Buyer's Guide
Email Security
November 2022
Get our free report covering Microsoft, Palo Alto Networks, Microsoft, and other competitors of Proofpoint Email Protection. Updated: November 2022.
655,711 professionals have used our research since 2012.

Read reviews of Proofpoint Email Protection alternatives and competitors

Enrique Diaz Jolly - PeerSpot reviewer
Owner at Jolly Security Inc
Real User
Top 5
You can know exactly and accurately where an email came from and for which specific device
Pros and Cons
  • "It has an intuitive, clear graphical interface where you can deploy your policies and understand the overall flow. There are a lot of things that you cannot handle on the graphic interface, like message filters. For this, you need to go to a lower level where you have more power, like command line interface. So, this solution has the best of both worlds. There are not a lot of bells and whistles. It is more practical with access to most features that you can configure."
  • "The Forged Email Detection feature needs improvement, particularly with domain. The sensors are not that good and the rules sets are unclear."

What is our primary use case?

It is like a gateway for email. They receive all your email traffic. They send over your email traffic, and it is the first incoming point and the last outgoing point. They deliver the traffic to the destination. Whatever it is, you want to be informed of what is happening. Depending on the site's deployment, if you have a single device, then you have all the information on the device. And if you have several devices, you have all the information on every single device for each device. However, for consolidation, you need another device called Security Management Appliance (SMA).

It has no real interaction with other stuff. It does not interact with a gateway beyond the networking level. You have a router and that router provides IP addresses for a switch, etc. You don't have to integrate Cisco Secure Email with something specific since it is standalone and only requires basic essential networking. You can integrate it with a firewall, like ASA, but that firewall has to allow traffic. To do that, you would open port 25.

It is available to be deployed as on-premises, on the cloud, and hybrid cloud.

How has it helped my organization?

The solution is valuable if you are looking for a security email gateway that provides you with the most services possible. It has anything that you may be looking for in an email deployment, except for the endpoint which should be supported by something else, like Exchange. It doesn't have mailboxes because it is a gateway.

There are some methods to authenticate email, i.e., putting a stamp or seal of trust on an email, where one method is DKIM and another is SPF.

  • For SPF in the DNS, where you have records that list the different devices or IP addresses that can send email from a specific domain, a security device can consult that DNS and check if the mail coming from that domain is coming from an authorized source.
  • DKIM is a cryptographic signature of an email. It is usually what you announce is the public key of that system's PKI and verify the signature in the headers. You have a checksum of all the contents so it is possible to define or identify whether the message has been tampered with in route.

They are mutually exclusive in a way, so DMARC consolidates both. It provides alignment with the IP address, domain name, etc., and has to match at least one, being properly aligned. It has become something very important for compliance.

When you are receiving, you use all this information to decide whether an email is legitimate. Or, if you also need to deploy your DKIM, DMARC, and SPF infrastructure, that lets the rest of the world know where you are sending email from and how you are authenticating your email.

It can honor all SPF, DKIM, and DMARC rule sets and apply rules based on the results of these tests as well as sign the DKIM. Therefore, your email can comply with whatever you are announcing on your DNS for the rest of the world to know that you know about the signed domains. It has perfect, robust integration on that. 

What is most valuable?

The most valuable feature is reputation filtering. In the beginning, it was based on just the IP source. but it has now evolved to domain reputation. It allows you to classify different IP sources and different sender groups, where you can reject to throttle to whitelist from any IP sources, domains, etc. Based on the reputation gathering, the reputation is powered by Talos security. It is a super powerful feature. That alone gets rid of more than 50% of the crap from the traffic flow, before even hitting the anti-spam or antivirus.

If you have some knowledge about email, it is a pretty simple solution that has many controls on different levels, from the gateway part to accepting messages from certain sources to stringent filtering. It is state of the art with anti-spam, antivirus, and different threat prevention features. 

SecureX is powered by Talos, Sourcefire, etc. Today, it is the largest, richest threat intelligence on the market. SecureX is quite standalone in regards to integration since you put it into the network, whether it is on your own cloud or a third-party cloud.

If you go to the filtering level, you can have very accurate features or filters since it is programmatic. At a certain point, you can define sets of rules, such as where the email is coming from, whether it has this content, or to apply this policy. For example, if it has the same considerations, but the content is different, apply this another policy. It is super flexible and very customizable to your needs. It is not difficult to use.

It provides information, reporting, logging, and tracking. It has powerful tracking, so you can know exactly and accurately where an email came from, for which specific device, etc. It shows the emails which were:

  • Dropped
  • Rejected
  • Quarantined
  • Accepted by which policies.

It also shows the rule sets applied for that email and considers

  • The source
  • The Offender
  • Anything else that you may consider in an email.

It has an intuitive, clear graphical interface where you can deploy your policies and understand the overall flow. There are a lot of things that you cannot handle on the graphic interface, like message filters. For this, you need to go to a lower level where you have more power, like command line interface. So, this solution has the best of both worlds. There are not a lot of bells and whistles. It is more practical with access to most features that you can configure. 

What needs improvement?

You can consolidate on SMA if you want to spam or threats quarantined for multiple devices. It is not advisable for a single device, because if it fails, you are left without any email.

I would like to see a few changes to the UX. 

There is space for improvement with data loss prevention, particularly with third-parties integration. Data loss prevention is quite important, though most customers have some third-party or other elements in their network doing data loss prevention, specifically for email. However, if it could be possible to integrate with other solutions, not only on the email flow, but on analysis for a connector or something like that, then that would be ideal.

The Forged Email Detection feature needs improvement, particularly with domain. The sensors are not that good and the rules sets are unclear.

For how long have I used the solution?

I have been using it since 2004.

What do I think about the stability of the solution?

It does not add anything to the potential downtime for a corporation, unless everything fails. If all your email exchanges fail, then you don't have email, but this solution does not affect the performance of your whole network. 

At the minimum, you need two devices. If you have two devices and one fails, then the other one can handle the work, though you might have some email delays.

You should keep track of what is going on. It does need some daily administration, fixes, and policy changes.

How are customer service and support?

In general, their technical support is really good. There are a few who are still learning, e.g., not providing enough help, but there is always the option to escalate.

Which solution did I use previously and why did I switch?

It was the IronPort before Cisco acquired it in 2007. It is the same appliance and software. This solution has been upgraded by several versions, but it is basically the same, they just changed the name. 

What about the implementation team?

I have done the architecture for a company in China.

What's my experience with pricing, setup cost, and licensing?

It is a super big router that costs a few hundred thousand dollars.

Which other solutions did I evaluate?

These days, the first tiers of this market have good enough anti-spam, antivirus, etc. These have become routine. There are some other not-so-good solutions, like Barracuda and Fortinet, but it depends on how much you are willing to pay as this solution is not cheap.

The best other solution is Proofpoint. They have been long-time competitors who have also been evolving. The big difference is it is more fancy because it has more bells and whistles. The solution is good as well. However, they are super expensive, not cheap.

If you want a multi-tiered deployment, you could perhaps have Secure Email on the cloud and Proofpoint on-premises. Then, you have the two best solutions in the market working together. I have customers who have done this and are satisfied. Very few solutions can compete with Secure Email and Proofpoint outside of the price. If your budget is a problem, then you have a problem.

Along with Proofpoint, this is the best solution in terms of preventing spam, malware, and ransomware.

Check Point has fancy graphics and an interface where you can do a lot. The Cisco Secure gateway has both, though not as fancy as Check Point, but a big majority of the tasks can be done on the graphical interface level.

What other advice do I have?

It is not so difficult to us, but neither is it easy, particularly if you don't have some knowledge about email.

Whatever you are looking for with an email security appliance or device, you mostly have it, though nobody is perfect.

The solution’s ability to prevent phishing and business-email compromise is fairly good. DKIM, DMARC, and SPF integration are the best way to prevent phishing, spoofing, etc. However, they still have room to work in this area.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Rick Shepard - PeerSpot reviewer
IT Manager at RCI Systems
Real User
Users can customize the emails they get and the emails they block, saving me time
Pros and Cons
  • "It gives our users the chance to interact with the program. They can decide if there are things that are junk mail that they don't want to be messing with, on an individual basis. Of course, I can always override that or control it from a company standpoint."

    What is our primary use case?

    We use it for spam filtering.

    How has it helped my organization?

    The fact that you're able to customize the program on an individual basis has been very helpful. That means I don't have to get involved with blocking certain things unless they are a common denominator among all our employees. If something keeps showing up, I'll get several requests to block it company-wide. Otherwise, the users can get in there and do their own thing and I don't have to worry about it.

    It has definitely saved employees' time by not having to sort through junk and spam emails. We've turned it off a few times because we were having some issues or we had to change our mail server and, all of a sudden, people would say, "I got 50 spam messages." SpamTitan is definitely doing its job. It is probably 20 to 25 percent more effective than our previous solution.

    SpamTitan is catching a little more than SonicWall did. It's about 10 to 15 percent more effective in that aspect. And the fact that it's a little more customizable has certainly made it a better solution.

    It has also reduced our false positive rate by that same 10 to 15 percent. Nothing is perfect. You're always going to have a few that get through or that get blocked when you don't want them blocked. You just have to watch it and teach it. The longer we've been using it, the more refined we've been able to get it.

    What is most valuable?

    It gives our users the chance to interact with the program. They can decide if there are things that are junk mail that they don't want to be messing with, on an individual basis. Of course, I can always override that or control it from a company standpoint.

    We use the geo-blocking feature to block a few countries, but for the most part, we leave most of them open. We deal with manufacturers that have office locations and factories in many countries, including Russia and China. But we'll block something like Afghanistan because we're not getting any business from Afghanistan. The geo-blocking may not have reduced our spam significantly, but it does block some.

    For how long have I used the solution?

    I've been using TitanHQ SpamTitan for just about a year.

    What do I think about the stability of the solution?

    It's extremely stable. We've never had a failure such as their servers going down or anything like that.

    What do I think about the scalability of the solution?

    It's probably very scalable for a larger company. I really only know it from our small company standpoint, but it would appear that it would work for a company of tens of thousands.

    How are customer service and support?

    We changed to a new mail server and we had some issues getting SpamTitan working on the new one, from a traffic standpoint, IP-wise. It wound up being a port that we needed to open up that wasn't open. I went back and forth a couple of times before we finally figured out what the problem was, but once it was fixed it worked fine.

    The engineer I was working with was obviously very knowledgeable and thorough, but he was probably used to dealing with IT people who deal with this stuff a lot more frequently and spend a lot more time with it than I do. Sometimes, they need to dumb it down a little bit and talk to their audience. They shouldn't assume that everyone is a subject matter expert.

    My experience with SonicWall's support was pretty similar, although I've had fewer problems to deal with using SpamTitan than I did with SonicWall.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We were having problems with spam. We were using SonicWall and they had issues with a release that they brought out last summer. It wouldn't work with our server and software combination. They tried and tried and then I got tired of waiting for them to fix it. I went hunting, came across SpamTitan, and it seemed like a good fit. We've been using it since then.

    With SpamTitan, our users have more access to their spam email than they were used to. We were limited with SonicWall. If you didn't get to your spam within three days, it was gone and you couldn't figure out what you missed. If you were on vacation, sometimes that would be a problem. SpamTitan doesn't have that problem as it can store stuff for a longer period of time. I believe it holds emails for 30 days. I can change that as an administrator, but I also have to be aware of the amount of junk mail that people get. Spam can really fill up a server pretty quickly, so you don't want to keep it around too long.

    A frequent problem with SonicWall, because of that three-day limit, was that once a user had passed that, I had to get involved. If a customer wrote to one of our employees saying, "Hey, did you get my email?" I'd have to go find it. I don't have that same problem anymore. It has been greatly reduced.

    In terms of the amount of time required to sort through unwanted junk and spam emails, SonicWall and SpamTitan are similar. You still have to go through your email and see which ones are junk. SpamTitan might be a little quicker because of how often it reports back.

    SpamTitan is also an improvement over the SonicWall solution from a filtering standpoint. It is a win-win. In some ways, it was nice SonicWall did fail because we have a better solution now.

    How was the initial setup?

    We had to disable the SonicWall version, which wasn't hard to do. Then we had to insert SpamTitan into the picture. It took a little bit of time, but not that much. It isn't something I do every day. I'm not an IT guy who deals with that on a regular basis.

    It was pretty much straightforward, with a couple of minor issues. We couldn't get it to work and it turns out we had some bad IP numbers. They had given us an older version from the demo and they said, "Oh, we should have given you new ones when you bought the product." That was a minor glitch. Their support was good over the phone and they got me pointed in the right direction and it's been working since.

    We discussed hosting SpamTitan in-house, because we had SonicWall in-house, but in this case the cloud solution seemed to be a better fit for us.

    It requires very little maintenance. In the early stages it was more because we were refining the program and what it was filtering and not filtering. Now, there are probably weeks that I don't even look at it. There are times when I'll get a comment from one of our users who says, "Hey, can you do this?" or "I'm having a problem," and I might look at it then. But if I spend 15 minutes on it in a week, that's a lot of time, at this point.

    What was our ROI?

    We do see a return on our investment. It's not a lot of money, but we do get some return because people aren't wasting their time with junk mail and I'm not wasting my time trying to filter out more things because users are able to do that on their own.

    What's my experience with pricing, setup cost, and licensing?

    One user is the same price as 50 users and there isn't a discount until you get to about 500 users. From a small business point of view—we're 30 people—there should be a price break before you have 500 people. Small businesses don't have a lot of money.

    Which other solutions did I evaluate?

    I looked around on the internet. There wasn't a particular solution I was looking at. I read a review about SpamTitan and that's the one I remembered. I liked what I read, it seemed pretty straightforward, and that's what we went with.

    I looked at Proofpoint and a few other things, but a lot of them are designed for companies that are very large or at least medium sized. We're a small company and I wasn't going to spend tens of thousands of dollars. We don't have that in our budget for spam filtering, and SpamTitan was a lot more affordable.

    What other advice do I have?

    We really haven't been looking at anything else, because we've been happy with the product. I like it and we're up for renewal and we will be renewing it. You're not going to renew it if you don't like it.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    Flag as inappropriate
    Head Of Security Operation And Response at a hospitality company with 1,001-5,000 employees
    Real User
    Incident Response team answers immediately and fine-tunes system to continually improve detection
    Pros and Cons
    • "Another feature that we really like, one that was introduced a few months back, is the way it categorizes threats into groups, such as Emotet, Qbot, Formbook, and the like. It's not only telling you that something is malware, but it's also giving you insight into what kind of malware... You understand what you are facing and whether you are a target for a specific group of threats..."
    • "In terms of architecture, and I know that they're going to improve this, the solution needs to be much more redundant. There was an outage a month ago in AWS, and that basically stopped the service for two or three hours. Although in two years, this was the first time that something like that happened, our expectation from a company like Perception Point is that it should work with either a multi-cloud or multi-region architecture, to improve the resilience."

    What is our primary use case?

    We route all of our inbound emails through Perception Point to have it scan for malicious files, malicious URLs, spam—all the attack vectors that can be used via email. 

    We're also using it as a sandbox, which is a new feature we started to use in the last two quarters. We use their API to send files and URLs for investigation to the Perception Point sandbox. Based on the verdict, we take action. If it's clean we keep it in the system, and if it's malicious we delete it from our system.

    How has it helped my organization?

    Perception Point has helped to reduce our false positive rate by a very good percentage, on the order of 80 percent. It has also absolutely helped to reduce the number of alerts received, by something like 95 percent. As a result, we have to manage fewer incidents due to emails containing malicious files. If the EDR is detecting it, you need to investigate it and, in some cases, to isolate the device and reimage the device. In terms of our operations, it has reduced the workload by a lot.

    What is most valuable?

    Almost everything is a valuable feature. Among the most important are the sandboxing and the levels of pattern and sophisticated techniques they are able to detect. As far as I know, and I've worked with another product before, Microsoft Defender for Office 365, other products are not able to detect those kinds of malicious files or URLs. Perception Point is our second layer, and it always catches them. 

    Another feature that we really like, one that was introduced a few months back, is the way it categorizes threats into groups, such as Emotet, Qbot, Formbook, and the like. It's not only telling you that something is malware, but it's also giving you insight into what kind of malware, which category tried to exploit you. For a security team, this kind of information is very critical because it's a type of intelligence. You understand what you are facing and whether you are a target for a specific group of threats, and you can defend better against them.

    And something that has really improved in the last few months is the Incident Response team, which comes as part of the service. The SLA is really amazing. This was the biggest advantage. When you are working with MDO or Proofpoint, for example, you will never speak to a human. You can open a case and they will reply, but we have a Slack channel with Perception Point. We can reach out to them and they answer immediately, meaning within five and 30 minutes. For us, that's like real-time when working with a vendor.

    The main goal of the Incident Response team is responding to incidents, of course. But the way we use them is that when we identify a false positive, we ask them, "Hey guys, can you check why we got this false positive?" They do a great job checking and fine-tuning as a result, so that the next time it will pass through. The same goes for a true positive. What is unique about the product is that, in the end, it's not only a machine, rather there is also human interaction. A human will sometimes go over the tagging and decide that the system gave the wrong verdict. This is how they make sure that the system gets better and better all the time. In the backend, they have machine learning. But to optimize the model, somebody has to fine-tune it all the time. You cannot expect that the first model will be bulletproof, and that is the way they are doing it. That is why they are so good in this domain.

    What needs improvement?

    We have some unique use cases that we're working on with them, like integrating their solution with Zendesk and with Shodan.

    In terms of architecture, and I know that they're going to improve this, the solution needs to be much more redundant. There was an outage a month ago in AWS, and that basically stopped the service for two or three hours. Although in two years, this was the first time that something like that happened, our expectation from a company like Perception Point is that it should work with either a multi-cloud or multi-region architecture, to improve the resilience. Perception Point can find a better way to maintain availability. In this case, the AWS problem was in North America, so if Perception Point had had a region in Europe, they probably would have been able to recover much more quickly, just flip it, and that would have been it.

    For how long have I used the solution?

    I've been using Perception Point Advanced Email Security for two years.

    What do I think about the stability of the solution?

    Everything has worked as expected. It's working 99.999 percent of the time.

    What do I think about the scalability of the solution?

    We get 50,000 to 100,000 emails per day and we haven't faced any scalability issues. I can't say there was a delay in emails because of this volume.

    We aren't using the solution’s expanded product portfolio to protect more than just email, at this stage, but we are looking into it for the coming year.

    We are also working with them with requirements from our end and we are really looking forward to a native integration with Zendesk. We believe that both companies, Zendesk and Perception Point, can benefit from that, and not just our company. Once Perception Point has an integration with Zendesk, it will impact many customers around the world in a positive way.

    How are customer service and support?

    We haven't needed to use customer support so far.

    Which solution did I use previously and why did I switch?

    We used FortiMail before, but it's not a next-generation email gateway.

    How was the initial setup?

    Our initial deployment of Perception Point had some complexity, because when I started with my current company, we had on-prem Exchange and FortiMail. That made it a bit challenging. It was less an issue with Perception Point and more because of our architecture.

    Once we moved to Office 365, it took two minutes. For an Office 365 customer, it's a very easy deployment.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is not cheap, but I can see the value. In security, if you are trying to save by giving up quality, that's a very bad decision. If there is high quality and it demands a high cost, you need to pay. Don't compromise on quality. If Perception Point is 99 percent accurate, and Proofpoint is 97 percent accurate but costs 20 percent less, I'll pay the extra 20 percent and sleep well at night.

    Which other solutions did I evaluate?

    We were thinking about Proofpoint. The big advantage of Perception Point is the Incident Response service. There is no product in the market that provides that kind of service. Also, although they were small when we started with them two years ago, we believed in the company and its vision. And it has proven itself. We have seen the outcome. Microsoft is 100 or 1,000 times bigger than Perception Point, but Microsoft misses so many threats that Perception Point catches. When it comes to advanced malware, there is a 20 percent difference, and that's a huge number.

    What other advice do I have?

    If you are looking for the next generation of email gateway with an Incident Response service, select Perception Point without any second thoughts.

    A few months back, I would definitely have said that the Incident Response service needed improvement, in terms of their responses and SLA, but because they really took the required action, I can't think of anything else that they should improve. I am really happy with what I have. If they maintain it, I will be a very happy customer.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    General Manager -Mfg at a consumer goods company with 5,001-10,000 employees
    Real User
    Top 20
    Easily configurable solution suitable for small to medium businesses
    Pros and Cons
    • "The best features are that it is very convenient to configure new rules onto it and it gives very good insight on what has entered my system and what the email security solution has taken action upon."
    • "There is a lot of room for improvement towards the phishing kind of email filtering, with the different hijacking attacks, and with the kind of password attacks which these phisher attackers do."

    What is most valuable?

    From an email security standpoint, the best features are that it is very convenient to configure new rules onto it and it gives very good insight on what has entered my system and what the email security solution has taken action upon. It has future analytical insight on what kind of attacks it could come across which would have already penetrated your system that you should be aware of. If there is anything which has already propagated inside the system, we can look into the other email security solutions to get that validated and then it gets things under control.

    What needs improvement?

    There is a lot of room for improvement towards the phishing kind of email filtering, with the different hijacking attacks, and with the kind of password attacks which these phisher attackers do. The engine is intelligent enough to block any link which is coming in the email because it checks the quality of the reputation of the link. But it is written by a very intelligent person using a very localized domain so it lacks that functionality. There are other solutions available in the market, such as Proofpoint and Barracuda, that have slightly better intelligence around that, maybe they have more attack feeds coming in or maybe they are working a little harder on the resource side. Their response towards such emails is very granular whereas Trend Micro's is higher.

    Maybe email security is not the goal for Trend Micro, because the other players like Proofpoint, Barracuda and Microsoft are working essentially on the email security. So they are very focused and since the products are completely driven towards email security they give a better posture and have better performance there. But from a threat prevention point of view and as the first wall of anti-virus defense, Trend Micro tends to be a superior product.

    For how long have I used the solution?

    I have been using Trend Micro Email Security for two and a half to three years.

    What do I think about the stability of the solution?

    Stability-wise, we have not found any challenges so far.

    I don't know if I can fully comment on that, because we have a limited base, a limited number of users, and maybe our organization is not the organization which should ideally comment on the stability. But the solution has been available all the time, there was no downtime in our service period and we are not facing any challenges regarding availability.

    How are customer service and technical support?

    In India they provide very good support.

    We have not faced any kind of challenges here. I'm not sure about other regions and their services there. For us, it has been a very good experience, because the vendor we work with has very good expertise in Trend Micro. The OEM itself is there and they are available most of the time, even 100% of the time. So it's good.

    Whenever we had some issues with our email services, they were all available.

    How was the initial setup?

    The initial setup was very straightforward. I think it took us 15 days.

    It was very, very quick because we were on the cloud setup. It was just a few steps so that our emails go there, get filtered and then come back to us. Then a few fine tunings so that we don't block legitimate emails.

    Which other solutions did I evaluate?

    I think the email security domain is a very mature domain now. If you look at Gartner, for example, they have stopped publishing their quadrants for email security because they have declared that it's a very mature market and players which are in email security already know that they are very deep into the services.

    What other advice do I have?

    On a scale of one to ten, I would give Trend Micro Email Security a seven.

    Some of their features should focus more on preventing the emails which are malicious in nature from entering into the user mailbox and they should have a feature to completely remove it from the entire email system. For example Microsoft has an option where if there is a malicious email you can just identify it and with one click you can delete every email in the system in the organization for whoever has received it. Similarly, there must be some kind of awareness mechanism for the user, even for whoever is not receiving it. They should be able to send out some kind of email or some kind of awareness to the user not to respond to any malicious services. In my experience throughout my career, making your users aware of email threats helps to get control of the threat by almost 70%.

    If you receive 10 emails out of which four to five would be spams, one or two may be malicious. If you are aware of it you will not respond to it. But in the initial stages, you might have clicked on the link or responded to their request. But eventually, when you learn about these malicious things, you automatically hesitate responding to them, or maybe you just don't read them. Those kinds of responsive behavior comes with time. If you teach your people they will not respond and your email security solution will look better because people will not get into the wrong traps.

    For small to medium sized business, Trend Micro Email Security fits very well because cost-wise it is effective and because their technical resources are widely available in India, the Asia Pacific region, and in Europe. However, when we look at it from an enterprise user perspective, where the number of users can be huge, we take more of a risk opting for a less expert solution. In terms of email security, I would not rate Trend Micro as an expert solution. There are others available which are doing this better than Trend Micro. Once Trend Micro is at their scale, at that point only would I recommend Trend Micro. But for the small and medium industries, I would recommend it because they have limited budgets and they work in a different sector of the market.

    But for the enterprise customers, I think they should look at some better solutions which are dedicated for email security. Email is the most critical part of the organization, so you should always choose the expert.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Sandeep G. - PeerSpot reviewer
    Senior Cyber Security Architecht at Cognizant
    Real User
    Top 10
    Easy to deploy and user-friendly with simple dashboards
    Pros and Cons
    • "It's all running in the backend, so it doesn't affect the app functionality."
    • "Some features, like encryption, are not available."

    What is our primary use case?

    We primarily use the solution for security.

    What is most valuable?

    The solution is user-friendly.

    It's easy to deploy. There are not many hassles throughout the process. Anybody can just read up on it and deploy it. 

    It's all running in the backend, so it doesn't affect the app functionality.

    The dashboard is very simple. 

    The solution is stable.

    It can scale. 

    What needs improvement?

    The product needs more granularity.

    Some features, like encryption, are not available. 

    For how long have I used the solution?

    I've used the solution for less than two years. 

    What do I think about the stability of the solution?

    It is definitely stable. I have not seen any issues. We know that Azure or AWS, once in a while, have some outages. Every product has got its own outages. Considering that, I have not seen much of an issue with Azure, at least with the Exchange Online Protection.

    What do I think about the scalability of the solution?

    There are some small limitations, and you cannot really scale mailboxes beyond 100GB. The customer will need to understand that you cannot really scale in that sense. You will have to archive your mailbox and archive your data. Beyond that, it is scalable. 

    How are customer service and support?

    I personally do not deal with Exchange Online Protection. One of my other team members does. They did contact Microsoft for various issues. For example, the limitations around the 100GB mailbox. They wanted to know if they wanted to migrate that, how long it would take, or if they could increase the 100GB mailbox. 

    Microsoft helped tell them the exact answers. However, it depends on the customer to customer. Some customers have got premium support, so they get more straightforward answers. 

    In general, support has been good.

    Which solution did I use previously and why did I switch?

    I'm also using Microsoft Defender.

    We've also used Proofpoint. Proofpoint has more granularity. It also offers different features. 

    Exchange Online and Defender offer safe attachments and anti-malware. However, they just have one single option for features, and you check a box, and it enables one blanket policy. With Proofpoint, you can choose your options.

    Microsoft products are good and more user-friendly in general. They are just missing the granularity aspect.

    In Proofpoint, the tap and trap work very well, and it has some kind of monitoring as well for the tap and trap.

    When you're moving from Proofpoint to Microsoft, if you need to do a comparison and if you need to showcase to the customer all features are working as expected, some functionalities might be a little difficult for us to showcase. Maybe that dashboard will differ. It's a common dashboard that we have for Microsoft. Maybe Proofpoint has got more features, however, for use cases, it'll be a little difficult to demonstrate to the customer.

    We've moved to this solution since we were moving the majority of our products to Azure. We wanted to move to the cloud to reduce hardware costs and avoid having a separate server, which we do not need for Exchange. 

    How was the initial setup?

    It's easy to set up the solution. For an Exchange person, or anybody who has worked on Microsoft on-prem Exchange, it is pretty easy for to deploy the Exchange Online Protection. They will have to learn Microsoft 365 Defender as well since it's got a lot more functionalities, including threat explorer. It has got more granularity in the investigations. In any case, anybody who has worked on Microsoft on-prem Exchange will be able to do a setup, which should not be a big problem.

    How long it takes is purely based on how many mailboxes you have got. It also depends upon the mailbox size as well. In a lot of cases what happens is you'll have to migrate from on-prem to Exchange Online, O 365, and you'll have to migrate the mailboxes. That process all depends upon the mailbox size as well, although getting into Exchange Online will not take much time. They can directly change the MX record and do a lot of things pretty easily, in maybe less than a week's time. For moving mailboxes to the public cloud, maybe a company will have to run it in hybrid environments for some time, then slowly move the mailboxes and complete the configuration. A lot of functionalities are there in Azure, Microsoft O 365, and Exchange Online Protection in general. 

    Setting up Exchange Online is easy at the beginning, however, completing the configuration, it'll take time based on my experience. If it is a very small company, and if they're maintaining a mailbox size of around 10GB or 5GB, something like that, and they've got hardly 100 mailboxes or less than that, it'll take less time. However, I've seen a few customers where the mailbox size is huge, and it takes time, maybe up to six months.

    What's my experience with pricing, setup cost, and licensing?

    I don't have details surrounding pricing. 

    What other advice do I have?

    We have a partnership with Microsoft.

    I'm not sure which version of the solution we're using. 

    If a company wanted to use this solution, I would advise them to check their mailboxes and consider what functionalities they want to have. When they move to Exchange Online Protection, it has got all the functionalities, anti-malware, anti-phishing, et cetera, and all those features are definitely available. And if they want something user-friendly, it is definitely there. It can also be deployed quickly, so that's one of the core advantages of having the Microsoft product.

    I'd rate the solution eight out of ten. The simplicity and the easy deployment ensure that anybody who has worked on Exchange can easily work on this. There's no specific training needed to get started. And, with a basic E3 license, they get Exchange Online Protection. It's just missing granularity.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Microsoft Azure
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    Buyer's Guide
    Email Security
    November 2022
    Get our free report covering Microsoft, Palo Alto Networks, Microsoft, and other competitors of Proofpoint Email Protection. Updated: November 2022.
    655,711 professionals have used our research since 2012.