Chief Engineer at a healthcare company with 10,001+ employees
Real User
Top 20
2024-06-04T16:58:40Z
Jun 4, 2024
We use Threat Response Autopull (TRAP) version. It uses Exchange connectors, including the cloud, to pull messages out of Office 365. So, that's how I use it. We're a healthcare company.
Senior Information Security Analyst at a healthcare company with 1-10 employees
Real User
2022-11-08T20:01:41Z
Nov 8, 2022
I am a senior information security analyst working with a healthcare company and we use a suite of products from Proofpoint including Proofpoint Threat Response, Proofpoint TAP (Targeted Attack Protection), Proofpoint Browser Isolation, Proofpoint Protection Service (AKA PPS) — essentially, everything except for the DLP solutions. We mainly use Proofpoint Threat Response along with our main email firewall to pull (i.e. remove) specific emails that get delivered internally. For example, if a user gets any kind of malicious email, such a phishing email or another kind of email that poses a threat to the security of user credentials and which passes through our email filters for some reason, then Threat Response will come into play in one of two ways: either you can do a manual intervention and pull the emails yourself, or it will automatically get pulled by the Targeted Attack Protection part of Proofpoint. With the automatic intervention, let's say the system was still busy analyzing the email and, before a verdict was reached, the email was released. If, a few minutes later, that email had been found to be malicious, it needs to be pulled back. This is where TAP sends the email ID to Threat Response and signals it to withdraw the email from the user's mailbox. If that same email was delivered or forwarded to anywhere else internally, then it will pull those emails back as well. The team that uses Proofpoint Threat Response in my company is rather small, consisting of about four or five people, and we are all information security analysts in terms of our job role. I personally maintain the back-end of our product migrations, and perform duties such as updating and so on. From time to time, we also have to deal with tickets and incident response. As an aside, I'm also a PhD student currently doing my dissertation, and I do research on machine learning, data analytics, and data science.
Security Specialist at a tech services company with 201-500 employees
Real User
2019-04-11T19:38:00Z
Apr 11, 2019
Our main use case is to automatically remove and pull the malicious, phishing and spam emails from each user's mailbox. We have also integrated this with Proofpoint TAP and PPS for more feeding.
Learn what your peers think about Proofpoint Threat Response. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
No defense can stop every attack. When something does get through, Proofpoint Threat Response takes the manual labor and guesswork out of incident response to help you resolve threats faster and more efficiently. Get an actionable view of threats, enrich alerts, and automate forensic collection and comparison. For verified threats, quarantine and contain users, hosts, and malicious email attachments - automatically or at the push of a button.
We use the product to verify and manage emails sent and received through our Microsoft Exchange server, focusing on blocking potential spam emails.
We use Threat Response Autopull (TRAP) version. It uses Exchange connectors, including the cloud, to pull messages out of Office 365. So, that's how I use it. We're a healthcare company.
I am a senior information security analyst working with a healthcare company and we use a suite of products from Proofpoint including Proofpoint Threat Response, Proofpoint TAP (Targeted Attack Protection), Proofpoint Browser Isolation, Proofpoint Protection Service (AKA PPS) — essentially, everything except for the DLP solutions. We mainly use Proofpoint Threat Response along with our main email firewall to pull (i.e. remove) specific emails that get delivered internally. For example, if a user gets any kind of malicious email, such a phishing email or another kind of email that poses a threat to the security of user credentials and which passes through our email filters for some reason, then Threat Response will come into play in one of two ways: either you can do a manual intervention and pull the emails yourself, or it will automatically get pulled by the Targeted Attack Protection part of Proofpoint. With the automatic intervention, let's say the system was still busy analyzing the email and, before a verdict was reached, the email was released. If, a few minutes later, that email had been found to be malicious, it needs to be pulled back. This is where TAP sends the email ID to Threat Response and signals it to withdraw the email from the user's mailbox. If that same email was delivered or forwarded to anywhere else internally, then it will pull those emails back as well. The team that uses Proofpoint Threat Response in my company is rather small, consisting of about four or five people, and we are all information security analysts in terms of our job role. I personally maintain the back-end of our product migrations, and perform duties such as updating and so on. From time to time, we also have to deal with tickets and incident response. As an aside, I'm also a PhD student currently doing my dissertation, and I do research on machine learning, data analytics, and data science.
My primary use case of this solution is as an anti-malware tool.
Our main use case is to automatically remove and pull the malicious, phishing and spam emails from each user's mailbox. We have also integrated this with Proofpoint TAP and PPS for more feeding.