The best part of Proofpoint Threat Response is the Auto-Pull feature. Being able to pull an email back from a user's mailbox is very useful, yet I have noticed that not a lot of organizations use this kind of feature. I've seen organizations that use Cisco Email Security or Barracuda Email Security and while these solutions may also include such a feature, I have very rarely seen any organizations implement it for some reason (possibly because of its perceived downsides).

Compared to these other solutions, I think that Proofpoint's version of the Auto-Pull feature is superior in my experience.

For an example of where it really comes in useful, I have seen a case in one company where a malicious email was delivered to 24,000 users internally. I believe it was auto-forwarded from only one user to all these other 24,000 users at once. Now, imagine how many days it would take for that company to pull the email using a legacy Exchange PowerShell script or by using Exchange Online. It would take forever, and there isn't much you could do to track or analyze how many other users it was being sent to at that moment in real time. It's simply impossible to do all that just by using Exchange PowerShell scripts.

But with Threat Response, all you have to do is input the details of the malicious email (e.g. the email ID) and upload these details via CSV file or similar, at which point Threat Response will call the vectors of the email and it will go in and pull those 24,000 emails instantly.

This is truly a top-notch feature, and I have not seen such good functionality from the same kind of feature in any other tool so far. Looking at four or five of the industry's top email security solutions, none of them even come close to matching Proofpoint's version of this feature.

Auto-pulling the emails and phishing are the most valuable features, plus also we can randomly pull the emails based upon our own requirements.