Proofpoint announces new partnerships with Crowdstrike, Okta

Proofpoint maintains a limited number of strategic relationships, so considers both these new ones highly strategic, particularly in positioning against Microsoft’s in-house security offerings.

Ryan Kalember, Proofpoint’s executive vice president of Cybersecurity Strategy

Cybersecurity vendor Proofpoint has announced a pair of new strategic integrations with other ISVs. They have partnered with fellow cybersecurity vendor Crowdstrike to enhance multi-layer security by feeding Proofpoint’s threat intelligence into the Crowdstrike platform. The Okta integration is targeted at credential phishing by bringing Proofpoint’s Threat Response Auto-Pull (TRAP) into the Okta Identity Cloud.

“The common theme is that we are aligning with the next generation leaders in the space,” said Ryan Kalember, Proofpoint’s executive vice president of Cybersecurity Strategy. “Crowdstrike, Okta and ourselves all have the same set of competitors, which include Symantec and free stuff from Microsoft.”

Proofpoint’s strategic partnership strategy with other vendors can best be described as select, since they have rather fewer such relationships than many vendors in their space.

“Our ecosystem strategy is to do deep technical innovations which will be meaningful to joint customers, rather than superficial integrations with everyone under the sun,” Kalember said.

The Technology Partner Program is about four years old. Palo Alto Networks, Splunk and CyberArk were the launch partners, and the two new integrations puts the number of strategic partners in the high single digits.

“The numbers will never get that high,” Kalember said. “Our logic is that we want the integrations to be important and easy to deploy.

Kalember described the CrowdStrike relationship as a natural collaborative relationship, not a co-opetitive one.

“They are also a cloud-based endpoint player, but we are people-centric security and they are more process,” he said. For things like spearfishing, if it gets through us, they can look at it on the endpoint.”

Through the partnership, Proofpoint’s Targeted Attack Protection [TAP] security intelligence will feed threat intelligence on malicious email attachments into the CrowdStrike Falcon platform.

Kalmber said that this relationship is a critically important one, comparing it to their integration with Palo Alto Networks four years ago.

“It continues to to line us up with best-of-breed vendors who compete with Microsoft’s own native security offering,” he stated. “A major advantage that we have is that while Microsoft will integrate its own products, we provide integrations with other best-of breed vendors. We have many joint customers with CrowdStrike, and this will help us make the relationship with those joint customers deeper. We have a lot of the same channel partners, because we both have a lot of success among same types of companies, at the high end of the market and the mid-market.”

Kalember said that the timing of this news should position both companies to take advantage of what they see as a major opportunity created by Broadcom’s acquisition of Symantec.

“The Symantec news had a big bearing on this, with many companies now looking to rip out Symantec,” he noted.

The new partnership with enterprise identity vendor Okta is aimed at improving defense against email credential phishing attacks. The integration of Proofpoint’s TRAP and the Okta Identity Cloud improves automated response, allowing security teams to automatically layer additional authentication security so that users who clicked on a phishing URL do not have their accounts compromised.

“The integration with Okta is really exciting because it is a people-centric solution,” Kalember said. “The last couple of years, we have focused on people in an organization who are the targets of most interest to cybercriminals.”

The Okta integration automates the orchestration of security teams’ response after Proofpoint detects a phishing site after a user clicks on it. Stepped-up authentication through Okta Multi-Factor Authentication is then automatically deployed. This eliminates the need for the teams to waste time and resources containing the risk themselves

“This response to credential phishing derives from our understanding of Very Attacked People,” Kalember said. “When that dynamic list is created, you want to do something to better protect them, which you don’t do for all users. It now becomes a dynamic list in Okta’s Identity Cloud, connected to security controls at Okta, that lets them limit access to specific systems if they are being attacked. To me, this is how security should work – automatically, with no professional services needed, meaningfully reducing risk, and with no impact to most users.”