Proofpoint adds threat defence to AWS Security Hub plan

Proofpoint has integrated its Collaboration Protection product with the Extended Plan for AWS Security Hub, adding email and collaboration threat protection to Amazon Web Services' curated security bundle sold under a single commercial arrangement.

The integration brings Proofpoint controls for email, messaging and collaboration tools into AWS Security Hub's Extended Plan. Customers can purchase the combined offer through AWS under one contract and one bill, with consolidated support and AWS-set pricing.

AWS positions Security Hub as a unified security service that aggregates findings from AWS services and partner tools. The Extended Plan bundles selected AWS detection services with partner products across areas such as endpoint security, identity, security operations and artificial intelligence. The goal is a more standardised procurement route for larger organisations that already use multiple security tools.

Proofpoint is targeting organisations that rely on cloud productivity suites and collaboration platforms, where attackers often deliver phishing and social engineering lures. Email remains a common entry point, and collaboration tools have become a routine channel for impersonation and fraud.

What is included

Proofpoint Collaboration Protection focuses on inbound threat filtering and user-facing controls across email, messaging and collaboration services. It also includes tools for managing spam and grey mail to reduce noise in inboxes and collaboration channels.

The product covers phishing, business email compromise and ransomware-related messaging. Proofpoint also points to newer AI-enabled techniques, including "hidden prompt injection" and "callback phishing", which rely on deception and user interaction rather than a conventional malware payload.

In addition to filtering, the service provides real-time user coaching. It prompts users when messages appear suspicious and encourages reporting at the point of receipt. Security leaders have increasingly adopted in-workflow coaching in response to persistent phishing success rates and the limits of annual training programmes.

Proofpoint says the service is powered by its Nexus AI threat-detection stack, which it describes as combining threat intelligence, machine learning, relationship graphs, large language models and computer vision. It also made an efficacy claim for detecting sophisticated threats.

AWS channel

For AWS, the integration adds another specialist security vendor to a catalogue aimed at simplifying purchases for large customers. Security teams often run multiple tools across cloud and on-premise environments, and procurement and vendor management can add overhead-particularly when renewals and support processes vary by supplier.

The Extended Plan reflects a broader shift towards platform-led procurement. Cloud providers and large software vendors have expanded marketplaces and bundles that package third-party tools with their own services. Customers often prefer consolidated billing and fewer commercial relationships, even when the underlying security stack still includes multiple products.

Proofpoint framed the integration as a way to reduce complexity for customers that want to manage controls across cloud productivity and collaboration environments while using AWS as the purchasing route.

A short context note accompanied the announcement about the scope of coverage Security Hub Extended Plan claims to offer across an organisation's attack surface.

"AWS Security Hub Extended delivers what enterprises need most: unified detection and response across their entire attack surface, with proven cybersecurity protection at scale," said Tom Corn, Executive Vice President and General Manager, Threat Protection Group at Proofpoint. "The integration makes it easier for organisations to protect their people, defend their data, and govern AI with security built for how people work today. We're strengthening defense-in-depth while reducing complexity, helping customers improve their security posture faster and drive more consistent, resilient outcomes across their cloud environments."

Threat focus

Security vendors have increased their focus on collaboration platforms as attackers broaden their channels beyond email. Fraud attempts often exploit trust in internal chat messages and shared documents. Business email compromise has also evolved into broader "business communication compromise" patterns, where adversaries mix email with chat, voice and file-sharing to build credibility.

Proofpoint's references to "hidden prompt injection" reflect growing concern about how generative AI systems can be manipulated through crafted inputs embedded in emails or documents. In these scenarios, attackers attempt to influence automated summaries, copilots or other AI-driven workflows used by employees. Vendors have begun positioning detection and policy controls around this risk, though definitions and practical mitigations vary.

Proofpoint says Collaboration Protection delivers "99.999% efficacy against sophisticated threats, including phishing attacks, business email compromise (BEC), AI-driven exploits such as hidden prompt injection, ransomware, email bombing, callback phishing, and other advanced social engineering techniques."

Proofpoint says the Extended Plan for AWS Security Hub is available in all commercial AWS regions.