Proofpoint + D3 Smart SOAR
Accelerate Triage and Response with Real-Time Intelligence
D3 Smart SOAR provides an end-to-end incident response solution for email-based incidents detected by Proofpoint TAP, and can enrich any incident—regardless of detection source—with Proofpoint’s up-to-the-minute, globally aggregated threat intelligence.
Expert-Built and Maintained Integrations
D3’s integration team takes the burden of coding, troubleshooting, and updating integrations off your hands. Our deep research into integrated technologies has produced important integrations with multiple Proofpoint tools:
- Proofpoint Targeted Attack Protection. Ingest events from Proofpoint TAP to enrich, investigate, and respond to potential email-based attacks
- Proofpoint Emerging Threats Intelligence. Enrich incidents with domain and IP reputations from Proofpoint ETI
- Proofpoint Essentials. Manage email sender lists across groups and organizations.
- Proofpoint Threat Response. Orchestrate incident response actions.
Use CAse 1
Potential Phishing Analysis
When a potential phishing attack is escalated to Smart SOAR from Proofpoint TAP, D3 extracts all the IOCs from the event, such as the sender’s domain. Smart SOAR can then look up those extracted indicators in Proofpoint ETI, other threat intelligence sources, and past incidents to reveal any associated malicious activity. Based on the results, Smart SOAR can then trigger a response playbook to block the IP, blacklist the sender, notify the email recipient, and orchestrate any other appropriate actions.
- Run a prebuilt automation-powered playbook for cryptomining, which includes domain analysis and EC2 instance analysis.
- Hunt for cryptomining threats based on ingested threat reports.
- Orchestrate rapid response across integrated tools.
Use Case 2
Automated Enrichment
Analysts are expected to rapidly investigate incidents, without compromising the process. For many, this means manually cross-referencing and copying hashes and other data. Over a year in a SOC, this means hundreds of hours per analyst plus some degree of human error. Smart SOAR can automatically extract IOCs such as domains and IPs from events and look up their reputations in Proofpoint ETI, enabling instant analysis without changing interfaces.
- Incorporate Proofpoint intelligence into Smart SOAR’s automated triage
- Include additional integrated TIPs for comprehensive enrichment
- Trigger incident-specific playbooks when a threat is identified.
Why Smart SOAR?
Joint users of Proofpoint and D3 Smart SOAR don’t just get automated email security and threat intelligence enrichment, they also get the countless other features that make Smart SOAR the leading independent SOAR solution, including:
Expert-built codeless integrations across the stack
Tier 1–3 automation, based on deep research into the capabilities of common tools
The Event Pipeline, which reduces alert volume by up to 98%
Cross-dimension correlation, which acts across tools, timeframes, TTPs, and artifacts
Proofpoint Integration: Summary
Integrations Done the Right Way
An unlimited number of pre-built integrations, expertly maintained by the largest technical team in security automation. Thoroughly researched, tested and built—and delivered for free. Always.