Perception Point Advanced Email Security alternatives and competitors

We are today using this product for email filtering and we plan to use it later for file filtering on cloud-sharing platforms.

This solution is very effective at detecting malicious content and very fast in adapting to new threats. There have been new types of attacks which, instead of attaching malicious files to emails, have been attaching to Google Docs that are hosted on the Google Cloud. Within a couple of days, Perception Point updated the engine to a filter and block such attacks. For us, it was very beneficial because the users are not allowed to open attachments, but when people asked them to view a document on the cloud, they weren't used to it. This left them open to this type of attack.

The Perception Point incident response team acts like our own SOC team, which is important because we do not have a SOC, but rather a limited incident response team. This means that any external assistance allows us to work on the more critical areas and identify the events that we have to investigate. In general, it significantly reduces our internal workload.

When it comes to incident management, I think that the Perception Point incident analysis is very fast. It usually takes less than an hour to go back with initial reactions, and they adapt the technology very fast as well. They provide either interim solutions or full solutions to all of the incidents that are identified.

In terms of engine optimization, ever since we started working with Perception Point, we have been able to monitor improvements to their capabilities, including adaptations they have made. Moreover, our own team was able to work with the system and ask for improvements, and they've all been done very fast.

Perception Point has helped to reduce our false positive rate by approximately 90%. More generally, it has reduced the total number of alerts we get. We used to have more than 100 endpoint alerts per month and it has been reduced to individual ones. Overall, that is a greater than 90% drop in alerts.

The most valuable feature is the ability to identify malicious content and phishing emails and reduce the workload we have to do in terms of security. The quarter before we used Perception Point, we had about 400 positive identifications of malicious content being used by employees, probably getting them via email. Since using Perception Point, we have almost nothing.

The only thing that can be improved in Perception Point is the in-depth analysis and attribution to cyberattack groups. This is an issue I have raised with their product team. Currently, when we get malicious content, we don't know where it came from. One of the things that worries me the most, as a sysop, is whether we are being targeted by any of the cybercrime groups. This is something that Perception Point doesn't do, so I have another cyber threat intelligence team that does the investigating. Ideally, Perception Point should offer this as part of their service.

We have been using Perception Point Advanced Email Security for the past four or five months.

We are using it as a SaaS and since we have been using it, there have been no noticeable service interruptions.

It seems to be very scalable. It's cloud-based, so it should be able to scale nicely. We haven't done load tests because our load is not very high.

We have about 1,400 people who are protected by this product, and they work in every role that you find in an enterprise. We are located in Asia, Europe, and North America.

The technical support is very good. Most of the time, they reply within one hour.

Prior to Perception Point, we were using a solution by Barracuda. We switched because Barracuda didn't provide the capability to filter emails and block the malicious content we wanted.

The initial setup was very simple and straightforward. As we are using Perception Point as a mail relay, it only involved changing the MX record or DNS records in order to relay our email messages to Perception Point, and whitelisting the Perception Point addresses in our email systems. It was a very simple configuration, and it was up and running very fast.

We have many domains, and some of them took some time, our major domain was done first and it was completed within one day.

After deployment, it started providing value immediately. That said, it took a few weeks before we identified everything that needed to be whitelisted or blacklisted.

It requires some administration in terms of blacklisting and whitelisting rules for URLs of domains. There are some cases that the out-of-the-box solution doesn't identify properly, especially when there are misconfigurations by people that we communicate with.

I managed the deployment, but someone on my team did the technical setup.

We have seen ROI in the form of reduced security team activity, a reduction of employees clicking on phishing emails and malicious content, a reduction in the need to re-image machines that have been infected by malware, and a reduction in the incident response (IR) activities.

We were able to get reasonable pricing that matches the ROI we want, so I think that it is the correct price point.

We evaluated other solutions including Mimecast, Sasa Software, Forcepoint, and a couple more. Some of the products that we looked at didn't offer a full SaaS solution so we didn't consider them.

We didn't perform a full pilot program with the rest of the vendors because we had a situation where we wanted to deploy very quickly. We were in a dialogue with Perception Point, it performed perfectly, and we just decided to move on with them.

My advice for anybody who is considering Perception Point is that there are no false negatives and no false positives with this product. Overall, I am very happy with it.

I would rate this solution a nine out of ten.

We use it to scan email for security purposes. 

It's all cloud, there is no on-premise footprint. All the infrastructure is Perception Point infrastructure.

Judging the effectiveness of Perception Point when it comes to detection is difficult because we do not have only Perception Point in our email security flow. Perception Point is the last line of defense in our protection process, what we call a third-tier of protection. Before Perception Point, we have two layers of Microsoft in place, and those two layers filter quite a lot. We wanted to add another layer from a different vendor so that we were not only relying on Microsoft, but also because we knew Microsoft was not catching everything. That was proven through our PoC with Perception Point. Every month we catch a good number of malicious emails. Our focus is more on malicious messages than on spam, although it catches a good number of spam messages as well.

We escalate one or two emails per month that were not discovered by either Perception Point or Microsoft, so our overall effectiveness is pretty good. But Perception Point is certainly catching things that Microsoft does not catch. It is doing important work because an email that Microsoft does not catch is a risk if it gets into a user's mailbox. We are talking about 25,000 to 30,000 emails a month that Perception Point is catching that Microsoft is not yet detecting.

Also, Perception Point's Incident Response team is like an extension of our messaging team in the sense that we do not have the capacity or the resources to evaluate whether an email is malicious or not, especially for the type of volume we have. This was one of the key criteria for us when selecting a partner. With Microsoft, a lot of it is done by machine learning, but we do not have a Microsoft team making a determination about emails or a team that we can easily escalate issues to or turn to for an email security conversation. Perception Point performs a really important part of what our vision is for email security.

We have also created an integration where users are able to report phishing attempts, and those emails are scrutinized by the Perception Point Incident Response team. That is an additional benefit. They're adding value both through qualifying our emails and through reviewing messages that our users report as phishing attempts.

We have another integration between Perception Point and our endpoint solution. That is something Perception Point actually offered so that if the endpoint solution finds something where the entry point was an email, there is an automatic interaction through which Perception Point does a review and removes things from the email box. That is an added benefit.

The most valuable features of the solution are the ones that are related to finding impersonation attacks and detecting attempts to steal credentials. In scenarios where attackers get you to follow URLs to a malicious site that looks similar to a good site, and then ask for the user credentials to try to steal them, it is very useful.

It also has features for detecting branding impersonation.

And specifically, when it comes to protecting our VIPs and avoiding BEC (business email compromise) attacks, that is another important part for us.

It scans pretty much all content, so it's full-scale. We see in our dashboard how emails are categorized by different engines. There isn't just one engine that determines whether an email is malicious. They have a multi-engine architecture for detection of malicious emails. They provide full scanning of email.

There is still room for improvement with BEC. There is more work to be done by Perception Point on machine learning and neuro language as well. BEC is very difficult if you don't have a computer language looking into the content of the email and trying to make a determination through that. With BEC you often don't have an attachment or a URL. That is an area where there is certainly room for improvement.

We have been using Perception Point Advanced Email Security in production since August of this year, so more than four months. Before that, we ran a PoC and we were in pilot mode for about another six months.

We have not had any issues with the stability in production. We had some small issues during the PoC, but they did not have an impact on us because we were just in monitoring mode. And regarding the issue with Amazon this week, we were not affected, because it was in the US and we were not using the infrastructure in the US.

We haven't seen any issues with emails failing because they are delayed or in queue. We haven't been aware of a situation where users are waiting for an email. To a certain extent, it's because we are not running inline so Perception Point cannot be a bottleneck because the users have the emails in their mailboxes. A customer that runs the solution inline may have a different opinion because email will not arrive until Perception Point has processed it.

Perception Point's team in general, whether it's the support people, the management, or the sales folks that were engaged with us, have been very good. Often, when a company is at the PoC stage, they engage with you and try to demonstrate that they're good, but once you have signed a contract that might fade away. That has not been the case with Perception Point. They are very responsive and very attentive to our requests. The support has been very good.

Positive

The initial setup was in between a straightforward and a complex process. We had some hurdles at the beginning because of some issues with AWS.

Also, the way we have rolled out the solution is different from the way Perception Point normally rolls it out for its customers. In general, it is known as an inline solution, where the traffic is scanned by sending it to Perception Point, and then they send it back to the customer before it reaches the users' mailboxes. But we did not set it up that way. We rolled out in another way that became available during the pilot phase. We decided to go for that option because we felt it was less risky when it comes to the email flow. If something were to happen to Perception Point or to Amazon, like happened to Amazon a few days ago, then the email flow would be affected and require us to take action.

The way that we rolled it out is similar to what the competitors do. The email arrives into the user's mailbox and is then scanned. It then takes any necessary actions in seconds or minutes. I don't know how much Perception Point is advertising this. We were the only customer that was testing this option and then decided to go to production with it.

From a protection point of view, the inline method, which is the preferred mode, is obviously more secure, because emails will not get to the end-users until they have been scanned. In our case, end-users are receiving the emails and, in parallel, they are being analyzed. If action is required, Perception Point will take the email out from the end-user's mailboxes. There is a small period of time where the user could click on an email that is malicious. But we made the decision to roll it out in this way.

We did the rollout in phases over three weeks in the month of July. We first rolled it out to our users in Asia-Pacific, and then to our users in America, and then our users in EMEA.

In terms of time-to-value, the solution was already delivering value during the PoC. The difference was that in the PoC, the solution was just alerting us and was not taking action. However, we had an agreement with Perception Point that if we knew with certainty that emails were malicious by code, they would remove them even during the PoC. When we moved to production, Perception Point was immediately taking action.

Another difference in our rollout was that we started with a goal of avoiding a lot of false positives, using an 80 percent accuracy level for the determination of maliciousness. That meant that if the algorithms thought that there was an 80 percent chance, or above, that an email was malicious, action was taken to remove it from the user's mailbox. We started to see that happen from the very first moment we went live. The value was there from the beginning.

After months of working in production with this 80-percent-and-above threshold, we changed in November to 60 percent. In the November numbers, we see a decrease in reports from our users of phishing emails. We still have to see if this remains the case during December and January. But this could be an indication of Perception Point now catching more, before users are required to report something as phishing.

I believe we have seen ROI. We are catching emails, important emails to our VIPs. We run reports facilitated by Perception Point on the numbers, but they also provide summaries that we highlight at the end of every month about emails attacking VIPs or impersonating VIPs. We can see that if an email had not been caught it could have been really malicious. From that point of view, the return on investment is there. Even one email that gets through is already one too many, but there is no 100 percent solution. When we see that, on top of Microsoft, Perception Point is catching 25,000 to 30,000 emails, that is a good number for us. As a percentage of the volume of email that we receive overall, those numbers are small, but they're quite big if we understand that there are 30,000 emails with potentially malicious implications for our users and our company.

We ran an RFI with different solutions, but we only did a PoC with Perception Point and another competitor.

One of the main attractions for us with Perception Point was the Incident Response team. Perception Point was one of the few companies that offered that feature and it fulfilled something that we did not have: the expertise and the capacity to look into emails. The other vendors that did offer something similar charged additional money for it.

The other piece was the inline versus post-delivery issue. We actually liked the idea of inline, but our management was attracted more to the idea of the post-delivery. Perception Point gave us the flexibility to do one or the other and that also was important to us.

In addition, the company and the individuals who engaged with us at Perception Point were very good in terms of listening to us and our requests, and in many cases, implementing them very quickly. Before we had even signed, they were already giving us solutions to some of our requests. That reaction, listening to our feedback and implementing it, continues now. We checked with some Perception Point customer references and they said that type of responsiveness won't change after you sign, and that has been our experience as well. We are still in contact regularly, discussing ideas and improvements with them.

Obviously, you need to be convinced about a solution on the technical side and see good results out of a PoC, but the service and the people behind it were part of what made us go with Perception Point.

Whether you're looking at Perception Point or any other solution, the first thing to do is to find the weak areas with your current solution. Some solutions may be more targeted to a specific technology or type of threat. There are solutions that are very specialized in BEC, for example, and they're very good at BEC. So if your problem is with BEC, then maybe focus on them. Knowing your main problem will help in determining which solution to go with. Otherwise, you could be picking something that is not going to resolve your problem.

We route all of our inbound emails through Perception Point to have it scan for malicious files, malicious URLs, spam—all the attack vectors that can be used via email. 

We're also using it as a sandbox, which is a new feature we started to use in the last two quarters. We use their API to send files and URLs for investigation to the Perception Point sandbox. Based on the verdict, we take action. If it's clean we keep it in the system, and if it's malicious we delete it from our system.

Perception Point has helped to reduce our false positive rate by a very good percentage, on the order of 80 percent. It has also absolutely helped to reduce the number of alerts received, by something like 95 percent. As a result, we have to manage fewer incidents due to emails containing malicious files. If the EDR is detecting it, you need to investigate it and, in some cases, to isolate the device and reimage the device. In terms of our operations, it has reduced the workload by a lot.

Almost everything is a valuable feature. Among the most important are the sandboxing and the levels of pattern and sophisticated techniques they are able to detect. As far as I know, and I've worked with another product before, Microsoft Defender for Office 365, other products are not able to detect those kinds of malicious files or URLs. Perception Point is our second layer, and it always catches them. 

Another feature that we really like, one that was introduced a few months back, is the way it categorizes threats into groups, such as Emotet, Qbot, Formbook, and the like. It's not only telling you that something is malware, but it's also giving you insight into what kind of malware, which category tried to exploit you. For a security team, this kind of information is very critical because it's a type of intelligence. You understand what you are facing and whether you are a target for a specific group of threats, and you can defend better against them.

And something that has really improved in the last few months is the Incident Response team, which comes as part of the service. The SLA is really amazing. This was the biggest advantage. When you are working with MDO or Proofpoint, for example, you will never speak to a human. You can open a case and they will reply, but we have a Slack channel with Perception Point. We can reach out to them and they answer immediately, meaning within five and 30 minutes. For us, that's like real-time when working with a vendor.

The main goal of the Incident Response team is responding to incidents, of course. But the way we use them is that when we identify a false positive, we ask them, "Hey guys, can you check why we got this false positive?" They do a great job checking and fine-tuning as a result, so that the next time it will pass through. The same goes for a true positive. What is unique about the product is that, in the end, it's not only a machine, rather there is also human interaction. A human will sometimes go over the tagging and decide that the system gave the wrong verdict. This is how they make sure that the system gets better and better all the time. In the backend, they have machine learning. But to optimize the model, somebody has to fine-tune it all the time. You cannot expect that the first model will be bulletproof, and that is the way they are doing it. That is why they are so good in this domain.

We have some unique use cases that we're working on with them, like integrating their solution with Zendesk and with Shodan.

In terms of architecture, and I know that they're going to improve this, the solution needs to be much more redundant. There was an outage a month ago in AWS, and that basically stopped the service for two or three hours. Although in two years, this was the first time that something like that happened, our expectation from a company like Perception Point is that it should work with either a multi-cloud or multi-region architecture, to improve the resilience. Perception Point can find a better way to maintain availability. In this case, the AWS problem was in North America, so if Perception Point had had a region in Europe, they probably would have been able to recover much more quickly, just flip it, and that would have been it.

I've been using Perception Point Advanced Email Security for two years.

Everything has worked as expected. It's working 99.999 percent of the time.

We get 50,000 to 100,000 emails per day and we haven't faced any scalability issues. I can't say there was a delay in emails because of this volume.

We aren't using the solution’s expanded product portfolio to protect more than just email, at this stage, but we are looking into it for the coming year.

We are also working with them with requirements from our end and we are really looking forward to a native integration with Zendesk. We believe that both companies, Zendesk and Perception Point, can benefit from that, and not just our company. Once Perception Point has an integration with Zendesk, it will impact many customers around the world in a positive way.

We haven't needed to use customer support so far.

We used FortiMail before, but it's not a next-generation email gateway.

Our initial deployment of Perception Point had some complexity, because when I started with my current company, we had on-prem Exchange and FortiMail. That made it a bit challenging. It was less an issue with Perception Point and more because of our architecture.

Once we moved to Office 365, it took two minutes. For an Office 365 customer, it's a very easy deployment.

The pricing is not cheap, but I can see the value. In security, if you are trying to save by giving up quality, that's a very bad decision. If there is high quality and it demands a high cost, you need to pay. Don't compromise on quality. If Perception Point is 99 percent accurate, and Proofpoint is 97 percent accurate but costs 20 percent less, I'll pay the extra 20 percent and sleep well at night.

We were thinking about Proofpoint. The big advantage of Perception Point is the Incident Response service. There is no product in the market that provides that kind of service. Also, although they were small when we started with them two years ago, we believed in the company and its vision. And it has proven itself. We have seen the outcome. Microsoft is 100 or 1,000 times bigger than Perception Point, but Microsoft misses so many threats that Perception Point catches. When it comes to advanced malware, there is a 20 percent difference, and that's a huge number.

If you are looking for the next generation of email gateway with an Incident Response service, select Perception Point without any second thoughts.

A few months back, I would definitely have said that the Incident Response service needed improvement, in terms of their responses and SLA, but because they really took the required action, I can't think of anything else that they should improve. I am really happy with what I have. If they maintain it, I will be a very happy customer.

It's our mail relay system. We are using it to filter all our incoming emails. It's also a security platform for our SharePoint and OneDrive.

The main benefit to our company is the reduction of risks with the potential to evolve into more complex security events. The solution stops those risks before they get to the end-user. We saw, when using other solutions in the past, that some of the emails that are blocked today were passing through. The overall effectiveness of this security solution is much better.

Also, our SOC team is quite minimal, so it's very helpful for us to have an external team that assists us with handling incidents. We don't have the time or the resources to handle all of them. We are currently evolving our teams and their SOC team is more effective when reviewing things. It saves us time because we don't have to do anything within the system. We can just reach out to their IR team and they will investigate and take the relevant action. It reduces some of our load.

Their portal is very convenient, very easy to use, and very good for managing. The portal also provides a great investigation process, where we can open a ticket for each email that we think should get a second opinion. Their Incidence Response team will respond.

The solution can pull emails that have already been marked as malicious from the mailboxes. Their security engines are very effective at stopping malware and potential attacks before they reach a user's mailbox. They have the best detection engine.

When it comes to the scale of scanning, the solution looks at each email, the body and each attachment, to try to detect potential malicious links or macros. It scans everything. We feel very comfortable with that. It will not miss any email. Other companies' security engines sometimes decide on their own what should be fully scanned and what should not. With Perception Point, this is not the case. Everything is fully scanned.

They could improve their anti-spam engine a little bit, because there are a lot of false positives. Sometimes, emails pass through their system but are spam. In terms of security and engines for malicious emails and antivirus, they're doing a good job. Their other engines can be improved.

This is something we discussed with them before we purchased the solution. We discussed their roadmap with their product team. The spam engine is something that they're working on. We know that their spam engine is going to improve in the very near future.

We also spoke with them about a change to the GUI so that we can release more than one email at a time. Also, if we want to open investigations into a few emails, we need to go into each email to open the investigation. When we have done onboarding within our company, there have been times when we had a lot of email that we needed to whitelist. It took a lot of time to go into each email and open a ticket. It would help if they added a feature where we could add similar emails, or more than one, to a ticket for the IR team.

We have been using Perception Point Advanced Email Security for almost three months.

So far, we have not had any problems. We know that before we went with the system there was some downtime, but we haven't had any issues.

We are not aware of any issues with scalability.

We are protecting about 3,000 mailboxes, and growing. Part of our plan is to increase our usage of Perception Point. We have additional companies that we are working on migrating and we plan to move their email traffic under this umbrella as well.

They provide good support. If we have a problem, we create a ticket in the Perception Point system. And if there is something that we don't think can be handled through the portal, we can call or email or WhatsApp our customer success manager and everything works. He replies very quickly.

Positive

We switched from Symantec Mail Security. The reason we moved forward with Perception Point was the security portfolio. We were impressed with how very effective it is.

The initial setup was straightforward and easy. It didn't take a lot of time. If you want to add some domains, the whole process takes a maximum of one hour. We worked with their customer success manager and he was very responsive to us and available most of the time. We have a large company with a lot of mailboxes and in the first few days of the integration we were in direct contact with him by WhatsApp, by emails, or by phone. The integration process went very smoothly.

We were able to move from Symantec to this solution in one week, and the time to value was from the moment we started to use Perception Point. 

You don't measure security products on return on investment.

The licensing mechanism is fine. It's quite standard. The pricing was fair in comparison with the other solutions. We have received good value for what we paid.

We tried to use IronPort and Microsoft. We selected Perception Point because we liked their engine for detecting malicious emails. We also liked the GUI and the easy setup. Besides the effective security, which was a major part of our decision, we also thought that the total cost of ownership of the product would be better for us, as we are a very small team. Another factor was that it included SharePoint protection and that was an extra feature not available in other solutions that were just anti-spam systems.

It's hard to compare the detection rate among these solutions because all of them are doing a good job.

The best part of Perception Point was that the system is already configured for best practices. It does the job as well as it can be done. When we tried other solutions, they had to be configured down to the smallest details. And if there are any changes in the environment, we would always have to be ready to change the system configuration. Again, because we're a small team, we felt that it would be better for us to go with a system that is configured optimally.

Consider Perception Point. It is a very young company and it's evolving, so you need to be aware of that.

Some companies use it as a second tier of protection, not as the first tier like we do, because they have an additional product that does the initial filtering.

Check the solutions you are looking at against any additional needs you have because not all platforms provide the interfaces that might be required for some organizations.

If you go with Perception Point, you need to work with them to make sure you fine-tune your policies with their IR team, especially if you have an evolved SOC team. You need to make sure you coordinate efforts and that policies and decisions are made according to what your company requires.