Threat Response vs. TRAP¶
When to choose Threat Response over TRAP?¶
While Threat Response Auto Pull addresses email security incidents, security professionals should also consider full Threat Response, which goes beyond the email quarantine with key capabilities worth considering:
- Security orchestration and automation of incident response
- Adding context and intelligence to shortcut incident triage
- Collecting and verifying endpoint forensics against sandbox forensics
- Accepting and applying 3rd party intelligence against all incidents
- Quarantining and containing threats via Firewalls, proxies, and AD
- Real-time reporting against campaigns, users, incidents, threats, and targets
PTR vs. TRAP feature comparison¶
The following table outlines the key differences between the capabilities supported by Threat Response Auto Pull (TRAP) and standard Threat Response.
| Capability/Feature | Threat Response Auto Pull (TRAP) | Full Threat Response |
|---|---|---|
| ALERT INGESTION | ||
| Proofpoint TAP | X | X |
| Proofpoint Smart Search | X | X |
| Proofpoint CSV Upload | X | X |
| Abuse Mailbox Monitor | X | X |
| Alert ETL (Python Scripting) | X | |
| FireEye EX | X | X |
| FireEye NX | X | |
| Palo Alto Networks NGFW | X | |
| Palo Alto Networks WildFire | X | |
| Cisco FirePOWER NGIPS | X | |
| Suricata | X | |
| Splunk | X | |
| HP ArcSight | X | |
| IBM QRadar | X | |
| Juniper STRM / Secure Analytics | X | |
| JSON Events | X | X |
| ALERT ENRICHMENT | ||
| Microsoft Active Directory | X | X |
| Microsoft Domain Controller Agent | X | |
| IP Address – WHOIS | X | X |
| Domain Names – WHOIS | X | X |
| VirusTotal | X | X |
| Emerging Threat (IP, Domain, URL Reputation) | X | X |
| Splunk Automatic Log Analysis | X | |
| STIX / TAXII Intelligence | X | X |
| Past Infection IOC Checks | X | |
| Custom GeoIP Support | X | |
| Campaign Data Enrichment | X | X |
| Threat Scoring | X | X |
| Custom Fields | X | |
| RESPONSE / ENFORCEMENT | ||
| Match Conditions | X | X |
| Incident Management (Assign, Close, etc.) | X | X |
| Incident Notifications | X | X |
| On-Demand Agent | X | |
| Automatic IOC Data Collections | X | |
| Manual IOC Data Collections | X | |
| IOC Analysis & Verification | X | |
| Custom Scripts | X | |
| Custom Responses | X | |
| Microsoft Exchange / O365 | X | X |
| Google G Suite Gmail App | X | X |
| Microsoft Active Directory | X | X |
| Cisco ASA Firewall | X | |
| Cisco IOS Devices (routers & switches) | X | |
| Checkpoint Firewall | X | |
| Juniper SRX Firewall | X | |
| Fortinet Fortigate Firewall | X | |
| Palo Alto Networks Firewall | X | |
| OpenDNS | X | |
| Blue Coat Web Proxy | X | |
| CyberArk | X | |
| Imperva | X | |
| Audit Activity Trail | X | X |