About Targeted Attack Protection

ProofpointProofpoint Email Security Gateway

Proofpoint is an email protection service provided to protect faculty and staff from email threats by securing and controlling inbound and outbound email.

About Targeted Attack Protection

As a next step to the use of Proofpoint, an add-on is now available that will assist in better monitoring for bad Attachments and URLs in emails that are received from external sources.

TAP (Targeted Attack Protection) will provide the first line of defense at the email gateway. TAP is made up of two components that do run independently of each other:

1. Attachment Defense: TAP can hold messages until a verdict is received after analyzing the attachment. Clean ones are delivered to the inbox and threats are quarantined. Sandboxing the attachments before delivery allows ProofPoint to detect new attack tools, tactics, and targets quicker.

2. URL Defense: Messages containing URLs that are known to be malicious are immediately quarantined. TAP rewrites all other URLs in order to track and block clicks. When users click on the rewritten URLs, TAP redirects them — based on the verdict from inspection — to either the original webpage or a customizable block page that prevents access to the compromised site. Below is an example of a rewritten URL from within a Microsoft email.

You are able to still see the original URL when TAP is enabled, however, it is prefaced with ‘https://urldefense.proofpoint.com/v2/url?u=’.

A.     TAP not enabled

image 1

B. TAP Enabled (rewritten URL for extra checks)

image 2