We changed our name from IT Central Station: Here's why
Get our free report covering Proofpoint, Mimecast, Microsoft, and other competitors of Microsoft Defender for Office 365. Updated: January 2022.
566,406 professionals have used our research since 2012.

Read reviews of Microsoft Defender for Office 365 alternatives and competitors

Chief Information Security Officer at a media company with 201-500 employees
Real User
Top 20
We've noticed a significant decline from people accidentally or intentionally clicking on things
Pros and Cons
  • "If we look at four to five years ago, we had close to six or eight people click a link in an email per month. Now, we are probably down to about five or six clicks a year, if not less."
  • "Being cloud first and because we are in the movie business, we use a lot of Macintoshes. So, there is absolutely no reason for us to have Active Directory whatsoever. However, if you are using Office 365, you must have Active Directory in order to reset passwords. Even though we have a single sign-on provider, we must have Azure Active Directory for Office 365, which is really stupid. As a cloud application, you would think that I don't need Active Directory, which I don't need for anything else except Office 365. We have one server inside that space to help us manage Active Directory just for Office 365. This is a very sore point, but it is what it is."

What is our primary use case?

We have three instances of environments: 

  1. All of our corporate stuff. 
  2. A fake company that we test things with. 
  3. An area for all the shows.

Each show is treated as its own company. When you have green-lit a movie, you say, "I have $50 million to make this movie," then they just burn it down. Once the money is gone, it's gone. Once you make the movie and you deliver it for distribution, then you don't need the company anymore. You just dissolve it and everybody who invested into that gets the return on investment. 

We are cloud first, so we are 100% cloud. We don't have a data center. We use SaaS applications and platforms. Avanan is a cloud-based solution that is bolted into Office 365 via an API. We are using a service that is provided to us from Microsoft. We added the Avanan API from the Microsoft stack to integrate into our Office 365 environment. So, we are using Avanan's service, then we just link the two together.

How has it helped my organization?

We have had a significant decline from people accidentally or intentionally clicking on things. For the most part, that is just a lot of education, training, and awareness. There are also the notifications that Avanan does when it may let something go through because it's a legitimate sender but it might give you some information on it, saying, "Hey, this person always sends you an email from their corporate email address. Now, they are sending you something from their personal email address. Be very skeptical, heads up on it, and see what is going on."

We have had attackers send emails to everybody where they were completely fine and nothing was wrong with them whatsoever. They were trying to trick the system to create a confidence level to say, "Oh, yeah. We've always had emails from this person and they're fine. When they send us something that looks like phishing, or is bad, just ignore it because it's a trusted sender." Avanan doesn't do that. Avanan looks at everything independently regardless of if there is historical information. It will say, "This person has already sent you stuff and it's trusted," because at any given time that person's email account could be compromised, or they could be forwarding something that was compromised. They don't discriminate in regards to trust of letting something go through because they inspect everything regardless if it's trusted or not.

The customization was not necessarily a factor for corporate, but it was for television shows and movies because they have different requirements as they go through and have different technology stacks. Because every movie is different, e.g., they want to use different cameras, technology, and solutions, we have to be very flexible in how we roll out the different technology and security to these different pieces.

We just pay attention to see what is going on. Avanan helps us with some trending and modeling of where the attacks are going and who may be the next perceived victim of an attack. This has reduced our SOC team's workload, especially on the administration side of email. The standard things that you would have to do on your remediation paths, workflows, etc. It has really freed up a lot of time.

Avanan has allowed our business to really focus on other different pieces. However, when you look at the tabletop map of the whole battlefield, i.e., the whole war plan, it allows you to reposition resources in other areas that need more attention.

What is most valuable?

The administration feature is amazing. 

The detection component is really over the top. For example, in January of this year, we had five different partners who had compromised email accounts and they had no idea. We are not talking internally. We haven't had a compromised email, knock on wood, in over six years because our security architecture and the way it is set up really helps with that. All the compromises that I see are really from external collaborators or other companies. The intelligence of the detection is quick to pick up when there are anomalies associated with how somebody sends an email, where they are sending it from, the language in the email, and things like that. Then, it would flag us to say, "I know they just sent you an email five minutes ago, but this other email they sent you is from a totally different region. Not only that, it doesn't sound right."

It does a really great job of identifying different things inside the links that just blatantly get missed by Microsoft. In January, those five different companies that had their emails compromised were sending us stuff and Avanan would flag them. Then, our users were like, "No, I am exchanging things with this person. Why are you guys blocking this particular piece?" So, we dove into it and were like, "Oh, well this is really bad because this is actually a compromised account." We would pick up the phone and talk to them, "No, I didn't send that email." It actually was sent from that person's email box, but it was done from a different location. They were deleting and hiding their trail as they do with these correspondence to try to get information.

Avanan is just outstanding on how efficient and effective their learning modules are to pick up on these different pieces. We work with them quite a bit. There have been a couple of different things that they have missed, which were very old school attack vectors. We worked with them on these things and they are quick to pick up on how to remediate them. 

The way the system works is emails come into Microsoft, Microsoft processes them, sees what it can drop at the door, and then it goes through Avanan. After it is done with Avanan, then it goes through a different path to Microsoft, which is like, "If I have you on my blocked list, if I have the word 'webinar' in my rules that says webinar it's automatically deleted or moved to the junk folder, and so forth." 

There have been a couple different types of critical attacks that would take out an entire company. We're not talking about the phishing ones where you click on a link, then you type in your credentials and they steal your credentials. We are talking nasty stuff that is embedded. Most systems will look at attachments and links. On a link, they detonate it into a certain space and know that, "This has a dropper. We're not going to let it through." Or, people put different scripts inside emails because people send email in HTML format versus Rich Text Format, which then allows you to run Java scripts inside your phone and browser. Avanan reads all those different things, which is great. We have seen a couple of different attacks that were completely missed by Microsoft and a couple of other different associates outside of our company at other companies who got the same attacks, and they were just crippled by them. They will send an attachment, like a PDF or a Word document, then inside that Word document is the actual link that you click on that does the detonation. All the systems that we've seen out there didn't view the link inside the attachment, except for Avanan.

We had one that created a very small file that was attached to an email. This was just a standard HTM file, which you see a lot of folks do anyway when they want to load pictures or other different things related to the document or to the email to get certain features. Inside those HTM files or Java scripts, it would normally get picked up, executed, and say, "Oh, this is bad. We're not going to allow you to run a script that's going to encrypt your entire hard drive." We had a couple of those that have come in where the attacker converted the entire script into hexadecimal, then wrote a Java script to convert it to ANSI or Windows converted it automatically for you. The different email security tools out there see the hexadecimal as text, so it sees it as 1s, As, 7s, Bs, Cs. They just see it as that and don't do anything. It will say, "Oh, this is just a bunch of random letters and numbers. No big deal." However, Avanan was like, "Oh, wait a minute. This is hexadecimal. Let me convert it and see what it actually does. Holy cow. It's a Cryptolocker. Let's just kill it right there." 

It has been very quick to pick on those types of different types of attacks that have come in. There have been a lot of interesting pieces that we have worked with them on to help identify. There have been a couple of different things that they have blocked and we didn't know why. As we reverse engineered it and said, "Oh, this is what was going on." It's like, "That is amazing that it was able to decipher that and pull that out."

In all these different examples with other tools that we tested, they all failed miserably on different pieces, not detecting them. That is one of the main reasons why we are very appreciative of the Avanan solution. It is also why we moved it over onto television and movies. We actually have a lot of our users and contractors who will forward things through the system just to validate to make sure that it is legit.

What needs improvement?

Being cloud first and because we are in the movie business, we use a lot of Macintoshes. So, there is absolutely no reason for us to have Active Directory whatsoever. However, if you are using Office 365, you must have Active Directory in order to reset passwords. Even though we have a single sign-on provider, we must have Azure Active Directory for Office 365, which is really stupid. As a cloud application, you would think that I don't need Active Directory, which I don't need for anything else except Office 365. We have one server inside that space to help us manage Active Directory just for Office 365. This is a very sore point, but it is what it is.

There are some things that they can't remediate. The honest thing is nobody can right now because of the nature of how some of the secure email platforms work.

We have worked with them on some other different vendors to integrate into. 

There is a particular space that is a unique challenge for everybody. We are trying to help with this as well. For example, if I need to send you information securely, whether I'm using Google, Microsoft, or a third party, I may send you an email that is encrypted but you don't really get the email. When you open up the email you have to click a link to login to a server to read the email, e.g., sometimes a doctor sends you secure messages. The information is not in an email and it's not on your computer, but you receive an email that says, "Click on this link. Login to the server online to view the message or information." Well, in doing that, the message in that email that is sent to you to go to that server is 100% legit. Everything about it is correct, even the TinyURL or whatever. There is nothing wrong with that email. Once you connect to that server and you login to view the message, it may have a payload that will get distributed onto your phone or your computer. Avanan doesn't have a way to protect against that because it's not an email issue anymore. At that point, the email was delivered and it was fine. It was you going to a server in your web browser that caused a problem. Then, the question is: Because the attack factor came in via the email, how do you build out an innovative solution that allows you to better manage the risk associated with secure emails without having to compromise the integrity or confidentiality associated with reading that particular privileged email? I think combinations of browser isolation, proxy, or some other different pieces that endpoint security operation components will address this.& There is a handoff or convergence associated with those different faculties or capabilities. Then, the next question is: Is this something that Avanan needs to address or is it something that the endpoint security needs to address? 

For how long have I used the solution?

We have been using it for close to two years. We piloted with Avanan early on. We did a bunch of different testing. We have even moved them over onto our production side, like feature films, television shows, etc.

What do I think about the stability of the solution?

The stability is great. There are no issues. There was an outage at one point. It wasn't that long of an outage but it was definitely something that could have been 100% preventable. 

Our other email provider, which was an email gateway, was really crappy. When they would have issues, we would hear nothing. We would've been calling, and saying, "Hey, what's going on? What happened here?" 

Microsoft might post something on their status board, but they're not going to go into details.

Avanan gave us a root cause analysis within hours. A detailed paper explaining everything that happened. Yeah, it was their mistake, and here's what they're doing to correct it so it doesn't happen in the future. Not only did they give us the details of what the problem was, they also gave us the action plan and what they were doing going forward to make sure it never happened again. They took complete ownership and accountability of that particular outage. That is something that I would expect from somebody on my team and that is why we view Avanan as an extension of our team, because that's how they operate. They are very much into making sure our success is their success.

There is no maintenance for it. Maintenance takes about 10% of an FTE. It is not a dedicated role to manage Avanan. It is very efficient, clean, and effective.

What do I think about the scalability of the solution?

If I was a large organization with tens of thousands of employee users, it is just so much easier for it to bolt on as an API to Office 365 or Google email. It's a no-brainer when it comes to integration implementation as well as the costing for it. It is definitely a solution that scales all the way down for a three or five user company all the way up to tens of thousands of users.

Three or four people are going into it on a regular basis. Email administration that Microsoft lacks is a big part of it. We are also just chasing down when we have potential false positives. Make sure you can whitelist something. However, if you whitelist something then are you whitelisting it so it won't get scanned anymore? There are a lot of different questions when it comes to these different things. We never really say, "Hey, this is a known activity." We always say that it is an activity that was remediated because we don't want the AI to think that some of those things are normal. Otherwise, we may have one that isn't normal and it may not catch it because it was whitelisted or something like that.

For the most part, it is the standard exchange administration which Microsoft doesn't do very well. Whereas, Avanan does an incredible job on managing some of those different parts for the team. Another thing is mainly just chasing down the things that were caught, validating whether or not they are things that should be released. 

On occasion, when we have had things that slipped through and it was all-hands to make sure that, "Alright, if this slipped through, where did it go? Does anybody else have it?" We've had a couple different things that slipped through because they were 100% legit, but our users were like, "Hey. Why is everybody in the company getting this link to this screener for this particular movie on a platform that we've never heard of before and wanting us to create an account and log in?" That's just part of the educational training of users for them to be super sensitive to those types of things. 

How are customer service and technical support?

The technical support is amazing. They are very quick to respond. If it is not something that has a quick reply, it's like, "Hey, let's get back to you," and then there is relevant follow-up to make sure that we get what we need.

It is easy just to pick up the phone. We have a Slack channel with some of their team members and developers. We go back and forth, talking about innovation opportunities or things that might have been found or missed. As we see it, being cloud first is fairly unique, but not as unique since we have been cloud first for almost a decade. We look at all our different solutions as extensions of our teams. We view Avanan as an extension of our email security component team as much as they see us as an extension of their team for product review, etc. We really try to work well together to maximize the solution investment. It is that whole mentality of, "Help me help you be successful with your deployment in our environment as we go through these different pieces." 

Which solution did I use previously and why did I switch?

Avanan is an enhancement to our email security posture.

We originally had our email on an Exchange server hosted at a third-party. Because of the way it was set up with that particular vendor, we couldn't add additional external security onto it, e.g., email security. We had to move it off of their Exchange service to Office 365, and then from there we used an email gateway for our email security. We used a well-known gateway product out there. There were a lot of challenges that we had with them: the growth of the company, scalability, and they were really difficult to work with.

We also tried to use native Office 365 email security components. We realized that the native Office 365 components did just as well as the email gateway. We thought, "Well, we don't need the email gateway. We'll stick with what we have." There were a couple of new capabilities that had come out with another company. We really liked how they had intelligence on the email notifications, such as creating banners that would say, "This came from outside of the company and you have never done business with this person before." It has some really good intelligence components, but it didn't scale or meet the needs that we had. We looked at a lot of different pieces.

We always look for smaller edge platforms that we see as really innovative and great to do business with. When we looked at some of Avanan's different technologies in our test environment, we were really impressed by its capabilities on the things that it was able to detect and how it detected them. Also, its ability to work directly with a lot of different pieces.

We brought Avanan in specifically because there were several different things that Microsoft was missing. It was like, "Hey, we removed an email where someone clicked on a link six or eight hours after it was delivered because we figured it was bad." Or, Microsoft would just take things out of mailboxes without you even knowing. The more frustrating thing, with all these different things going on with the Microsoft Email Security, was we do not have a Microsoft account manager because we were too small. It's not like we can pick up a phone and call Microsoft, and say, "Hey, we got a question about this," or, "Why are you guys doing this?" or, "Hey, do you know? You broke our system. Let's fix it." You just don't have that.
Avanan provided us a place that we could call when we had issues. They can go deeper than Microsoft into a lot of their different product parts.

When we evaluated the product and everything else, it would sit behind the Microsoft Advanced Threat solution and some of the other pieces. If it picked up anything, then it was picking it up because everybody else missed what was in front of them. That is a clear indicator right there. If it was finding it, it was because somebody else missed it who was upstream from them. When we were looking at the numbers of how many things it was catching that Microsoft was missing, then the question was, "Well, why are we paying for the Microsoft Email Protection if it's not doing its job?"

Why couldn't there have been an easier way to manage Microsoft until now? They manage Microsoft way better than Microsoft can manage Microsoft from an email administration perspective.

We had a couple of different accounts that we worked with that we knew got a bunch of things which are bad all the time. As an example, think about a generic email account. That generic email account with Microsoft security and Avanan security. We would probably see in about a week's time about eight to 12 things that Avanan would pick up and Microsoft would just kill off a whole bunch of other things. When we got rid of the Microsoft component, Avanan was picking up a couple of hundred a week off of that generic email account. We knew Microsoft was working, but it was missing things, and the things that it missed would have literally taken down a company.

If it catches just that one to three emails, it is invaluable. Being able to show that it would pick these things up while all these other ones missed it, but then when we get rid of the other solution, it still picks up what the other solutions were catching. Then, why do I need to pay for other solutions? Because we did have layered email security, but it just became obvious that Avanan was a superior product.

How was the initial setup?

The initial setup was easy-peasy; straightforward. We just integrated the API into Office 365, then there it was. So, we linked the two systems, then it was done. The deployment took five minutes.

It is pretty easy to secure Microsoft Teams using Avanan. It is integrated on the back-end with an API. We just say, "Hey, do that," and it does. We are trying to get it to move into Zoom, but Zoom's not very cooperative. Because the other thing is you have phishing emails, but then you also have smishing, which is text messages and things like that. If you think about people's phones, you get a text message saying, "Hey, click this link to see where you are in the queue to go to the doctor's office," or whatever. A lot of those different types of attacks do droppers onto phones and everything else, which is really bad. If you ever get a text message from somebody you don't know and it has a link in it, just delete it. Especially if it says, "Hey, your package is on its way," don't buy it because it's a dropper. It's just going to put malware on your phone, and that is just bad all the way around.

When we look at softphones and things like that on the computer, Teams, and what have you, that's where we're working with them to help enhance those capabilities. This is not just to protect phishing from communications and emails, but to let us look for phishing and unsolicited text, Team, or Zoom messages as well as Slack or other different pieces. We are looking at how we can do a whole uniform collaboration protection component with that.

This is an integral part of how we work. It is not any different than email or anything else. It's just that it's a tool in our repository that has a lot of user adoption and engagement, especially in current times where not as many folks are actually in the same physical location. So, it is absolutely incredibly imperative that we have solutions in place to help make sure that we don't have malware attachments and other different pieces associated with it. In the case of Avanan, it helps validate the links and everything else associated with those different pieces as well.

What about the implementation team?

It was all through the Office 365 Admin console. We just said, "We are linking these two systems," and then it was just done.

What was our ROI?

If you don't have compromised email accounts, then that is a huge ROI right there. It is a huge win.

If we look at four to five years ago, we had close to six or eight people click a link in an email per month. Now, we are probably down to about five or six clicks a year, if not less. Avanan says if there is anything that comes in for them to click that is bad. The only reason they click something is because it got thrown into their quarantine or it was bad and they forced it out then they clicked it anyway. Now, over the last year, we haven't had any clicks. We have had no clicks at all this year because folks now trust that if it really does go to quarantine, then it really is bad and why. 

The other thing that is really nice about the Avanan component is with Microsoft and some of the other different products, if you think about your antivirus, they are like, "Hey, we blocked this file." Okay, why? They don't tell you. Avanan gives you explicit details as to why it is blocked and everything else that is going on with it. That is pretty important. Sharing that with our users has just been an eye-opener, so they all are really drinking the Kool-Aid in regards to staying vigilant around security and everything else. The interesting challenges that we have run into is it is great to read emails and everything else off on a computer, but 80% of our business is done off of a mobile device. Having to make sure that we can protect those mobile devices from things that are loading, an email, or clicking on different things, that is where the product really has helped us. It allows users to keep running as fast as they need to go but give them the guardrails and everything else to help protect them from some of the bad things that are out there. Then, if there is something that gets pulled or flagged, we let them know immediately. "Hey, so-and-so sent you an email but we are holding it because it's bad. If you need it, click this button." We then through and validate to make sure if it's really legitimate to send.

The phishing attacks probably dropped by 90% of what was actually making it into the mailbox. The phishing emails that do find their way in are phishing emails that don't have any attachments or links. They're just from unknown senders and what they're trying to do is to create a reputation, then they will send a follow-up email several days later with the phishing campaign embedded into it. 

When we would look at the compromised email accounts from others, we had one particular group or studio that had their email compromised. The person would go through their emails to find an email thread that was with somebody at the company, then try to reply back to that thread with information saying, "Oh, hey. Just checking in with you guys. What's going on? Working on a new project. Here's a link to the next show." It looks like it is legitimately from that person, but it really isn't, and Avanan picks it up. In this case, the person would send another email, "Oh, I'm sorry. Here's the attachment," or, "Here's the link," and it goes straight to quarantine. Then, the user's like, "Hey. What happened here?" We're like, "Okay. The email was a legitimate email that was sent but then the follow-up email was the one that had the payload or phishing component trying to get you to enter in credentials or things like that.

Avanan specifically goes and looks for screen scrapes, or things like that, to look for somebody who is trying to impersonate a site for you to enter in accounts. Like, "Hey. It looks like the Microsoft login screen," or something like that, but our users know that if they have a login screen to something in the cloud then it is right away fake because of the way our security architecture is set up, e.g., they don't get a login screen. If I were to click on a link that says, "Hey. Open up this file in OneDrive," or, "Open this file in Box," and I click on a link and it brings me to a Box login screen or Microsoft login screen, then I know it's fake.

What's my experience with pricing, setup cost, and licensing?

Everything is negotiable, but it is fair and reasonable for what you get.

It is based off of your Office 365 licensing, so it is user-based. Avanan works with you on how you need to have it arranged. If I'm making a movie, we may only have five to six users at the very beginning. When we go to principal photography, or whatever, a couple months later, I may have 400 or 1,800 users. It varies by week. We have people come on and off. Then, when it goes into post-production, it may drop back down to 200 users and finally back down to 18 users. A movie can take anywhere from eight months to three years to make just depending on what's going on with it. There is absolutely no way to sign a commitment for a movie to use a product to say, "I'm going to buy 500 seats," when some weeks it's only eight people and other weeks it is 1,800 people. I'm not going to buy 1,800 seats for three years. That's ridiculous.

Having the flexibility and modeling to do the pricing that best fits the needs of the organization is incredibly ideal. That is what Avanan does. They know exactly how many users are using it, etc. We can tune the invoicing associated with how we are using the product so we can charge it back to the shows appropriately. When making a movie, if my budget is $15 million and then it burns down, I can't go back and ask for more money. Once it's gone, it's gone. If my technology stack is going to cost me a million dollars for a show that only costs $12 million to make, that's ridiculously expensive. 

The technology doesn't change. You're still going to have the same amount of users. You're still going to have the same systems and everything else, so you have to be more flexible on how you can maximize the investment and work through the cost models that best fit the needs of the particular project or environment that you're working in.

In corporate, it is completely different. However, on the corporate side, it does vary throughout the year where we have different things that come in within the organization. The licensing is really negotiable on what works best. If your organization is going to be at a set level for the next three years, then sign a three-year deal. You'll get a better value for it. If your numbers vary a lot, then go to month-to-month licensing.

We manage whom we want to cover and don't want to cover in regards to the television side. However, on the corporate side, we just cover everybody. There are accounts which don't have email accounts that you don't want to have count against your total number that you're paying for protection. There are a lot of different levers that you can pull to customize it however you see fit for the organization. But, if I am a small to midsize company or even just a small mom and pop shop of eight people, this is an ideal solution because then you can pay month-to-month. You're not paying any kind of overhead for hardware or anything else associated that goes in with it. It is very elegant and very clean.

Which other solutions did I evaluate?

There were a couple different ones that we checked out. They were unique in their own right. Some of them were very niche on what they could do, but what we really decided on is we did not want an email gateway. We wanted an email protection system that was integrated directly into Microsoft via API. Because an email gateway receives emails and then forwards them on, where if it's integrated into Office 365, then it inspects it while it is in your box. There are a lot of advantages and disadvantages to that, but we just didn't want to have another bottleneck that if the email gateway went down then we are not getting any emails whatsoever. If my email goes down, it is because Microsoft goes down. 

Another thing is an email gateway does not remove emails from your inbox. Whereas, if an API is integrated into your platform, then the administration will actually manage the mailboxes for you. If we have to go in and pull something or take something and put it in there, then we can do that. Or, if we need to manipulate what we need, e.g., let the email be there but not the attachment, then it gives us a lot more scalability and configurability to manage the messaging and user experience.

Something that was fascinating is the Avanan platform manages Microsoft email better than Microsoft does. It has been just great. It made it real easy for our folks to say, "Hey, we got to pull this email from everybody's mailboxes." Single click. Or, "We have to identify who all received this particular component," or other different things that we need to do. Where in the Microsoft world, you need to run PowerShell scripts, which is really stupid from the standpoint that if you are a cloud-based solution, why am I doing command lines in order to execute simple administrative activities? It is great that a lot of those old schoolers love command lines? It just doesn't make sense to do command lines over the cloud, unless I physically have a direct line into that console and are managing the actual server. However, for a cloud platform to do CLI, that is ridiculous. 

I guess our expectations are a bit high and Microsoft is just not meeting them. 

Avanan provides rich, contextual information that helps protect our users. We are given way more information than Microsoft ever would give us. It is actionable information and information that makes sense.

What other advice do I have?

I would highly recommend it. I would rate Avanan as 10 out of 10.

It is used across the entire enterprise. This year we have extended it out beyond corporate to movie shows. Going forward, all new movies and television shows are leveraging the platform. After a year and a half of having it at corporate, we moved it out of corporate onto other projects outside. So, it has very much expanded its presence inside and outside the organization.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Head Of Security Operation And Response at a hospitality company with 1,001-5,000 employees
Real User
Incident Response team answers immediately and fine-tunes system to continually improve detection
Pros and Cons
  • "Another feature that we really like, one that was introduced a few months back, is the way it categorizes threats into groups, such as Emotet, Qbot, Formbook, and the like. It's not only telling you that something is malware, but it's also giving you insight into what kind of malware... You understand what you are facing and whether you are a target for a specific group of threats..."
  • "In terms of architecture, and I know that they're going to improve this, the solution needs to be much more redundant. There was an outage a month ago in AWS, and that basically stopped the service for two or three hours. Although in two years, this was the first time that something like that happened, our expectation from a company like Perception Point is that it should work with either a multi-cloud or multi-region architecture, to improve the resilience."

What is our primary use case?

We route all of our inbound emails through Perception Point to have it scan for malicious files, malicious URLs, spam—all the attack vectors that can be used via email. 

We're also using it as a sandbox, which is a new feature we started to use in the last two quarters. We use their API to send files and URLs for investigation to the Perception Point sandbox. Based on the verdict, we take action. If it's clean we keep it in the system, and if it's malicious we delete it from our system.

How has it helped my organization?

Perception Point has helped to reduce our false positive rate by a very good percentage, on the order of 80 percent. It has also absolutely helped to reduce the number of alerts received, by something like 95 percent. As a result, we have to manage fewer incidents due to emails containing malicious files. If the EDR is detecting it, you need to investigate it and, in some cases, to isolate the device and reimage the device. In terms of our operations, it has reduced the workload by a lot.

What is most valuable?

Almost everything is a valuable feature. Among the most important are the sandboxing and the levels of pattern and sophisticated techniques they are able to detect. As far as I know, and I've worked with another product before, Microsoft Defender for Office 365, other products are not able to detect those kinds of malicious files or URLs. Perception Point is our second layer, and it always catches them. 

Another feature that we really like, one that was introduced a few months back, is the way it categorizes threats into groups, such as Emotet, Qbot, Formbook, and the like. It's not only telling you that something is malware, but it's also giving you insight into what kind of malware, which category tried to exploit you. For a security team, this kind of information is very critical because it's a type of intelligence. You understand what you are facing and whether you are a target for a specific group of threats, and you can defend better against them.

And something that has really improved in the last few months is the Incident Response team, which comes as part of the service. The SLA is really amazing. This was the biggest advantage. When you are working with MDO or Proofpoint, for example, you will never speak to a human. You can open a case and they will reply, but we have a Slack channel with Perception Point. We can reach out to them and they answer immediately, meaning within five and 30 minutes. For us, that's like real-time when working with a vendor.

The main goal of the Incident Response team is responding to incidents, of course. But the way we use them is that when we identify a false positive, we ask them, "Hey guys, can you check why we got this false positive?" They do a great job checking and fine-tuning as a result, so that the next time it will pass through. The same goes for a true positive. What is unique about the product is that, in the end, it's not only a machine, rather there is also human interaction. A human will sometimes go over the tagging and decide that the system gave the wrong verdict. This is how they make sure that the system gets better and better all the time. In the backend, they have machine learning. But to optimize the model, somebody has to fine-tune it all the time. You cannot expect that the first model will be bulletproof, and that is the way they are doing it. That is why they are so good in this domain.

What needs improvement?

We have some unique use cases that we're working on with them, like integrating their solution with Zendesk and with Shodan.

In terms of architecture, and I know that they're going to improve this, the solution needs to be much more redundant. There was an outage a month ago in AWS, and that basically stopped the service for two or three hours. Although in two years, this was the first time that something like that happened, our expectation from a company like Perception Point is that it should work with either a multi-cloud or multi-region architecture, to improve the resilience. Perception Point can find a better way to maintain availability. In this case, the AWS problem was in North America, so if Perception Point had had a region in Europe, they probably would have been able to recover much more quickly, just flip it, and that would have been it.

For how long have I used the solution?

I've been using Perception Point Advanced Email Security for two years.

What do I think about the stability of the solution?

Everything has worked as expected. It's working 99.999 percent of the time.

What do I think about the scalability of the solution?

We get 50,000 to 100,000 emails per day and we haven't faced any scalability issues. I can't say there was a delay in emails because of this volume.

We aren't using the solution’s expanded product portfolio to protect more than just email, at this stage, but we are looking into it for the coming year.

We are also working with them with requirements from our end and we are really looking forward to a native integration with Zendesk. We believe that both companies, Zendesk and Perception Point, can benefit from that, and not just our company. Once Perception Point has an integration with Zendesk, it will impact many customers around the world in a positive way.

How are customer service and support?

We haven't needed to use customer support so far.

Which solution did I use previously and why did I switch?

We used FortiMail before, but it's not a next-generation email gateway.

How was the initial setup?

Our initial deployment of Perception Point had some complexity, because when I started with my current company, we had on-prem Exchange and FortiMail. That made it a bit challenging. It was less an issue with Perception Point and more because of our architecture.

Once we moved to Office 365, it took two minutes. For an Office 365 customer, it's a very easy deployment.

What's my experience with pricing, setup cost, and licensing?

The pricing is not cheap, but I can see the value. In security, if you are trying to save by giving up quality, that's a very bad decision. If there is high quality and it demands a high cost, you need to pay. Don't compromise on quality. If Perception Point is 99 percent accurate, and Proofpoint is 97 percent accurate but costs 20 percent less, I'll pay the extra 20 percent and sleep well at night.

Which other solutions did I evaluate?

We were thinking about Proofpoint. The big advantage of Perception Point is the Incident Response service. There is no product in the market that provides that kind of service. Also, although they were small when we started with them two years ago, we believed in the company and its vision. And it has proven itself. We have seen the outcome. Microsoft is 100 or 1,000 times bigger than Perception Point, but Microsoft misses so many threats that Perception Point catches. When it comes to advanced malware, there is a 20 percent difference, and that's a huge number.

What other advice do I have?

If you are looking for the next generation of email gateway with an Incident Response service, select Perception Point without any second thoughts.

A few months back, I would definitely have said that the Incident Response service needed improvement, in terms of their responses and SLA, but because they really took the required action, I can't think of anything else that they should improve. I am really happy with what I have. If they maintain it, I will be a very happy customer.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
VIPINKUMAR
Senior Consultant at a construction company with 1-10 employees
Consultant
Top 20
Provides visibility into what's going on and reduces spam, but there should be more focus on threats, spam, and support
Pros and Cons
  • "It is good at data leakage prevention (DLP). You can create the data exfiltration profile while sending the emails, which is one of the key advantages of the solution."
  • "Forcepoint is the best for DLP, but it is not better than other solutions in terms of phishing emails or threat protections on the email. It has less visibility over there. They might need to enhance these components because other solutions, such as Cisco Email Security and IronPort, have more advanced features. Forcepoint should focus more on threats and spam. They have a small database for spam. They must increase their solution's capability from this perspective."

What is our primary use case?

We are in the service industry, and we provide solutions to customers. We have multiple customers, and they're using this solution for email security. I have also been using it as a user.

Its deployment usually involves a mixed approach. Now, every customer is moving to the cloud, and it is deployed on the cloud servers.

How has it helped my organization?

Our customers get more visibility into what's going on. They are able to get the exact details of what is being shared and what is being captured by Forcepoint. They were not aware of this information previously. It has also reduced spam.

What is most valuable?

It is good at data leakage prevention (DLP). You can create the data exfiltration profile while sending the emails, which is one of the key advantages of the solution.

Our customers are leveraging spam filtering, threat prevention, and multiple policies features the most.

What needs improvement?

Forcepoint is the best for DLP, but it is not better than other solutions in terms of phishing emails or threat protections on the email. It has less visibility over there. They might need to enhance these components because other solutions, such as Cisco Email Security and IronPort, have more advanced features. Forcepoint should focus more on threats and spam. They have a small database for spam. They must increase their solution's capability from this perspective.

Their support should be improved in terms of the response time and attention to the information provided for an issue.

For how long have I used the solution?

As a user, I have been using Forcepoint Email Security for around five years.

What do I think about the stability of the solution?

I would rate it a seven out of 10 in terms of stability. Some of their appliances might fail. It can also take a little bit more time to apply the policies because of their cloud environment. Sometimes, the console can get stuck because the management is on-prem, but the appliances are on the cloud. It can take some time to sync all the things for the cloud.

What do I think about the scalability of the solution?

Its scalability is good. We can scale up appliances without pretty much any downtime.

If we start with 500 users, we would put one basic appliance or the basic image over there to support up to 500 users. If users are increasing rapidly, we would deploy another appliance in the load sharing mode. It can share the load with the old one. It should be in the active/active mode. It is very easy to deploy. We just need to place the new appliance over there, and then we need to just push the policies that are already there in the management console. We just need to add another appliance to the management console. We don't need to reconfigure everything.

In my organization, there are six or seven people from the deployment perspective. We also have one or two users from the operational perspective.

How are customer service and technical support?

I would rate their support a four out of 10. When we raise a ticket with Forcepoint, they take around 48 hours and sometimes, even three or four days to reply. They also don't see what we have put in that email, and they ask for similar details. They again take a long time, maybe 24 hours or 48 hours, to respond, and after that, they start their investigation.

Basically, it takes around one week to get a correct or proper response from them, which makes it quite difficult for us in terms of not meeting the SLA for the customers. They only respond on time for any downtime situation. For general issues, they take around one week or maybe more.

Which solution did I use previously and why did I switch?

We have exposure to other solutions, such as Cisco Email Security. For the DLP solution for emails, Forcepoint is better, but other solutions are better in terms of phishing emails or threat protections on the email.

How was the initial setup?

I found it straightforward. Usually, I search for instructions on how to set it up, and I follow them. If those instructions are missing for specific cases, it could be difficult.

It approximately takes two days for a complete setup, which doesn't include fine-tuning. We deploy the hardware appliances or the software appliances. We run the pilot for a group of users. We filter out all the policies, and then we apply the best policies. After that, we fine-tune it.

What about the implementation team?

We deploy it ourselves.

What's my experience with pricing, setup cost, and licensing?

Its licensing is quite easy and straightforward. They have two or three suites, and the price is negotiable. It depends upon the size of the deal. 

They have multiple licenses. The standard is one, and then there are additional licenses that you can go for. There are three or four licensing models. You have the network suite, endpoint suite, email security, and the standard one.

What other advice do I have?

Most customers are happy with the solution. It is quite good. I would recommend this solution for the SMB market. I would not recommend it for an enterprise because other solutions, from Cisco and Microsoft, are quite good and more advanced.

Currently, there are different solutions for email, such as Office 365 that has native applications. There are also multiple solutions for DLPs, including some of the local vendors as well. Forcepoint is not in the Gartner list as an enterprise solution, and that's why it is not recognized well. 

I would rate Forcepoint Email Security a six out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Head Of Finance And Administration at a financial services firm with 1,001-5,000 employees
Real User
Top 10
Good gateway and email security with an easy initial setup
Pros and Cons
  • "It's really quite user-friendly. In terms of technical superiority and the product itself, there are no complaints. It is really cutting edge."
  • "We have subscribed to an archival service, and yet, when we have to get our data out, we have to pay a fee to get our own data. They charge an extraction fee."

What is our primary use case?

We use Mimecast as our email gateway. We also use it as our archival service. All those phishing, anti-phishing, spear phishing, spamming, and other security filters that they have, we use all of them.

What is most valuable?

We have found email security very good.

The gateway is excellent. 

We have found the archival services to be very valuable.

It's really quite user-friendly. In terms of technical superiority and the product itself, there are no complaints. It is really cutting edge.

The initial setup is straightforward.

What needs improvement?

It was not so much about the product itself, however, their business model needs improvement. We have subscribed to an archival service, and yet, when we have to get our data out, we have to pay a fee to get our own data. They charge an extraction fee. This is something which really worries us as a company.

For how long have I used the solution?

I've used the solution for about six years at this point. It's been a while.

What do I think about the stability of the solution?

The solution is stable. There aren't bugs or glitches. It doesn't crash or freeze. It's very good.

What do I think about the scalability of the solution?

The solution can scale well. If a company needs to expand, it can do so rather easily.

We have grown from about 2,600 users to about 4,000 users. We have added additional geography as well. The product is resilient enough to take care of all of this.

How are customer service and technical support?

We have contracts and we are also subscribed to a service plan. Whenever we have used it, the service levels have been very good and we have no reason to complain.

Which solution did I use previously and why did I switch?

We were previously thinking of an alternative to Mimecast for two reasons. The main reason is as an organization, we are in the financial service industry, and we have to show some data resiliency to our regulators. However, due to the fact that we're present in 30 countries, what happens is all Mimecast data is centrally hosted in one particular grid, which is preventing us from showing data resiliency to them. I want a solution that allows me to selectively map users to a particular geography. 

How was the initial setup?

We didn't find the initial implementation complex. It was pretty easy and rather straightforward.  We didn't run into trouble.

We are a complex organization. We are present in 30 countries. It was a mix of on-prem and some were in Office 365. Due to the set up of our own architecture, we had to undergo some labor, however, otherwise, the entire process was pretty straightforward.

What's my experience with pricing, setup cost, and licensing?

We typically use a subscription service. If there are version upgrades. We automatically get upgraded to the latest version, as it's a software as a service setup. We don't need to update it as Mimecast takes care of it.

If you need to extract data from their archival service, there is an additional fee involved.

As we are an enterprise customer and we have a relationship with them, what we are told by the reseller is that we pay about 40% of their list price for this product.

It's an expensive solution. There are other competitors, like Barracuda, who offer similar services. We believe that over the years, they have picked up, and their pricing is much more competitive than Mimecast. As an organization, Microsoft itself has really matured over the years. They offer probably 90% of what Mimecast is offering, and then you don't have to pay anything extra for it because it comes with part of the Office 365 licenses. That is why we also believe that there is a lot of room for Mimecast to get their act together, pricing-wise.

Which other solutions did I evaluate?

We evaluated a few other options such as Cisco IronPort as a security service. We evaluated Proofpoint. The comprehensive solution that Mimecast offers, however, really made us sign on the dotted line.

What other advice do I have?

We're just an end-user.

We use their Perimeter Defense plan, we use their Continuity plan, we also use email to archive. These are the three scales that we use from them.

I would advise others considering the solution to technically evaluate their competencies, their highs, and lows, first. Also, read the fine print, and understand the exact costs. A company will need to understand natively how much of Mimecast capabilities does Microsoft offer if you just subscribe to an Office 365 license. It might make them rethink using this solution.

From a technical standpoint, I would rate the solution eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Chief Information Officer at a consumer goods company with 51-200 employees
Real User
Top 10
Reliable, scalable, protects your email from threats, and has good support
Pros and Cons
  • "The setup was easy."
  • "I would want better spear phishing protection in the essentials package."

What is our primary use case?

I am the CIO, I have consultants.

We use Proofpoint Email Protection to filter out malicious emails.

How has it helped my organization?

We have a lot fewer malicious emails coming in since implementing this product.

What is most valuable?

The setup was easy.

What needs improvement?

It was easier to use Microsoft than Proofpoint.

We had some issues with their sales consultant. We got into a dispute and he ended up leaving the company. It's unknown if he was unhappy being at the company, or if it was a reflection of the company, but I can say that their sales consultant was not good.

I think they have everything that I would want in the advanced version.

There are certain things, I would want. I would want better spear phishing protection in the essentials package.

For how long have I used the solution?

I have been working with Proofpoint Email Protection for two years.

It's a subscription, and we are always using the latest version.

What do I think about the stability of the solution?

The stability is fine.

What do I think about the scalability of the solution?

The scalability is good.

I am going to reiterate. To move to a more sophisticated email security solution was cost-prohibitive. When you compare it to others, it was too expensive.

All users of the company, all departments were using this solution.

How are customer service and technical support?

The technical support was okay. I think it was good, although it wasn't outstanding.

It would be excellent, f they had chats and instantaneous responses. That would make it better.

We always struggled with getting on the phone with someone.

Which solution did I use previously and why did I switch?

We were able to get the same security levels using Microsoft that we were getting with Proofpoint.

With this company, we used Proofpoint straight out of the gate.

We have now switched to Microsoft. The features were definitely there. It was more integrated; people don't have to go to a different website to see what was quarantined. They can see it right in their account on Outlook.

Microsoft is easier to use, it's more integrated, and it's cheaper. It was cheaper than their advanced module, for sure, but it was comparable to their basic package.

How was the initial setup?

The initial setup was straightforward. It was easy to set up.

It took few hours to set up. It was really quick.

We have an admin that would go in to see what was quarantined every now and again a quarter of full-time equivalent approximately 10 hours a week.

This solution was being used every day, 24 hours a day.

What about the implementation team?

We used a consultant to deploy the solution.

I have had a relationship with this consultant for more than 20 years. If I keep a consultant for that long it's because they are worth their weight.

It is always a pleasant experience working with them.

What was our ROI?

For sure, we have seen a return on investment. It does what it's supposed to do, which is to protects you.

If Proofpoint was the only product out there, I would gladly pay for it. It would be fine and good. But they are not the only game in town. Their competitors managed to give the same level of protection for much less.

What's my experience with pricing, setup cost, and licensing?

The Basic Email Coverage is pretty close to the same price as the Extended Email Security of other companies.

To start basic at Proofpoint, let's say more expensive than other basic packages.

To jump into the Advanced versions of Proofpoint, the costs multiply four or five times, which made it not feasible for us. Being multiple times more expensive, it very much less attractive.

What other advice do I have?

I would advise people to look at the options.

It does what it says it's going to do. The only issue is the cost.

I would rate Proofpoint Email Protection an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Get our free report covering Proofpoint, Mimecast, Microsoft, and other competitors of Microsoft Defender for Office 365. Updated: January 2022.
566,406 professionals have used our research since 2012.