Proofpoint + D3 Morpheus
Accelerate Triage and Response with Real-Time Intelligence
D3 Morpheus provides an end-to-end incident response solution for email-based incidents detected by Proofpoint TAP, and can enrich any incident—regardless of detection source—with Proofpoint’s up-to-the-minute, globally aggregated threat intelligence.
Expert-Built and Maintained Integrations
D3’s integration team takes the burden of coding, troubleshooting, and updating integrations off your hands. Our deep research into integrated technologies has produced important integrations with multiple Proofpoint tools:
- Proofpoint Targeted Attack Protection. Ingest events from Proofpoint TAP to enrich, investigate, and respond to potential email-based attacks
- Proofpoint Emerging Threats Intelligence. Enrich incidents with domain and IP reputations from Proofpoint ETI
- Proofpoint Essentials. Manage email sender lists across groups and organizations.
- Proofpoint Threat Response. Orchestrate incident response actions.
Use CAse 1
Potential Phishing Analysis
When a potential phishing attack is escalated to Morpheus from Proofpoint TAP, D3 extracts all the IOCs from the event, such as the sender’s domain. Morpheus can then look up those extracted indicators in Proofpoint ETI, other threat intelligence sources, and past incidents to reveal any associated malicious activity. Based on the results, Morpheus can then trigger a response playbook to block the IP, blacklist the sender, notify the email recipient, and orchestrate any other appropriate actions.
- Run a prebuilt automation-powered playbook for cryptomining, which includes domain analysis and EC2 instance analysis.
- Hunt for cryptomining threats based on ingested threat reports.
- Orchestrate rapid response across integrated tools.
Use Case 2
Automated Enrichment
Analysts are expected to rapidly investigate incidents, without compromising the process. For many, this means manually cross-referencing and copying hashes and other data. Over a year in a SOC, this means hundreds of hours per analyst plus some degree of human error. Morpheus can automatically extract IOCs such as domains and IPs from events and look up their reputations in Proofpoint ETI, enabling instant analysis without changing interfaces.
- Incorporate Proofpoint intelligence into Morpheus’s automated triage
- Include additional integrated TIPs for comprehensive enrichment
- Trigger incident-specific playbooks when a threat is identified.
Why Morpheus?
Joint users of Proofpoint and D3 Morpheus don’t just get automated email security and threat intelligence enrichment, they also get the countless other features that make Morpheus the leading vendor-agnostic AI-driven autonomous SOC solution, including:
Expert-built codeless integrations across the stack
Tier 1–3 automation, based on deep research into the capabilities of common tools
The Event Pipeline, which reduces alert volume by up to 98%
Cross-dimension correlation, which acts across tools, timeframes, TTPs, and artifacts
Proofpoint Integration: Summary
Integrations Done the Right Way
An unlimited number of pre-built integrations, expertly maintained by the largest technical team in security automation. Thoroughly researched, tested and built—and delivered for free. Always.
