Coming October 25: PeerSpot Awards will be announced! Learn more
Buyer's Guide
Email Security
September 2022
Get our free report covering Microsoft, IRONSCALES, Abnormal Security, and other competitors of Avanan. Updated: September 2022.
632,779 professionals have used our research since 2012.

Read reviews of Avanan alternatives and competitors

Director of Office 365 Services at a manufacturing company with 10,001+ employees
Real User
Catches emails that others don't, and we can escalate messages to the Incident Response team for additional expertise
Pros and Cons
  • "The most valuable features of the solution are the ones that are related to finding impersonation attacks and detecting attempts to steal credentials. In scenarios where attackers get you to follow URLs to a malicious site that looks similar to a good site, and then ask for the user credentials to try to steal them, it is very useful."
  • "There is still room for improvement with BEC. There is more work to be done by Perception Point on machine learning and neuro language as well. BEC is very difficult if you don't have a computer language looking into the content of the email and trying to make a determination through that. With BEC you often don't have an attachment or a URL."

What is our primary use case?

We use it to scan email for security purposes. 

It's all cloud, there is no on-premise footprint. All the infrastructure is Perception Point infrastructure.

How has it helped my organization?

Judging the effectiveness of Perception Point when it comes to detection is difficult because we do not have only Perception Point in our email security flow. Perception Point is the last line of defense in our protection process, what we call a third-tier of protection. Before Perception Point, we have two layers of Microsoft in place, and those two layers filter quite a lot. We wanted to add another layer from a different vendor so that we were not only relying on Microsoft, but also because we knew Microsoft was not catching everything. That was proven through our PoC with Perception Point. Every month we catch a good number of malicious emails. Our focus is more on malicious messages than on spam, although it catches a good number of spam messages as well.

We escalate one or two emails per month that were not discovered by either Perception Point or Microsoft, so our overall effectiveness is pretty good. But Perception Point is certainly catching things that Microsoft does not catch. It is doing important work because an email that Microsoft does not catch is a risk if it gets into a user's mailbox. We are talking about 25,000 to 30,000 emails a month that Perception Point is catching that Microsoft is not yet detecting.

Also, Perception Point's Incident Response team is like an extension of our messaging team in the sense that we do not have the capacity or the resources to evaluate whether an email is malicious or not, especially for the type of volume we have. This was one of the key criteria for us when selecting a partner. With Microsoft, a lot of it is done by machine learning, but we do not have a Microsoft team making a determination about emails or a team that we can easily escalate issues to or turn to for an email security conversation. Perception Point performs a really important part of what our vision is for email security.

We have also created an integration where users are able to report phishing attempts, and those emails are scrutinized by the Perception Point Incident Response team. That is an additional benefit. They're adding value both through qualifying our emails and through reviewing messages that our users report as phishing attempts.

We have another integration between Perception Point and our endpoint solution. That is something Perception Point actually offered so that if the endpoint solution finds something where the entry point was an email, there is an automatic interaction through which Perception Point does a review and removes things from the email box. That is an added benefit.

What is most valuable?

The most valuable features of the solution are the ones that are related to finding impersonation attacks and detecting attempts to steal credentials. In scenarios where attackers get you to follow URLs to a malicious site that looks similar to a good site, and then ask for the user credentials to try to steal them, it is very useful.

It also has features for detecting branding impersonation.

And specifically, when it comes to protecting our VIPs and avoiding BEC (business email compromise) attacks, that is another important part for us.

It scans pretty much all content, so it's full-scale. We see in our dashboard how emails are categorized by different engines. There isn't just one engine that determines whether an email is malicious. They have a multi-engine architecture for detection of malicious emails. They provide full scanning of email.

What needs improvement?

There is still room for improvement with BEC. There is more work to be done by Perception Point on machine learning and neuro language as well. BEC is very difficult if you don't have a computer language looking into the content of the email and trying to make a determination through that. With BEC you often don't have an attachment or a URL. That is an area where there is certainly room for improvement.

For how long have I used the solution?

We have been using Perception Point Advanced Email Security in production since August of this year, so more than four months. Before that, we ran a PoC and we were in pilot mode for about another six months.

What do I think about the stability of the solution?

We have not had any issues with the stability in production. We had some small issues during the PoC, but they did not have an impact on us because we were just in monitoring mode. And regarding the issue with Amazon this week, we were not affected, because it was in the US and we were not using the infrastructure in the US.

What do I think about the scalability of the solution?

We haven't seen any issues with emails failing because they are delayed or in queue. We haven't been aware of a situation where users are waiting for an email. To a certain extent, it's because we are not running inline so Perception Point cannot be a bottleneck because the users have the emails in their mailboxes. A customer that runs the solution inline may have a different opinion because email will not arrive until Perception Point has processed it.

How are customer service and support?

Perception Point's team in general, whether it's the support people, the management, or the sales folks that were engaged with us, have been very good. Often, when a company is at the PoC stage, they engage with you and try to demonstrate that they're good, but once you have signed a contract that might fade away. That has not been the case with Perception Point. They are very responsive and very attentive to our requests. The support has been very good.

How would you rate customer service and support?

Positive

How was the initial setup?

The initial setup was in between a straightforward and a complex process. We had some hurdles at the beginning because of some issues with AWS.

Also, the way we have rolled out the solution is different from the way Perception Point normally rolls it out for its customers. In general, it is known as an inline solution, where the traffic is scanned by sending it to Perception Point, and then they send it back to the customer before it reaches the users' mailboxes. But we did not set it up that way. We rolled out in another way that became available during the pilot phase. We decided to go for that option because we felt it was less risky when it comes to the email flow. If something were to happen to Perception Point or to Amazon, like happened to Amazon a few days ago, then the email flow would be affected and require us to take action.

The way that we rolled it out is similar to what the competitors do. The email arrives into the user's mailbox and is then scanned. It then takes any necessary actions in seconds or minutes. I don't know how much Perception Point is advertising this. We were the only customer that was testing this option and then decided to go to production with it.

From a protection point of view, the inline method, which is the preferred mode, is obviously more secure, because emails will not get to the end-users until they have been scanned. In our case, end-users are receiving the emails and, in parallel, they are being analyzed. If action is required, Perception Point will take the email out from the end-user's mailboxes. There is a small period of time where the user could click on an email that is malicious. But we made the decision to roll it out in this way.

We did the rollout in phases over three weeks in the month of July. We first rolled it out to our users in Asia-Pacific, and then to our users in America, and then our users in EMEA.

In terms of time-to-value, the solution was already delivering value during the PoC. The difference was that in the PoC, the solution was just alerting us and was not taking action. However, we had an agreement with Perception Point that if we knew with certainty that emails were malicious by code, they would remove them even during the PoC. When we moved to production, Perception Point was immediately taking action.

Another difference in our rollout was that we started with a goal of avoiding a lot of false positives, using an 80 percent accuracy level for the determination of maliciousness. That meant that if the algorithms thought that there was an 80 percent chance, or above, that an email was malicious, action was taken to remove it from the user's mailbox. We started to see that happen from the very first moment we went live. The value was there from the beginning.

After months of working in production with this 80-percent-and-above threshold, we changed in November to 60 percent. In the November numbers, we see a decrease in reports from our users of phishing emails. We still have to see if this remains the case during December and January. But this could be an indication of Perception Point now catching more, before users are required to report something as phishing.

What was our ROI?

I believe we have seen ROI. We are catching emails, important emails to our VIPs. We run reports facilitated by Perception Point on the numbers, but they also provide summaries that we highlight at the end of every month about emails attacking VIPs or impersonating VIPs. We can see that if an email had not been caught it could have been really malicious. From that point of view, the return on investment is there. Even one email that gets through is already one too many, but there is no 100 percent solution. When we see that, on top of Microsoft, Perception Point is catching 25,000 to 30,000 emails, that is a good number for us. As a percentage of the volume of email that we receive overall, those numbers are small, but they're quite big if we understand that there are 30,000 emails with potentially malicious implications for our users and our company.

Which other solutions did I evaluate?

We ran an RFI with different solutions, but we only did a PoC with Perception Point and another competitor.

One of the main attractions for us with Perception Point was the Incident Response team. Perception Point was one of the few companies that offered that feature and it fulfilled something that we did not have: the expertise and the capacity to look into emails. The other vendors that did offer something similar charged additional money for it.

The other piece was the inline versus post-delivery issue. We actually liked the idea of inline, but our management was attracted more to the idea of the post-delivery. Perception Point gave us the flexibility to do one or the other and that also was important to us.

In addition, the company and the individuals who engaged with us at Perception Point were very good in terms of listening to us and our requests, and in many cases, implementing them very quickly. Before we had even signed, they were already giving us solutions to some of our requests. That reaction, listening to our feedback and implementing it, continues now. We checked with some Perception Point customer references and they said that type of responsiveness won't change after you sign, and that has been our experience as well. We are still in contact regularly, discussing ideas and improvements with them.

Obviously, you need to be convinced about a solution on the technical side and see good results out of a PoC, but the service and the people behind it were part of what made us go with Perception Point.

What other advice do I have?

Whether you're looking at Perception Point or any other solution, the first thing to do is to find the weak areas with your current solution. Some solutions may be more targeted to a specific technology or type of threat. There are solutions that are very specialized in BEC, for example, and they're very good at BEC. So if your problem is with BEC, then maybe focus on them. Knowing your main problem will help in determining which solution to go with. Otherwise, you could be picking something that is not going to resolve your problem.

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Buyer's Guide
Email Security
September 2022
Get our free report covering Microsoft, IRONSCALES, Abnormal Security, and other competitors of Avanan. Updated: September 2022.
632,779 professionals have used our research since 2012.