying about Proofpoint, ServiceNow, Cofense and others in Security Incident Response. Updated: November 2022.
656,474 professionals have used our research since 2012.

What do I think about the stability of the solution?

A good thing about Threat Response in terms of stability is its ability to set limits. It's not like some Windows Servers where you can easily run out of resources, causing lagging or freezing. It's simply a stable Linux VM, and you don't really have to look at the actual VM itself. All you do is go onto the dashboard check your information there. One time, I pulled 30,000 emails in one go and not once did it freeze or lag even for a second.

What about the implementation team?

We're a small team of about five information security analysts who implement Proofpoint Threat Response, and I personally maintain the back-end of our product migrations.

What's my experience with pricing, setup cost, and licensing?

The way most big companies work with Proofpoint is that they try to tie everything into an enterprise license. I can't comment on the actual costs, however I do know that alternative solutions such as Abnormal Security can be much more expensive than Proofpoint Threat Response. 

Which other solutions did I evaluate?

The other solutions I've seen that offer a similar product include Cisco Email Security, Barracuda Email Security, and Abnormal Security.

What other advice do I have?

For the actual email firewall, Proofpoint has an admin console where you can go in and search emails, see what has been delivered to whom, and all sorts of different metrics. It's a good analytics dashboard, but when you compare it to the kinds of dashboards you see in cloud-hosted solutions, it doesn't even come close to these dashboards in terms of simplicity. The cloud dashboards I've seen are the simplest I have ever encountered so far.

On the other hand, none of the dashboards (for email filters, etc.) from solutions such as Cisco Cloud Email Security, Cisco Ironport Email, Barracuda Security, or McAfee are as simplified as Proofpoint's main dashboard. These other dashboards are old-fashioned, take more time to load, and require lots of clicking. In contrast, the Proofpoint dashboard is very advanced and feature-rich, and if they could make the Threat Response dashboard more similar to this main dashboard, that would be lovely. 

I would rate Proofpoint Threat Response a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Real User
Top 5
Reduces system attacks but has some quirks

What is our primary use case?

My primary use case of this solution is as an anti-malware tool.

How has it helped my organization?

Proofpoint has reduced the number of major attacks on our systems.

What needs improvement?

The product has some quirks that could be improved.

For how long have I used the solution?

I've been using this solution for about eight years.

How are customer service and support?

Proofpoint's support is very responsive, especially in comparison to Microsoft. Proofpoint commonly has a specialist available within 24 hours and is generally more professional.

What other advice do I have?

I would rate this solution as seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Security Incident Response Report and find out what your peers are saying about Proofpoint, ServiceNow, Cofense, and more!
Updated: November 2022
Product Categories
Security Incident Response
Buyer's Guide
Download our free Security Incident Response Report and find out what your peers are saying about Proofpoint, ServiceNow, Cofense, and more!