We use it to scan email for security purposes.
It's all cloud, there is no on-premise footprint. All the infrastructure is Perception Point infrastructure.
Download the Perception Point Advanced Email Security Buyer's Guide including reviews and more. Updated: July 2022
Perception Point is a Prevention-as-a-Service company, offering fast interception of any content-based attack across all collaboration channels including email, cloud storage, CRM apps, and messaging platforms. The company prevents phishing, BEC, spam, malware, Zero-days, N-days well before it reaches the enterprise’s end-users. Deployed in minutes with no change to the enterprise’s infrastructure, our solution conforms with any policy and requires zero fuss from IT teams. On top of that, the company offers a significant added value service through our Incident Response team that serves as a force multiplier to the enterprise’s SOC team.
Perception Point's unique technology, which folds 7 different detection layers to provide a single verdict, has been recognized by Gartner and has proven time and time again to deliver the most effective ROI when compared to leading cyber solutions. As a result, the company now serves many global enterprises of all sizes and across all verticals, including Telecom, Food & Beverage, Tech, Healthcare, and more.
We use it to scan email for security purposes.
It's all cloud, there is no on-premise footprint. All the infrastructure is Perception Point infrastructure.
Judging the effectiveness of Perception Point when it comes to detection is difficult because we do not have only Perception Point in our email security flow. Perception Point is the last line of defense in our protection process, what we call a third-tier of protection. Before Perception Point, we have two layers of Microsoft in place, and those two layers filter quite a lot. We wanted to add another layer from a different vendor so that we were not only relying on Microsoft, but also because we knew Microsoft was not catching everything. That was proven through our PoC with Perception Point. Every month we catch a good number of malicious emails. Our focus is more on malicious messages than on spam, although it catches a good number of spam messages as well.
We escalate one or two emails per month that were not discovered by either Perception Point or Microsoft, so our overall effectiveness is pretty good. But Perception Point is certainly catching things that Microsoft does not catch. It is doing important work because an email that Microsoft does not catch is a risk if it gets into a user's mailbox. We are talking about 25,000 to 30,000 emails a month that Perception Point is catching that Microsoft is not yet detecting.
Also, Perception Point's Incident Response team is like an extension of our messaging team in the sense that we do not have the capacity or the resources to evaluate whether an email is malicious or not, especially for the type of volume we have. This was one of the key criteria for us when selecting a partner. With Microsoft, a lot of it is done by machine learning, but we do not have a Microsoft team making a determination about emails or a team that we can easily escalate issues to or turn to for an email security conversation. Perception Point performs a really important part of what our vision is for email security.
We have also created an integration where users are able to report phishing attempts, and those emails are scrutinized by the Perception Point Incident Response team. That is an additional benefit. They're adding value both through qualifying our emails and through reviewing messages that our users report as phishing attempts.
We have another integration between Perception Point and our endpoint solution. That is something Perception Point actually offered so that if the endpoint solution finds something where the entry point was an email, there is an automatic interaction through which Perception Point does a review and removes things from the email box. That is an added benefit.
The most valuable features of the solution are the ones that are related to finding impersonation attacks and detecting attempts to steal credentials. In scenarios where attackers get you to follow URLs to a malicious site that looks similar to a good site, and then ask for the user credentials to try to steal them, it is very useful.
It also has features for detecting branding impersonation.
And specifically, when it comes to protecting our VIPs and avoiding BEC (business email compromise) attacks, that is another important part for us.
It scans pretty much all content, so it's full-scale. We see in our dashboard how emails are categorized by different engines. There isn't just one engine that determines whether an email is malicious. They have a multi-engine architecture for detection of malicious emails. They provide full scanning of email.
There is still room for improvement with BEC. There is more work to be done by Perception Point on machine learning and neuro language as well. BEC is very difficult if you don't have a computer language looking into the content of the email and trying to make a determination through that. With BEC you often don't have an attachment or a URL. That is an area where there is certainly room for improvement.
We have been using Perception Point Advanced Email Security in production since August of this year, so more than four months. Before that, we ran a PoC and we were in pilot mode for about another six months.
We have not had any issues with the stability in production. We had some small issues during the PoC, but they did not have an impact on us because we were just in monitoring mode. And regarding the issue with Amazon this week, we were not affected, because it was in the US and we were not using the infrastructure in the US.
We haven't seen any issues with emails failing because they are delayed or in queue. We haven't been aware of a situation where users are waiting for an email. To a certain extent, it's because we are not running inline so Perception Point cannot be a bottleneck because the users have the emails in their mailboxes. A customer that runs the solution inline may have a different opinion because email will not arrive until Perception Point has processed it.
Perception Point's team in general, whether it's the support people, the management, or the sales folks that were engaged with us, have been very good. Often, when a company is at the PoC stage, they engage with you and try to demonstrate that they're good, but once you have signed a contract that might fade away. That has not been the case with Perception Point. They are very responsive and very attentive to our requests. The support has been very good.
The initial setup was in between a straightforward and a complex process. We had some hurdles at the beginning because of some issues with AWS.
Also, the way we have rolled out the solution is different from the way Perception Point normally rolls it out for its customers. In general, it is known as an inline solution, where the traffic is scanned by sending it to Perception Point, and then they send it back to the customer before it reaches the users' mailboxes. But we did not set it up that way. We rolled out in another way that became available during the pilot phase. We decided to go for that option because we felt it was less risky when it comes to the email flow. If something were to happen to Perception Point or to Amazon, like happened to Amazon a few days ago, then the email flow would be affected and require us to take action.
The way that we rolled it out is similar to what the competitors do. The email arrives into the user's mailbox and is then scanned. It then takes any necessary actions in seconds or minutes. I don't know how much Perception Point is advertising this. We were the only customer that was testing this option and then decided to go to production with it.
From a protection point of view, the inline method, which is the preferred mode, is obviously more secure, because emails will not get to the end-users until they have been scanned. In our case, end-users are receiving the emails and, in parallel, they are being analyzed. If action is required, Perception Point will take the email out from the end-user's mailboxes. There is a small period of time where the user could click on an email that is malicious. But we made the decision to roll it out in this way.
We did the rollout in phases over three weeks in the month of July. We first rolled it out to our users in Asia-Pacific, and then to our users in America, and then our users in EMEA.
In terms of time-to-value, the solution was already delivering value during the PoC. The difference was that in the PoC, the solution was just alerting us and was not taking action. However, we had an agreement with Perception Point that if we knew with certainty that emails were malicious by code, they would remove them even during the PoC. When we moved to production, Perception Point was immediately taking action.
Another difference in our rollout was that we started with a goal of avoiding a lot of false positives, using an 80 percent accuracy level for the determination of maliciousness. That meant that if the algorithms thought that there was an 80 percent chance, or above, that an email was malicious, action was taken to remove it from the user's mailbox. We started to see that happen from the very first moment we went live. The value was there from the beginning.
After months of working in production with this 80-percent-and-above threshold, we changed in November to 60 percent. In the November numbers, we see a decrease in reports from our users of phishing emails. We still have to see if this remains the case during December and January. But this could be an indication of Perception Point now catching more, before users are required to report something as phishing.
I believe we have seen ROI. We are catching emails, important emails to our VIPs. We run reports facilitated by Perception Point on the numbers, but they also provide summaries that we highlight at the end of every month about emails attacking VIPs or impersonating VIPs. We can see that if an email had not been caught it could have been really malicious. From that point of view, the return on investment is there. Even one email that gets through is already one too many, but there is no 100 percent solution. When we see that, on top of Microsoft, Perception Point is catching 25,000 to 30,000 emails, that is a good number for us. As a percentage of the volume of email that we receive overall, those numbers are small, but they're quite big if we understand that there are 30,000 emails with potentially malicious implications for our users and our company.
We ran an RFI with different solutions, but we only did a PoC with Perception Point and another competitor.
One of the main attractions for us with Perception Point was the Incident Response team. Perception Point was one of the few companies that offered that feature and it fulfilled something that we did not have: the expertise and the capacity to look into emails. The other vendors that did offer something similar charged additional money for it.
The other piece was the inline versus post-delivery issue. We actually liked the idea of inline, but our management was attracted more to the idea of the post-delivery. Perception Point gave us the flexibility to do one or the other and that also was important to us.
In addition, the company and the individuals who engaged with us at Perception Point were very good in terms of listening to us and our requests, and in many cases, implementing them very quickly. Before we had even signed, they were already giving us solutions to some of our requests. That reaction, listening to our feedback and implementing it, continues now. We checked with some Perception Point customer references and they said that type of responsiveness won't change after you sign, and that has been our experience as well. We are still in contact regularly, discussing ideas and improvements with them.
Obviously, you need to be convinced about a solution on the technical side and see good results out of a PoC, but the service and the people behind it were part of what made us go with Perception Point.
Whether you're looking at Perception Point or any other solution, the first thing to do is to find the weak areas with your current solution. Some solutions may be more targeted to a specific technology or type of threat. There are solutions that are very specialized in BEC, for example, and they're very good at BEC. So if your problem is with BEC, then maybe focus on them. Knowing your main problem will help in determining which solution to go with. Otherwise, you could be picking something that is not going to resolve your problem.
We use them for email security of all our clients. We only use their email protection right now. We don't use their protection for Teams or other services. We use it strictly for email.
We get emails every time one of our customers gets a blocked email. This is something that I like to see. I probably get hundreds of emails that go to the folder for blocked emails. I see it blocking a lot of phishing emails that look like Amazon or Microsoft Office 365 logins. With common websites, people don't even think if they see a fake email. I see a lot of them getting blocked.
Overall, I am very happy with it. We use it for ourselves and all our clients. It is rare to see something slip through. It definitely happens that there will be an email that comes through that is dangerous or junk, because no solution is 100%. For their effectiveness, I would rate them as nine or 10 out of 10.
I had a customer who was decent-sized, about $15 million a year, as we work with small businesses. This guy had no email security. I kept telling him, "Hey, I need you to buy this email security. Your employees are clicking on bad links." The guy refused to buy the software. It was only a couple hundred bucks a month, which is not much for a company of their size. Then, his accounting person got a lot of emails and clicked on one. They got hacked. The hackers got into their bank account and took about $70,000. This is an example of people who don't have email security.
Knock on wood. We haven't had a client, who uses their protection, have an email security breach. That is the best thing about what they do. We don't have to think too much. Their product just works and keeps bad emails away.
There is now real recognition from our customers about email security. A lot of people now know how dangerous email can be. Perception Point does a good job of keeping danger away.
The way that they scan all embedded links in an email. One of their features is a scan engine. It scans every link, then tries to determine if it is an active site. So, if they saw a threat and the website was down, then it is not really a threat. If there is a link in an email, they still pass the email through because they can't determine that it is a problem. However, when they scan them and see a problem, then we can see these results in the portal, which is good as well.
If we have clients who say, "Hey, I didn't get this email," or "Look at this," we can view a lot of this information in the portal.
With Office 365, the nice thing is that if an email does slip through, we have the feature enabled where we can notify them or log into the portal, then it will take the email out of our customer's mailboxes.
Their marketing and training need improvement. When some of their new features come out, they don't do a great job of notifying or educating us, e.g., sending emails such as, "Hey we..."
Just to create a new customer, we used to have to go through their support team. The last time that I had a new customer, they said, "By the way, we have a new feature. You can do it yourself," and that was fine.
They just don't do a good job of promoting themselves. They seem like a typical busy IT company who is just working on fixing problems and making technology better. However, they are not fantastic at marketing themselves to existing partners, which is not a bad thing. It is just something for improvement.
I have been using it for two to three years. We might have been one of the first IT companies to become a partner with them.
It has been very available and stable. The only time that we have had an issue in the last couple years (because they are based off Amazon's platform) was about a month ago when Amazon had that huge outage in Virginia. That was a problem.
The problem was that Amazon went down and our customers could not get their emails. However, the good news was that all the emails were saved at Amazon and Perception Point. There was a workaround. We could have removed Perception Point from our customers, but that would have removed the email security. So, when our customers called us and freaked out, saying, "I don't have it." We told them there was an Amazon outage. I said, "Listen, you can either wait until this gets fixed or we can remove the email security." All our customers said, "No, I'll wait," because they don't want their employees to get email viruses and click on them.
Our largest customer is not very large compared to an enterprise. The solution is fine for us based on our client base.
Their support has been fantastic. We get very quick responses. With another vendor, I had to wait a week sometimes for an answer, which was crazy.
I have had a couple customers get mail bombed, getting 10,000 emails a day. It is impossible for somebody to check their email when they are getting that many. I had to reach out to Perception Point support.
I have the cell phone of one of the top guys on the technical side. If I can't get a hold of somebody on their main number, then I can text or call him. I have had to a couple times. He gets somebody on his team to help slow down these mail bombs. I don't know if that is part of their Incident Response Team, but they have definitely done a good job when we have had some email emergencies.
Sometimes, their support is not 100% perfect. I would rate it as 9 or 10 out of 10.
We use Proofpoint and still have them as a vendor for people who have onsite email servers.
We were trying to use both Proofpoint and Perception Point for a customer, and it didn't work. That was because of Proofpoint. So, we were stuck only with Proofpoint.
I don't like Proofpoint. Their support has gotten better for some reason. I am not sure what has changed, but they had a period where their support was really bad and it was hard to get in contact with somebody. That has changed. It has gotten a little better, but I have had some problems recently. This was one of the reasons why I didn't want to use Proofpoint. They are a little too big and haven't given us good service as an IT company.
IRONSCALES is a big player and we tried using them. We went through demos and talked to sales engineers. I didn't see it stopping a lot of bad things, but I don't know if we had it configured correctly. We could never get it to work right. When we had issues, e.g., we had some emails that were blocked and some other problems, it took them weeks to get back to us. That is just unacceptable when you are dealing with email products.
I just didn't have good experiences with Proofpoint and IRONSCALES.
The initial deployment is easy. They have a document that shows you how to do it. Once you do it a couple times, you can repeat it easily. I have done it quite a few times. I can probably set somebody up on Office 365 in 15 minutes or less.
After deployment, the solution starts delivering value immediately, when it comes to stopping threats. As soon as you put them in place, they are scanning emails for anything bad coming through, which is a nice thing.
People don't realize the benefit of it. When we get a new customer, we include this solution in our pricing. They don't even realize that we put it in. The first thing that our customers don't realize is they are not getting a lot of viruses or bad emails. The second is that they are staying up all the time. For example, with this other previous customer who didn't have it, they had somebody clicking a bad email almost every day. They were at risk of getting an infection, and then they had problems. We would then have to go clean it up. Their employees couldn't work because we were working on the computer where they clicked the bad email.
For people who don't have it, they will see the benefit when they do have it. It won't interrupt your business because everything runs smoothly. You never see the bad stuff.
It prevents downtime. A lot of our customers don't like it when their employees are not working because they are paying them to do nothing. If I have to work on somebody's computer for two hours, that is two hours when somebody is getting paid to do nothing. That is the thing that this type of solution helps with. It is really a waste of my time. Because if they had this solution, I wouldn't have to spend two hours cleaning it up.
There is room for improvement for them with an MSP partner. The pricing is good and fair. Our customers don't complain. The only thing is that it's a little bit old school. They don't have a system that automatically checks the number of users that our customers have so we can just update the licenses ourselves through a website. It is still done manually. They have a person who checks invoicing monthly to determine if there have been any changes. A nice improvement would be if they could get automated licensing counts.
I have gone through a couple different vendors and didn't like the other products. Then, I found Perception Point. I used to know a guy who worked for them. We looked at their product, which did what we needed to do. Also, support was important for us. With some of the larger companies, I have had problems getting issues fixed that needed to be fixed in a timely manner. So, we decided to go with Perception Point, their technology, and portal, which shows us how it scans information in emails.
It keeps the bad emails out. They do the job of email security. We have been pretty lucky.
Do a demo with Perception Point and other vendors to see what you like. Everybody likes things for different reasons. One of the biggest selling points for us is the quick access to support via email and phone. That was my number one or two reason for going with them. You want a good product that protects you, and there are a lot of good products out there now, but the support is really why we went with them. If you want good support when there is a problem, think about these guys, because we didn't have good luck with some bigger companies.
I would rate this solution as 9 or 10 out of 10. We are super happy.
I have my own company where I use it personally along with my own people and assets. I am also a consultant to a lot of other companies, for which I integrate this system. Basically, they don't have a lot of functions. We use its mail filtration, i.e., mail defense or mail relay. We also use their Office 365 SharePoint feature.
I provide services to about 80 different companies.
I implemented it for our company in January. By the end of the year, I gave the company some reports. We didn't have any issues or malicious activities from any point of view, especially from email. That says it all.
No one complains about any of my emails coming in late or never coming. If it never comes in, it is either contaminated or stopped because of an issue, but never because of latency, etc.
In terms of integration, it was easy. The company didn't even realize that they had a security appliance in their infrastructure. It was quite transparent to them. They were happy, I was happy, and that's it. The simplicity of it was the best aspect when it comes to integrating it into the network.
You won't see any changes in how your systems function. First, it is an external service. The second thing is it's just a mail relay. So, it just scans if the email is contaminated or if it doesn't score high in their risk scoring matrix.
They don't have a lot of features. They have very straightforward basic features. As a mail relay, I am very satisfied with the product because it really defends against all malicious activity from the Internet. It catches a lot of stuff, such as attachment files on body headers.
It really works well on SharePoint when you upload a file or save a file. Advanced Email Security scans if it is malicious and identifies issues. It can do some forensics on its console, which is nice.
The UX/UI is quite straightforward and good. You don't have a lot of settings to mess around with, which is great. What you see is what you get.
As far as I know, it provides full scanning of all incoming mail content. Incoming-only is good enough for me. Once you have malicious activity within your domain, e.g., your Office 365 or any type of mail service, it doesn't really matter. It really matters what is coming from the outside into the organization.
If you are an E1 or E3 user in Office 365, this will complement your solution quite nicely, without spending a lot of money. I don't think that Office 365 gives you a lot of security in terms of your mail infrastructure, unless you know how to configure it correctly. Here, you don't really need to configure anything. You just change the DNS record, and there you go. So, it is really good.
They could add some more features or interesting stuff that we could integrate.
From a forensics point of view, it could improve a bit more from a threat intelligence aspect. So, if I find a malicious email, they could have more investigations about sources, headers, where it comes from, if they have seen it in other campaigns before, etc. I would like a little bit more from a threat intelligence point of view so I can understand who else might be affected and attacked as well as the vectors of attack.
I have been using it for around five years, since one of their first versions.
I have never had an issue with stability.
I don't know the date and what happened, but they did have an issue with their server. It was a bit stressful, because they are the bottleneck in the end. There are some strict rules in Office 365 that if they are not responsive, then no one will get their emails. So, their downtime is critical. It would be nice to have the knowledge/comfort that incoming email services won't be affected, even if they need to be in downtime, maintenance, etc.
The scalability is endless.
I had some silly settings. I forgot to do something from an Office 365 point of view, then something didn't work. I raised a ticket, and they said, "Check this and that." It was my mistake. Another ticket was because I needed to create a specific rule in their system. I just wanted them to do it, because I wasn't sure that I was doing it correctly and didn't have time to waste on it.
When you change the DNS record, it takes some time until it takes effect. It is usually a few seconds, but something didn't go right. I don't know if it was on my end or theirs. I think it was on theirs. They had to create another token, DNS string, or some sort of setting to refresh it.
There was one email where I raised the flag, and asked, "How did it go through?" It was some sort of spam. They said that they would check it out and pass it to the vendor. I believe they took care of it because I haven't seen it since.
Their technical support is good. I would rate it as nine out of 10 because there are always places to improve.
There were a few solutions in place before Perception Point Advanced Email Security. We switched to Perception Point because I recommended it.
The initial setup was easy-peasy. It took five minutes to deploy.
After deployment, it took five seconds for the solution to start delivering value, when it comes to stopping threats.
We don't speak directly to the vendor. We have an intermediary, Magen Ofek, who does the SOC. They are actually very active. We didn't ask for SOC services, but they are giving it, and it has been quite good.
We are very much happy with Magen Ofek's service. their response team is on the money. Whenever something happens, whether I am aware of it or not, they pick up the phone, send me an email, WhatApp, etc. They ask me, "Do you know about this?" They are literally on the money.
The solution has helped prevent thousands of threats.
It fits every budget. It has a low price. I can't go ahead and sell it for any price I want. They are quite strict. They say, "This is the price that you can sell it for and this is the price for you as a reseller." That is it. It is not a lot of money. I will not become rich from it, but I like that they keep a standard for everyone. They are a fair company.
I have a small lab. Before I recommend the solution to clients, I check it out. For other companies, I always compare and do the hard work.
My organization is small. A friend from Magen Ofek showed me this solution and I trusted them. That is for my personal company.
Perception Point Advanced Email Security is simple to integrate and cloud-based. The other solutions that I checked were a bit more primitive. They were on-prem and you needed servers, overhead, etc. Since Advanced Email Security is a cloud service, you don't need servers for it.
With Perception Point Advanced Email Security, you don't need to mess with any settings, rules, etc. It was fast to deploy. There was no need to mess around with settings, where if you're not familiar with them, then you need to scratch your head.
It offers simplicity. You don't need to provide servers and waste money on infrastructure. You don't need to waste money on specialists. You can do it if you just follow the instructions. It does a good job for the amount of money that you need to spend.
There are never any false positives. I have not heard any complaints.
We are not an IT service company. I don't provide IT services. I provide cybersecurity consultation and assistance. Sometimes, I am a little bit hands-on. I don't provide IT services, so I don't care about false positives and things like that. I integrate systems, security, and assets, then configure them. After that, I say, "Here is our report. This is what we caught. I don't know what you had previously, but this is what we caught. You are safe."
I would rate this solution as nine out of 10.
We have a hybrid Exchange environment with an on-premises email server and also Office 365. We have multiple domains and the challenge was related to the email filter. We were doing a lot of things manually and we wanted a simpler system.
As of now, we are only using this product for email. However, in the future, we may implement some of the other modules such as SharePoint, Dropbox, or other services.
Perception Point has improved the way our organization functions in many cases. For example, there are a lot of malicious files coming into the company and the previous solution that we had was not filtering them in an effective manner. When we switched to Perception Point, it became quite handy and it started detecting most of them. I would estimate that nine out of ten were being found and then blocked.
The only challenge we were facing was a small number of false positives, which was okay because we were able to handle them properly. In terms of reduction, implementing Perception Point has resulted in a 50% to 60% drop in the number of false positives that we were experiencing.
In my experience, the detection capabilities have been good. I would rate the performance an eight out of ten because it is much better than some other products I have researched. I have seen examples of it detecting malware.
The vendor's incident response team acts as an extension to our own SOC team. This is important because we need to know exactly what is happening so that we can report it to the top management, accordingly.
Perception Point's incident response team has aptly handled the incidents that we have had. So far, we have only had a few, so our challenges have not been great.
With respect to engine optimization, I see a lot of features being upgraded every month. The engine seems to be getting more robust. I can see the differences in this AI-based technology.
I would estimate that each day, Perception Point saves our own SOC team between one and two hours. We were spending a lot of time on security and since implementing this product, we have been able to reallocate time and put it toward other tasks.
I estimate that overall, the number of alerts that we receive at our endpoint layer has been reduced by between 40% and 50% since transitioning from our previous product. Time-wise, this saves us between an hour and two hours a day.
In terms of how long it took to begin showing value, from the perspective of a customer, I think that it took about three days before we started to notice the difference. It required no tuning or customization and it was very clear in the console. The dashboard showed everything that it was doing, making the system very transparent.
The most valuable feature is the hardware-assisted platform module. The HAP is hardware-based and does not exist in many products. It is a unique CPU technology that can detect ransomware attacks.
The notification system is helpful. We received two notifications a day, which include the false positives.
Email alerts should be available in real-time. Alternatively, emails should be sent more often. It would be better to get between six and eight emails per day to help us understand what is happening.
At this time, we don't have an option to customize alert emails for our customers. They come directly from the vendor and we have no control over them.
The reports should be more customizable.
We have been using Perception Point Advanced Email Security for less than a year.
It's a robust product and we don't have to manually intervene when it comes to filtering when we use the engine. In production, it seems to be stable and we haven't faced any downtime.
Perception Point is used throughout the organization and we have 250 devices that are protected.
Scalability-wise, we haven't explored or tested it. I think the product can be scaled in terms of adding more features. More than its security, they can add more features, like email archiving, but I'm not concerned about it.
Whether we increase our usage depends on the business. If we continue to grow then we will continue using this product and we will increase the number of users. I think that it's quite capable of scaling with us.
When we need to create reports for management, we sometimes send queries to the support team. They are very responsive and normally, they answer the same day, within a couple of hours.
In total, I have spoken with them approximately 10 times and the experience was always good. I believe that the nearest support center is in Israel, and we're approximately two hours apart, yet the response was still quick and on time. They have always been able to resolve our issues.
We had challenges with malware when we were using another on-premises product. The product was MailMarshal, by Trustwave. The first reason that we decided to switch was that it was purely a signature-based system. The second reason was the support. Simply, they did not provide the support that we needed.
We had done some brainstorming before the project, and we could see that the setup process was transparent. As such, it was straightforward and even though there was some complexity, we could see exactly what they were going to do. All things considered, it was not overly complex.
The implementation strategy did not deviate from our IT policy and it was good. They were not using the MX pointing but rather, it was another kind of shared organization policy that is hidden from the attackers. The fact that the attackers cannot directly see what we are using, and it is similar to a shadow, is one of the features that we liked.
We are a 24/7 organization so for us, the main challenge was minimizing downtime. Downtime is crucial for us and we were able to complete everything in less than six hours.
From our side, there was one IT manager and two network administrators involved in the deployment. The two network administrators continue to work with this product but in a maintenance capacity.
We have absolutely seen a return on our investment. Cost savings and technology-wise, the HAP module is the feature that gives us the biggest ROI. It is implemented in hardware and not available in a lot of systems. It is incorporated directly into our data center for multilayer protection.
The price of this solution was within our budget and I think that it will suit most SMBs. There are no additional costs beyond the standard licensing fees.
We evaluated Mimecast at the same time that we were looking at Perception Point. It is a top runner in this space and they have more services, such as mail archiving. Ultimately, we found that Perception Point is a better product. It delivers approximately the same value for what we needed, but for less cost, and pricing was one of the other constraints.
We did not implement a PoC with Mimecast, so I can't make any technical or performance comparisons based on actual usage.
The biggest lesson that I have learned from using this product is that when you use smart products in a smart way, it can save you a lot of time with respect to productivity. This in turn allows us to look at how that time can be used for other major tasks.
My advice for anybody who is thinking about implementing this product is to start with a PoC. The vendor offers a 14-day PoC, which will give you a clear idea as to exactly what is happening. From there, you can choose to proceed with it or not.
I would rate this solution a seven out of ten.
Email protection from:
We work mostly with Slack for incident management with their Incident Response team. Everything is recorded, maintained, and operated in Slack. This is easier for every team, making it easier for us to stick with this solution. They are online. We show evidence. In general, we have good communication.
Email is still the first victim, e.g., it is number one for hackers to use. This is why you want to have the best protection against those attempts. The mechanism Perception Point Advanced Email Security has against malicious, phishing attempts and all these hackers' attempts via email was the main reason to use this solution. It protects the company from all the email attempts that can put the company at risk.
They can do better on the spam. Today, Perception Point is not our only solution. We have two solutions, and they are the second in line because the spam filtering is not yet the best.
From an operational perspective, as a customer, we want to have the ability to do all the changes that we want. I don't want to have to approach the Perception Point guys, and say, "Please do: A, B, C, D." I prefer to have my guys do our customizations.
I started to use Perception Point Advanced Email Security even before my current position. So, I would have been using it for about four years.
In the four years that I worked with them, we have had maybe two downtimes. Obviously, that is a good percentage of uptime. I haven't had any big issues with them. So, the stability is very good.
Two security engineers manage the solution out of the SOC.
We started small, then we expanded. Because it is a cloud-based solution, it is very easy to scale.
From a user perspective, there are around 7,000 mailboxes with almost 300,000 emails a day. The solution is fully deployed (100 percent).
We have used the technical support. Usually we use them when we have a false positive or false negative. It depends. We are using Slack, so they answer right away. They check and investigate it, so the technical support is quite good.
The vendor commits to the solution’s effectiveness when it comes to detection, but this is around an accuracy and detection rate of 99.5 percent. They sometimes miss and we find them. Obviously, we report them back, then they try to fix and solve them for the next time, which is a good thing.
It is very important that the vendor’s Incident Response team work in the background and proactively help. They are also providing 24/7 support, so if something is happening while it is night, holidays, or weekends, then it is important that they will be proactive if they find something suspicious or something that requires actions. Therefore, we need them to be responsible. Some of this stuff, we can manage on our own, but there is stuff that they need to do on the back-end.
I see from time to time that Perception Point is being proactive. They approach us, and say, "Can you check this, and this?" So, it does seem that they are an extension of my incident response.
Once we report any stuff that we found, and for some reason haven't detected, they do everything very fast. It is almost real-time, and they are closing this gap. If they found something that they missed, or we told them, then they acted quickly.
We had an email protection system that wasn't as good before. Now, our block percentage is much higher. So, we have fewer incidents happening in the company. Obviously, this shows in the ROI. I don't need my guys to start dealing with all these incidents. Perception Point Advanced Email Security also provides a very good investigation report of what it was trying to do. Then, we take it and leverage it, using it to improve our detection in our protection systems. Therefore, we have increased the effectiveness of our detection against malicious attacks, plus our SOC team is not spending as much time dealing with them.
We added Perception Point Advanced Email Security. We still have Fortinet FortiMail because of the anti-spam. Fortinet is the first in line to block the spam, but they are second in line when blocking all the malicious stuff.
The initial setup was very straightforward. We did it in two phases, mostly.
The phase one: Right away, we did all the malicious attachments. Obviously, we did it first in detection mode. After we saw there were not too many false positives, we changed it to block mode quite fast. It took one to two weeks, then we just changed it to block mode.
The second phase was phishing URLs, which was a little more complicated than attachments. It was for detection only on URLs. We whitelisted all the legit URLs that had false positives. Once we finished with whitelisting, we enabled it on block mode. From that moment, it was quite straightforward. There were no issues.
We can go into full production (fully live) with this solution in one month.
Sometimes, we have a URL that goes into a whitelist, but it happens once a month or something. It is a very low number.
After deploying the solution, you can see all the blocking right away.
One security engineer deployed it out of the SOC.
For specific incidents coming via email, we have reduced our SOC team time dealing with problems by 99 percent.
Perception Point Advanced Email Security has helped us reduce our false positive rate. We currently have a 99 percent success rate with one percent false positives.
The solution has helped to reduce the number of alerts received by our endpoint layer. We have around 99.5 percent accuracy. This has affected our security operations a lot. The ROI has been very good. My guys have spent less time on investigating incidents from the endpoint, because it was already blocked on the Perception Point level.
They are not the most expensive vendor. There are much more expensive vendors. They are not cheap, but they are not the most expensive. They are somewhere in the middle.
The pricing is for the number of emails. There are additional costs for the number of files and scans.
I did evaluate two other solutions, Mimecast and Bitdam. Eventually, it was a combination of cost, integration, and support. I did want something that would work very fast and adjust to my needs. Also, the cost was important. We wanted something priced in the middle, not too expensive nor cheap.
Perception Point Advanced Email Security had a very good detection rate score. Obviously, that was one of the reasons we chose them eventually. It was not only because they are nice, but because the solution was top-ranked.
If you are looking for a one stop solution that will deal with all your email security, then they are probably not the perfect one because you will still need to add more tools. If you are looking to be the best in security and stop all security threats coming through via email, add this solution to your current environment and trust that they have 99.9 success rates when blocking any malicious stuff. Depending on the company, you can either add them to your portfolio or replace other solutions that are not as good as them.
You need to remember to whitelist your internal services so they will not get blocked. For example, sometimes there are internal services that the company uses. Because they are internal, and not coming from the outside, most security tools will detect them as suspicious.
I would rate this solution as a nine out of 10.
We route all of our inbound emails through Perception Point to have it scan for malicious files, malicious URLs, spam—all the attack vectors that can be used via email.
We're also using it as a sandbox, which is a new feature we started to use in the last two quarters. We use their API to send files and URLs for investigation to the Perception Point sandbox. Based on the verdict, we take action. If it's clean we keep it in the system, and if it's malicious we delete it from our system.
Perception Point has helped to reduce our false positive rate by a very good percentage, on the order of 80 percent. It has also absolutely helped to reduce the number of alerts received, by something like 95 percent. As a result, we have to manage fewer incidents due to emails containing malicious files. If the EDR is detecting it, you need to investigate it and, in some cases, to isolate the device and reimage the device. In terms of our operations, it has reduced the workload by a lot.
Almost everything is a valuable feature. Among the most important are the sandboxing and the levels of pattern and sophisticated techniques they are able to detect. As far as I know, and I've worked with another product before, Microsoft Defender for Office 365, other products are not able to detect those kinds of malicious files or URLs. Perception Point is our second layer, and it always catches them.
Another feature that we really like, one that was introduced a few months back, is the way it categorizes threats into groups, such as Emotet, Qbot, Formbook, and the like. It's not only telling you that something is malware, but it's also giving you insight into what kind of malware, which category tried to exploit you. For a security team, this kind of information is very critical because it's a type of intelligence. You understand what you are facing and whether you are a target for a specific group of threats, and you can defend better against them.
And something that has really improved in the last few months is the Incident Response team, which comes as part of the service. The SLA is really amazing. This was the biggest advantage. When you are working with MDO or Proofpoint, for example, you will never speak to a human. You can open a case and they will reply, but we have a Slack channel with Perception Point. We can reach out to them and they answer immediately, meaning within five and 30 minutes. For us, that's like real-time when working with a vendor.
The main goal of the Incident Response team is responding to incidents, of course. But the way we use them is that when we identify a false positive, we ask them, "Hey guys, can you check why we got this false positive?" They do a great job checking and fine-tuning as a result, so that the next time it will pass through. The same goes for a true positive. What is unique about the product is that, in the end, it's not only a machine, rather there is also human interaction. A human will sometimes go over the tagging and decide that the system gave the wrong verdict. This is how they make sure that the system gets better and better all the time. In the backend, they have machine learning. But to optimize the model, somebody has to fine-tune it all the time. You cannot expect that the first model will be bulletproof, and that is the way they are doing it. That is why they are so good in this domain.
We have some unique use cases that we're working on with them, like integrating their solution with Zendesk and with Shodan.
In terms of architecture, and I know that they're going to improve this, the solution needs to be much more redundant. There was an outage a month ago in AWS, and that basically stopped the service for two or three hours. Although in two years, this was the first time that something like that happened, our expectation from a company like Perception Point is that it should work with either a multi-cloud or multi-region architecture, to improve the resilience. Perception Point can find a better way to maintain availability. In this case, the AWS problem was in North America, so if Perception Point had had a region in Europe, they probably would have been able to recover much more quickly, just flip it, and that would have been it.
I've been using Perception Point Advanced Email Security for two years.
Everything has worked as expected. It's working 99.999 percent of the time.
We get 50,000 to 100,000 emails per day and we haven't faced any scalability issues. I can't say there was a delay in emails because of this volume.
We aren't using the solution’s expanded product portfolio to protect more than just email, at this stage, but we are looking into it for the coming year.
We are also working with them with requirements from our end and we are really looking forward to a native integration with Zendesk. We believe that both companies, Zendesk and Perception Point, can benefit from that, and not just our company. Once Perception Point has an integration with Zendesk, it will impact many customers around the world in a positive way.
We haven't needed to use customer support so far.
We used FortiMail before, but it's not a next-generation email gateway.
Our initial deployment of Perception Point had some complexity, because when I started with my current company, we had on-prem Exchange and FortiMail. That made it a bit challenging. It was less an issue with Perception Point and more because of our architecture.
Once we moved to Office 365, it took two minutes. For an Office 365 customer, it's a very easy deployment.
The pricing is not cheap, but I can see the value. In security, if you are trying to save by giving up quality, that's a very bad decision. If there is high quality and it demands a high cost, you need to pay. Don't compromise on quality. If Perception Point is 99 percent accurate, and Proofpoint is 97 percent accurate but costs 20 percent less, I'll pay the extra 20 percent and sleep well at night.
We were thinking about Proofpoint. The big advantage of Perception Point is the Incident Response service. There is no product in the market that provides that kind of service. Also, although they were small when we started with them two years ago, we believed in the company and its vision. And it has proven itself. We have seen the outcome. Microsoft is 100 or 1,000 times bigger than Perception Point, but Microsoft misses so many threats that Perception Point catches. When it comes to advanced malware, there is a 20 percent difference, and that's a huge number.
If you are looking for the next generation of email gateway with an Incident Response service, select Perception Point without any second thoughts.
A few months back, I would definitely have said that the Incident Response service needed improvement, in terms of their responses and SLA, but because they really took the required action, I can't think of anything else that they should improve. I am really happy with what I have. If they maintain it, I will be a very happy customer.
It's our mail relay system. We are using it to filter all our incoming emails. It's also a security platform for our SharePoint and OneDrive.
The main benefit to our company is the reduction of risks with the potential to evolve into more complex security events. The solution stops those risks before they get to the end-user. We saw, when using other solutions in the past, that some of the emails that are blocked today were passing through. The overall effectiveness of this security solution is much better.
Also, our SOC team is quite minimal, so it's very helpful for us to have an external team that assists us with handling incidents. We don't have the time or the resources to handle all of them. We are currently evolving our teams and their SOC team is more effective when reviewing things. It saves us time because we don't have to do anything within the system. We can just reach out to their IR team and they will investigate and take the relevant action. It reduces some of our load.
Their portal is very convenient, very easy to use, and very good for managing. The portal also provides a great investigation process, where we can open a ticket for each email that we think should get a second opinion. Their Incidence Response team will respond.
The solution can pull emails that have already been marked as malicious from the mailboxes. Their security engines are very effective at stopping malware and potential attacks before they reach a user's mailbox. They have the best detection engine.
When it comes to the scale of scanning, the solution looks at each email, the body and each attachment, to try to detect potential malicious links or macros. It scans everything. We feel very comfortable with that. It will not miss any email. Other companies' security engines sometimes decide on their own what should be fully scanned and what should not. With Perception Point, this is not the case. Everything is fully scanned.
They could improve their anti-spam engine a little bit, because there are a lot of false positives. Sometimes, emails pass through their system but are spam. In terms of security and engines for malicious emails and antivirus, they're doing a good job. Their other engines can be improved.
This is something we discussed with them before we purchased the solution. We discussed their roadmap with their product team. The spam engine is something that they're working on. We know that their spam engine is going to improve in the very near future.
We also spoke with them about a change to the GUI so that we can release more than one email at a time. Also, if we want to open investigations into a few emails, we need to go into each email to open the investigation. When we have done onboarding within our company, there have been times when we had a lot of email that we needed to whitelist. It took a lot of time to go into each email and open a ticket. It would help if they added a feature where we could add similar emails, or more than one, to a ticket for the IR team.
We have been using Perception Point Advanced Email Security for almost three months.
So far, we have not had any problems. We know that before we went with the system there was some downtime, but we haven't had any issues.
We are not aware of any issues with scalability.
We are protecting about 3,000 mailboxes, and growing. Part of our plan is to increase our usage of Perception Point. We have additional companies that we are working on migrating and we plan to move their email traffic under this umbrella as well.
They provide good support. If we have a problem, we create a ticket in the Perception Point system. And if there is something that we don't think can be handled through the portal, we can call or email or WhatsApp our customer success manager and everything works. He replies very quickly.
We switched from Symantec Mail Security. The reason we moved forward with Perception Point was the security portfolio. We were impressed with how very effective it is.
The initial setup was straightforward and easy. It didn't take a lot of time. If you want to add some domains, the whole process takes a maximum of one hour. We worked with their customer success manager and he was very responsive to us and available most of the time. We have a large company with a lot of mailboxes and in the first few days of the integration we were in direct contact with him by WhatsApp, by emails, or by phone. The integration process went very smoothly.
We were able to move from Symantec to this solution in one week, and the time to value was from the moment we started to use Perception Point.
You don't measure security products on return on investment.
The licensing mechanism is fine. It's quite standard. The pricing was fair in comparison with the other solutions. We have received good value for what we paid.
We tried to use IronPort and Microsoft. We selected Perception Point because we liked their engine for detecting malicious emails. We also liked the GUI and the easy setup. Besides the effective security, which was a major part of our decision, we also thought that the total cost of ownership of the product would be better for us, as we are a very small team. Another factor was that it included SharePoint protection and that was an extra feature not available in other solutions that were just anti-spam systems.
It's hard to compare the detection rate among these solutions because all of them are doing a good job.
The best part of Perception Point was that the system is already configured for best practices. It does the job as well as it can be done. When we tried other solutions, they had to be configured down to the smallest details. And if there are any changes in the environment, we would always have to be ready to change the system configuration. Again, because we're a small team, we felt that it would be better for us to go with a system that is configured optimally.
Consider Perception Point. It is a very young company and it's evolving, so you need to be aware of that.
Some companies use it as a second tier of protection, not as the first tier like we do, because they have an additional product that does the initial filtering.
Check the solutions you are looking at against any additional needs you have because not all platforms provide the interfaces that might be required for some organizations.
If you go with Perception Point, you need to work with them to make sure you fine-tune your policies with their IR team, especially if you have an evolved SOC team. You need to make sure you coordinate efforts and that policies and decisions are made according to what your company requires.
We're not yet clients of Perception Point. We have been running a PoC on their email security product for about two months. My managers are still going through some steps to see if we will finalize something with them.
The main component of their product is email security and their solution has been proven to be quite good at catching the bad guys.
The solution has pretty good detection. It has some particular areas that are—if "unique" is not the right word—strong points for them.
Coming from products in the Microsoft stack, Perception Point doesn't really give you, as an admin, a lot of options to make changes yourself. It's more on their side to make changes in the back end. That's something they could improve on in the future.
Also, the search functionality is kind of tricky or buggy. When you enter some text to search, you have to scroll down to find the search button. It's a bit more friendly on the Microsoft side, or maybe I'm just more used to Microsoft. But if you copy a piece of text, like the subject of an email, and you paste it in the Perception Point search, you cannot modify it. You have to modify it before you paste it. That's just the way their text input field works. They need to pay some attention to the search functionality.
Also, you cannot really see graphs of evolution over time. You can choose various timeframes like one day, one week, one month, or a custom timeframe, but you cannot really see any evolution or compare graphs. You can't really see what the spikes were in one month. Perception Point does have a very graphical layer and they tell you, "We stopped this many emails with this layer, and we stopped this many emails at this other layer," which is very nice, but I would love to see a graph showing evolution and spikes.
We didn't have issues where the service wasn't available. That was okay.
The only little issues that we had were on the identity side, where we would invite a person to join the sandbox that they created for us, we would give them a role, but at some point they would lose access, and we would have to do some steps again. I'm not sure why that happened. But we didn't have service interruptions or anything like that.
We ran the PoC in a way that almost all emails that had to go to Perception Point did. It handled that volume pretty well and I didn't see any kind of issues. And I don't expect to see any issues if we were to scale it even more with a bigger volume of emails. We onboarded close to 5,000 email accounts into Perception Point.
Because Perception Point is not such a big company right now, I found that they are very responsive. The account team, the team that we did the PoC with, was very friendly. They answered all of our queries and they were always there. Even if we didn't directly communicate with the IR team, the person that we were in touch with, who had connections with the IR team, was always available. He was always giving us a heads up telling us, "We caught this campaign," or asking us if we needed anything. They were very friendly, responsive, and professional.
We didn't communicate with the support team. The account team took care of anything we needed. But they were excellent.
The way we set up the PoC, just required us to set up a tiny transport rule and that was it. I'm not sure, when you put it into production as your main solution, what that process would be like. For us, having it as a second solution, on top of Defender, it was very straightforward.
We didn't let Perception Point actually stop anything in the PoC. The stopping task was still left to our main production system which is Defender. Our approach in the PoC was that we wanted to see what they would detect beyond our current solution. If I had let Perception Point stop anything, it would have stopped some pretty important campaigns in terms of malware, credential harvesting, and the like. But right now, it's just in detection mode.
During the PoC we didn't really use or talk to the Perception Point Incident Response team. We had two contact points on their side, and one of them was working closely with their IR team, but my colleagues and I didn't interact with their IR team. I know that behind the scenes the IR team was active, at some points blocking things or analyzing things.
I was the primary person who set up and tested Perception Point, in my role as senior security engineer. And one of my colleagues, who is handling email in his role as a cloud operations engineer, was involved. We also had our manager who is our director of IT, and another colleague who is a security analyst involved.
Our main email security solution is Microsoft Defender for Office 365. During the Perception Point PoC, we put the two products alongside one another, and we did see better results for some malware campaigns with Perception Point. There were some campaigns in which Defender for Office didn't catch things and Perception Point did.
We didn't really look for false positives. We were looking more to see if Perception Point could complement our detection stack. There were some things, legitimate domains that we were using, that Microsoft blocked and Perception Point didn't. If Perception Point had been our primary product, it probably wouldn't have blocked them. But in a similar way, Perception Point also blocked some stuff that was not actually malicious.
Perception Point has a very good engine for image recognition, like logos, and it was able to stop some phishing. Anyone could see they were phishing attempts, but somehow, Defender for Office 365 sometimes didn't catch them. Perception Point did, every time.
Perception Point is a good solution. It's definitely worth testing. Every customer's environment is different, and not all companies are targeted in the same way, either because they are in different industries or they have a different number of employees. But phishing is definitely a very important attack vector, and Perception Point's product is very good. It's worth giving it a try, to at least run a PoC to see how it works.
The PoC was a very good experience and, at this point, I'm just waiting for my managers to make a decision about the product.