Buyer's Guide
Anti-Malware Tools
November 2022
Get our free report covering Proofpoint, Microsoft, Mimecast, and other competitors of Microsoft Exchange Online Protection. Updated: November 2022.
655,113 professionals have used our research since 2012.

Read reviews of Microsoft Exchange Online Protection alternatives and competitors

Network Administrator at a manufacturing company with 1,001-5,000 employees
Real User
Easy to use, effective threat blocking based on geo-location, good technical support
Pros and Cons
  • "SpamTitan is a product that saves us time. The less spam that you have, the more time you have because you're not digging through the mail that hits your inbox."
  • "One of the areas that can be improved is the GUI. The product works well but finding things in the interface can sometimes be a bit difficult, just because it's so in-depth and covers a lot."

What is our primary use case?

Our primary use case is filtering incoming emails.

How has it helped my organization?

SpamTitan is a product that saves us time. The less spam that you have, the more time you have because you're not digging through the mail that hits your inbox. The other thing is that it blocks potential trojans, viruses, and phishing attempts. This means that IT has less to deal with in case something does get through and opened, resulting in an infection.

On the front end, the user community doesn't have nearly as much email to deal with, in particular, spam messages. On the back end for IT, it's a huge time saver because we're not infecting our network with malware.

Before we got SpamTitan, the amount of time spent dealing with unwanted emails depended on the user. People that were dealing with a lot of outside entities would receive more spam because their email address is out there. Depending on the user, they might have three or four spam messages, or somebody might have between 20 and 30 to deal with.

For people on the higher end, with 20 or 30 spam messages that are hitting their inbox, it's time-consuming to go through and determine whether something is valid or invalid. In some cases, an email says it's coming from within the company, perhaps somebody in our purchasing department. When another employee sees the name, they assume it's safe but in reality, it's a spoofed email address. People often don't feel like digging into it so they just look at the email, resulting in the introduction of a trojan, virus, or other malware.

The amount of time that it takes to deal with spam messages varies. It depends on the type of spam that is hitting the inbox. In the morning when you fire up your email program, a high-end user may spend 15 to 20 minutes going through stuff just to make sure it's valid or not valid.

Then, throughout the day, these people were getting spam messages. It eats your time, even with one or two here and there, because you're taking time to maybe open the message, then investigate if it's really coming from a valid address or not. Even if it only takes a minute to do one message, and you get 15 of those a day, that's 15 minutes of your time. That's quite valuable.

We have thousands of users so even if 2,000 of them get five spam messages a day, and it takes each one a minute to deal with, it's a lot of time.

Using SpamTitan has immensely improved our spam catch rate and reduced our false positive rate. In a five-year timeframe, it has blocked between 60 million and 70 million messages. 

What is most valuable?

The most valuable feature is the protection that it offers against spam, phishing, viruses, and other such attacks. That's the biggest benefit of the product.

We use the geo-blocking feature, which helps to reduce our spam intake. There are known locations that are notorious for sending spam, viruses, and so forth, which is one of the reasons we use it. Right now, our filter is blocking approximately 75% of the mail that hits our door. Only 26% of the mail we get actually passes.

We use the geo-blocking feature for restricting emails based on country, and it works well. However, if something does pass that is spam or a phishing attempt, then we may block by IP address if necessary. This is very important to our organization because spam email is bad, and it's a problem for us.

We are able to create exceptions based on a trusted sender's specific location or IP address, and it works fine for that. We don't have a large rule base and in most cases, the senders, who are typically customers or vendors that we deal with, do not have their email exchange set up properly. They don't have the proper checks in place, so we add exceptions for them.

The user interface is good, and it's pretty easy to use once you learn your way around. That said, there's a lot to it and it's in-depth. There are many aspects to the interface, and there are a lot of tabs.

Overall, in terms of the system's intuitiveness, it's okay. When you click on a tab for system settings, as an example, there are multiple tabs that you can drill down into from there. Sometimes, it can be a little bit difficult to find out where you want to go, just because there are many layers to the interface.

It is difficult to say how I might improve it. There are many pieces to it, and a lot of layers, but the way they have it set up is fine. Sometimes, however, you have to search around a little bit to find out where you want to go.

There are eight main tabs and once you click on one of those tabs, it takes you into another area where there can be up to eight or ten other things that you can click into. Then, when you get in there, it might be another six or eight areas that you can look at.

If you go into system setup, as an example, and then go to static routing for network configuration, that's three layers deep. You would probably figure that the network configuration is going to be in the system setup, so you would start there intuitively, but it's a lot of options.

What needs improvement?

One of the areas that can be improved is the GUI. The product works well but finding things in the interface can sometimes be a bit difficult, just because it's so in-depth and covers a lot.

For how long have I used the solution?

We have been using TitanHQ SpamTitan for approximately five years.

What do I think about the stability of the solution?

This is a very stable product. We have not had any downtime and we have not had the product crash on us, where it was not filtering mail.

We have not rebooted our server for five years.

What do I think about the scalability of the solution?

SpamTitan is easily scalable. If you give them more money, they'll give you more licenses.

We are a large company with many factories in Mexico, China, Vietnam, and several US cities. We have several thousand employees and in the past five years of using SpamTitan, we have blocked between 60 million and 70 million messages.

We have 100% adoption. Any email coming into our company has to go through this filter before it hits our Exchange server and then is distributed to the user community. 

How are customer service and support?

The technical support is really good. I've had great luck with the support group out of Titan HQ. They are quick to respond and typically have a solution very quickly. If they don't, they'll dig into it and keep updating you as to where they're at in the process of finding a solution. Overall, I'm pleased with the support.

I would rate their support a nine out of ten. It's not a perfect rating because there is always that time when you don't get the exact answer you want, or they can't do exactly what you want. In any case, that could be a software update or something that has to be reprogrammed. They will send that up to development, but sometimes it takes time for that to happen.

If comparing support to other vendors, their response time is very quick. When you open a ticket, you get a response right away that they acknowledge that you've submitted a help desk ticket with them. Then typically you'll get a response from the tech at Titan HQ that has picked up the ticket.

They'll let you know either right then about a solution, or that they're investigating. Typically you will hear back, I would say normally within the hour, with a solution, or potential questions to help with a solution.

I would rate them above average as far as their response time and working through issues.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Prior to using SpamTitan, we were using the filtering that is part of our Microsoft Exchange.

How was the initial setup?

It's quite easy to set up. There are a lot of defaults that are set up in how it functions and what it does. Then, as you start using the product more, you can get more in-depth and put more controls and filters in place. As far as initially setting it up, the process is pretty easy.

Having it easy to set up is always an important thing. The less time you have to spend configuring and setting up a product, the more time you have for doing other things.

From start to finish, we spent approximately one day getting it set up. The server was installed, the software was installed, and then we set up getting our mail routed through it.

After the initial setup, there is some programming and other things that you do over time. But, I wouldn't consider that as part of the installation process.

What about the implementation team?

We did the implementation ourselves, with the help of Titan HQ. Our experience with them has been good. The products that they sell are typically good and easy to use, so you'll potentially put them into other locations or buy more licenses.

The deployment can be done with one person, and we have a couple of people on staff that take care of it. If there are issues with false positives or things of that nature, we've got a couple of people on staff that oversee it. That's not their only job; they're network administrators or systems admins and they have multiple tasks. That said, they have a couple of people that are familiar with the product and work on it.

What's my experience with pricing, setup cost, and licensing?

Pricing is on par with other products, and it's reasonable. They have different categories as far as the size of your company and how they license it, which is good.

Which other solutions did I evaluate?

We evaluated three or four products at the time, although it was several years ago and I don't recall exactly which ones.

We preferred SpamTitan after looking at other customer reviews, talking with some references, and they just came out the winner as far as capabilities. Support is a big thing for anybody when it comes to dealing with a product, and it's important because you're potentially blocking viruses and other malware that could harm the company very badly.

What other advice do I have?

My advice for anybody who is looking into implementing this product is to first go through their demo with them and make sure you understand how in-depth the product is because there's a lot to it. If the end-user wants a product that they plug in and turn on and they never have to look at it again, SpamTitan is not it.

This is an in-depth product and there are multiple ways to block things, although it is fairly plug-and-play with their default configuration. Other than just the actual configuration of IP addresses and things of that nature, there's a lot to it.

I know there are simpler options out there, but they also are not as comprehensive as what you can do with the product.

Overall, as far as the product goes and how it catches things, I'm quite happy with it. Ninety percent of the time, it does a great job. There is that 10% that sometimes you may want to try and do something with it, and it doesn't have the capability. That is pretty rare and when it happens, typically they will send that to development, and development will come up with a solution.

It may take a little time for them because I'm sure they have a huge backlog of things, but it's not like they tell you it's something they're not going to do. Instead, they'll send it to the development team and explain that there is an issue that the customer wants to be corrected or a capability that they want to have added. At that point, it will go up the chain within their organization.

I would rate this solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Head Of Finance And Administration at a financial services firm with 1,001-5,000 employees
Real User
Top 10
Good gateway and email security with an easy initial setup
Pros and Cons
  • "It's really quite user-friendly. In terms of technical superiority and the product itself, there are no complaints. It is really cutting edge."
  • "We have subscribed to an archival service, and yet, when we have to get our data out, we have to pay a fee to get our own data. They charge an extraction fee."

What is our primary use case?

We use Mimecast as our email gateway. We also use it as our archival service. All those phishing, anti-phishing, spear phishing, spamming, and other security filters that they have, we use all of them.

What is most valuable?

We have found email security very good.

The gateway is excellent. 

We have found the archival services to be very valuable.

It's really quite user-friendly. In terms of technical superiority and the product itself, there are no complaints. It is really cutting edge.

The initial setup is straightforward.

What needs improvement?

It was not so much about the product itself, however, their business model needs improvement. We have subscribed to an archival service, and yet, when we have to get our data out, we have to pay a fee to get our own data. They charge an extraction fee. This is something which really worries us as a company.

For how long have I used the solution?

I've used the solution for about six years at this point. It's been a while.

What do I think about the stability of the solution?

The solution is stable. There aren't bugs or glitches. It doesn't crash or freeze. It's very good.

What do I think about the scalability of the solution?

The solution can scale well. If a company needs to expand, it can do so rather easily.

We have grown from about 2,600 users to about 4,000 users. We have added additional geography as well. The product is resilient enough to take care of all of this.

How are customer service and technical support?

We have contracts and we are also subscribed to a service plan. Whenever we have used it, the service levels have been very good and we have no reason to complain.

Which solution did I use previously and why did I switch?

We were previously thinking of an alternative to Mimecast for two reasons. The main reason is as an organization, we are in the financial service industry, and we have to show some data resiliency to our regulators. However, due to the fact that we're present in 30 countries, what happens is all Mimecast data is centrally hosted in one particular grid, which is preventing us from showing data resiliency to them. I want a solution that allows me to selectively map users to a particular geography. 

How was the initial setup?

We didn't find the initial implementation complex. It was pretty easy and rather straightforward.  We didn't run into trouble.

We are a complex organization. We are present in 30 countries. It was a mix of on-prem and some were in Office 365. Due to the set up of our own architecture, we had to undergo some labor, however, otherwise, the entire process was pretty straightforward.

What's my experience with pricing, setup cost, and licensing?

We typically use a subscription service. If there are version upgrades. We automatically get upgraded to the latest version, as it's a software as a service setup. We don't need to update it as Mimecast takes care of it.

If you need to extract data from their archival service, there is an additional fee involved.

As we are an enterprise customer and we have a relationship with them, what we are told by the reseller is that we pay about 40% of their list price for this product.

It's an expensive solution. There are other competitors, like Barracuda, who offer similar services. We believe that over the years, they have picked up, and their pricing is much more competitive than Mimecast. As an organization, Microsoft itself has really matured over the years. They offer probably 90% of what Mimecast is offering, and then you don't have to pay anything extra for it because it comes with part of the Office 365 licenses. That is why we also believe that there is a lot of room for Mimecast to get their act together, pricing-wise.

Which other solutions did I evaluate?

We evaluated a few other options such as Cisco IronPort as a security service. We evaluated Proofpoint. The comprehensive solution that Mimecast offers, however, really made us sign on the dotted line.

What other advice do I have?

We're just an end-user.

We use their Perimeter Defense plan, we use their Continuity plan, we also use email to archive. These are the three scales that we use from them.

I would advise others considering the solution to technically evaluate their competencies, their highs, and lows, first. Also, read the fine print, and understand the exact costs. A company will need to understand natively how much of Mimecast capabilities does Microsoft offer if you just subscribe to an Office 365 license. It might make them rethink using this solution.

From a technical standpoint, I would rate the solution eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Global Account Manager at a computer software company with 51-200 employees
Reseller
Top 20
Brings down malicious email reporting by over 50% and allows you to open suspicious emails in a sandbox environment
Pros and Cons
  • "Its main defense is to stop malicious emails from coming through. There is a sandbox environment where you can open malicious or suspicious emails to make sure that they're not malicious, instead of taking the risk of having your employees do it. This is definitely something that everybody needs nowadays, especially with the rise in cyber attacks."
  • "I want Security Awareness Training in there as a package deal. A lot of companies are starting to value email security a little bit more and take it a little bit more seriously, and the great product that we link together with a lot of these sales is a training product called Security Awareness Training. It is an upsell that we do with Proofpoint, and it is definitely something that I recommend everybody with email security to look into. It would be great if Security Awareness Training is included with the email security."

What is our primary use case?

It serves as an added layer above your email gateway.

What is most valuable?

Its main defense is to stop malicious emails from coming through. There is a sandbox environment where you can open malicious or suspicious emails to make sure that they're not malicious, instead of taking the risk of having your employees do it. This is definitely something that everybody needs nowadays, especially with the rise in cyber attacks.

What needs improvement?

It can be improved pricing-wise. One downfall of the product from the SMB side is the pricing. Currently, everybody can't afford it. Everybody wants a Mercedes, but not everyone has the budget for it.

I want Security Awareness Training in there as a package deal. A lot of companies are starting to value email security a little bit more and take it a little bit more seriously, and the great product that we link together with a lot of these sales is a training product called Security Awareness Training. It is an upsell that we do with Proofpoint, and it is definitely something that I recommend everybody with email security to look into. It would be great if Security Awareness Training is included with the email security.

What do I think about the stability of the solution?

Its stability is great. There are no outages.

What do I think about the scalability of the solution?

Its scalability is very good. It is a SaaS solution. So, it is very adaptable. Out of my about 50 clients, more than half are using it. It is always going to be used well by customers, but we need to emphasize a little bit more on email security.

How are customer service and support?

They are good. I would rate them a 10 out of 10. They are responsive and very intuitive.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Most customers switched from Microsoft. The reason why they switched over was the results. There were more and more people who were coming to them asking why something or a breach happened. We actually caught a live breach during a PoC, and it was getting through their Microsoft, but Proofpoint was picking it up.

How was the initial setup?

It is pretty straightforward. Its deployment is done by Proofpoint. It takes less than a day.

What about the implementation team?

Its implementation is done through Proofpoint.

What was our ROI?

Our clients have definitely seen an ROI. Their level of breach and reporting of malicious emails from their user base actually went down by over 50% by using this product. That's over a two-year span for emails.

What's my experience with pricing, setup cost, and licensing?

It is on a yearly basis. Their floor for SMB doesn't matter. The user count is 100 users and below at $2,500 a year.

Its cost is higher than other solutions. It is probably about 20% to 30% higher than what you would get with Microsoft. There are no additional costs. All costs are factored in.

It can be improved pricing-wise so that it is affordable for the SMB market.

Which other solutions did I evaluate?

They didn't evaluate any other solution.

What other advice do I have?

We get no complaints, and that's why we sell it. It has been very good. I would recommend this product to everybody. It doesn't matter whether you are a large business or a small business. You need it no matter what. Going forward, it is going to be the norm to have something more than just your basic email protection because the SEC is actually catching onto a lot of these bad actors. As per the survey, the number one risk for companies was their own employees clicking something. It is a good story I tell my customers, and just like that, they're purchasing from us. It is an easier sell. It isn't hard to sell. Your average sales cycle, from PoC to close, on this one is most likely going to be within the 90-day period.

It is overall good. I would rate it an 8 out of 10.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
Computer Networks and Systems Support Engineer at a real estate/law firm with 11-50 employees
Real User
Top 20
Reliable, but it could be more automated
Pros and Cons
  • "It catches a lot of things and has the ability to add domains as well as add senders and update their things."
  • "Spam is not always detected, and it should be more automated. We have seen that some emails are allowed by these emails, which are then stopped by Microsoft."
  • "I am not aware of the licensing costs."

What is our primary use case?

We use Barracuda Email Security Gateway for email security.

What is most valuable?

It's a good solution. Maybe if we switch to the cloud version, it will be more up-to-date. It's a good one.

It catches a lot of things and has the ability to add domains as well as add senders and update their things.

It could be more automated. Many solutions in the industry are now receiving automatic updates. This one, we believe, is not; however, a later version may be better.

What needs improvement?

It's good, but some spam isn't always detected. It doesn't always detect the most recent signatures or spam. 

The database is not updated automatically. Other solutions, such as Microsoft Exchange Online, automatically receive the most recent threat data and malware data types. I believe the Barracuda database is not being updated. That is why we are looking, and we are evaluating whether Defender for Office 365 or a Microsoft solution is better than Barracuda. 

That is why we are downloading all of this research to see which of the market leaders we should switch to.

Spam is not always detected, and it should be more automated. We have seen that some emails are allowed by these emails, which are then stopped by Microsoft.

We now have two layers of defense. Barracuda and we also have Microsoft Exchange online, but we would like to switch to one or upgrade this. We are looking for any and all solutions.

That is what we are investigating right now. Because we want to ensure that some are stopped here by Barracuda and the entry point. However, for those that are not caught or blocked by Barracuda, we have the next layer of Exchange Online, which comes into the picture and checks it, sees it, and blocks it.

For how long have I used the solution?

I joined an organization that has been using Barracuda for a few years, but they are looking into other options. 

I only recently joined them, about six months ago.

I have been working with Barracuda Email Security Gateway for six months.

I don't recall, which version we are using but it is not the latest one.

What do I think about the stability of the solution?

Barracuda Email Security Gateway is a stable solution.

What do I think about the scalability of the solution?

I believe that Barracuda Email Security Gateway is scalable. We didn't make many changes to the architecture. But I believe it is scalable.

We have a small IT team of three to four people.

We have small IT teams and approximately 50-60 business users. There are only three or four people who are directly involved with the product.

How was the initial setup?

I am not aware of the initial setup. It was already deployed when I joined.

This solution is difficult to maintain, which is why updates should be automatic, in my opinion. It should be intelligent enough to get the most recent updates, which it is not at the moment.

I believe it is, but I believe it does not catch everything. Perhaps we need more collaboration, more technology companies.

What's my experience with pricing, setup cost, and licensing?

I am not aware of the licensing costs.

Which other solutions did I evaluate?

My senior colleague appears to believe that Exchange is superior. Because it receives the most recent updates and Microsoft is the largest, it has more Intel on this. We are getting more data, including real-time data updates.

What other advice do I have?

I have yet to compare it with other solutions, but I would rate Barracuda Email Security Gateway a seven out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Consultant at HCL Technologies
Reseller
Top 10
Good Solution for Spam and Malware Filtering
Pros and Cons
  • "It has very good capabilities for managing malware."
  • "They really need to create a good package that competes with Microsoft."

What is our primary use case?

I have supported the product for a couple of customers and handled migrations for others. 

How has it helped my organization?

It is basically used to receive emails and then check its hygiene, detect spam, report block-listed emails, and detect viruses. It provides all that reputation filtering that is part of policy group configurations. 

What is most valuable?

It has very good capabilities for managing malware. We can create malware policies and it directs those and reports them nicely. It's straightforward and easy. All you need to do is redirect your mail traffic to Symantec Cloud Gateway. 

What needs improvement?

They really need to create a good package that competes with Microsoft. They should accompany a lot of other products and do better with attractive packages that reduce cost. They have Endpoint production tools like Microsoft's Defender. They should offer both as a bundle to have a stake in the industry and give the customer a better price. I'd have the packet of products include identity security so they have a complete package that stands up to competitive products. 

For how long have I used the solution?

I used it for the last five to six years. 

What do I think about the stability of the solution?

Stability is good and they offer both cloud-based and on-premise solutions. 

What do I think about the scalability of the solution?

The cloud-based solution is very scalable. It is not hard to increase the number of users or onboard new companies. Any addition can happen quickly.  

How are customer service and support?

I've worked with them to handle escalated cases such as messages wrongly quarantined. I also worked with them to include work list IPSs and URLs. They're reachable. 

Which solution did I use previously and why did I switch?

Most of our customers already migrated to ING online protection after considering the consolidation request, the cost of the product, and what they're spending month to month. 

How was the initial setup?

There are steps prior to use. First, I create all the relevant policies in the cloud. So that's something that can take months. Then I test and validate. The actual migration is straightforward. 

What about the implementation team?

We are resellers, so we are the vendor team and have teams of six members for our normal operations of handling migrations. 

What was our ROI?

Customers see ROI but they feel they are paying duplicate bills. They paid at one time to Microsoft but were not using it. Now they pay Symantec per mailbox. And on the other side, now Microsoft offers it for free. 

What's my experience with pricing, setup cost, and licensing?

Billing is based on the number of mailboxes and number of emails processed. So, in that way, they're a little costly compared to Microsoft. One customer I was supporting had 30K users from Singapore and their annual cost was almost $130K. The customer feels that's costly. If a customer is not too concerned about cost, then I would tell them to go for it. But even Microsoft these days has very good, competitive features to replace Symantec. If the customer has to think about budget and solutions to reduce IT cost, they should get away from Symantec and try using Microsoft. 

Which other solutions did I evaluate?

I handle migrations for customers and have experience comparing this solution with Microsoft and ING products. 

What other advice do I have?

They have some things to improve or they will lose the industry. They have to place themselves in the game with complete packages. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
Buyer's Guide
Anti-Malware Tools
November 2022
Get our free report covering Proofpoint, Microsoft, Mimecast, and other competitors of Microsoft Exchange Online Protection. Updated: November 2022.
655,113 professionals have used our research since 2012.