Proofpoint Security

Multi-layered email security

Key features that stop human-targeted attacks

Nexus People Risk Explorer identifies your riskiest users

We provide insights into who your "Very Attacked People" (VAP) are and what specific threats are targeting them, so you can implement customized controls including browser isolation, focused security awareness training, identity vulnerability remediation, and step-up authentication to reduce risk.

Our team of threat researchers investigates email security threats, identifies new campaigns and tracks threat actor activity. We provide detailed reports of attack trends and insights into specific threat actors targeting your organization.

Seamless classification of user-reported messages We make it easy for users to report suspicious messages across all devices and automatically classify reported emails. If we discover that a user-reported message is malicious, we’ll automatically remove all instances of it from all user inboxes—including forwards and distribution lists. And we communicate that activity back to the submitting user, helping them understand the positive impact of their actions.

We empower your users to make informed decisions in the moment with email warning tags that flag potentially malicious messages. And our warning banners include an integrated “report suspicious” button, making it easy to report suspicious messages even on a mobile device.

We analyze messages, links and attachments before they reach the inbox. And we provide inline, pre-delivery sandboxing and behavioral analysis of suspicious QR codes, reducing the burden on your security teams. Our sandbox technology provides exhaustive analysis via static, dynamic and analyst-assisted execution, to maximize detection and intelligence extraction. We use ML-driven intelligence to determine whether a URL should be sent to the sandbox for further analysis.

We analyze messages in employee inboxes using over 200 behavioral AI signals, providing email security defense-in-depth. Augment pre-delivery protection with an API integration to M365 or Google Workspace. And we stop internal phishing by detecting anomalous sending behaviors such as spikes in email volume and unusual recipients.

In combination with our email security solution, our personalized threat-driven security education enables you to deliver targeted learning and simulations for better outcomes, reinforcing behavior with contextual nudges via email tags and custom feedback on user-reported messages.

Click-time protection - We re-write URLs to protect users on any network and device to detect if a message has been weaponized post-delivery. When users click on re-written URLs, automated browser isolation and real-time sandboxing protect against malware and credential theft.
Automated Quarantine Post-Delivery - If a malicious message is detected post-delivery, we automatically move it to quarantine. And we follow forwarded mail and distribution lists.

API-based SIEM/SOAR integration - We enable you to automatically enrich and correlate existing security event data with email threat data, so your security team can leverage context-aware threat intelligence and forensic analysis to proactively alert on and quickly respond to suspicious email-based threats. API-based endpoint integration - We automatically feed threat intelligence information to your endpoint protection solution. With insight into endpoint behavior, file activity information, and detailed threat forensic evidence, your security team can quickly identify and enable endpoint isolation to remediate compromised devices. And we provide API-enabled, bi-directional workflows and integrations with third-party security vendors like Palo Alto, Crowdstrike, Microsoft Defender, Okta and more.