We changed our name from IT Central Station: Here's why
Get our free report covering Cisco, Barracuda Networks, Microsoft, and other competitors of Fortinet FortiMail. Updated: January 2022.
564,322 professionals have used our research since 2012.

Read reviews of Fortinet FortiMail alternatives and competitors

Charles Nana
Network Security Engineer at Galaxy Backbone Ltd
Real User
Top 20
Good support, integrates well with SMA, and does what it is designed to do
Pros and Cons
  • "It is doing its work. It is doing what it was actually designed to do. It has ensured we don't have business email compromises, and it has also ensured that our brand Galaxy is unique all year round."
  • "The area of license renewal should be improved. We normally renew our license every year. There is a feature called smart licensing, and I switched from the legacy mode to the smart licensing mode because of what I thought smart licensing does. I thought it would make licensing renewal seamless and very swift, but ever since I've switched to smart licensing, each time I want to renew my license, it is a whole lot of headache. The process is not smooth, and I had to keep calling Cisco TAC to see how the issue can be resolved. At one point, I wanted to revert back to the legacy mode, but I can't revert. Once you switch from the legacy mode to the smart licensing mode, you can't revert. They should improve on the visibility of the smart licensing mode so that it can indeed be smart and easier to use for the license renewal every year. That is one challenge."

What is our primary use case?

It is our email gateway. We have the Exchange Servers, but the Exchange Servers don't relay directly with the internet. We have ESA in-between, and every incoming and outgoing email must pass through ESA before it gets to the internet.

We are using Email Security Appliance C690, and we have three of them in a cluster. They are on-premise. We have decided not to go to the cloud. It is primarily because most of our clients are government agencies and the government, and they have this suspicion about the cloud. So, right now, we are still on-premise. 

Currently, we are on version 13.8. There is a newer version, but we are yet to migrate to that version.

How has it helped my organization?

We use ESA with Security Management Appliance (SMA). We have SMA M690. The integration of ESA and SMA makes the whole work easier. SMA is the central content appliance, and we have three ESAs. The SMA is able to collaborate with the clustered ESAs for log management and other things. It gives some stability in terms of what is happening. ESA keeps a lot of logs, so SMA is able to move through ESA and get those logs out. This integration has really helped us to drive our operation in the email platform.

It does a lot in terms of preventing phishing and business email compromise with DP and Advanced Phishing Protection. DMARC gives visibility for preventing spoofing and social engineering attacks. ESA has been able to help and protect us from those attacks. It is doing a lot of work. Gartner has always rated Cisco's ESA appliance as one of the major players.

It is doing a lot to prevent spam, malware, and ransomware. Everything is also tied to how you have configured it. Some of the spam emails don't get to the customers. We can quarantine a spam email, which gives us the visibility to look at it and see if it is actually spam or not. It is doing its work. It is. There are no false positives. It is working perfectly.

Email service is one of the services that we offer at Galaxy. ESA has improved our business. Our customers want to maintain their business with us for email security. We have over 500 domains on our email platform. It has improved our profitability in everything.

What is most valuable?

They have a lot of features such as Advanced Malware Protection, Email Protection, Advanced Phishing Protection, Antispam, Antivirus, and Outbreak Filters. They are very important.

It is doing its work. It is doing what it was actually designed to do. It has ensured we don't have business email compromises, and it has also ensured that our brand Galaxy is unique all year round. 

What needs improvement?

The area of license renewal should be improved. We normally renew our license every year. There is a feature called smart licensing, and I switched from the legacy mode to the smart licensing mode because of what I thought smart licensing does. I thought it would make licensing renewal seamless and very swift, but ever since I've switched to smart licensing, each time I want to renew my license, it is a whole lot of headache. The process is not smooth, and I had to keep calling Cisco TAC to see how the issue can be resolved. At one point, I wanted to revert back to the legacy mode, but I can't revert. Once you switch from the legacy mode to the smart licensing mode, you can't revert. They should improve on the visibility of the smart licensing mode so that it can indeed be smart and easier to use for the license renewal every year. That is one challenge.

Another challenge is that there is no way for me to know my level of utilization. For example, if I have a subscription of 2,000, there should be a way for me to know my level of utilization. Currently, I don't know my level of utilization. So, if my license is renewed on 20,000 subscribers and I'm using less than 20,000, I wouldn't know. It doesn't improve my ROI. If I'm using less than the subscription I've applied for, there should be a way the system should tell me, rather than me going to find out manually. When I go to the smart licensing profile, I should be able to see my utilization. I should be able to see that I've subscribed for 20,000 but I'm only using 12,000. This means that if I'm going to renew, I should reduce my licensing mode from 20,000 to maybe 15,000. This kind of information should be given to the customers, but right now, we don't have that.

For how long have I used the solution?

I've been using this solution since 2017. My organization has been using it before that. It has always been in use as our email security gateway.

What do I think about the stability of the solution?

It is very stable. They have AsyncOS, which is the OS that runs on the appliance. They've released different versions. There is a general version, a limited version, etc. They keep coming with more services just to improve the platform. 

We never experienced downtime. We have ESAs, and they are in a cluster. If one ESA fails, there is no downtime. The remaining two can handles email communication and relay. We have high availability and redundancy. So, we don't experience any downtime.

We do ESA health checks with OEM during which they connect with us virtually. They connect to the device and then check if all security features are still well configured and if there is any other way to improve. Doing this quarterly has really helped to make sure that the appliances are up to date.

What do I think about the scalability of the solution?

It is scalable.

How are customer service and technical support?

They are very good. I would rate them a nine out of 10. If possible, I would rate them a 10, but I just want to be a little bit reserved. 

They've really been very knowledgeable and very patient, and they've always ensured that for any issue, any ticket, or any case that is opened with them, they are prompt. They are quick to ensure that they resolve an issue as soon as possible.

Which solution did I use previously and why did I switch?

It has always been ESA from the onset.

How was the initial setup?

I wasn't part of the team from the beginning to the end. I came when they were almost done. It was complex but also very interesting. It took two weeks or so if I'm not mistaken.

For the setup, you need to look at the low-level design and the architecture, and then you look at the network interfaces, listeners, routes, default routes, etc. If there is a way they can come up with step-by-step information about configuring it, that would really be nice. The guide right now is too cumbersome and bulky. If there is more straight-to-the-point and procedural information, it would be better. 

What about the implementation team?

Cisco service engineers were the ones in charge. 

What was our ROI?

We have seen an ROI.

What's my experience with pricing, setup cost, and licensing?

At times, we feel the pricing is a bit too high, but then, there is also room for discounts. We enjoy a lot of discounts, and that is why we are still with them. There are no costs in addition to the standard licensing fees.

Which other solutions did I evaluate?

We have evaluated other solutions, such as FortiMail from Fortinet, but we stuck with Cisco ESA. ESA's pricing and licensing were what led to us trying to see how we can bring it all together.

What other advice do I have?

It is stable and credible. I would always tell someone else to try it out. Of course, before you try it out, you can look at what Gartner is saying. Gartner has always placed the Cisco Email Security Appliance up there along with Mimecast and other top players. 

It is well-secured. Security is everyone's concern, so I will always tell people to go for it. It is very secure. Its pricing has been a little bit high, but you can always ask for a discount from your account managers, country manager, or whoever is in charge in your region.

I would rate this solution an eight out of 10.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Chief Security Officer at a hospitality company with 1,001-5,000 employees
Real User
Top 10
Reduced time investigating incidents from the endpoint layer
Pros and Cons
  • "I see from time to time that Perception Point is being proactive. They approach us, and say, "Can you check this, and this?" So, it does seem that they are an extension of my incident response."
  • "They can do better on the spam. Today, Perception Point is not our only solution. We have two solutions, and they are the second in line because the spam filtering is not yet the best."

What is our primary use case?

Email protection from:

  1. All malicious attachments. 
  2. Phishing URLs
  3. Phishing and spam emails.

How has it helped my organization?

We work mostly with Slack for incident management with their Incident Response team. Everything is recorded, maintained, and operated in Slack. This is easier for every team, making it easier for us to stick with this solution. They are online. We show evidence. In general, we have good communication.

What is most valuable?

Email is still the first victim, e.g., it is number one for hackers to use. This is why you want to have the best protection against those attempts. The mechanism Perception Point Advanced Email Security has against malicious, phishing attempts and all these hackers' attempts via email was the main reason to use this solution. It protects the company from all the email attempts that can put the company at risk.

What needs improvement?

They can do better on the spam. Today, Perception Point is not our only solution. We have two solutions, and they are the second in line because the spam filtering is not yet the best. 

From an operational perspective, as a customer, we want to have the ability to do all the changes that we want. I don't want to have to approach the Perception Point guys, and say, "Please do: A, B, C, D." I prefer to have my guys do our customizations.

For how long have I used the solution?

I started to use Perception Point Advanced Email Security even before my current position. So, I would have been using it for about four years.

What do I think about the stability of the solution?

In the four years that I worked with them, we have had maybe two downtimes. Obviously, that is a good percentage of uptime. I haven't had any big issues with them. So, the stability is very good.

Two security engineers manage the solution out of the SOC.

What do I think about the scalability of the solution?

We started small, then we expanded. Because it is a cloud-based solution, it is very easy to scale. 

From a user perspective, there are around 7,000 mailboxes with almost 300,000 emails a day. The solution is fully deployed (100 percent).

How are customer service and technical support?

We have used the technical support. Usually we use them when we have a false positive or false negative. It depends. We are using Slack, so they answer right away. They check and investigate it, so the technical support is quite good.

The vendor commits to the solution’s effectiveness when it comes to detection, but this is around an accuracy and detection rate of 99.5 percent. They sometimes miss and we find them. Obviously, we report them back, then they try to fix and solve them for the next time, which is a good thing. 

It is very important that the vendor’s Incident Response team work in the background and proactively help. They are also providing 24/7 support, so if something is happening while it is night, holidays, or weekends, then it is important that they will be proactive if they find something suspicious or something that requires actions. Therefore, we need them to be responsible. Some of this stuff, we can manage on our own, but there is stuff that they need to do on the back-end.

I see from time to time that Perception Point is being proactive. They approach us, and say, "Can you check this, and this?" So, it does seem that they are an extension of my incident response.

Once we report any stuff that we found, and for some reason haven't detected, they do everything very fast. It is almost real-time, and they are closing this gap. If they found something that they missed, or we told them, then they acted quickly.

Which solution did I use previously and why did I switch?

We had an email protection system that wasn't as good before. Now, our block percentage is much higher. So, we have fewer incidents happening in the company. Obviously, this shows in the ROI. I don't need my guys to start dealing with all these incidents. Perception Point Advanced Email Security also provides a very good investigation report of what it was trying to do. Then, we take it and leverage it, using it to improve our detection in our protection systems. Therefore, we have increased the effectiveness of our detection against malicious attacks, plus our SOC team is not spending as much time dealing with them.

We added Perception Point Advanced Email Security. We still have Fortinet FortiMail because of the anti-spam. Fortinet is the first in line to block the spam, but they are second in line when blocking all the malicious stuff.

How was the initial setup?

The initial setup was very straightforward. We did it in two phases, mostly. 

The phase one: Right away, we did all the malicious attachments. Obviously, we did it first in detection mode. After we saw there were not too many false positives, we changed it to block mode quite fast. It took one to two weeks, then we just changed it to block mode. 

The second phase was phishing URLs, which was a little more complicated than attachments. It was for detection only on URLs. We whitelisted all the legit URLs that had false positives. Once we finished with whitelisting, we enabled it on block mode. From that moment, it was quite straightforward. There were no issues. 

We can go into full production (fully live) with this solution in one month.

Sometimes, we have a URL that goes into a whitelist, but it happens once a month or something. It is a very low number. 

After deploying the solution, you can see all the blocking right away.

What about the implementation team?

One security engineer deployed it out of the SOC.

What was our ROI?

For specific incidents coming via email, we have reduced our SOC team time dealing with problems by 99 percent.

Perception Point Advanced Email Security has helped us reduce our false positive rate. We currently have a 99 percent success rate with one percent false positives. 

The solution has helped to reduce the number of alerts received by our endpoint layer. We have around 99.5 percent accuracy. This has affected our security operations a lot. The ROI has been very good. My guys have spent less time on investigating incidents from the endpoint, because it was already blocked on the Perception Point level. 

What's my experience with pricing, setup cost, and licensing?

They are not the most expensive vendor. There are much more expensive vendors. They are not cheap, but they are not the most expensive. They are somewhere in the middle.

The pricing is for the number of emails. There are additional costs for the number of files and scans.

Which other solutions did I evaluate?

I did evaluate two other solutions, Mimecast and Bitdam. Eventually, it was a combination of cost, integration, and support. I did want something that would work very fast and adjust to my needs. Also, the cost was important. We wanted something priced in the middle, not too expensive nor cheap.

Perception Point Advanced Email Security had a very good detection rate score. Obviously, that was one of the reasons we chose them eventually. It was not only because they are nice, but because the solution was top-ranked.

What other advice do I have?

If you are looking for a one stop solution that will deal with all your email security, then they are probably not the perfect one because you will still need to add more tools. If you are looking to be the best in security and stop all security threats coming through via email, add this solution to your current environment and trust that they have 99.9 success rates when blocking any malicious stuff. Depending on the company, you can either add them to your portfolio or replace other solutions that are not as good as them.

You need to remember to whitelist your internal services so they will not get blocked. For example, sometimes there are internal services that the company uses. Because they are internal, and not coming from the outside, most security tools will detect them as suspicious.

I would rate this solution as a nine out of 10.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
KhalidOmer
Data Center Engineer at a retailer with 5,001-10,000 employees
Real User
Top 5Leaderboard
Good pricing, offers an easy setup, and quite stable
Pros and Cons
  • "The deployment is very easy. It's quite straightforward."
  • "The solution's technical support is slow and unresponsive. You need to book time in order to get support."

What is most valuable?

The solution is very good at covering all of my organization's needs.

I've found the security to be quite good on the product.

The deployment is very easy. It's quite straightforward.

The pricing is great. It's quite fair and not too expensive.

Overall, the product has some great features.

What needs improvement?

The solution seems to be very good at iterating on past editions and continues to improve itself. I don't know if it's truly lacking everything.

It would be great if it was a bit better at protecting from the endpoints.

The solution's technical support is slow and unresponsive. You need to book time in order to get support.

For how long have I used the solution?

I've been using the solution for about four years now.

What do I think about the stability of the solution?

The solution is quite stable. We've found it to be very reliable for our organization. There aren't issues with bugs or glitches. I've never experienced it crashing or freezing. It's been good.

What do I think about the scalability of the solution?

The solution is scalable. Your organization can easily expand it if you need it to.

Currently, we have around 100 users on the solution. That would be the maximum number of users.

How are customer service and technical support?

While Fortinet has great technical support and is quite responsive and fast, I've found that Sophos requires its users to book time for support.

Symantec was also quite helpful - more so than Sophos, which still seems to be iroing out details in terms of handling customer queries. They need to be much more responsive.

Which solution did I use previously and why did I switch?

In the past, I've used Symantec products including Symantec Gateway and Symantec Endpoint Protection. When Symantec bought Barracuda, the pricing became much different. The solution seemed to offer the same features but with much higher pricing. Our company decided to go in a different direction and chose Sophos.

I still like Symantec. I used it for five years and I'm quite familiar with the product.

How was the initial setup?

The initial setup is quite straightforward. It's not complex. 

The deployment is easy to handle. How long it takes depends on which product you want to use. It's different according to your endpoint, email service, mobile, etc. That said, it's still an easy deployment process.

Our users are able to easily maintain it themselves.

What's my experience with pricing, setup cost, and licensing?

The pricing, in general, if very fair. It's definitely a positive aspect of the solution.

Which other solutions did I evaluate?

I've looked into Fortinet's server and some related products, however, I likely won't continue looking into them. I'd rather consider Symantec.

What other advice do I have?

We're just customers. We don't have any business relationship with the company.

I'm still working with this solution and testing its capabilities. There's still so much to learn about its offerings.

On a scale from one to ten, I would rate it at an eight. If they had better deployments for email security, I might rate them higher.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Product Manager-Cyber Security & Networking Active at a tech services company with 501-1,000 employees
Reseller
Secure, comprehensive, and simple to install
Pros and Cons
  • "I would say it's very comprehensive, with multiple antivirus OEMs, virus encrypt features, encryption, and more."
  • "Customers will benefit greatly from monthly billing because the majority of customers today use the cloud, be it Office 365, or Google Cloud."

What is our primary use case?

I am a solution provider. When it comes to email security, the main threat factor today is email. So we follow the rule of thumb that any and all customer emails must be malware-free. That is how we intend to approach it.

What is most valuable?

I would say it's very comprehensive, with multiple antivirus OEMs, virus encrypt features, encryption, and more.

In terms of email security, I believe Trend Micro is similar to this solution to some extent it is closest, otherwise, it has no competition.

What needs improvement?

The distributors provide an annual billing option, but we do not have a monthly billing option. Customers will benefit greatly from monthly billing because the majority of customers today use the cloud, be it Office 365, or Google Cloud. Monthly billing will be extremely beneficial.

Maybe the end DLP can be a bit more granular in email security. DLP is already present, but it could be more in-depth.

For how long have I used the solution?

I have been selling Cisco Secure Email Cloud Mailbox for the last eight years.

It's a hybrid solution, but most are moving toward on-premises or the cloud.

What do I think about the stability of the solution?

We have not had any issue with the stability of the Cisco Secure Email Cloud Mailbox.

What do I think about the scalability of the solution?

It is a scalable solution. It is easy to scale. 

They increase the number of users we can use by 20% for the duration of the year. And the coming year they will bill for the 20 percent, and you can increase the number of users.

How are customer service and support?

We don't find any issues that need security technical support. Once you implement, we are well versed in implementation and have the technical results. There is no further support required once it is implemented and the pointer is pointed towards the mailboxes. With so many data centers in India and Singapore, support is never an issue.

Which solution did I use previously and why did I switch?

We sell Fortinet as well as Cisco.

We haven't sold a lot of FortiMail. We've sold a lot of Fortinet firewalls, but not a lot of FortiMail. We have also sold a few FortiWeb web application firewalls.

It is dependent on a specific customer segment and a specific vendor. Fortinet, we take it to a lot of small and medium-sized customers.

How was the initial setup?

The initial setup is easy, it is not at all complex.

What's my experience with pricing, setup cost, and licensing?

The feedback from vendors and customer is that it is expensive. 

It's expensive, but if customers want the best product they will have to pay for the best product.

What other advice do I have?

I would rate Cisco Secure Email Cloud Mailbox an eight out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
Flag as inappropriate
Presales Network & Security Engineer at a tech services company with 51-200 employees
Reseller
Top 5Leaderboard
Responsive, flexible, easy to use, and cost-effective
Pros and Cons
  • "It is a really good product with a lot of features. It is responsive, updated, and modern. It is easy to use and has an easy interface for non-IT users. Its dashboard is also quite fine. It is also quite flexible and has an API at the backend."
  • "Its integration with other solutions can be improved. There should be integration for telemetry information, system information, and other types of information with other solutions. Barracuda currently doesn't have that. Barracuda has its own platform. Its integration with firewalls is quite good, and it communicates really well with firewalls, but I have not seen any other integration. Based on what I know, it does have an API at the backend, but I have not used it."

What is most valuable?

It is a really good product with a lot of features. It is responsive, updated, and modern. It is easy to use and has an easy interface for non-IT users. Its dashboard is also quite fine.

It is also quite flexible and has an API at the backend. 

What needs improvement?

Its integration with other solutions can be improved. There should be integration for telemetry information, system information, and other types of information with other solutions. Barracuda currently doesn't have that. Barracuda has its own platform. Its integration with firewalls is quite good, and it communicates really well with firewalls, but I have not seen any other integration. Based on what I know, it does have an API at the backend, but I have not used it. 

For how long have I used the solution?

We have been a distributor of this solution for about five years.

What do I think about the scalability of the solution?

It is scalable. You can start with a VM or hardware. The hardware is not really scalable, but the VM is scalable. Most vendors are scalable in terms of VMs.

I have about 15 to 20 customers of this solution, and they seem happy.

How are customer service and technical support?

They have a good support team. They are quite responsive and technical. They are also fast in responding. 

How was the initial setup?

It is really easy. I installed Email Security for 100 email clients two or three weeks ago, and it took me half an hour to do the base installation. The training for IT administrations took another one and a half or two hours.

It is easy to install for a non-admin. If you are a normal user trying to configure it, it is really easy to use. If you are an admin, it is a bit more complicated.

What's my experience with pricing, setup cost, and licensing?

It is a cost-effective and relatively cheap solution as compared to others.

Our customers have a yearly subscription. We do have a few customers with monthly subscriptions, but they have cloud-based Email protection, which is a different type of solution. Both solutions are very good.

What other advice do I have?

I would recommend this solution. Barracuda has one of the best email security solutions for SMB and big enterprises. Barracuda is not a leader for email security, but they are really good at what they are doing. In terms of email security, Barracuda is one of the best solutions. There are a hundred different products in the market, such as Fortinet and Forcepoint, but Barracuda is cost-effective and really good at what it does.

I would rate Barracuda Email Security Gateway a nine out of ten. It is a really good solution, and it does what it says.

Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor
Flag as inappropriate
Get our free report covering Cisco, Barracuda Networks, Microsoft, and other competitors of Fortinet FortiMail. Updated: January 2022.
564,322 professionals have used our research since 2012.