Proofpoint Threat Response Auto-Pull (TRAP) enables messaging and security administrators to automatically retract threats delivered to employee inboxes and emails that turn malicious after delivery to quarantine. It is also a powerful solution to retract messages sent in error as...
Proofpoint Threat Response Auto-Pull (TRAP) enables messaging and security administrators to automatically retract threats delivered to employee inboxes and emails that turn malicious after delivery to quarantine. It is also a powerful solution to retract messages sent in error as well as inappropriate, malicious, or emails containing compliance violations and also follows forwarded mail and distribution lists and creates an audit-able activity trail.
With Proofpoint Threat Response Auto-Pull, you can protect your people, data, and brand from today’s threats by:
- Automatically pulling malicious or unwanted messages from an end-users inbox.
- Enriching each message by checking every domain and IP address against premium intelligence feeds.
- Including built-in reporting, showing stats like: Email quarantine success or failures, email retraction read status, targeting by active directory attribute
- Reducing the remediation time needed from hours to minutes.
- Supported: Integration with Other Security Systems
- Supported: Attack Chain Visualization
- Supported: Centralized Dashboard
- Supported: Machine Learning to Prevent Incidents
- Supported: Live Response for Rapid Remediation
- Supported: Automatically pull malicious or unwanted messages from an end-users inbox.
- Supported: Enrich each message by checking every domain and IP address against premium intelligence feeds.
- Supported: Built-in reporting showing things stats like: Email quarantine success or failures, email retraction read status, targeting by active directory attribute
- Supported: Reduce the remediation time needed from hours to minutes.
|Deployment Types||On-premise, Software as a Service (SaaS), Cloud, or Web-Based|
|Operating Systems||Windows, Linux, Mac|
|Supported Countries||United States, Canada, United Kingdom, Germany, France, Italy, Australia, Japan|
|Supported Languages||English, German, French, Italian, Spanish, Japanese|
Microsoft Defender for Endpoint
Splunk Enterprise Security (ES)
Palo Alto Networks Cortex XDR (Traps)
Palo Alto Networks Cortex XSOAR
Arcsight Enterprise Security Manager (ESM)
Agari Phishing Response
- It will automatically pull malicious emails from users' mailboxes if they are not detected first by PPS.
- It will evaluate user-submitted suspect phishing emails and reply to the users with the result of the evaluation.
- It will pull emails from users per an admin-submitted CVS file of emails we want to pull.
- It informs admins of the status of its email investigations.
- Would like an Azure virtual machine version of it. Currently, it's only supported on VMware and AWS.
- Configuring authentication certificates on it is not easy.
- It does not work with RSASSA-PSS signed certificates.
- Auto pull works great, even with our hybrid situation with 2 on premise exchange organizations.
- Reporting is good, nice graphs of all the actions.
- As threat response auto-pull uses a subset of the full threat response product, the GUI is too bloated.
- It is still only an on premise VM, still waiting for a cloud version.
We've found Proofpoint TRAP to be very beneficial to the company so far, it helped us immensely during our last security test.
- Automatically pulling malicious emails from users inboxes.
- Low admin intervention.
- Reducing remediation time on malicious emails.
- Learning curve is steep.
- Interface can be clunky.
- Some interface items seem counter-intuitive.
And emails that do get delivered it is unsure about are cloned then detonated in a sandbox to see the impact and if it is then found to be malicious it will pull these mails from the user's inbox. With no interaction from administrators.
Update, 6 months later: Proofpoint TRAP remains the MOST HELPFUL tool I've ever used for security incident response.
- Finds malicious messages in users mailboxes that were not previously detected.
- Gives good data about messages post-detection.
- Integrates with AD.
- Removing messages from mailboxes manually requires uploading a CSV in a particular format. More flexibility here would be great.