Share your experience using Vade for M365

As a customer of Proofpoint Email Protection, my company uses it. Many of the use cases for Proofpoint Email Protection involve thwarting a lot of email threats, such as phishing, smishing, and many other variants. Proofpoint Email Protection is very email-based, and recently we started doing a lot of custom blocks on it where we implement some YARA rules or other custom patterns to block suspicious payloads from getting into our environment, so our use case is heavily on the email side.

The ability to create custom blocks in Proofpoint Email Protection is a very big deal for me. I enjoy being able to do that, and I appreciate the advanced phishing and BEC protection. I value that it provides a lot of advanced phishing protection and smishing for executives. The TAP, or Targeted Attack Protection, which blocks many sophisticated and URL campaigns, is really nice. One of the features that Proofpoint Email Protection has, that a lot of vendors don't have, is URL Defense, which rewrites links such that even when bad links come in an email and it recognizes them, it rewrites them so you cannot click them and they go into Proofpoint isolation part. Additionally, the Attachment Defense that sandboxes attachments and detects malware from them is impressive. I appreciate that Proofpoint Email Protection has a very good Intel platform that tracks a lot of global threats and can detect threats before they happen or inform me of threats that are salient in my environment through a lot of correlations, making it one of the best.

Using Proofpoint Email Protection definitely helps with reducing the SOC Analyst workloads. In terms of context, Proofpoint Email Protection has good contextual analysis, so it helps reduce the time to containment because we have a lot of information, and while starting up, we do not have to start many procedures from scratch. We reduce a lot of the mean time to containment, and many threats are being caught, resulting in fewer incidents to deal with, which reduces the burnout from our SOC.

The areas of Proofpoint Email Protection that could be improved or enhanced involve the email rewrite functionality. It can be aggressive sometimes, rewriting a lot of very benign content. Finding a balance is key because sometimes it blocks things that are harmless. Proofpoint Email Protection tends to err more on the side of security, which can sometimes impact operations, but I would rather have an operational impact than face a breach. There are pros and cons to that, but I would suggest maintaining a good balance between security protection and operational impact.

I have been working with Proofpoint Email Protection for over seven years.

I rate Proofpoint Email Protection a nine in terms of stability. Having a high level of stability is very important for me because this is a product that is front-facing and used to protect against threats for my organization and customers. Stability is everything. If Proofpoint Email Protection has an outage, we are either not receiving emails or not blocking the right threats. Thus, stability is a big, core requirement for this product.

In terms of scalability, I rate Proofpoint Email Protection an eight. I feel it scales pretty well and has fit a lot of the needs that we have.

We do communicate with the technical support of Proofpoint when we run into issues or something is missed, or if there is a bug. I mostly reach out when we encounter problems or need product feedback, but aside from that, we usually do not have a lot of very repeated needs to contact the technical team.

Based on my experience, I rate Proofpoint's technical support a seven or an eight. They always listen to our issues and make efforts to fix them for us. I am pretty happy with the technical support as it is right now.

Positive

Before using Proofpoint Email Protection, we did use a different solution, Agari, which was not the greatest. We decided to switch from Agari because it was not comprehensive for an enterprise's needs. I feel Agari was a better fit for smaller organizations that did not have sophisticated threats back then, but we saw that a lot of the threats and attacks we had were not covered by Agari's coverage. We had to look for a different solution because we kept getting a lot of phishing and threats that Agari did not catch, and our users still got targeted by them, with many potential compromises occurring.

Based on my involvement in the processes, I found the initial setup and deployment of Proofpoint Email Protection fairly straightforward. There were not a lot of bottlenecks.

Proofpoint provided a lot of official documentation for us to use during the initial setup or deployment, which we followed to get everything up and running. The documentation provided for Proofpoint Email Protection was pretty great and definitely helped me understand the platform, how it works, and what needed to be done to get it running. I feel they do a good job of directing you, as the documentation is extensive, covering many products and areas. They effectively guide you to the exact documentation you need, so you are not overwhelmed and can find exactly what you need.

Regarding the financial benefits of consolidating security solutions with Proofpoint Email Protection, that would have to be proven. I do not know what Proofpoint is offering in terms of other bundles; will it cost us more than what we currently have? That is very relative, so we have to see what we have now as a lot of the protections we are using and how that compares with other providers. If Proofpoint Email Protection is a lot better in terms of feature versus value, that would be favorable. Money flows in the direction of value, so evaluating whether the additional features we can replace consolidate into a native solution that costs less is crucial. It is good to have a native platform where you do not have to jump between multiple platforms to get things done since integration between platforms usually helps with information exchange, which is always a good thing if the cost-benefit analysis shows favorable numbers.

I did evaluate other options or vendors before choosing Proofpoint Email Protection. The vendors I evaluated in addition to Proofpoint Email Protection include Mimecast, Defender for O365, and Cisco Secure Email, but I feel none of them had the comprehensive suite of features that Proofpoint Email Protection offers, especially when considering the base cost. What sold it for us was the fact that we had a lot of the features included in our base subscription, meaning we did not have to buy many additional subscriptions on top of it to get what we wanted, and they had a complete set of features that fit our needs more than any other company we spoke to.

The level of visibility that Proofpoint Email Protection provides into people-based risk within my organization is decent. People-based risk is not what Proofpoint Email Protection was enhanced for, but I feel when we designed it more and gave it additional context, such as this is VIP, these are individuals' job functions, and these are the types of things that should come to this person or not, we were able to improve people protection a little. I would say it does that decently, although I do not think it is amazing in that area.

I have noticed operational efficiency after implementing Proofpoint Email Protection. There have definitely been lower incident rates, higher alert fidelity, and a lot more contextual data available to analysts, so in terms of efficiency, we are definitely operating at a higher efficiency after onboarding Proofpoint Email Protection.

I really appreciate the unified admin console in Threat Protection Workbench for managing security operations because it helps us see everything under one console. You can see your email policies, DLP policies, unified alert management, threat hunting, user risk monitoring, and good analytics across the board. It is pretty good to have a single pane for navigating through multiple products. Threat Protection Workbench is great for conducting a lot of the message analysis and sender analysis. The biggest part I appreciate is integrating the threat intelligence of whatever threat I am looking into, allowing analysts context on whether they are examining a campaign, spear phishing, or whaling. That integration of threat intelligence into Threat Protection Workbench is impressive, in my opinion.

Proofpoint Email Protection definitely reduces the quantity of threats my organization needs to protect against. There are certain things that we are very sure Proofpoint Email Protection is going to block, leading to confidence that we do not even need to generate alerts for them anymore. Even though I feel we are getting more alerts and things to look into, Proofpoint Email Protection reduces the number of alerts we need to work on, meaning an increase in threat actors targeting us does not necessarily increase our workload because there are alerts we already know and understand, allowing us to let Proofpoint Email Protection do its thing without triaging or manually addressing them unless we see other concerning TTPs.

The time required for email investigations and responses has definitely reduced with Proofpoint Email Protection's visibility and automation. A lot of our metrics show considerable improvement with TTPs because context is about fifty percent of the work. If you have the context, you can make decisions quickly; if you do not have the context, decisions slow down. With many of the contextual elements already coming from Proofpoint Email Protection, it helps us make faster decisions and contain incidents more rapidly.

I assess the overall scope and range of Proofpoint Email Protection's threat protection capabilities in addressing modern security challenges as quite good. If I had to rate it, I would give it between a seven and an eight out of ten. I believe it handles issues well because when it comes to changing TTPs or campaigns, you quickly receive all the information you need from Proofpoint Email Protection. As soon as they get new updates about any threat, they provide that information to me as a customer, which I find reassuring. As far as I know, we do not utilize Messaging Security for protection across cloud apps and file-sharing services. Overall, I rate Proofpoint Email Protection a seven, which reflects the email rewrite issues I mentioned, and those are the main improvements I would suggest—maintaining a balance between security and operational impact.

Proofpoint Email Protection is used for email security, threat protection, and email fraud defense, including SPF, DKIM, and DMARC protection.

The best features for me in Proofpoint Email Protection are the URL protection and attachment defense, along with phishing protection and spam detection. The solution is very effective in those aspects.

Proofpoint Email Protection provides huge visibility because we can see who are the most attacked people, for example, and we can enforce our security awareness on these individuals. This is the main feature that we use because we do not have other features configured. I know that Proofpoint has other solutions to analyze user risk and so on, but we did not purchase those.

Proofpoint Email Protection helps significantly because we have the product called Proofpoint TAP, which stands for Targeted Attack Protection. In this console, we receive notifications and alerts related to phishing campaigns and malware campaigns. We are able to be quick and fast in detecting and preventing these situations.

Proofpoint Email Protection provides significant value when compared to M365. A huge amount of emails are being rejected before being delivered to the mailboxes. This helps tremendously. The goal is to deliver only legitimate emails to users with a minimum of false positives as possible, and that is the case with Proofpoint Email Protection.

For Proofpoint Email Protection, when it comes to support, there are times when they do not meet the SLAs for support, mostly on Fridays. If I open a case on a Friday, they will take more time than the agreed SLA. Another area for improvement is that the solution does not currently support Infrastructure as Code. We use Terraform in other security solutions to automate the configurations and to guarantee that we have a copy in our repository. The retention period for the logs is just 30 days, and it would be beneficial to have 60 days or 90 days to analyze the logs. Additionally, the pricing is expensive. Apart from that, I do not have other cons.

With Proofpoint Email Protection, there are some solutions that I consider expensive. We conducted a proof of concept, and at the end, the SOC team was involved, including our CISO. We decided not to purchase those solutions because they are too expensive. It is not a cheap product overall.

I have been using Proofpoint Email Protection for three and a half years.

I would rate the stability for Proofpoint Email Protection as a ten out of ten.

For scalability, I would rate Proofpoint Email Protection as a nine out of ten.

I would rate their technical support an eight because of the situations I referred to before regarding SLA performance.

Positive

It is easy to maintain Proofpoint Email Protection. Regarding deployment, I cannot speak to that because I was not involved in the deployment process.

I can compare Proofpoint Email Protection with Cisco, and there is a huge difference, mainly when it comes to DMARC reporting. Proofpoint's email fraud defense console is very effective. We can analyze the DMARC reporting, identify what is failing, and determine what we can fix in our domain in an easier way because the dashboards are very user-friendly. We are not just analyzing poor reports with text data that are sometimes hard to analyze. This is the main difference when comparing to Cisco and comparing to M365.

We do not use the unified admin console in the Threat Protection Workbench frequently for Proofpoint Email Protection. However, I think this console would be more important for SOC teams to analyze threats because sometimes they need to switch from one console to another, which is not easy when they are analyzing a security incident. I recommended that console to them, but I do not have feedback on whether they are using it.

Proofpoint Email Protection is very effective because they are very proactive. They are always ahead of the attackers. For example, we have the example of QR code attacks. When we started thinking about that in the company and tried to understand if Proofpoint is blocking this kind of attack, they were proactive and were already detecting those kinds of attacks before customers thought about them. This proactive approach means they do not wait until customers ask for protection for a new vector of attack.

The positive impact and benefits my company has seen from using Proofpoint Email Protection is the protection that we have right now. In terms of DMARC, we do not have issues in terms of reputation because we can manage our domains effectively. We can see and control our SPF and DKIM and DMARC records. We have not suffered any important attacks related to email during that period.

We are protecting approximately 26,000 users with Proofpoint Email Protection. We have about 15 administrators because there are several teams using the solution for different purposes. We have the SecOps team, the SOC team, and the security architecture and engineering teams.

Personally, I would rate Proofpoint Email Protection between a seven and an eight.

I would say to others looking to implement Proofpoint Email Protection that they should choose it because it is a great solution, and Proofpoint has an expert for DMARC implementation who is very effective. We have meetings every month for the follow-up with the DMARC implementation. If they want to improve and move to the next level on email security, they should choose Proofpoint Email Protection. My overall rating for this product is an eight.