We use it to scan email for security purposes.
It's all cloud, there is no on-premise footprint. All the infrastructure is Perception Point infrastructure.
We use it to scan email for security purposes.
It's all cloud, there is no on-premise footprint. All the infrastructure is Perception Point infrastructure.
Judging the effectiveness of Perception Point when it comes to detection is difficult because we do not have only Perception Point in our email security flow. Perception Point is the last line of defense in our protection process, what we call a third-tier of protection. Before Perception Point, we have two layers of Microsoft in place, and those two layers filter quite a lot. We wanted to add another layer from a different vendor so that we were not only relying on Microsoft, but also because we knew Microsoft was not catching everything. That was proven through our PoC with Perception Point. Every month we catch a good number of malicious emails. Our focus is more on malicious messages than on spam, although it catches a good number of spam messages as well.
We escalate one or two emails per month that were not discovered by either Perception Point or Microsoft, so our overall effectiveness is pretty good. But Perception Point is certainly catching things that Microsoft does not catch. It is doing important work because an email that Microsoft does not catch is a risk if it gets into a user's mailbox. We are talking about 25,000 to 30,000 emails a month that Perception Point is catching that Microsoft is not yet detecting.
Also, Perception Point's Incident Response team is like an extension of our messaging team in the sense that we do not have the capacity or the resources to evaluate whether an email is malicious or not, especially for the type of volume we have. This was one of the key criteria for us when selecting a partner. With Microsoft, a lot of it is done by machine learning, but we do not have a Microsoft team making a determination about emails or a team that we can easily escalate issues to or turn to for an email security conversation. Perception Point performs a really important part of what our vision is for email security.
We have also created an integration where users are able to report phishing attempts, and those emails are scrutinized by the Perception Point Incident Response team. That is an additional benefit. They're adding value both through qualifying our emails and through reviewing messages that our users report as phishing attempts.
We have another integration between Perception Point and our endpoint solution. That is something Perception Point actually offered so that if the endpoint solution finds something where the entry point was an email, there is an automatic interaction through which Perception Point does a review and removes things from the email box. That is an added benefit.
The most valuable features of the solution are the ones that are related to finding impersonation attacks and detecting attempts to steal credentials. In scenarios where attackers get you to follow URLs to a malicious site that looks similar to a good site, and then ask for the user credentials to try to steal them, it is very useful.
It also has features for detecting branding impersonation.
And specifically, when it comes to protecting our VIPs and avoiding BEC (business email compromise) attacks, that is another important part for us.
It scans pretty much all content, so it's full-scale. We see in our dashboard how emails are categorized by different engines. There isn't just one engine that determines whether an email is malicious. They have a multi-engine architecture for detection of malicious emails. They provide full scanning of email.
There is still room for improvement with BEC. There is more work to be done by Perception Point on machine learning and neuro language as well. BEC is very difficult if you don't have a computer language looking into the content of the email and trying to make a determination through that. With BEC you often don't have an attachment or a URL. That is an area where there is certainly room for improvement.
We have been using Perception Point Advanced Email Security in production since August of this year, so more than four months. Before that, we ran a PoC and we were in pilot mode for about another six months.
We have not had any issues with the stability in production. We had some small issues during the PoC, but they did not have an impact on us because we were just in monitoring mode. And regarding the issue with Amazon this week, we were not affected, because it was in the US and we were not using the infrastructure in the US.
We haven't seen any issues with emails failing because they are delayed or in queue. We haven't been aware of a situation where users are waiting for an email. To a certain extent, it's because we are not running inline so Perception Point cannot be a bottleneck because the users have the emails in their mailboxes. A customer that runs the solution inline may have a different opinion because email will not arrive until Perception Point has processed it.
Perception Point's team in general, whether it's the support people, the management, or the sales folks that were engaged with us, have been very good. Often, when a company is at the PoC stage, they engage with you and try to demonstrate that they're good, but once you have signed a contract that might fade away. That has not been the case with Perception Point. They are very responsive and very attentive to our requests. The support has been very good.
The initial setup was in between a straightforward and a complex process. We had some hurdles at the beginning because of some issues with AWS.
Also, the way we have rolled out the solution is different from the way Perception Point normally rolls it out for its customers. In general, it is known as an inline solution, where the traffic is scanned by sending it to Perception Point, and then they send it back to the customer before it reaches the users' mailboxes. But we did not set it up that way. We rolled out in another way that became available during the pilot phase. We decided to go for that option because we felt it was less risky when it comes to the email flow. If something were to happen to Perception Point or to Amazon, like happened to Amazon a few days ago, then the email flow would be affected and require us to take action.
The way that we rolled it out is similar to what the competitors do. The email arrives into the user's mailbox and is then scanned. It then takes any necessary actions in seconds or minutes. I don't know how much Perception Point is advertising this. We were the only customer that was testing this option and then decided to go to production with it.
From a protection point of view, the inline method, which is the preferred mode, is obviously more secure, because emails will not get to the end-users until they have been scanned. In our case, end-users are receiving the emails and, in parallel, they are being analyzed. If action is required, Perception Point will take the email out from the end-user's mailboxes. There is a small period of time where the user could click on an email that is malicious. But we made the decision to roll it out in this way.
We did the rollout in phases over three weeks in the month of July. We first rolled it out to our users in Asia-Pacific, and then to our users in America, and then our users in EMEA.
In terms of time-to-value, the solution was already delivering value during the PoC. The difference was that in the PoC, the solution was just alerting us and was not taking action. However, we had an agreement with Perception Point that if we knew with certainty that emails were malicious by code, they would remove them even during the PoC. When we moved to production, Perception Point was immediately taking action.
Another difference in our rollout was that we started with a goal of avoiding a lot of false positives, using an 80 percent accuracy level for the determination of maliciousness. That meant that if the algorithms thought that there was an 80 percent chance, or above, that an email was malicious, action was taken to remove it from the user's mailbox. We started to see that happen from the very first moment we went live. The value was there from the beginning.
After months of working in production with this 80-percent-and-above threshold, we changed in November to 60 percent. In the November numbers, we see a decrease in reports from our users of phishing emails. We still have to see if this remains the case during December and January. But this could be an indication of Perception Point now catching more, before users are required to report something as phishing.
I believe we have seen ROI. We are catching emails, important emails to our VIPs. We run reports facilitated by Perception Point on the numbers, but they also provide summaries that we highlight at the end of every month about emails attacking VIPs or impersonating VIPs. We can see that if an email had not been caught it could have been really malicious. From that point of view, the return on investment is there. Even one email that gets through is already one too many, but there is no 100 percent solution. When we see that, on top of Microsoft, Perception Point is catching 25,000 to 30,000 emails, that is a good number for us. As a percentage of the volume of email that we receive overall, those numbers are small, but they're quite big if we understand that there are 30,000 emails with potentially malicious implications for our users and our company.
We ran an RFI with different solutions, but we only did a PoC with Perception Point and another competitor.
One of the main attractions for us with Perception Point was the Incident Response team. Perception Point was one of the few companies that offered that feature and it fulfilled something that we did not have: the expertise and the capacity to look into emails. The other vendors that did offer something similar charged additional money for it.
The other piece was the inline versus post-delivery issue. We actually liked the idea of inline, but our management was attracted more to the idea of the post-delivery. Perception Point gave us the flexibility to do one or the other and that also was important to us.
In addition, the company and the individuals who engaged with us at Perception Point were very good in terms of listening to us and our requests, and in many cases, implementing them very quickly. Before we had even signed, they were already giving us solutions to some of our requests. That reaction, listening to our feedback and implementing it, continues now. We checked with some Perception Point customer references and they said that type of responsiveness won't change after you sign, and that has been our experience as well. We are still in contact regularly, discussing ideas and improvements with them.
Obviously, you need to be convinced about a solution on the technical side and see good results out of a PoC, but the service and the people behind it were part of what made us go with Perception Point.
Whether you're looking at Perception Point or any other solution, the first thing to do is to find the weak areas with your current solution. Some solutions may be more targeted to a specific technology or type of threat. There are solutions that are very specialized in BEC, for example, and they're very good at BEC. So if your problem is with BEC, then maybe focus on them. Knowing your main problem will help in determining which solution to go with. Otherwise, you could be picking something that is not going to resolve your problem.
We use Mimecast as our email gateway. We also use it as our archival service. All those phishing, anti-phishing, spear phishing, spamming, and other security filters that they have, we use all of them.
We have found email security very good.
The gateway is excellent.
We have found the archival services to be very valuable.
It's really quite user-friendly. In terms of technical superiority and the product itself, there are no complaints. It is really cutting edge.
The initial setup is straightforward.
It was not so much about the product itself, however, their business model needs improvement. We have subscribed to an archival service, and yet, when we have to get our data out, we have to pay a fee to get our own data. They charge an extraction fee. This is something which really worries us as a company.
I've used the solution for about six years at this point. It's been a while.
The solution is stable. There aren't bugs or glitches. It doesn't crash or freeze. It's very good.
The solution can scale well. If a company needs to expand, it can do so rather easily.
We have grown from about 2,600 users to about 4,000 users. We have added additional geography as well. The product is resilient enough to take care of all of this.
We have contracts and we are also subscribed to a service plan. Whenever we have used it, the service levels have been very good and we have no reason to complain.
We were previously thinking of an alternative to Mimecast for two reasons. The main reason is as an organization, we are in the financial service industry, and we have to show some data resiliency to our regulators. However, due to the fact that we're present in 30 countries, what happens is all Mimecast data is centrally hosted in one particular grid, which is preventing us from showing data resiliency to them. I want a solution that allows me to selectively map users to a particular geography.
We didn't find the initial implementation complex. It was pretty easy and rather straightforward. We didn't run into trouble.
We are a complex organization. We are present in 30 countries. It was a mix of on-prem and some were in Office 365. Due to the set up of our own architecture, we had to undergo some labor, however, otherwise, the entire process was pretty straightforward.
We typically use a subscription service. If there are version upgrades. We automatically get upgraded to the latest version, as it's a software as a service setup. We don't need to update it as Mimecast takes care of it.
If you need to extract data from their archival service, there is an additional fee involved.
As we are an enterprise customer and we have a relationship with them, what we are told by the reseller is that we pay about 40% of their list price for this product.
It's an expensive solution. There are other competitors, like Barracuda, who offer similar services. We believe that over the years, they have picked up, and their pricing is much more competitive than Mimecast. As an organization, Microsoft itself has really matured over the years. They offer probably 90% of what Mimecast is offering, and then you don't have to pay anything extra for it because it comes with part of the Office 365 licenses. That is why we also believe that there is a lot of room for Mimecast to get their act together, pricing-wise.
We evaluated a few other options such as Cisco IronPort as a security service. We evaluated Proofpoint. The comprehensive solution that Mimecast offers, however, really made us sign on the dotted line.
We're just an end-user.
We use their Perimeter Defense plan, we use their Continuity plan, we also use email to archive. These are the three scales that we use from them.
I would advise others considering the solution to technically evaluate their competencies, their highs, and lows, first. Also, read the fine print, and understand the exact costs. A company will need to understand natively how much of Mimecast capabilities does Microsoft offer if you just subscribe to an Office 365 license. It might make them rethink using this solution.
From a technical standpoint, I would rate the solution eight out of ten.
This solution is not for endpoints. It's for servers.
The way that the engine algorithm detects different fingerprint signatures from files that are allowed to pass using other antivirus solutions is great. ESET just takes it and stops it. We are close to having 99% or 98% detection. It's really good.
I trust ESET to be the last frontier to stop something from attacking mailbox users. I consider it more valuable, even though having other layers of protection is important.
It's very easy to set up the solution.
The solution offers competitive pricing.
Technical support is helpful.
It's a stable product.
The only thing I would like is a way to open the email that is going to quarantine. Based on the level of security, they cannot open the email to check the message. Even for the administrator, you have to create a security copy to be sent, which will lock the log support. It's not easy for an admin to check and decide if the email is good or not. That is the only thing that I'm seeing could be improved.
Basically, ESET doesn't have the ability to let the administrator release an email showing the message on the email. It's not possible.
If you want to have an email review, you have to select an option to send a copy. In the way that they designed the system, for security, they are not letting anyone even have the admin privileges to make this happen. Privacy is at a really high level.
I've been using the solution for about a year at my company.
The stability is good. We don't have any problem with what we have now. We don't have any bottleneck. We don't have any congestion, nothing. That said, after being set up, you have to wait some days to allow their AI machine to detect and know what is good, and what is not, as it's in a new context.
Therefore, in the beginning, in the first days, the detection is still increasing, and this is normal. By the second day, it was a little bit better. After a week, we saw a difference, and after a month, we have really good security as it's learned the system. At this point, we have quality detection and are not getting positive or negative quarantine applications. We're very close to 100% correct detection.
We don't have a cluster, so we don't know about scaling. We have a single server. The escalation and the multi-tenant are available on that product. However, I don't use that for my use case.
We protect only the domain. We have 100 people using it.
We had support in the beginning. We had one instance where we needed a tweak, and another instance when we thought that the system was detecting something that it was not supposed to be.
I asked for support a second time. However, it was a rookie mistake for us as we set out and added something to a block list. They have given us risk support and the ability to give us support. They connect to the server and check it. Each time was 15 minutes o assistance, and the issue was solved. We haven't needed much more than that in terms of assistance.
I'm aware of Cisco, Proofpoint, and Barracuda solutions, which are more expensive than this product.
The solution is easy to set up and implement.
We will receive daily reports and don't have anything to worry about. Nobody is asking, "Hey, release this and that." It's just reporting what was found in the email. That's it. We don't invest time to give support. It is really good. It works automatically.
It was not expensive. I don't remember the exact cost. That said, it's really cheaper than Cisco, Proofpoint, or Barracuda.
I'm a customer and end-user.
It's a trustworthy solution that is easy to learn. Personally, I have 15 years of experience using it in my home to protect me, and it's been really good.
I'd rate the solution ten out of ten.
I am a SonicWall certified professional, and my company has SonicWall ESP, as well as projects, security, and limited protection.
I am a reseller, as well as a partner.
SonicWall Email Security is used to protect from spam, viruses, and DLP.
The most valuable feature is that it protects from spam.
It is very easy to use.
SonicWall security is very good and well priced.
The reporting needs improvement.
I would like to see Spam Control and virus block features.
I have been using SonicWall Email Security for approximately seven years.
The TZ Series is deployed on the cloud.
I use version 3300.
SonicWall Email Security is a stable product.
We have 100 users in our organization who use this solution.
Technical support is very good.
Previously, I was working with Email Security by Cisco, which is very good but it is very expensive.
The initial setup is straightforward and simple.
It took one hour to complete the installation.
We only need one person to maintain this solution.
The price is good for both me and our customers.
When compared with Cisco, it is very well priced. Cisco is very expensive.
I would rate SonicWall Email Security a nine out of ten.
Fortinet FortiMail helps protect our organization's emails from attacks and threats on their system.
Fortinet FortiMail is easy to use and the detection rate is very good. You can customize content filters and profiles are done easily. Additionally, there is a sandbox integration feature that is good.
My customers frequently ask to have detailed documentation for FortiMail and FortiWeb as they have in FortiGate. What they currently have is not enough.
I have been using Fortinet FortiMail for approximately five years.
I have approximately 10 customers using this solution.
I am certified to give support and I have not used the support very often.
I have not faced any issues with the configurations. All technical support issues I had were because of a new feature that caused a bug that needed to be upgraded.
I have used other solutions previously and Fortinet FortiMail is better than Cisco and Trend Micro IMSVA.
The installation is simple.
There is either an annual or six-month charge to use this solution. Fortinet FortiMail is cheaper than Proofpoint or Cisco Security, or other email security appliances.
I would recommend this solution to others.
I rate Fortinet FortiMail a nine out of ten.