What is our primary use case?
I am managing the entire Proofpoint Email Protection Email Security applications for one of the largest healthcare industries. The organization uses this tool to protect their entire infrastructure based on email security. Proofpoint Email Protection is one of the leading tools for email security protection, utilizing advanced AI-driven and machine learning technology to review all emails.
Proofpoint Email Protection performs very deep investigation on all incoming emails. It scans through multiple Proofpoint cloud applications such as TAP, TRAP, Email Fraud Defense, a customer support portal, and Proofpoint Security Awareness tool, supporting six to seven applications total. All these applications are cooperated and cloud-native, working together to determine whether an email is actually malicious or not. It is very easy to perform sandboxing of the incoming email, conduct investigations, and run checks on multiple sender intelligence and email firewall rules to easily identify incoming emails. Based on the decision, emails can be allowed, sent, or quarantined at the gateway level.
Proofpoint Email Protection can easily integrate with Office 365 cloud application and should be easy to integrate with Exchange on-prem as well, with both working simultaneously. User sync is easy, SSO configuration is straightforward, and managing all incoming domains on the Proofpoint cluster is simple. Most organizations are moving forward with Proofpoint Email Protection because of these capabilities as it is one solution for many problems.
We generally use this service directly from the vendor. We discuss the requirement and enterprise level design, considering how large, small, or medium the organization is. Based on that assessment, any customer decides whether to go ahead with licensing all features or limited functionality. For big or broader organizations, Proofpoint Email Protection is really helpful because they can utilize all applications for protecting emails. However, for low-size or mid-level organizations, it can be challenging in terms of cost, management, and resource utilization, which could be a problem for low-level enterprises.
What is most valuable?
Proofpoint Email Protection performs very deep investigation on all incoming emails. It scans through multiple Proofpoint cloud applications such as TAP, TRAP, Email Fraud Defense, a customer support portal, and Proofpoint Security Awareness tool, supporting six to seven applications total. All these applications are cooperated and cloud-native, working together to determine whether an email is actually malicious or not. It is very easy to perform sandboxing of the incoming email, conduct investigations, and run checks on multiple sender intelligence and email firewall rules to easily identify incoming emails. Based on the decision, emails can be allowed, sent, or quarantined at the gateway level.
Proofpoint Email Protection can easily integrate with Office 365 cloud application and should be easy to integrate with Exchange on-prem as well, with both working simultaneously. User sync is easy, SSO configuration is straightforward, and managing all incoming domains on the Proofpoint cluster is simple. Most organizations are moving forward with Proofpoint Email Protection because of these capabilities as it is one solution for many problems.
What needs improvement?
There are many things that could be improved, but once you are very well-known about this application, you could perform that improvement plan. There are many scenarios where I have worked with Proofpoint Email Protection where a requirement was not fulfilled due to the limitation of the product.
For example, we have Report Phish automation. With Proofpoint Email Protection, we can configure Report Phish and forward the email to any email addresses or shared mailboxes that we provide in the configuration. That email is forwarded as is with whatever the user reports as a phishing email. However, some organizations do not want the reported phishing email to go as is into their ticketing tool because it might contain malicious attachments and malicious links that are not required to go into their internal organization. Proofpoint Email Protection has that limitation. They cannot forward or restrict, but could forward only limited information such as some header information, sender subject details, or only limited information. As it is, the email can be forwarded, not as limited information.
Proofpoint TRAP solution also has limitations. It cannot create alert notifications for some specific requirements because Proofpoint works the way it is designed, and if you want it to work based on our requirement, that should not be possible. There is a scope of limitations here.
There are many improvements that should be made. First, they should work on their false positive minimization. Proofpoint generally takes all emails, investigates them, and classifies them. There are many situations where legit emails are blocked because that domain is found to be under a malicious category somehow, but actually it is not. False positive minimization could be improved, and they could enhance their other applications or solutions. There are many things that they could improve from each application and each portal.
For how long have I used the solution?
I have been working with Proofpoint Email Protection for a total of eight years.
What do I think about the stability of the solution?
There are no performance issues. Performance issues only happen when there is a break-fix situation. For example, if TRAP is not connected with Exchange Online or Exchange on-prem server, there is a problem for the company because if the solution is not connected, it will not work. There is a feature where we can enable the auto-alerting system. We can easily create or configure alerts whenever any node is down, and it can send an alert to a monitored mailbox where anyone can take a look at that priority. Everything looks good and there are no performance issues.
What do I think about the scalability of the solution?
We generally use this service directly from the vendor. We discuss the requirement and enterprise level design, considering how big, small, or medium level the organization is. Based on that assessment, any customer decides whether to go ahead with licensing all features or limited functionality. For big or broader organizations, Proofpoint Email Protection is really helpful because they can utilize all applications for protecting emails. However, for low-size or mid-level organizations, it can be challenging in terms of cost, management, and resource utilization, which could be a problem for low-level enterprises.
How are customer service and support?
Proofpoint customer service is excellent, deserving a 10 out of 10 rating. They are very supportive. I work with four or five calls every day with the Proofpoint vendor support whenever any issue occurs. Any break-fix issue can be categorized into P1, P2, P3, or P4 levels. Based on the criticality and priority, we raise a ticket. Support can be obtained within 24 hours, 6 hours, or 4 hours depending on the severity. The response is very quick and their support is very good. Additionally, professional services are available whenever deployment is needed, whenever additional features or licensing are required, or whenever professional support is requested. Sometimes it requires some cost, and sometimes it is part of your license. It is easy to obtain professional support help as well.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I have worked with FireEye EMPS, which is the FireEye Email Protection system, and I have also worked with Cisco IronPort and Microsoft Defender for Office 365. Proofpoint Email Protection is superior to other third-party applications such as Cisco IronPort or FireEye. It is really very comfortable to use, easy to operate, easy to manage, easy to take actions, easy to deploy, and easy to migrate.
Most importantly, the data center location is very important. Some organizations in the UAE and Gulf countries do not want their data to go outside of the UAE location and are very concerned about creating a data center within their location. Most other third-party applications do not generally support that feature. However, Proofpoint is globally capturing the market and now has data centers in all nearby locations such as the US, UAE, Europe, and the Asia-Pacific region. This is really good for customers who want to retain their data.
How was the initial setup?
Proofpoint Email Protection deployment is very straightforward. When you get the license and have all discussions with Proofpoint about your requirements, they will easily provide the configuration for a dedicated cluster for your organization. They will send an initial advisory email from the sales team from the US containing all details about the MX record for all domains and the predefined cluster configurations that will have all basic email firewall rules and basic cluster configurations.
Once you take the services, they will schedule a call and go through migration or deployment. They will go through the step-by-step process of each email protection system health. They will perform configuration, onboard new domains within the portal and within Proofpoint cluster, perform checks, and update DNS records for all those domains. At the DNS level, they will verify, test, generate DKIM keys, and update SPF records. Once everything is aligned, they will test inbound email and send inbound emails. It is a very easy step-by-step process and they will definitely assist. I have done the migration for Proofpoint multiple projects in the past and understand it is not very challenging when you have support from the vendor.
What about the implementation team?
We generally use this service directly from the vendor.
What other advice do I have?
I am currently working with Proofpoint Email Protection as well.
Proofpoint Email Protection is basically a cloud-based application. Proofpoint Email Protection has Proofpoint POD, which is Proofpoint On-Demand. We also have TAP, Targeted Attack Protection, and Threat Response Auto-Pull. Of all these applications, POD and TAP are cloud-based, and Email Fraud Defense is as well. All of these are cloud-based solutions with no on-prem situation. Proofpoint TRAP, which is Threat Response Auto-Pull, is on-prem and can be installed on the Linux server. This is the only solution which is hosted on-prem, but the vendor has now also migrated to CTR, which is called Cloud Threat Response platform. Rather than going for the on-prem TRAP solution, vendors are suggesting migration to Cloud Threat Response, which is very easy to handle, make decisions, perform automated analysis of reported phishing emails, and is very easy to understand with a very good GUI platform that any analyst can easily work on the incident created on the TRAP solution. Every solution is now migrated to Proofpoint cloud application.
Proofpoint Email Protection can easily be integrated with Azure. Whatever users are created on the Azure, Proofpoint POD has a sync-up policy which can fetch the tenant information, client information, and the client key. Based on all those details, it can easily connect to the Azure platform and perform all required actions such as Azure SSO and Azure user sync policies. AWS is not frequently used for Proofpoint Email Protection application.
There is a quick example to illustrate this. If there is a phishing campaign deployed to 100 users, some users might have clicked on the phishing link and some might access the URL and get compromised. Proofpoint Email Protection protects the work effort from the SOC team by working in the backend. Whenever any malicious email is identified, Proofpoint performs the sandbox analysis on the backend. Whenever any signature gets updated or this email was determined to be malicious when it was delivered, it automatically gets quarantined from the TRAP solution. This protects the risk and saves efforts from the SOC analyst to manually investigate that email, quarantine it, and take action. Proofpoint can give visibility and automatically delete that email. It can identify out of 100 users who all have only clicked on that link. This saves time from an investigation point of view and minimizes efforts for the SOC. Even if there is no resource or the SOC resource has not taken a look at that phishing campaign, TRAP can work in the backend and save the organization from the threats.
Proofpoint TRAP is giving visibility about this threat landscape. We have the feature to upload the VAP, which is called Very Attacked People. There is another option to upload that executive list. Whenever that person is being targeted, it could have the flag of high risk or very important people. This can give visibility by looking at the asterisk sign near the user. Any analyst working on the ticket could easily understand that this is high priority, an executive has clicked on the link, or an executive has received that phishing email. This could give visibility to further investigate on the priority and basically lets us decide what is important and how we can work.
Proofpoint Email Protection is all about the licensing. If the organization requires a broader picture of email security protection and wants to take all services from Proofpoint Email Protection, they could take the licenses for all its applications. If they want to integrate Proofpoint Email Protection with their SIEM solution, they would obviously require Proofpoint API keys for that. For that, it is again a license-based requirement, and a license comes with an additional cost. If the organization is big, you could go ahead with all licenses, take all features, enable all services, take the professional services as well for the deployment, and it will help in thinking in the direction of cost as well as the service agreement.
Proofpoint Email Protection is very smooth in terms of the operational point of view. It is very easy to operate, easy to manage, and easy to handle threats. It is a great tool. The reason is that you do not need to investigate any bad thing that happens within your organization as it can create an alert. For email, the only concern is when the user clicks on a malicious link. Whenever a user clicks on this malicious link, it can trigger an alert for that. Once the alert is triggered, any analyst can investigate that. There is very good operational efficiency.
Security posture includes Email Fraud Defense, which gives insight of all security information and security-related issues. For example, if someone is trying to spoof your domain or trying to send an email on behalf of your domain, the application can give an idea or view of who is utilizing your domain. You could easily go and check into that and easily identify whether that email is legitimate or not. If that email is not legitimate, you could directly go and block that sender into your gateway. Additionally, by looking into all email DMARC posture reports, you could utilize that report to put your domains into the DMARC. If your domain is not protected with the DMARC reject policy, you could easily review all those emails, identify which one is legitimate and which one is not, break it down, and easily put your domain into the reject policy and save your emails from getting bounced back with legitimate emails not getting bounced back.
Proofpoint Email Protection has the capability to address zero-day attacks. If there is a zero-day attack or an active campaign which is going on with IOCs related to a ransomware attack that was deployed through email, Proofpoint has that capability to easily identify the active threats or emerging threats. The best part to address this issue regarding emerging threats is that you could easily integrate your Proofpoint TAP application with different other third-party applications such as Palo Alto WildFire or CrowdStrike. Through API, you could easily connect with those solutions. Whenever the email arrives into the POD console, it sends one copy of that email to Proofpoint WildFire or CrowdStrike for further investigation. If that email or that threat is already flagged as an emerging threat within that global Palo Alto WildFire category (because most organizations are using Palo Alto solutions with signatures being updated every day and millions of signatures being identified and updated under the emerging threat category), since Proofpoint TAP is easily synced with this WildFire solution or CrowdStrike, it can protect from emerging threats very easily or quickly.
Whenever any new user is getting the service from Proofpoint Email Protection, they should have a very detailed discussion about what services within that license will be provided. The reason for saying this is that once you take the service and then come up with "I need to integrate the solution with our SIEM solution," you reach out to your Proofpoint account manager and they will say "we can do that, but there is an additional license for that which does not come with the basic license." In that case, there might be challenges or risks for the organization if it is a low level or not a very big organization or big revenue-generating company. For that reason, you should have an understanding of what Proofpoint Email Protection applications and tools they have first. What services they provide through each application and whether it is required for your business or not. What specific service do you want to incorporate into your organization? Whether you want to educate your users (that comes with Proofpoint Security Awareness platform tool), you could easily educate your users and send a simulated phishing email or campaigns to all users, and track how many users clicked on the link and how many reported. They have all the services. Now you need to decide what your requirement is. Based on the requirement, you need to discuss with your account manager, and they will come up with the solution and provide the licensing requirement, cost requirement, and how much time they would require for deployment. My overall rating for Proofpoint Email Protection is 9 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
