Abnormal Security vs. Darktrace vs. Proofpoint Email Protection

Another local organization was compromised, and we were one of the targets of their further attempts. We were 100% protected because the behavioral analysis protected us, but also allowed me to contact that organization and report their compromise. This has actually happened more than one time since going live.

Incentivized

Darktrace is a product well suited for the vast majority of infrastructures and helps monitoring and responding to threats based on the network in a very elastic way. This is a product based on on-premise infrastructures that hosts its machines locally, of course it can be technically difficult to monitor an entire On-Cloud infrastructure but even there there's room for sensors and monitoring, not to mention the SaaS and mail integration that completes the product.

Incentivized

Well suited: Proofpoint does a pretty good job at protecting us from spam emails. I was able to block a lot of emails coming from SendGrid by blocking SendGrid emails with a custom spam filter. However, SendGrid has a lot of legit emails too so I was able to create another rule to allow those emails from certain people, then block the rest. That way business need was met but spam emails are blocked. Less Appropriate If you are trying to monitor internal to internal emails Proofpoint is probably a little over featured for that.

Incentivized

• Spam filtering...we have been able to turn our spam sensitivity down on Exchange allowing more legitimate messages through to user inboxes.
• Malicious email filtering...we experienced several successful phishing attacks over the past year. Abnormal Security has prevented hundreds of individual campaigns since going live in August '22. I cannot thank them enough!
• Automated response for reported emails...my team is small and we do not have enough hours in a day to review and respond to each reported email. Abnormal Security performs additional analysis on those reports and automatically responds for us. If the message is spam or malicious, copies of those emails are looked for throughout the server and deleted.

Incentivized

• Uses it Al model UEBA to detect anomalies in the behaviour of not only the users in a corporate network but also the routers, servers, and endpoints in that network.
• Provides a visualisation of both egress and outbound network traffics flowing in and out of the organisation.
• Darktrace comes with it autonomous AI model detection and responses capabilities.
• Darktrace as an AI next generation NDR solution, prevents ,contains and quarantines malicious traffics from and into the corporate network.

• Spam - catches these emails before hitting the inbox.
• Daily digest - provides users with a list of the emails that were blocked and allows them to choose to release them if they are legitimate emails.
• Ensures that emails coming into our organization is safe for our users and verifies the email is coming from stated senders email server.

Incentivized

• None so far, I have been extremely happy with their service.

Incentivized

• There are few areas that I would say need to be improved; their customer support portal allows you to log tickets with any suggestions or things you feel the product is missing, and they will generally show you how to achieve what you want, or in some cases, introduce it as a feature in a later update.

Incentivized

• Proofpoint could offer more frequent training opportunities to customers at all levels of expertise.
• Proofpoint can always continue to strive to keep its product a leader in the industry.
• Proofpoint's support site could be overhauled to provide a more logical flow.

Incentivized

It's a powerfull product that help administrators to provide email security to our organization.

Good metrics about received emails that help us to determine in doubt case if the email is a false positive or it's malware.

They're improving the product releasing continuous updates and have mobile phone app to manage it.

Incentivized

The Darktrace toolset is very expansive, allowing it to handle many different tasks, but this leads to a user interface that is sometimes not at all intuitive. Icons don't always make sense visually, and the associated tool tips do not always provide enough detail on what action the button performs

Incentivized

Very robust and solid product in protecting our emails. The engineers who assisted with our implementation was very knowledgable and great to work with. Easy to use by end-users. Administration and management are also easy for IT. Great dashboard and reporting tools for business reviews.

There were no appliance errors or unplanned outages during five years of operation.

Incentivized

Most important thing is the performance of processing mails. Even in a complex environment the system keeps performing on a very high Level.

Incentivized

Darktrace support is excellent in my experience. They send a competent engineer on-site to provide on-boarding training. They were also very responsive in responding to questions and concerns. Having an individual point of contact who is a competent network and security engineer is not a common experience, at least for me.

Incentivized

We use ProofPoint support quite often to fix issues and assist with setting up features and rules. Each time we have created a ticket, they have been very helpful and respectful. Each ticket has been treated with the appropriate SLA time and attention. We also enjoy the regular check-ins from the engineers when tickets are open but we get busy with other tasks.

Incentivized

Abnormal Security blocks malicious emails that both PhishER and Cisco Secure Email Threat Defense miss. One thing that PhishER does have is the ability to flip a malicious message into a user education phishing email. That's cool, but I think we can just copy/paste the same info into a custom campaign.

Incentivized

We did NOT select Darktrace. OSSIM/AlienVault is a more mature product and it provided better intelligence and reporting. The end user interface is much easier to use - and you can tell built form engineers who have had to do the work. My suggestion for anyone considering Darktrace, is to get the price upfront; do a 30/60 onsite trail; and do the same thing, at the same time, with AlienVault. AlientVault will win every time. I say that because that's exactly what I did.

Incentivized

We previously used halon anti-spam, which lasted us well until our organization really started to grow and it was not able to keep up with the amount of mail we were receiving. The support is also nothing compared to Proofpoint's professional services offering. Halon was also not able to have the complex rules that Proofpoint can offer.

Incentivized

You can add a lot of agents to your environment if you need them. And you can operate hardware appliances and virtual appliances in the same cluster.

Incentivized

• Preventing compromises that have historically led to payroll or accounts payable threats.

Incentivized

• One big positive is how it helps us with the security assessments that clients have done on us. They are looking to see if we know how we might have unusual/malicious traffic running on the network.
• If you have a small network and only need 1 appliance, it can be a good ROI and peace of mind.
• You could go down a hole in trying to spend time looking at all of your traffic with this software. You need to focus only on what it is showing as potential bad traffic.

Incentivized

• Having easy-to-reach backups of all employee emails has made Proofpoint worth it by itself. That plus the countless times that spam/malicious emails did not make it through to the intended person that could have potentially cost the organization a lot of money.

Incentivized