Share your experience using Vade for M365

I have been working with Proofpoint Email Protection for the last five years.

Proofpoint Email Protection has an email protection module that ensures email hygiene from a user and recipient filtering point of view. It blocks senders and receivers while safeguarding digital assets through attachment scanning and ensuring there is no malware or URL rewrites. Proofpoint provides URL defense and attachment defense capabilities and ensures the organization's brand identity is protected through SPF, DKIM, and DMARC records.

The information protection module ensures content is safeguarded by filtering sensitive information or flagging it as spam or moving it to the quarantine folder. These modules effectively filter and work as anti-spam agents and can filter up to 99% of spam and phishing attacks.

I also worked on TRAP, which stands for Threat Response Auto-Pull. This is an efficient way to deal with threats on a reactive and proactive basis. If any email with spam or phishing content enters a mailbox, TRAP will automatically access those mailboxes and delete that content across the organization. TRAP performs very efficiently and can work as forensics to identify which computer the threat started from and provide all relevant cyber details.

Overall, these modules safeguard the infrastructure effectively as anti-spam and anti-phishing agents with malware protection, URL and attachment defense capabilities, and they filter many file types. From an authentication and anti-spoofing point of view with SPF, DKIM, and DMARC, Proofpoint provides business email compromise protection that effectively safeguards executive emails and eliminates imposter attacks. The sophisticated dashboard helps analyze which users or recipients are targeted most, protects against vendor fraud, and uses machine learning detection. Based on user behavior patterns, the system automatically identifies and can block or filter certain content.

From an information protection or data loss prevention point of view, Proofpoint detects sensitive information including PAN cards, HIPAA-related data, PCI information, financial data, credit card information, and fraud-related content. Based on AI and ML algorithms, it automatically flags these as spam. Marketing emails are also marked, and external emails can be labeled with cautions to end users.

Proofpoint provides encryption capabilities including TLS enforcement and Proofpoint Secure Email for attachment sharing. For large organizations, Proofpoint Secure Mail is a very secure way to transmit content or files. Policy-based rules and encryptions can be defined as well.

From an integration point of view, Proofpoint integrates with all Microsoft online solutions, Microsoft Defender for Office 365, and Entra ID. It also integrates with on-premises Exchange and can perform scanning on all on-premises mailboxes. Additional API capabilities are available, and Proofpoint Journaling and SIEM integration support exporting logs for analysis.

Logging and reporting capabilities provide audit trails showing who performed which action and end user navigation features. End users can release spam, mark emails as spam, or report suspicious emails or attachments. Incident investigation features help identify why emails are not being delivered or provide message tracking for blocked or quarantined messages. If spam mail is delivered as a false positive, tracking logs help fine-tune the system to understand why it was delivered when it should have been blocked.

For a large enterprise organization, we were receiving approximately 100 spam and mail flow issues per month. After implementing Proofpoint Email Protection, this reduced to 60 plus issues, representing a 40% reduction. Proofpoint blocked unnecessary content, marketing spam emails, campaign emails, fraud-related emails, and attachments with suspicious links before they generated issues. Proofpoint validates sender and sender domains for all authentication protocols and properly validates user mail flow related issues from internal to external communications.

The dashboard helped us identify the most attacked users and enroll them for education sessions so they would not click suspicious links or cause additional issues or incidents within the organization. Proofpoint automatically resolved some issues by default through blocking and quarantining emails. The statistics helped us proactively safeguard and reduce the number of issues being reported.

We leverage the PCSC portal or support portal to log in and raise incidents, or we can directly engage through email. We engage with the Proofpoint TAM or account manager based on the support model (Gold, Bronze, Diamond) for 24/5 or 24/7 support depending on priority. Generally, we refer to the knowledge base and support portal to raise support tickets and inform the TAM for any critical incidents to engage with. Proofpoint provides good support with well-maintained ETAs and approachable representatives.

Proofpoint Email Protection serves as a first level of defense and can reduce phishing attacks and malware protection. Advanced analytics with AI and ML capabilities protect against business email compromise attacks. It maintains email hygiene and serves as a compliance support tool with audit and compliance mail logs and traces for certain financial organizations.

Proofpoint integrates with all SaaS applications, cloud deployments, hybrid environments, and M365 very effectively as well as with on-premises Exchange. It provides significant benefits for mail hygiene purposes, filtering, reporting, auditing, compliance, and advanced malware protection with reduced phishing attack rates.

Proofpoint has helped safeguard and protect digital assets by filtering a lot of spam content, with approximately 90% of junk and spam being filtered out. This helps end user productivity significantly. Some users may be deceived by false phishing emails and become prey for scammers and intruders, but Proofpoint effectively filters such emails before reaching user mailboxes.

The value of this product investment is substantial. One user at another organization before Proofpoint adoption was about to pay millions of dollars based on a spam email, which would have been a significant financial scam. Proofpoint effectively eliminates fraud where people spoof senders to appear as if they are coming from trusted partners or the CFO or CIO asking for money. All such financial fraud and scam emails are filtered effectively.

The percentage and dashboard statistics show how much has been filtered and how much has been safeguarded each month, including how many genuine emails were received and how many users accessed them. We can conduct drills to determine how many users are accessing suspicious content and reach out to them directly to educate them. Although we have sophisticated products in place, we still need end user education as part of safeguarding assets and ensuring users will not become victims of scams, particularly financial-related scams and organization sensitive details.

As things are evolving and threats develop in unpredictable ways, Proofpoint must adopt AI solutions and agentic solutions more aggressively and provide them to customers as part of service offerings. Inbuilt AI solutions would add more value and make Proofpoint a more premium choice for customers. With the help of AI solutions, agentic AI, and generative AI capabilities, the product would be more efficient than it currently is.

Filtering false positives is highly challenging because it is impossible for humans to identify which emails are genuine and which are spam. Proofpoint should focus more on this area with back-end agents or other tools. Proofpoint should decide which emails are genuine and which are spam so it is not a challenge for end users. When receiving an email, end users should not have to determine whether to respond or not. Proofpoint should not release such spam emails and should strictly block such spam and spoof emails based on connection IPs. Currently, false positives occur in the product, and while this occurs in every product, it is an area where Proofpoint can focus on improving and reducing false positives. One email is enough for an end user to be deceived and lose money, so addressing this area is critical.

I have been working with Proofpoint Email Protection for the last five years.

Proofpoint is absolutely stable and reliable. We have multiple instances running simultaneously and have never experienced any downtime or glitches on Proofpoint's side in five to six years. Proofpoint handles approved maintenance windows probably on weekends, but we have never faced any issues during business days. Proofpoint is stable and highly available.

The complexity of installation and infrastructure details presents a challenge. Since Proofpoint runs on Linux machines, for on-premises solutions specifically, there is a challenge with deployment and scaling up the solution. Proofpoint provides flexibility to scale up and scale out, but on-premises deployments have limitations or are somewhat more complex compared to cloud instances.

I would rate the capabilities, time taken to resolve issues, and technical skills as eight out of ten.

We leverage the PCSC portal or support portal to log in and raise incidents, or we can directly engage through email. We engage with the Proofpoint TAM or account manager based on the support model including Gold, Bronze, and Diamond models for 24/5 or 24/7 support depending on priority. Generally, we refer to the knowledge base and support portal to raise support tickets and inform the TAM for any critical incidents to engage with. Proofpoint provides good support with well-maintained ETAs and approachable representatives.

I have exposure to IronPort, Symantec MessageLabs, Forcepoint, and FireEye. I also had a chance to work with and review Mimecast, as well as Microsoft Defender for Office 365 and EOP. Proofpoint is much more advanced and capable of safeguarding the infrastructure and protecting the customer landscape, specifically from an email and attachment point of view, in day-to-day operations compared to these solutions.

The available products and instructions are absolutely fine. The only thing is to configure appropriately what features are needed based on requirements. Various capabilities can be configured based on specific needs. Since we have many capabilities available, we only leverage what we need. The only limitations around on-premises deployment remain the same, but there is nothing to call out explicitly.

For on-premises TRAP and other HFT solutions, Windows admins with a Windows background may face challenges. If the instructions can be improved or made more flexible, this could help a lot so that a general IT admin can follow and complete the deployment without a Proofpoint consultant. Currently, without a Proofpoint consultant, you will not be able to successfully deploy the solution.

When you have a good product in place and reduce the number of incidents, the benefits become apparent. We were receiving spam that is now reduced because users do not get such spam. Mail delivery-related issues are also reduced once appropriate configuration is in place. This is a key differentiator from an operational point of view and ensures that only genuine emails are delivered, improving email hygiene.

Teams can focus on other areas instead of dealing with 100 incidents per week. If we receive only 60 to 70 incidents, that 30 incidents of time is saved for the operations team who can add more value in other areas where there are critical gaps. This has helped improve efficiency by reducing the time required from email analysts or SOC analysts.

We reach out to Proofpoint directly as partners to help customers adapt to Proofpoint and drive enablement. We work with Proofpoint directly as well as with some partners and consultants to ensure adoption is successful from an upskilling and upselling point of view, including purchasing Proofpoint licenses or helping with user adoption. We predominantly work with Proofpoint partners.

From Microsoft 365, we have M365 Exchange Online solutions and on-premises solutions, and some customers are on Google Workspace. Proofpoint efficiently handles all these workloads including Microsoft and Google mail solutions.

Proofpoint is one of the premium products with inbuilt AI and ML capabilities and has significant presence across the globe to help incorporate and adapt to large organizations, especially financial and government organizations. Proofpoint is the choice for such large organizations and can deliver customer expectations efficiently with all the proven data. By default, all filters are updated across all instances. For example, if someone reports a malware, it will not be delivered to any other organizations. This is a very efficient feature.

With existing capabilities and upcoming advancements specifically using AI for security and agents, Proofpoint will be the choice for organizations in the new age. The security landscape is critical for any organization, and Proofpoint will be the choice of product for enterprises.

I have been working in this field for the last 18 years. Cloud deployments are absolutely fine since you do not have to deal with all the infrastructure configuration, deployment, and setup. Cloud is comparatively easier and more efficient as well.

I would rate this product an overall eight out of ten.

I have been using Proofpoint Email Protection for over three years. When I joined the company, they were in the process of switching their appliances from Sophos, which was coming to end of life. Our team evaluated different vendors for email security and selected Proofpoint.

Proofpoint Email Protection has many use cases. It filters all inbound and outbound email. Anything deemed malicious, phishing-related, spam-related, or containing viruses is automatically detected and blocked so it does not get delivered to users' inboxes. The same applies to outbound email—Proofpoint ensures that users in our organization are not sending anything malicious, confidential data, or spam-related content.

Another use case is our secure messages feature. When someone from our environment needs to send important documents for a customer to sign, we have our own portal where they can send those documents securely with full encryption. This works both ways, enabling secure back-and-forth communication. The main use cases are email filtering and our secure message appliance.

Proofpoint Email Protection performs exceptionally well with the TAP appliance, which is the main engine that detects emails. When it detects something suspicious or malicious, it provides a breakdown of extensive information. It shows the sender details including sender name, IP address, subject, and any attachments. For attachments, it clarifies what kind of detection was made and identifies any malicious URLs that have been embedded. This is excellent for gathering comprehensive data and showing snippets of what was picked up, providing a holistic view of what has been detected.

Proofpoint Email Protection has helped our team sit together and gather ideas on how to better the appliance. Recently, we had to deal with numerous spoofing emails. Although we had seen this occur before, once we implemented Proofpoint, we noticed a vast amount of spoofed emails coming into our organization. This type of intelligence helped us see what inconsistencies existed within our rulings and policies. It helped our team sit together, create different policies and rules to prevent such issues, and get a better understanding of what was actually happening in our organization. The information we gathered helped us come together and solve more of the issues occurring.

One area for improvement is reporting with Proofpoint Email Protection. When we have to report our KPI metrics, we try to find out as much information as possible. There is a portion of the reports that shows information about outbound emails being sent from our organization externally. It shows which emails were detected and how many emails were picked up as malicious. For example, it might show that out of 100 emails sent out, four were picked up as malicious. However, the reports do not specify which specific emails those were. The reports show the senders who sent those malicious emails, but not which email each sender sent. This means we have to manually dig through the logs to find those emails. Regarding reporting, if Proofpoint could gather more information and intelligence about detections or reporting and show it on the dashboard rather than requiring us to manually dig through and find what occurred, that would be beneficial.

As far as visibility goes, it is definitely attainable, but additional appliances must be purchased for Proofpoint. I would rate visibility at approximately 50 to 60 percent. We get an idea of when users are sending emails and what kind of emails they are sending. Regarding the outbound phishing situation mentioned earlier, the reports tell us which senders are sending out malicious emails, but they do not specify which emails those were.

For the most part, maintenance is not really required with Proofpoint Email Protection as most of it is cloud-based. On occasion, our TRAP appliance, which is where if an email slips through that was malicious and Proofpoint did not catch, TRAP will remove it, requires maintenance. TRAP is the main appliance and is a server that we push out updates to and maintain. Regarding maintenance, our policies or rules are mainly configured during the implementation process. Afterwards, there is not much maintenance required. I would estimate approximately 40 to 45 percent maintenance when it is in the production environment.

Once in a while, not often, we see issues with secure messages or with our appliances gathering reports. Very occasionally, Proofpoint posts announcements on the environment side indicating server issues, downtime, or servers being down. When this occurs, maximum downtime is around 6 to 10 hours for some services. It is not a major issue on our end. However, around one and a half to two years ago, we were experiencing constant downtime or maintenance on their side. In the past year, we have not had any of these issues.

I feel that Proofpoint has one of the best customer supports in the business. Whenever a case is opened, they respond almost immediately and are more than willing to get on a call to ensure that any issues are resolved on time.

Even if we need assistance, we can always reach out to support and they are always there to support us. It is very easy for us to do this.

Prior to using Proofpoint Email Protection, we were using the Sophos email appliance when I joined the company. It definitely was not as advanced as Proofpoint, but it was still an email protection appliance. It had similar abilities such as blocking email addresses, releasing email addresses, or inspecting emails. However, there were many times when malicious emails that were easily detectable came through the appliance that Proofpoint would have easily picked up.

The initial deployment for Proofpoint Email Protection was amazing. The people we worked with were constantly with us throughout the entire process. Whether it was with the appliance or externally with Exchange, they were on calls with us all the time. Whenever we had any questions, they responded instantly. We would get on meetings regularly and all questions we had were answered. Daniel Del Rosario was the specific person who helped us throughout the process, and he was phenomenal.

We have a contract set in place with Proofpoint for their services.

Proofpoint Email Protection has helped simplify a lot of our internal processes. When we had to report our KPI metrics and find as much information as possible, reporting all the data and detections made by Proofpoint was definitely a plus.

Operational efficiency has improved with Proofpoint Email Protection. Previously, there were four or five different portals that we had to visit regarding Proofpoint and we had to individually log into each one. Now, we can log into one portal and visit the other portal URLs without logging in again. Instead of individually logging into five portals, we can log into one and they all connect as if we had logged into all of them.

My supervisor has all the information for pricing, so I am not able to provide the pricing information at this time. However, we have been using Proofpoint for three years, which demonstrates that the pricing is not really a major issue for the company.

Prior to using Proofpoint Email Protection, we were using the Sophos email appliance when I joined the company. It definitely was not as advanced as Proofpoint, but it was still an email protection appliance. It had similar abilities such as blocking email addresses, releasing email addresses, or inspecting emails.

Configuration adjustments are mainly done within our pod appliance in Proofpoint. Adding users and making adjustments such as setting the minimum and maximum amount of time where emails can stay within our logs through retention policy is very efficient and very easy to do.

Proofpoint Email Protection has improved operational efficiency. Previously, there were four or five different portals that we had to visit regarding Proofpoint and we had to individually log into each one. Now, we can log into one portal and visit the other portal URLs without logging in again. Instead of individually logging into five portals, we can log into one and they all connect as if we had logged into all of them.

The longest amount of time I have seen Proofpoint take to detect a malicious email is around two hours, which is quite impressive. However, I have seen instances where Proofpoint detects the email almost immediately, within a minute or two after the email arrives. Right before a user actually clicks on the email, Proofpoint will detect it and identify it as malicious. Proofpoint has a tool called TRAP, which will automatically remove that email from the user's inbox. They have many valuable tools within the appliances.

I am providing this review with an overall rating of 10.