Proofpoint has formed an alliance with Splunk® to deliver customers value by providing data integrations into the Splunk security platform from Proofpoint’s email, social media, and threat intelligence solutions. These integrations provide customers with the ability to easily benefit from Proofpoint’s threat context, within the end-to-end security intelligence provided by Splunk software. “Organizations typically have 50-100 different security and network solutions depending on their size. This heterogeneity makes it difficult for security teams to scale and respond,” said Christian Christiansen, program vice president of IDC’s Security Products group. “The Proofpoint alliance with Splunk reduces the need for handcrafted integrations while providing greater data analysis into how organizations are vulnerable, targeted, and breached."
Available today, customers can use the new Proofpoint Protection Server Technology Add-on (TA) to send data from Proofpoint’s leading Enterprise Protection email solution into Splunk solutions, to correlate and validate against attack origin and data loss prevention rule violations captured by Proofpoint. This information can provide additional valuable security context within Splunk Enterprise and Splunk Enterprise Security (ES) for investigations directed at identifying targeted users, lateral movement and/or exfiltration.
“With advanced attacks overwhelmingly targeting people and not infrastructure, organizations need comprehensive visibility into these threats—within the context of all their other security data,” said Ryan Kalember, senior vice president of Cybersecurity Strategy for Proofpoint. “Proofpoint’s leading visibility into attacks against users, from ransomware to business email compromise phishing, is a perfect fit with Splunk’s capabilities in generating insights from a broad set of security-relevant data sources. The Splunk alliance is a critical part of our strategy to seamlessly integrate with the leading analytics-driven security platform.”
In addition, this alliance enables Splunk customers to use the Proofpoint Social Media Protection TA for Splunk to add context from Social Patrol to Splunk security solutions. Customers can now send Social Patrol alerts to Splunk software to help with investigations into social phishing links, malware, fraudulent accounts, threats to brand reputation and user privilege modifications.
“At Splunk, we focus on helping our customers move to analytics-driven security,” said Haiyan Song, senior vice president, Security Markets for Splunk. “Proofpoint integrations enable more customers to have enhanced attack visualization across email and social media threat vectors monitored by Proofpoint’s leading email and social media solutions, which helps organizations to respond even faster to incidents from those threat vectors.”
