Skip to main content
TrustRadius
Proofpoint Targeted Attack Protection (TAP)

Proofpoint Targeted Attack Protection (TAP)

Overview

What is Proofpoint Targeted Attack Protection (TAP)?

Proofpoint Targeted Attack Protection (TAP) helps organizations efficiently detect, mitigate and respond to known and unknown advanced threats that target people and VIPs through email. TAP provides unparalleled effectiveness in stopping targeted attacks that use polymorphic malware, weaponized documents and…

Read more
Recent Reviews

TrustRadius Insights

Effective URL Blocking: Several users have praised Proofpoint TAP for its effective URL Blocking feature, which has prevented malicious …
Continue reading

Great product!

10 out of 10
November 11, 2021
Incentivized
Currently, at my organization, Proofpoint Target Attack Protection, also known as TAP, is used by the SOC and also our Threat Intelligence …
Continue reading

Proofpoint is AWESOME!

10 out of 10
November 21, 2019
Incentivized
POD TAP is used for email protection. We greatly appreciate the added security and safe feeling it gives us. We are very happy with the …
Continue reading
Read all reviews

Awards

Products that are considered exceptional by their customers based on a variety of criteria win TrustRadius awards. Learn more about the types of TrustRadius awards to make the best purchase decision. More about TrustRadius Awards

Reviewer Pros & Cons

View all pros & cons
Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is Proofpoint Targeted Attack Protection (TAP)?

Proofpoint Targeted Attack Protection (TAP) helps organizations efficiently detect, mitigate and respond to known and unknown advanced threats that target people and VIPs through email. TAP provides unparalleled effectiveness in stopping targeted attacks that use polymorphic malware, weaponized…

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

13 people also want pricing

Alternatives Pricing

What is Avanan?

Avanan, from Check Point since the August 2021 acquisition, connects security technologies to enterprise cloud applications in order to improve protection of sensitive corporate data and IP. According to the vendor, Avanan's one-click deployment allows customers to deploy a new security solution in…

What is KnowBe4 PhishER?

PhishER is presented as a lightweight Security Orchestration, Automation and Response (SOAR) platform to orchestrate threat response and manage the high volume of potentially malicious email messages reported by users. And, with automatic prioritization of emails, PhishER helps InfoSec and Security…

Return to navigation

Product Details

What is Proofpoint Targeted Attack Protection (TAP)?

Proofpoint Targeted Attack Protection (TAP) helps organizations efficiently detect, mitigate and respond to known and unknown advanced threats that target people and VIPs through email. TAP provides unparalleled effectiveness in stopping targeted attacks that use polymorphic malware, weaponized documents and credential-stealing phishing techniques to obtain sensitive information. TAP seamlessly integrates with the Proofpoint secure email gateway (Proofpoint Email Protection) to deliver best-in-class email security in a way that is cost effective and easy to use. TAP leverages the cloud to scale deployment, adapt analysis and protect people on any network or device.

With Proofpoint Targeted Attack Protection (TAP), you can:

  • Provide sophisticated analysis to prevent threats from getting to a user's inbox.
  • Detect known and unknown threats using adaptable analysis capabilities.
  • Provide security teams detailed analysis and visibility about threats and threat campaigns.
  • Provide visibility into threats targeting the Very Attacked People (VAP) in an organization.

Proofpoint Targeted Attack Protection (TAP) Features

  • Supported: Provide sophisticated analysis to prevent threats from getting to users inbox.
  • Supported: Detect known and unknown threats using adaptable analysis capabilities.
  • Supported: Provide security teams detailed analysis and visibility about threats and threat campaigns.
  • Supported: Provide visibility into threats targeting the Very Attacked People (VAP’s) in an organization

Proofpoint Targeted Attack Protection (TAP) Technical Details

Deployment TypesOn-premise, Software as a Service (SaaS), Cloud, or Web-Based
Operating SystemsWindows, Linux, Mac
Mobile ApplicationNo
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(65)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Effective URL Blocking: Several users have praised Proofpoint TAP for its effective URL Blocking feature, which has prevented malicious URLs from infiltrating their systems. This feature not only alerts users about potential compromises but also provides concise threat context, enabling them to understand the nature of the threats they face.

Integration with Proofpoint TRAP: Many reviewers have valued the seamless integration between TAP and Proofpoint TRAP. By combining these two solutions, users are able to streamline their workflow and enhance security measures. The integration detects spam and phishing emails, providing an added layer of protection against cyber threats.

Accurate Attachment Detonation: Users have expressed high satisfaction with TAP's sandbox attachment detonation feature. This functionality effectively vets attachments for threats, allowing users to confidently analyze email attachments without risking system compromise. The ability to detect malicious attachments and boast a false positive rate of less than 0.001% over three years has been particularly impressive to reviewers.

Cumbersome Admin Web GUI: Users have mentioned that the admin web GUI is difficult to navigate and understand, leading to a steep learning curve. Several reviewers expressed frustration with the unclear interface and the need to constantly stay updated on new features.

Lack of Communication on New Features: Users have expressed frustration with Proofpoint's lack of communication when new features are added to their toolbox. Some users felt left in the dark about updates and wished for better transparency from the company.

Difficulty in Automating Custom Report Emails: Several users mentioned the inability to automate custom report emails like with Proofpoint Secure email. This inconvenience makes it time-consuming for administrators who rely on automated reports for efficient management.

Attribute Ratings

Reviews

(26-42 of 42)
Companies can't remove reviews or game the system. Here's why
Score 9 out of 10
Vetted Review
Verified User
Incentivized
The whole group is using Proofpoint TAP inherently. It is part of the email protection solution package. The TAP part works great with the TRAP appliance at the moment a malicious email was found later. But utilizing the API, TAP can notify TRAP to auto pull the message from the user mailbox. Though there is a bug in it at the current version, making this not work for maybe 10% of the messages, it does work great for most messages.
  • Finding threats.
  • Reporting.
  • Insight into the threats (sandbox results).
  • Solve the bug with the TRAP integration.
  • Have consistent look & feel with the other Proofpoint products.
It does integrate very nice with both the main email protection product and the TRAP auto pull product. This makes the email protection offering a lot better than our previous product.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We have been using the Proofpoint TAP for about 2 years now and I cannot imagine us not having it in our environment. We are constantly under attack and the TAP has been vital in helping to protect us from threats. We actually receive so many threats that I start to wonder if something is not working when I look at the TAP dashboard and it shows no threats at all! This is being utilized to protect our entire organization from email threats.
  • Impostor email detection is a fantastic feature and works very well.
  • The sandbox feature helps to ensure confidence that their evaluation of the email threat is valid.
  • Easy to use (and understand) dashboard make identifying and managing email threats a breeze.
  • Occasionally, we have a false positive or false negative, but those are easily corrected.
  • Would like the ability to upload a file to have it automatically exploded via sandbox to determine threat.
Almost every single day we receive dozens of threats in which the Proofpoint TAP system stops. We also appreciate the automated emails that notify us of new threats and "at-risk" users. This helps us to quickly mitigate any threats in our environment. The emails help us to get a jump on notifying our end users of the threats. Additionally, the ability to rewrite URLs also helps to prevent clicks on malicious content.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Targeted Attack Protection sends us alerts us via a detailed email if Proofpoint detects things such as an impostor email sent to one of our VIPs. This allows us to reach out to the user to make sure they are aware that the email is bogus so that they do not possibly give away any private information to the impostor.
  • Detailed GUI
  • Email alerts
  • Stops impostor emails
This would be well suited for medium to large businesses. A small business could likely get by without it.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We use it for our entire organization. Primary requirements to prevent advanced malware and phishing attacks. In addition, we also use it for data loss prevention (DLP) to meet client and regulatory requirements. We also leverage this platform for e-mail protection against spam and phishing attacks.
  • Alert on malware/attacks that made it through, so we can respond.
  • Data loss prevention (DLP) is very flexible and accommodates our needs.
  • More advancement in the imposter technology.
  • Integration between Wombat (phishing campaign tool) and email.
The majority of email threats are identified or blocked through TAP. Pre-TAP we were overrun with incident tickets and alerts. With TAP we have a higher level of confidence.
Score 1 out of 10
Vetted Review
Verified User
Incentivized
We purchased this for our full-time fac/staff and attempted to get this for our students as 'included' since they slipped by our legal to not include our students first off. We had to pay a ton to get the students included. Also, EOP based AV does a better job of blocking bad attachments. The best use case I can give you is if you put the phishing link inside a PDF TAP, it will send it on clean. MS AV will catch it every time. I watch the TAP alerts on misses, and I will pull the message with Get-Messagetrace and its details; sure enough, it got caught there!
  • Slowing down mail flow for scanning.
  • Limiting to a specific sub group of your org.
  • Sending lots of mail unthrottled by default.
  • Stopping bad mail.
  • Hashing spam emails in a more efficient way.
Very useful for a very small organization where scaling and learning algorithms have a standing chance to work. It's places that receive 1 million messages a day and have to try to provide infrastructure as a service, i.e. many independent domains trying to be self-managed, that are challenging for this product.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
This is used globally as part of our overall email hygiene program.
  • Easy to manage.
  • Easy to deploy.
  • Proven solution.
  • Adoption can be a problem, but only early on.
This, for us, is the leading platform to build as part of our overall email security program.
Score 10 out of 10
Vetted Review
ResellerIncentivized
TAP is an optional module for Proofpoint Email Security that can be licensed. It consists of "URL Defense" and "Attachment Defense." The first one is a mighty tool which provides security for inbound mail traffic by analyzing (and blocking) access to harmfull external URLs. 'Attachment Defense' is even mightier. As a company, you get a lot of emails with attachments, especially documents like PDFs or Microsoft Office file formats. Attachment Defense is a Sandbox cloud service provided by Proofpoint, which analyzes these files and checks if they contain bad content like malicious macros. All normal Antivirus scanners work signature-based, so they are not able to open a document like Adobe Reader or MS Office would do it. This is what Proofpoint Targeted Attack Protection does for you. Up to now, there is no other way to automatically check every attachment this way (Sandboxing).
  • It's a carefree solution for automatic approval of (bad) attachments.
  • A carefree solution for automatic approval of bad URLs.
  • Alerts for admins if the attachments or allowed URL clicks afterwards turned out to be malicious.
  • A lot of information about malware campaigns inside the TAP Dashboard, and useful info, like who's the most attacked target in your company.
  • Expensive (but justified).
  • A lot of German companies are very sensitive about their data and privacy. You have to trust Proofpoint here.
It is (of course) well suited if you have a lot of mail traffic which contains attachments and external URLs. In general, Proofpoint Targeted Attack Protection will suit you if your users have no sense of security, and if they click on every link without thinking for a second if a mail looks legitimate or not. Better safe than sorry!
Score 8 out of 10
Vetted Review
Verified User
Incentivized
Proofpoint TAP is used as part of our email security strategy. Inbound emails are scanned by TAP for malicious attachments, links, and other indicators of compromise. Proofpoint TAP logs feed into our SIEM for investigation and correlation against other log data. TAP can also be used to input IOCs like URLS so that the emails are blocked before entering the environment. Today we receive two types of alerts from TAP, one lets you know that Proofpoint now recognizes this email to be malicious and the analysts can investigate and remediate. The second type of alert is that an individual has clicked on a link that is known bad. Then the analysts can search logs for if the user successfully made it to the website and input any data.
  • Block malicious and phishing emails
  • Alert of now known to be bad emails
  • Threat intelligence for tracking campaigns
  • Metrics and dashboards around email activity
  • Ability to block additional IOCS instead of just URL
  • Ability to integrate with threat intelligence platforms
  • What they label as a false positive is not always a false positive
Proofpoint TAP is well suited to guide in investigation of malicious or phishing emails. It allows you to track the campaign and see the top email threats attacking your environment. You can input VIP level users for enhanced reporting. The ability to view a sandbox report with details of what the link or attachment does is useful.
Jerry Robinson | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Targeted Attack Protection (TAP) for Email is used across the entire enterprise. TAP gives us a layer of protection against the numerous attack vectors that exist in the cyberworld.
  • Attachment Defense. This component scans all attachments for malicious content, quarantining anything suspicious. This is a must have for any legitimate email protection product.
  • URL Defense. With so many phishing attempts out there that try to lure the unsuspecting user into clicking a link to a malicious web site, URL Defense provide an invaluable safety net by encoding the URL and re-routing it to Proofpoint's "sandbox". If legitimate, it seamlessly redirects the user to the original URL. Despite your best efforts at education, a percentage of your end users will click the link. Knowing that TAP is sandboxing those links to test for malicious activity is protection we cannot live without.
  • TAP Dashboard. This lets me see who's being targeted in my environment as well as provide metrics that tell me how effective the protection has been. We're able to identify our "VIP's" so that we can receive special alerets whey they come under attack.
  • It's a stretch for me to find something that needs improvement. If I had to put at least one thing it would relate to URL Defense. The process works great but, there are times when you have to decode the encoded URL. Currently, the only place to do that is in the TAP dashboard. To save clicks and logins, it would be nice to have that decode functionality in the Proofpoint management console.
  • No other issues.
I believe TAP is well suited for all scenarios but some organizations may wish to implement part, or all, of TAP for specific departments. That can be done by AD group membership.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Proofpoint Targeted Attack Protection's primary use for us is the URL rewriting feature, which allows sites linked to in emails to get scanned by Proofpoint before allowing users to visit them. We use this feature for all users across our organization and it is one of our primary defenses against phishing.
  • Post-detection of malicious web-based attacks
  • Trending of types of attacks against our organization
  • URL rewrite feature makes URLs very ugly and sometimes makes users more suspicious
Proofpoint Targeted Attack Protection is great for helping leadership understand how other organizations are being attacked and how similar those attacks are or aren't to ours. The historical data that it provides about attacks, campaigns, and tactics can help leaders and managers understand why we make the changes we do to our email security posture.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Proofpoint TAP is used across our entire organization and it addresses the problem of users clicking on malicious URLs or attachments. We get alerted in every instance and with the TAP dashboard we can see targeted users and information on the threats coming at us. Reporting and VIP user options are great!
  • URL rewriting, so clicks are protected from the start
  • Attachment sandboxing, attachments are vetted for threats
  • Integration with Proofpoint TRAP for auto-pull of messages
  • Perhaps a bit more reporting would be beneficial
[For] The new campaigns out there that are credential stealing - the url rewrite function is very beneficial. When a user has clicked [on them] you are able to see it in the TAP dashboard along with other users targeted.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
The Infosec team uses TAP to be alerted when threats occur, compromises may have happened, and actions may need to be taken. It gives us insight into the attacks that have occurred, a lot of background on them (if available), and who was targeted and who fell for the attacks. It helps us protect the company from attacks and quickly resolve them.
  • TAP allows administrators and authorized users to effectively analyze threats and identify all targets.
  • The tracking (did a user open an email, did they click a link and how many times) and analytics are a great asset to have for any IT admin.
  • The ability to flag specific users as VIPs or important folks you want to keep an extra measure of attention on.
  • Sometimes, it is difficult to determine what the threat did or the effect it had on the recipients. I think this is most difficult due to our inexperience, so I imagine this will be easier for us over time.
I receive an email notification when someone clicks on a link in an email that originally was not a threat, but was later activated/determined by TAP to be malicious. This helps me to quickly jump into an event that may never get reported by the user. Multiple times I've reached out to the user before they said anything because they just thought the link was broken and ignored it. Or, they might have tried their credentials in a phishing scam and since it didn't work, simply emailed the attacker (unbeknownst to our user) that the credentials didn't work. User reporting is generally too slow and TAP allows infosec to quickly take action and often stop attacks before they can do any damage.
January 18, 2019

Email's Best Defense

Score 9 out of 10
Vetted Review
Verified User
Incentivized
Proofpoint Targeted Attack Protection for Email is deployed to our entire email domain. It protects our end users and our network from threats with opening infected attachments (malware) and clicking on phishing emails. This prevents the remediation effort needed to handle situations where users infected their machine and/or network with malware, or fall victim to a phishing attack.
  • Block phishing sites when users click on malicious links in their emails
  • Block malicious attachments
  • Proofpoint Dynamic Reputation is its machine-learning to learn which IP addresses may be compromised to send spam (like part of a botnet) and block them
  • The administration interface can be updated with improved navigation.
  • Proofpoint does not recommend saving attachments in quarantine which creates an issue when there are false-positives. We cannot release a false-positive since it is not saved due to affecting performance of Proofpoint product when the database gets too big.
  • It requires a good amount of time and effort to get familiar with Proofpoint system administration.
Proofpoint Targeted Attack Protection for Email is well suited for saving time and resources for IT staff from having to handle situations where users clicked on a phishing link in their email and fall victim to it and opening an infected or malware attachment which can impact the entire network and harm the endpoint device. It saves from potential remediation and clean-up work which can be significant to IT organizations.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We use Proofpoint Targeted Attack Protection (TAP) company-wide. It solves for us web links that were good at the time the email was sent in, then the website becomes malicious later or is found to be malicious later. TAP identifies and alerts us about the users that have clicked the link that went from good to bad, when they clicked it an how often. That information saves us a ton of wondering who did what, how often and who is affected. It focuses our efforts on the correct people.
  • Re-evaluates web links on an on-going basis to see if the links were good and have been changed to bad.
  • Identifies specific users and alerts us regarding who clicked the now bad links and were not blocked prior to discovery of malicious code.
  • Gives us the ability to identify VIP users that may be especially vulnerable to attack and take additional action on them.
  • Proofpoint needs to get a single sign-on for all the different portals.
I've found it suited to our entire environment. It has proved to be a good layer of protection for email links.
Score 9 out of 10
Vetted Review
Verified User
Incentivized
We utilize Proofpoint's Targeted Attack Protection services to protect our entire enterprise of over 18,000 individuals. One of the highest risk attacks we've been dealing with is that of the ever evolving "phishing" and ransomware/malware type attacks. Proofpoint's services have provided solid protection to our organization minimizing that risk, along with providing us with a high level of insight into the threats.
  • The URL Defense components having greatly reduced the risk associated with "phishing" attacks and malicious web sites.
  • The Attachment Defense components have also reduced the amount of malware (including zero day type attacks) actually getting to our clients systems.
  • The services are fairly simple to implement and provide enough flexibility to tailor them to address specific security policies.
  • The level of threat analysis is extremely high compared to some of Proofpoint's competitors making this a "goto" product for people who want a solid product to protect their enterprise. The on-going implementation has been extremely stable with minimal service outages.
  • Accuracy is definitely one of Proofpoint's strong points and we have experienced very few false positives.
  • The only real area that needs improvement is the customer specific definitions for blocked URL's in terms of providing more flexibility in using more specific pattern matching expressions. Pretty certain this will be resolved shortly.
  • Cost is always a factor and given that this type of service is almost a necessity these days, their cost is a bit on the high end.
The product is definitely well suited for any type of enterprise e-mail services whether hosted or on-premises. Again, the insight provided by their product and the high level of accuracy in detecting and mitigating threats make this a must have product.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Proofpoint Targeted Attack Protection for Email is being used by our organization to identify malicious email campaigns and which users that it might affect. It is being used across the whole organization, and identifies the VAPs (Very Attacked People) as well as VIP users, to narrow down our focus during an investigation into an incident.
  • Identify whether an email was received or blocked by a user.
  • Identify whether a malicious link in an email was clicked on or not.
  • Listing of the severity of the campaign, as well as the spread (how many other customers were affected).
  • Cloud integration ( in progress).
  • Integrating the GUI with the Email Security Admin portal (instead of two different logins).
Proofpoint Targeted Attack Protection for Email is good for identifying malicious email campaigns, and whether a user might be affected by this (if they clicked any links in the email). We can also see whether this was a broad email campaign or specifically targeted towards our company or a certain industry, or possibly specific users.
Score 10 out of 10
Vetted Review
Verified User
Incentivized
We are using Targeted Attack Protection (TAP) to supplement the normal spam/viral email detection. TAP rewrites URLs to protect us and notify if a site is weaponized after delivery. Also, if an attachment needs further analysis TAP provides that service. We act on alerts by sending [them] to users and IT administrators to research the problem. Also we regularly use the TAP dashboard to see what is happening in our environment.
  • It is great and alerting us to who has clicked on a URL that could be a problem.
  • Also it prevents sophisticated files that would bypass traditional antivirus.
  • URL writing is a great protection for our users.
  • We have visibility who is hit by any malicious email campaign.
  • Sometimes alerts are hard to read.
  • Automatic removal of messages should be included in the product.
  • It is costly...if it was part of the base product and all email gateway customers the cost should be lower. In the end a C level person doesn't care if a message was stopped (or allowed) because of a separate component.
It protects users from advanced attacks either with files or URLs exceptionally well. I feel like its a mandatory component and wish it was included in the spam/virus product. In a high security company where attachments were blocked it would not be necessary. Overall there are many more positives than negatives from Targeted Attack Protection.
Return to navigation