Chief Engineer at a healthcare company with 10,001+ employees
Real User
Top 20
2024-06-04T16:58:40Z
Jun 4, 2024
There are areas of improvement. The on-premise version doesn't scale well for large companies. If you're a small company, it will work just fine. But with a large company, they run into all kinds of memory issues, software update issues with big databases, and so on. We can't seem to get every released upgrade because we can't get to one that will upgrade correctly. That's what's causing us to consider switching to Proofpoint's cloud product or other choices.
Senior Information Security Analyst at a healthcare company with 1-10 employees
Real User
Top 20
2022-11-08T20:01:41Z
Nov 8, 2022
The interface within Threat Response could be made simpler. To give a specific example, let's say you have uploaded the details of a malicious email to Threat Response in order to pull all the instances of that email being delivered internally, and it turns out that there have been something like 10,000 emails delivered already. When you dig into "patient zero" (i.e. the mailbox that first received the malicious email and forwarded it onward) within Threat Response, Threat Response will synthesize the data and you will be able to see the user's vectors such as who the sender is (e.g. some attacker at example.com) and all 10,000 recipients of the email. Now, if this incident was set up with alerts, then for every single user it creates a corresponding alert, such that you now have 10,000 separate alerts that you have to scroll through to view. I propose that Threat Response should be able to simplify this a bit, even though I don't know what kind of solution it would entail. That's for them to figure out; I just know that scrolling through 10,000 alerts doesn't make things simple for me. Going further with the idea of improving the interface, when you look at any big company, most of them already have some kind of a centralized platform when it comes to ticketing tools, such as ServiceNow, BMC Remedy, Jira, or Splunk. The platform is there to provide a single pane of glass, where you can integrate everything and assign tickets to the team from that platform. When it comes to Threat Response, it has its own separate portal and once you have set up your security team in there, you can assign tickets within it. However, I think that this is an unnecessary extra dashboard and there should be more opportunities to tie the portal data into something like ServiceNow and then simplifying from there onward. Again, I can only wonder what the solution here would look like, but let's take the incident with 10,000 alerts; how could we sync or integrate that incident in ServiceNow, and what would it look like? Ultimately, I think being able to more easily integrate Threat Response incident data into other kinds of ticketing platforms would really help improve our experience.
Learn what your peers think about Proofpoint Threat Response. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
No defense can stop every attack. When something does get through, Proofpoint Threat Response takes the manual labor and guesswork out of incident response to help you resolve threats faster and more efficiently. Get an actionable view of threats, enrich alerts, and automate forensic collection and comparison. For verified threats, quarantine and contain users, hosts, and malicious email attachments - automatically or at the push of a button.
The platform's technical support services and pricing need improvement.
There are areas of improvement. The on-premise version doesn't scale well for large companies. If you're a small company, it will work just fine. But with a large company, they run into all kinds of memory issues, software update issues with big databases, and so on. We can't seem to get every released upgrade because we can't get to one that will upgrade correctly. That's what's causing us to consider switching to Proofpoint's cloud product or other choices.
The interface within Threat Response could be made simpler. To give a specific example, let's say you have uploaded the details of a malicious email to Threat Response in order to pull all the instances of that email being delivered internally, and it turns out that there have been something like 10,000 emails delivered already. When you dig into "patient zero" (i.e. the mailbox that first received the malicious email and forwarded it onward) within Threat Response, Threat Response will synthesize the data and you will be able to see the user's vectors such as who the sender is (e.g. some attacker at example.com) and all 10,000 recipients of the email. Now, if this incident was set up with alerts, then for every single user it creates a corresponding alert, such that you now have 10,000 separate alerts that you have to scroll through to view. I propose that Threat Response should be able to simplify this a bit, even though I don't know what kind of solution it would entail. That's for them to figure out; I just know that scrolling through 10,000 alerts doesn't make things simple for me. Going further with the idea of improving the interface, when you look at any big company, most of them already have some kind of a centralized platform when it comes to ticketing tools, such as ServiceNow, BMC Remedy, Jira, or Splunk. The platform is there to provide a single pane of glass, where you can integrate everything and assign tickets to the team from that platform. When it comes to Threat Response, it has its own separate portal and once you have set up your security team in there, you can assign tickets within it. However, I think that this is an unnecessary extra dashboard and there should be more opportunities to tie the portal data into something like ServiceNow and then simplifying from there onward. Again, I can only wonder what the solution here would look like, but let's take the incident with 10,000 alerts; how could we sync or integrate that incident in ServiceNow, and what would it look like? Ultimately, I think being able to more easily integrate Threat Response incident data into other kinds of ticketing platforms would really help improve our experience.
The product has some quirks that could be improved.
If the reporting gets improved then it would be better, but the product is running amazing as it is.