Proofpoint Certifications
Proofpoint Certifications
Embedded Files
Proofpoint LEVEL UP offers the most efficient path to effective use of Proofpoint products with role-based training. Start learning with Proofpoint today. Deepen your product knowledge and gain technical skills to get the most value from your security investments. Learn at your own pace with online and live training courses. Instructor-led training certification and accreditation for engineers and administrators is available across our full suite of products. Most coursework ranges from 1-3 days. Self-paced instruction on a full range of topics across our suite of products is available from anywhere, anytime. Short how-to tutorials allow
learners to quickly gain insight and knowledge of Proofpoint technology.
Protection Server - Level 1
Protection Server - Level 1
Type
Professional Training Course
Provider
Job Level
Foundations
System Administrator, Email Administrator or Security Analyst
Administration
System Administrator, Security Analyst and Email Administrator
Configuration
System Administrator, Security Analyst and Email Administrator
Security
System Administrator, Security Analyst and Email Administrator
Overview
Foundations
This course brings the Proofpoint Protection Server product to life by combining integrated stories with functional information. It teaches you product knowledge you can use as an administrator or security analyst.
Administration
This foundational course brings the Proofpoint Protection Server (PPS) product to life by combining integrated stories with functional information. It teaches you fundamental product knowledge you can use as an administrator.
Configuration
This foundational course introduces the concepts behind rule and policy configuration for the purposes of filtering email. It introduces Policy Routes and Dispositions and covers best practices and options. The course introduces the application of Quarantine and reviews the different ways it can be configured.
Security
This foundational course reviews the security features of several of the Protection Server modules. Security for both incoming and outgoing threats is explored. Message authentication and encryption are also covered.
Prerequisites
Foundations
N/A
Administration
Protection Server Foundations – Level 1
Configuration
Protection Server Foundations – Level 1
Protection Server Administration – Level 1
Security
Protection Server Foundations – Level 1
Protection Server Administration – Level 1
Protection Server Configuration – Level 1
What you'll learn
Foundations
Message Flow teaches you the purpose of the Protection Server and how email flows. SMTP and Filtering teaches you the components of the SMTP conversation and how PPS can filter on each component. Outbound Threats teaches you how PPS protects your company from threats that originate within your organization.
Administration
Clusters and Modules explains the role of Master and Agent, deployment options, and add-on filtering options. Navigation demonstrates the default layout of the management screens and explains the purpose of the three main navigation tabs. User Management teaches you how the Protection Server organizes users, explains recipient verification, and how user groups work with email filtering. End User Services explains the purpose of the Email Digest and the function and capabilities of the End User Web Application. Targeted Attack Protection (TAP) teaches you how URL Defense and Attachment Defense work and provides a brief introduction to the TAP dashboard.
Configuration
Policy Routes teaches you the components that make up a Policy Route and how they compare to a rule; it also teaches the mechanisms behind Policy Route tagging and the effect it has on message traffic. Rules teaches the components of a basic firewall rule, including conditions and dispositions; it also incorporates Policy Routes into the understanding of Rules. Dispositions discusses the concepts of Delivery Methods and Delivery Options and how a disposition has the final say in the action taken on a message. Quarantine explores the purpose of quarantine, it’s folders and settings, as well as the impact of quarantine on message flow and process utilization.
Security
Authentication introduces SPF, DKIM, and DMARC and how they’re used to authenticate inbound messages. Spam Detection provides an overview of the Spam scoring method and the Proofpoint Dynamic Reputation Service. Virus Protection explains the process of scanning inbound messages for threats that match known virus signatures; it also discusses the default settings of the Virus Protection policy. Encryption describes the benefits of the Proofpoint Encryption method and how it can make encryption available to all users; it also discusses alternate methods of encrypting outbound mail and the process of retrieving encrypted messages. Digital Assets provides an overview of the Digital Assets process and the document repository; it also explores the different ways that confidential assets can be leaked. Regulatory Compliance discusses of the various sources of unauthorized data disclosures; it also provides an overview of Smart Identifiers and Dictionaries.
Courses
Foundations
Message Flow, SMTP and Filtering, Outbound Threats
Administration
Clusters and Modules, Navigation, User Management, End User Services, Targeted Attack Protection (TAP)
Configuration
Policy Routes, Rules, Dispositions, Quarantine
Security
Authentication, SPAM Detection, Virus Protection, Encryption, Digital Assets, Regulatory Compliance
Cost
Foundations - Free
Administration - Free
Configuration - Free
Security - Free
Format
Foundations
Online - Self-Paced - Micro-learning Course
40 minutes
Administration
Online - Self-Paced - Micro-learning Course
45 minutes
Configuration
Online - Self-Paced - Micro-learning Course
60 minutes
Security
Online - Self-Paced - Micro-learning Course
70 minutes
Protection Server - Level 2
Protection Server - Level 2
Type
Professional Training Course & Certification Exam
Provider
Job Level
System Administrator, Email Administrator, Security Analyst
Overview
Protection Server Course - Level 2
This course provides detailed information about the services running on Proofpoint Protection Server (PPS) and the features found in the Email Protection and Information Protection modules. This course also provides a classroom lab environment for configuring these services and features.
Protection Server Exam II
The Protection Server - Level 2 Exam covers the protection tools that are available as part of the PPS Suite, including Targeted Attack Protection. It also includes topics such as master-agent architecture, installation and deployment, filtering and rule creation.
Prerequisites
Protection Server Foundations – Level 1
Protection Server Administration – Level 1
Protection Server Configuration – Level 1
Protection Server Security – Level 1
What you'll learn
Threat Landscape and SMTP, PPS Deployment and Server Management, Email Filtering, Quarantine, Log Viewer and Smart Search, TLS Encryption , User Management and End User Services, Email Firewall, Email Authentication, Spam Detection, Impostor Email, Virus Protection, Targeted Attack Protection (TAP), Proofpoint Encryption, Data Loss Prevention, Regulatory Compliance, Digital Assets
Courses
Protection Server Services, Email Protection, Information Protection
Cost
Protection Server Course - Level 2
An enrollment code is required. If you need an enrollment code, contact training@proofpoint.com
Protection Server Exam II
Free
Format
Protection Server Course - Level 2
Live Instructor-Led Course
60 Questions - 120 minutes
Online
Protection Server - Level 3
Protection Server - Level 3
Type
Professional Training Course & Certification Exam
Protection Server Course - Level 3
Provider
Job Level
System Administrator, Email Administrator, Security Analyst
Overview
Protection Server Course - Level 3
This course teaches you advanced settings, recommended configuration, and troubleshooting for PPS solutions. You’ll get in-depth knowledge of mail processing, PPS logs, TLS, firewall rules and troubleshooting, envelope splitting, and email authentication. This course is presented using an on-premises environment.
Protection Server Exam III
This course exam tests your knowledge of advanced settings, recommended configuration, and troubleshooting for PPS solutions. You’ll get in-depth knowledge of mail processing, PPS logs, TLS, firewall rules and troubleshooting, envelope splitting, and email authentication.
Prerequisites
We highly recommend to have taken the Protection Server Level 2 class and/or completed the Level 2 exam, before joining this class.
What you'll learn
Mail Processing and Filter, Network Configuration, PPS Logs, System Settings, TLS, Remote Syslog, Email Firewall Rules, Parsing PPS Logs, Email Firewall, Spam Detection, Envelope Splitting, TAP, Email Authentication, User Import, Health Check, Sizing
Courses
Advanced Settings, Recommended Configuration, Troubleshooting, PPS Solutions
Cost
Protection Server Course - Level 3
An enrollment code is required. If you need an enrollment code, contact training@proofpoint.com
Protection Server Exam III
Free
Format
Protection Server Course - Level 3
Live Instructor-Led Course
Scenarios and exhibits provide context for questions. Upon opening the first question, you have 100 minutes to complete the exam.
Email Fraud Defense (EFD) - Level 1
Email Fraud Defense (EFD) - Level 1
Type
Professional Training Course
Provider
Job Level
Foundations
Administrator, Security Analyst or Customer-Facing Individual
Email Authentication
Administrator, Security Analyst or EFD team member
Overview
Foundations
This course brings the Proofpoint Email Fraud Defense (EFD) product to life by combining integrated stories with functional information. It teaches you fundamental product knowledge you can use as an administrator, security analyst, or customer-facing individual. This foundational course is for learners with no prior knowledge of the subject matter. If you are confident in this information, you can move to another level 1 course.
Email Authentication
This foundational course brings the Proofpoint Email Fraud Defense (EFD) product to life by combining integrated stories with functional information. It teaches you fundamental product knowledge regarding email authentication you can use as an administrator, security analyst or EFD team member.
Prerequisites
Foundations
N/A
Email Authentication
Email Fraud Defense (EFD) Foundations - Level 1
What you'll learn
Foundations
The Need for Email Authentication teaches you how criminals target your organization with Business Email Compromise, Identity Deception and Email Fraud Defense. Email and DNS Foundations explains SMTP mail flow from the sender’s mailbox to the recipient, contents of email headers, and common DNS queries and records. Deception Tactics demonstrates how criminals use phishing and spoofing tactics to target your organization.
Email Authentication
High-Level View of EFD describes the EFD team and value of configuring outbound and inbound authentication to address email fraud defense. SPF describes Sender Policy Framework (SPF) including its implementation and challenges. DKIM describes DomainKeys Identified Mail (DKIM)including its implementation and challenges. DMARC teaches you operations of Domain Message Authentication Reporting and Conformance (DMARC) including alignment, implementation and reporting.
Courses
Foundations
The Need for Email Authentication, Email and DNS Foundations, Deception Tactics
Email Authentication
High-level overview of Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Doman Message Authentication Reporting and Conformance (DMARC)
Cost
Foundations - Free
Email Authentication - Free
Format
Online - Self-Paced - Micro-learning Course
40 minutes
Online - Self-Paced - Micro-learning Course
40 minutes
Email Fraud Defense (EFD) - Level 2
Email Fraud Defense (EFD) - Level 2
Type
Professional Training Course
EFD Email Authentication: Sender Policy Framework (SPF)
EFD Email Authentication: DKIM
EFD Email Authentication: DMARC
Provider
Job Level
EFD Email Authentication: Sender Policy Framework (SPF)
Administrator, Security Analyst or EFD team member
EFD Email Authentication: DKIM
Administrator, Security Analyst or EFD team member
EFD Email Authentication: DMARC
Administrator, Security Analyst or EFD team member
Overview
EFD Email Authentication: Sender Policy Framework (SPF)
This intermediate course brings the Proofpoint Email Fraud Defense (EFD) product to life by combining integrated stories with functional information. It teaches you how the Domain Keys Identified Mail (DKIM) protocol works. You can use this knowledge as an administrator, security analyst, or EFD team member.
EFD Email Authentication: DKIM
This intermediate course brings the Proofpoint Email Fraud Defense (EFD) product to life by combining integrated stories with functional information. It teaches you how the Domain Keys Identified Mail (DKIM) protocol works. You can use this knowledge as an administrator, security analyst or EFD team member.
EFD Email Authentication: DMARC
This intermediate course brings the Proofpoint Email Fraud Defense (EFD) product to life by combining integrated stories with functional information. It teaches you how the Domain-based Message Authentication, Reporting, and Conformance (DMARC) protocol works. You can use this knowledge as an administrator, security analyst or EFD team member.
Prerequisites
EFD Email Authentication: Sender Policy Framework (SPF)
Email Fraud Defense (EFD) Foundations - Level 1
Email Fraud Defense (EFD) Email Authentication - Level 1
EFD Email Authentication: DKIM
Email Fraud Defense (EFD) Foundations - Level 1
Email Fraud Defense (EFD) Email Authentication - Level 1
EFD Email Authentication: DMARC
Email Fraud Defense (EFD) Foundations - Level 1
Email Fraud Defense (EFD) Email Authentication - Level 1
Email Fraud Defense (EFD) Email Authentication: SPF – Level 2
Email Fraud Defense (EFD) Email Authentication: DKIM – Level 2
What you'll learn
EFD Email Authentication: Sender Policy Framework (SPF)
SPF Overview describes the Sender Policy Framework (SPF) at a high level and provides its value proposition. Outbound SPF describes how the organization configures the Domain Name Server (DNS) to support SPF including the DNS record, ten lookup limit and SPF challenges. Inbound SPF describes how a recipient system determines if a message passes an SPF check.
EFD Email Authentication: DKIM
DKIM Overview describes Doman Keys Identified Mail (DKIM) at a high level and provides its value proposition. DKIM Signing describes how the DKIM signer creates the DKIM Key and DKIM Signature. DKIM Verification describes how a recipient system verifies the DKIM signature.
EFD Email Authentication: DMARC
DMARC Overview describes how DMARC is used to enhance the SPF and DKIM authentication protocols. Inbound DMARC describes how the recipient system locates the DMARC record, verifies DKIM alignment using either SPF or DKIM alignment, determines the DMARC policy, and creates aggregate and forensic reports. Outbound DMARC describes how the sending organization creates the DMARC record,
and determines how DMARC should handle sub-organizations.
Courses
EFD Email Authentication: Sender Policy Framework (SPF)
SPF Overview, Outbound SPF, Inbound SPF
EFD Email Authentication: DKIM
DKIM Overview, DKIM Signing, DKIM Verification
EFD Email Authentication: DMARC
DMARC Overview, Inbound DMARC, Outbound DMARC
Cost
EFD Email Authentication: Sender Policy Framework (SPF) - Free
EFD Email Authentication: DKIM - Free
EFD Email Authentication: DMARC - Free
Format
EFD Email Authentication: Sender Policy Framework (SPF)
Online - Self-Paced - Micro-learning Course
45 minutes
EFD Email Authentication: DKIM
Online - Self-Paced - Micro-learning Course
35 minutes
EFD Email Authentication: DMARC
Online - Self-Paced - Micro-learning Course
35 minutes
Threat Response Auto Pull (TRAP) - Level 1
Threat Response Auto Pull (TRAP) - Level 1
Type
Professional Training Course
Integration and Incident Response
Provider
Job Level
Foundations
System Administrator, Security Analyst, Email Administrator
Administration
System Administrator, Security Analyst, Email Administrator
Integration and Incident Response
System Administrator, Security Analyst, Email Administrator
Overview
Foundations
This course brings the Proofpoint Threat Response Auto-Pull (TRAP) product to life by combining an integrated story with functional information. It teaches you fundamental product knowledge you can use as an administrator or security analyst. This foundational course is for learners with no prior knowledge of the subject matter. If you are confident in this information, you can move to another level 1 course.
Administration
This foundational course introduces important concepts and demonstrates the tasks you need to understand to succeed as a TRAP administrator. The lessons in this course provide an "under the hood" look at how the TRAP quarantine process works, a high-level view of TRAP installation options, and demonstrations of common TRAP configuration tasks.
Integration and Incident Response
This foundational course demonstrates the most common system integrations configured with TRAP and the tools that are used in TRAP to respond to threats. The lessons in this course demonstrate the basics of TRAP integration with TAP and the abuse mailbox, as well the integration of TRAP with the Exchange, Gmail, and Domino email services. Also demonstrated in the course is how to use TRAP for automatic and manual incident response.
Prerequisites
Foundations
Protection Server Foundations - Level 1
Targeted Attack Protection Foundations - Level 1
Administration
Protection Server Foundations - Level 1
TAP Foundations - Level 1
TRAP Foundations - Level 1
Threat Response Dashboard - Level 1
Integration and Incident Response
Protection Server Foundations - Level 1
TAP Foundations - Level 1
TRAP Foundations - Level 1
Threat Response Dashboard - Level 1
TRAP Administration - Level 1
What you'll learn
Foundations
Describe what TRAP is
Describe what TRAP does
Administration
Describe the TRAP quarantine process
Describe the options for TRAP deployment
Describe several common TRAP configuration tasks
Integration and Incident Response
Describe how to integrate TRAP with TAP and the abuse mailbox
Describe how to integrate TRAP with Exchange, Gmail, and Domino
Describe automatic and manual incident response options available in TRAP
Courses
Foundations
Threat Response Auto-Pull Learning Path, What TRAP Is, What TRAP Does
Administration
TRAP Quarantine Process, TRAP Deployment, TRAP Configuration Tasks
Integration and Incident Response
Integration, Proofpoint TAP, Abuse Mailbox Monitor, Smart Search CSV File Export, CSV uploads, Exchange Server, Office 365, Gmail Server, Domino Server, Appliance Management Console, Threat Response Interface and TRAP Reports
Cost
Foundations - Free
Administration - Free
Integration and Incident Response - Free
Format
Online - Self-Paced - Micro-learning Course
30 minutes
Online - Self-Paced - Micro-learning Course
45 minutes
Integration and Incident Response
Online - Self-Paced - Micro-learning Course
45 minutes
Nexus People Risk Explorer (NPRE) - Level 1
Nexus People Risk Explorer (NPRE) - Level 1
Type
Professional Training Course
Nexus People Risk Explorer (NPRE) Foundations
Nexus People Risk Explorer (NPRE) Settings and Customizations
Isolation Features and Protections
Provider
Job Level
Foundations
Security Analyst, Security Operations, Security Strategist, CISO
Settings & Customizations
Security Analyst, Security Operations, Security Strategist, CISO
Isolation Features & Protections
Administrators
Overview
Foundations
This foundational course provides an overview of the Nexus People Risk Explorer (NPRE) product emphasizing the people-centric focus of the product including data sources, assessment of risk, and use cases. It teaches the fundamental knowledge required to leverage the product features and capabilities.
Settings & Customizations
This foundational course introduces you to the processes of integrating Proofpoint products as data sources that populate the NPRE dashboard. It explains the customizations that allow for complex views of the data to fit the needs of users in various functional roles.
Isolation Features & Protections
This foundational course explains the features and options available in the Isolation product. Through use cases, it provides examples of feature use.
Prerequisites
Foundations
Protection Server Foundations - Level 1
TAP Foundations - Level 1
Cloud App Security Broker (CASB) and Cloud Account Defense (CAD) Foundations - Level 1
Security Awareness Training: Platform Foundations - Level 1
Settings & Customizations
Nexus People Risk Explorer (NPRE) Foundations - Level 1
Protection Server Foundations - Level 1
TAP Foundations - Level 1
Cloud App Security Broker (CASB) and Cloud Account Defense (CAD) Foundations - Level 1
Security Awareness Training: Platform Foundations - Level 1
Isolation Features & Protections
Isolation Foundations – Level 1
What you'll learn
Foundations
NPRE Overview teaches you the purpose of Nexus People Risk Explorer, how it collects data to assess risk, and how this data can be used to mitigate risk within your organization. People Risk teaches you the three risk categories that define the risk score with personal examples. Risk Data Sources teaches you how the data collected from PFPT sources is used to determine the risk score of individuals within an organization. Use Cases teaches you how NPRE can be used by security analysts, security directors and CISOs.
Settings & Customizations
NPRE Dashboard Overview provides an overview of Proofpoint's Nexus People Risk Explorer (NPRE) console interface and dashboard, including how to navigate and which tasks can be performed. Product Integration teaches how external Proofpoint and Proofpoint partner products are integrated into NPRE and the assignment of risk for products that are not integrated. Risk Score Thresholds teaches you the purpose of risk score thresholds and how to modify them to determine who is considered very risky to the organization. Organizational Risk teaches you about the monitoring groups available in NPRE, how to create custom monitoring groups and the application of risk to members of monitoring groups. User Access teaches you how to enable and revoke administrative access to the NPRE console.
Isolation Features & Protections
Introduction provides a brief comparison between Isolation channels and between standard and custom categories. Registration explains how browsers are registered; it also relates the different available options to the end user experience. Browsing Roles introduces options available by browsing role; it also explains which options are available for each channel. Content Rules teaches page control and threat scanning options
available for content rules.
Courses
Foundations
Overview of what NPRE provides to a people-centric security policy
Description of how NPRE defines risk and how it applies to users
Explanation of the sources of risk data and the risks it informs
Overview of common use cases for NPRE
Settings & Customizations
NPRE Dashboard Overview, Product Integration,
Risk Score Thresholds, Organizational Risk, User Access
Isolation Features & Protections
Introduction, Registration, Browsing Roles, Content Rules
Cost
Foundations - Free
Settings & Customizations - Free
Isolation Features & Protections - Free
Format
Online - Self-Paced - Micro-learning Course
30 minutes
Online - Self-Paced - Micro-learning Course
30 minutes
Isolation Features & Protections
Online - Self-Paced - Micro-learning Course
30 minutes
Targeted Attack Protection (TAP)
Targeted Attack Protection (TAP)
Type
Professional Training Course
Provider
Job Level
Foundations
System Administrator, Security Analyst, Email Administrator
Threat Analysis
System Administrator, Security Analyst, Email Administrator
Threat Reporting
System Administrator, Security Analyst, Email Administrator
Overview
Foundations
This course brings the Proofpoint Targeted Attack Protection (TAP) product to life by using people-centric stories with functional information. It teaches you fundamental product knowledge you can use as an administrator or security analyst. This foundational course is for learners with no prior knowledge of the subject matter. If you are confident in this information, you can move to another level 1 course.
Threat Analysis
This foundational course introduces the concepts behind threat analysis using the Targeted Attack Protection dashboard. It introduces the Threats via Email menu, the People menu
and the different icons used throughout the dashboard.
Threat Reporting
This foundational course introduces the concepts behind threat reporting using the Targeted Attack Protection dashboard reports. It introduces the Effectiveness, Threat Landscape, and People reports.
Prerequisites
Foundations
N/A
Threat Analysis
Targeted Attack Protection Dashboard - Level 1
Threat Reporting
Targeted Attack Protection Threat Analysis – Level 1
What you'll learn
Foundations
Describe how TAP detects, analyzes, and blocks advanced threats
Describe URL Defense, Attachment Defense, and the TAP Dashboard
Threat Analysis
Threats via Email teaches you how to identify threats and campaigns which may have affected your organization; it also helps you prioritize your investigation of these threats and campaigns. People Menu teaches you how to locate and interpret the data listed in the People menu and introduces the attack index applied to users. Iconography explores the four threat icon categories found throughout the dashboard and describes active, individual, campaign, and cleared icons for each threat category.
Threat Reporting
Effectiveness Report teaches you how to determine the effectiveness of the TAP module; it also teaches you how to use the data to identify misconfigurations with your Protection Server gateway. Threat Landscape Report teaches you how to analyze the types of threats targeted at your organization and users; it also helps you determine where to focus security awareness training. People Report reviews the concept of Very Attacked People (VAPs) and the attack index assigned to each user; teaches you how to analyze threat data for VIPs, top recipients and top clickers.
Courses
Foundations
TAP Overview: URL Defense, Attachment Defense, Dashboard
TAP Fast Facts
Threat Analysis
Threats via Email, People Menu, Iconography
Threat Reporting
Effectiveness Report, Threat Landscape Report, People Report
Cost
Foundations - Free
Threat Analysis - Free
Threat Reporting - Free
Format
Online - Self-Paced - Micro-learning Course
15 minutes
Online - Self-Paced - Micro-learning Course
25 minutes
Online - Self-Paced - Micro-learning Course
25 minutes
Threat Response Auto Pull (TRAP) - Level 1
Threat Response Auto Pull (TRAP) - Level 1
Type
Professional Training Course
Integration and Incident Response
Provider
Job Level
Foundations
System Administrator, Security Analyst, Email Administrator
Threat Response Dashboard
System Administrator, Security Analyst, Email Administrator
Administration
System Administrator, Security Analyst, Email Administrator
Integration and Incident Response
System Administrator, Security Analyst, Email Administrator
Overview
Foundations
This course brings the Proofpoint Threat Response Auto-Pull (TRAP) product to life by combining an integrated story with functional information. It teaches you fundamental product knowledge you can use as an administrator or security analyst. This foundational course is for learners with no prior knowledge of the subject matter. If you are confident in this information, you can move to another level 1 course.
Threat Response Dashboard
This foundational course demonstrates the primary features and functionality of the Threat Response Dashboard that pertain to TRAP. The lessons in this course describe how threats become incidents. The lessons also demonstrate dashboard navigation while also showing how TRAP is used for both automated and manual incident response.
Administration
This foundational course introduces important concepts and demonstrates the tasks you need to understand to succeed as a TRAP administrator. The lessons in this course provide an "under the hood" look at how the TRAP quarantine process works, a high-level view of TRAP installation options, and demonstrations of common TRAP configuration tasks.
Integration and Incident Response
This foundational course demonstrates the most common system integrations configured with TRAP and the tools that are used in TRAP to respond to threats. The lessons in this course demonstrate the basics of TRAP integration with TAP and the abuse mailbox, as well the integration of TRAP with the Exchange, Gmail, and Domino email services. Also demonstrated in the course is how to use TRAP for automatic and manual incident response.
Prerequisites
Foundations
Protection Server Foundations - Level 1
Targeted Attack Protection Foundations - Level 1
Threat Response Dashboard
Protection Server Foundations - Level 1
TAP Foundations - Level 1
TRAP Foundations - Level 1
Administration
Protection Server Foundations - Level 1
TAP Foundations - Level 1
TRAP Foundations - Level 1
Threat Response Dashboard - Level 1
Integration and Incident Response
Protection Server Foundations - Level 1
TAP Foundations - Level 1
TRAP Foundations - Level 1
Threat Response Dashboard - Level 1
TRAP Administration - Level 1
What you'll learn
Foundations
Describe what TRAP is
Describe what TRAP does
Threat Response Dashboard
Describe how threats become incidents on the Threat Response Dashboard
Describe how automated incident response is configured
Describe how to use TRAP to manually respond to incidents
Administration
Describe the TRAP quarantine process
Describe the options for TRAP deployment
Describe several common TRAP configuration tasks
Integration and Incident Response
Describe how to integrate TRAP with TAP and the abuse mailbox
Describe how to integrate TRAP with Exchange, Gmail, and Domino
Describe automatic and manual incident response options available in TRAP
Courses
Foundations
Threat Response Auto-Pull Learning Path, What TRAP Is, What TRAP Does
Threat Response Dashboard
Threat Response Dashboard, Automatic Threat Response, Manual Threat Response
Administration
TRAP Quarantine Process, TRAP Deployment, TRAP Configuration Tasks
Integration and Incident Response
Integration, Proofpoint TAP, Abuse Mailbox Monitor, Smart Search CSV File Export, CSV uploads, Exchange Server, Office 365, Gmail Server, Domino Server, Appliance Management Console,
Threat Response Interface and TRAP Reports
Cost
Foundations - Free
Threat Response Dashboard - Free
Administration - Free
Integration and Incident Response - Free
Format
Online - Self-Paced - Micro-learning Course
30 minutes
Online - Self-Paced - Micro-learning Course
Online - Self-Paced - Micro-learning Course
45 minutes
Integration and Incident Response
Online - Self-Paced - Micro-learning Course
45 minutes
Threat Response Auto Pull (TRAP) - Level 2
Threat Response Auto Pull (TRAP) - Level 2
Type
Professional Training Course
Incident Response with TRAP: Permitted Clicks
Incident Response with TRAP: Delivered Attachments & Unprotected URLs
Impostor, Spam and Delivered URLs
Provider
Job Level
CLEAR Incident Response
Security Analyst, Incident Response Administrator, Security Awareness Administrator
Event Source Configuration
Security Analyst, Incident Response Administrator, Security Awareness Administrator
Alerts & Incidents
Security Analyst, Incident Response Administrator, Security Awareness Administrator
Incident Response with TRAP: Permitted Clicks
Security Analyst, Incident Response Administrator, Security Awareness Administrator
Incident Response with TRAP: Delivered Attachments & Unprotected URLs
Security Analyst, Incident Response Administrator, Security Awareness Administrator
Impostor, Spam and Delivered URLs
Security Analyst, Incident Response Administrator, Security Awareness Administrator
Overview
CLEAR Incident Response
This intermediate course describes what happens from the point when a user clicks the PhishAlarm button to report a suspicious message, through the processes of threat analysis and incident response, to the end of the CLEAR workflow when the message is either pulled by TRAP or allowed to stay in users’ mailboxes. And the user who reported the message is notified.
Event Source Configuration
This intermediate course introduces the concepts behind using TRAP to respond to TAP incidents. It presents a high-level view of the TAP incident response workflow and demonstrates how to integrate TAP into TRAP. When a message with a URL or attachment is detected as a threat after it is delivered, you need an incident response solution to protect your users and your enterprise. TAP incident response with TRAP is the overall solution, but to implement this solution you need to integrate the TAP event source into TRAP.
Alerts & Incidents
This intermediate course describes how TRAP pulls alerts from TAP. In the interaction between these two products, TAP detects threats and generates alerts. TRAP pulls those alerts and creates incidents, which allows the incident response workflow to take action to remove and remediate the threats that TAP detected.
Incident Response with TRAP: Permitted Clicks
This intermediate course describes what causes TAP to generate delivered-attachment alerts and unprotected-URL alerts, how TRAP creates incidents from these alerts, and how to respond to delivered-attachment
and unprotected-URL incidents.
Incident Response with TRAP: Delivered Attachments & Unprotected URLs
Impostor, Spam and Delivered URLs
Prerequisites
CLEAR Incident Response
Protection Server Foundations – Level 1
TAP Foundations – Level 1
Threat Response Level 1 for Security Administrators
Event Source Configuration
Protection Server Foundations – Level 1, TAP Foundations – Level 1, TRAP Foundations – Level 1, Threat Response Dashboard – Level 1, and TRAP Administration – Level 1
Alerts & Incidents
Protection Server Foundations – Level 1, TAP Foundations – Level 1, TRAP Foundations – Level 1, Threat Response Dashboard – Level 1, TRAP Administration – Level 1, Integrating the TAP Event Source into TRAP – Level 2
Incident Response with TRAP: Permitted Clicks
Protection Server Foundations – Level 1, TAP Foundations – Level 1, TRAP Foundations – Level 1, TAP Event Source Configuration – Level 2, TAP Alerts and TRAP Incidents – Level 2
Incident Response with TRAP: Delivered Attachments & Unprotected URLs
Level 1: Protection Server Foundations, TAP Foundations, and Threat Response for Security Administrators
Level 2: TAP Event Source Configuration, TAP Alerts and TRAP Incidents, and TAP Incident Response with TRAP: Permitted Clicks
Impostor, Spam and Delivered URLs
Level 1: Protection Server Foundations, TAP Foundations, and Threat Response for Security Administrators
Level 2: TAP Event Source Configuration, TAP Alerts and TRAP Incidents, TAP Incident Response with TRAP: Permitted Clicks, and TAP Incident Response with TRAP: Delivered Attachments and Unprotected URLs
What you'll learn
CLEAR Incident Response
Describe what happens when a user reports a suspicious email; Identify incidents that can be closed automatically and those that must be closed manually; Respond to bulk, low-risk, spam, and malicious incidents;
Respond to suspicious and unknown incidents
Event Source Configuration
TAP Incident Response Workflow describes the components of TAP incident response, TAP, TRAP, your own incident response playbook, and how they all function together. Integrate the TAP Event Source into TRAP demonstrates how the TAP integration options are configured in the TAP event source; these options determine which TAP alerts TRAP pulls from TAP and uses to create incidents. TAP Alert Types describes the TAP alerts types that TRAP pulls from TAP to create incidents; it also describes the kind of match condition responses to perform for each TAP alert type.
Alerts & Incidents
Pulling Alerts From TAP describes the various scenarios where a message can be detected as threat post-delivery, with each scenario causing TAP to generate a different alert; TRAP, in turn creates incidents for each type of TAP alert. What Causes TAP to Generate Alerts reviews the details of each scenario that causes TAP to generate alerts; including permitted clicks, delivered attachment threats, unprotected URLs, delivered URL threats, and delivered impostor messages. How TRAP Creates Incidents presents the incident entries that appear in the Threat Response Dashboard, as well as the alert details that TRAP pulled from TAP when creating the incident; it also uses specific examples from permitted click, delivered attachment, and unprotected URL alerts.
Incident Response with TRAP: Permitted Clicks
Permitted click incident response describes what causes TAP to generate permitted click alerts and how TRAP creates incidents from permitted click alerts; it also demonstrates how to respond to permitted click incidents. Phish incident response describes the response emphasis for permitted click phish incidents; it also reviews permitted click phish incident response. Malware incident response describes the response emphasis for permitted click malware incidents; it also reviews permitted click malware incident response.
Incident Response with TRAP: Delivered Attachments & Unprotected URLs
Delivered-attachment and unprotected-URL incident response describes what causes TAP to generate delivered-attachment alerts and unprotected-URL alerts and how TRAP creates incidents from these alerts; it also demonstrates how to respond to these incidents. Phish incident response describes the response emphasis for delivered-attachment and unprotected-URL phish incidents; it also reviews the phish incident response workflow. Malware incident response describes the response emphasis for delivered-attachment and unprotected-URL malware incidents; it also reviews the malware incident response workflow.
Impostor, Spam and Delivered URLs
Impostor, spam, and delivered-URL incident response describes what causes TAP to generate alerts for delivered impostor messages, spam and delivered URLs and how TRAP creates incidents from these alerts; it also demonstrates how to respond to these incidents in TRAP. Incident response for delivered impostor messages describes the response emphasis for incidents created by delivered impostor messages; it also reviews the configuration of a match condition for responding to delivered impostor messages. Spam incident response describes the response emphasis for spam incidents; it also reviews the configuration of a match condition for responding to spam. Delivered-URL incident response describes how a delivered-URL incident is created; it also reviews the configuration of a match condition for responding to delivered URLs.
Courses
CLEAR Incident Response
What happens when a user reports a suspicious email; How to Respond to Bulk, Low Risk, Spam and Malicious Incidents; How to Respond to Suspicious and Unknown Incidents
Event Source Configuration
TAP Incident Response Workflow, Integrate the TAP Event Source into TRAP, TAP Alert Types
Alerts & Incidents
Pulling Alerts From TAP, What Causes TAP to Generate Alerts, How TRAP Creates Incidents
Incident Response with TRAP: Permitted Clicks
Permitted click incident response, Phish incident response, Malware incident response
Incident Response with TRAP: Delivered Attachments & Unprotected URLs
Delivered-attachment and unprotected-URL incident response, Phish incident response, Malware incident response
Impostor, Spam and Delivered URLs
Impostor, spam, and delivered-URL incident response, Incident response for delivered impostor messages, Spam incident response, Delivered-URL incident response
Cost
CLEAR Incident Response - Free
Event Source Configuration - Free
Alerts & Incidents - Free
Incident Response with TRAP: Permitted Clicks - Free
Incident Response with TRAP: Delivered Attachments & Unprotected URLs - Free
Impostor, Spam and Delivered URLs - Free
Format
Online - Self-Paced - Micro-learning Course
60 minutes
Online - Self-Paced - Micro-learning Course
30 minutes
Online - Self-Paced - Micro-learning Course
25 minutes
Incident Response with TRAP: Permitted Clicks
Online - Self-Paced - Micro-learning Course
20 minutes
Incident Response with TRAP: Delivered Attachments & Unprotected URLs
Online - Self-Paced - Micro-learning Course
20 minutes
Impostor, Spam and Delivered URLs
Online - Self-Paced - Micro-learning Course
25 minutes
Security Orchestration Automation & Response - Level 1
Security Orchestration Automation & Response - Level 1
Type
Professional Training Course
Threat Response for Security Analysts
Threat Response for Administrators
Provider
Job Level
Threat Response for Security Analysts
Security Analysts
Threat Response for Administrators
Security Administrators
Overview
Threat Response for Security Analysts
The Threat Response for Security Administrators course identifies processes that a Security Analyst will use to examine incidents using information from multiple enrichment sources
and perform either manual or automated remediation.
Threat Response for Administrators
The Level 1 – Threat Response (PTR) for Administrators course provides instruction on the implementation, configuration, administration, and maintenance of Proofpoint Threat Response.
Prerequisites
Threat Response for Security Analysts
N/A
Threat Response for Administrators
N/A
What you'll learn
Threat Response for Security Analysts
Students have an opportunity to test their knowledge by taking the Threat Response (PTR) for Administrators course exam. A passing score is required to attain accreditation.
Threat Response for Administrators
Students have an opportunity to test their knowledge by taking the Threat Response (PTR) for Administrators course exam. A passing score of 75% is required to attain accreditation.
Courses
Threat Response for Security Analysts
Threat Response for Security Administrators, Threat Response for Security Analysts - Exam, Web Based Training Course Survey
Threat Response for Administrators
Threat Response for Administrators Introduction and Installation, Threat Response General Configuration, Threat Response Messaging Systems Configuration, Threat Response Administration, Threat Response Maintenance, Threat Response for Administrators - Exam, Web Based Training Course Survey
Cost
Threat Response for Security Analysts - Free
Threat Response for Administrators - Free
Format
Threat Response for Security Analysts
Online - Self-Paced - Micro-learning Course
120 minutes
Threat Response for Administrators
Online - Self-Paced - Micro-learning Course
120 minutes
Security Awareness - Level 1 & 2
Security Awareness - Level 1 & 2
Type
Professional Training Course
Closed-Loop Email Analysis and Response (CLEAR)
Provider
Job Level
Security Administrators, Security Analysts
Overview
This course provides step-by-step processes, configurations, videos, and best practices for the Closed-Loop Email Analysis and Response solution that incorporates PhishAlarm, PhishAlarm Analyzer and Threat Response Auto-Pull.
Prerequisites
N/A
What you'll learn
The course includes product overviews, technical and whitelist requirements, installation, configuration, and settings for PhishAlarm and PhishAlarm Analyzer, Threat Response Auto-Pull (TRAP) Abuse Mailbox Monitor and match conditions, and Proofpoint Protection Server (PPS) policy routes.
Courses
Closed-Loop Email Analysis and Response (CLEAR) - Level 1 and Level 2
Web Based Training Course Survey
Cost
Free
Format
Online - Self-Paced - Micro-learning Course
90 minutes
Nexus People Risk Explorer (NPRE) - Level 1
Nexus People Risk Explorer (NPRE) - Level 1
Type
Professional Training Course
Nexus People Risk Explorer (NPRE) Foundations
Nexus People Risk Explorer (NPRE) Settings and Customizations
Provider
Job Level
Foundations
Security Analyst, Security Operations, Security Strategist, CISO
Settings & Customizations
Security Analyst, Security Operations, Security Strategist, CISO
Overview
Foundations
This foundational course provides an overview of the Nexus People Risk Explorer (NPRE) product emphasizing the people-centric focus of the product including data sources, assessment of risk, and use cases. It teaches the fundamental knowledge required to leverage the product features and capabilities.
Settings & Customizations
This foundational course introduces you to the processes of integrating Proofpoint products as data sources that populate the NPRE dashboard. It explains the customizations that allow for complex views of the data to fit the needs of users in various functional roles.
Prerequisites
Foundations
Protection Server Foundations - Level 1
TAP Foundations - Level 1
Cloud App Security Broker (CASB) and Cloud Account Defense (CAD) Foundations - Level 1
Security Awareness Training: Platform Foundations - Level 1
Settings & Customizations
Nexus People Risk Explorer (NPRE) Foundations - Level 1
Protection Server Foundations - Level 1
TAP Foundations - Level 1
Cloud App Security Broker (CASB) and Cloud Account Defense (CAD) Foundations - Level 1
Security Awareness Training: Platform Foundations - Level 1
What you'll learn
Foundations
NPRE Overview teaches you the purpose of Nexus People Risk Explorer, how it collects data to assess risk, and how this data can be used to mitigate risk within your organization. People Risk teaches you the three risk categories that define the risk score with personal examples. Risk Data Sources teaches you how the data collected from PFPT sources is used to determine the risk score of individuals within an organization. Use Cases teaches you how NPRE can be used by security analysts, security directors and CISOs.
Settings & Customizations
NPRE Dashboard Overview provides an overview of Proofpoint's Nexus People Risk Explorer (NPRE) console interface and dashboard, including how to navigate and which tasks can be performed. Product Integration teaches how external Proofpoint and Proofpoint partner products are integrated into NPRE and the assignment of risk for products that are not integrated. Risk Score Thresholds teaches you the purpose of risk score thresholds and how to modify them to determine who is considered very risky to the organization. Organizational Risk teaches you about the monitoring groups available in NPRE, how to create custom monitoring groups and the application of risk to members of monitoring groups. User Access teaches you how to enable and revoke administrative access to the NPRE console.
Courses
Foundations
Overview of what NPRE provides to a people-centric security policy
Description of how NPRE defines risk and how it applies to users
Explanation of the sources of risk data and the risks it informs
Overview of common use cases for NPRE
Settings & Customizations
NPRE Dashboard Overview, Product Integration,
Risk Score Thresholds, Organizational Risk, User Access
Cost
Foundations - Free
Settings & Customizations - Free
Format
Online - Self-Paced - Micro-learning Course
30 minutes
Online - Self-Paced - Micro-learning Course
30 minutes
Advanced Threat Protection: Isolation - Level 1
Advanced Threat Protection: Isolation - Level 1
Type
Professional Training Course
Isolation Foundations - Level 1
Isolation Features and Protections
Provider
Job Level
Foundations
Security Administrators
Features & Protections
Security Administrators
Overview
Foundations
This foundational course introduces the concepts behind rule and policy configuration for the purposes of isolating browsing sessions and URLs. Through use cases, it introduces Proofpoint Isolate products and covers the basic principles behind the products.
Features & Protections
This foundational course explains the features and options available in the Isolation product.
Through use cases, it provides examples of feature use.
Prerequisites
Foundations
N/A
Features & Protections
Isolation Foundations – Level 1
What you'll learn
Foundations
Introducing a Third Option teaches you the purpose of Proofpoint Isolation and explores the basic way in which it works. End-User Entry Points and Protections shows the various ways an end user can enter Isolation and reviews the main features and protections that Isolation provides. Precision Control introduces the concepts behind the Isolation Policy framework and describes the various pieces needed to create an effective policy. Isolation Console provides a brief tour of the Isolation Console and provides tips for navigating and using the console.
Features & Protections
Introduction provides a brief comparison between Isolation channels and between standard and custom categories. Registration explains how browsers are registered; it also relates the different available options to the end user experience. Browsing Roles introduces options available by browsing role; it also explains which options are available for each channel. Content Rules teaches page control and threat scanning options available for content rules.
Courses
Foundations
Introducing a Third Option
End-User Entry Points and Protections
Precision Control
Isolation Console Overview
Features & Protections
Introduction
Registration
Browsing Roles
Content Rules
Cost
Foundations - Free
Features & Protections - Free
Format
Online - Self-Paced - Micro-learning Course
30 minutes
Online - Self-Paced - Micro-learning Course
30 minutes
Page updated
Google Sites
Report abuse