Item: Proofpoint Email Protection
Rating: 4
Author: Verified User

Use Cases and Deployment Scope

We use Proofpoint Email Security for incoming, external e-mail in our organization, as our primary defense against spam and other security threats, and as a way to maintain e-mail continuity if our internal Exchange server is offline or otherwise unreachable. It prevents our users from getting flooded with unsolicited emails and phishing attacks, in most cases, which is extremely important.

Pros and Cons

Spam Filtering: Proofpoint does a very good job of blocking spam natively, and of course users and administrators can set up white lists and blacklists as needed to fine tune everything. There are several configuration options, but we have a quarantine digest sent to end users if it's possible but not confirmed spam. It can also be set to just stamp an email with a "spam" notice in the subject line and send directly, for anything that's suspected as spam.
URL Filtering: Proofpoint re-writes URLs in emails so that, if a user clicks one, it takes them to a sort of proxy site that double-checks the URL. This means that even if a malicious email gets through, there's another check before a user could potentially download some harmful file from an attacker's website.
E-Mail Continuity: Since email goes through Proofpoint before hitting our internal server, it can hold the e-mail in a queue in case our servers are unreachable. The mail then spools in once the servers are back, or users can log into Proofpoint from outside to check email.

URL Filtering: While this is a nice feature, it tends to obfuscate the URL in any readable way. Users are trained to hover over links to make sure they go where they say they're going to go, to check for anything suspicious as a security check. It's almost impossible to decipher the links once they've been rewritten by Proofpoint.
User Setup: Although it's fairly simple to add in a user, it takes up to an hour for the email to that user to work, and before that time, they will bounce back as an invalid user. For some reason, Proofpoint only updates its internal lists at the top of the hour.
User Spam Management: Since it's a third-party application, it does take a secondary login to manage white- and black-lists for users. This isn't a big deal for administrators on company-wide lists, but it's an extra, cumbersome step beyond just clicking a link for end users, which sometimes means they're not going to bother.

Return on Investment

We rarely get malware through e-mail, so Proofpoint does its job there. Given the security landscape, that's not nothing. That saves IT a lot of time, money, and effort in managing manual lists or, worst case, cleaning up infections.
We do still get spam, albeit less than we would if he had nothing in place. The digests are a good way to manage it, so users can see the email subjects and senders once or twice per day, and decide what to do with them all at once. That saves end users some time.
The only way to blacklist a sender or domain is to log in to Proofpoint; you can't just flag an email for spam or click a link in the email to block it for the future. This takes more time, and so I would say it negatively impacts the RoI.

Alternatives Considered

Microsoft Office 365, Mimecast Secure Email Gateway, Barracuda Email Security Service and WatchGuard Secure Email Gateway (XCS)

Proofpoint works well enough for what it is, especially if you are using onsite e-mail hosting. Office365, for hosted email, already has pretty great spam protection in my experience, so I wouldn't recommend using this product if you're on Office 365. Mimecast does everything Proofpoint does, and more, for about the same cost. I've used Mimecast elsewhere and found it far more intuitive and user-friendly.

I also have some experience with Barracuda and WatchGuard, both were on-site appliances. I would actually recommend Proofpoint over those two. For one, since it's cloud-hosted, you don't have to worry about email outages if your Internet provider has issues and email can't get to your servers. Two, while Proofpoint can sometimes be clunky, Barracuda and WatchGuard were utter nightmares as an administrator to configure and maintain.

Other Software Used

Zix, Microsoft Exchange, Sophos Secure Web Gateway

Likelihood to Recommend

Depending on the circumstances, I think I would recommend a different product. The spam protection works fine, it's not terribly expensive, but there are better products with better usability out there. A very small business with little to no IT staff, perhaps using a managed service provider, might find it works for them just fine, but even then, Office 365 has pretty decent spam filtering already, and a business of that size is probably hosting their email instead of using an on-site solution.

Please log in to join the conversation

Verified User
commented 5 years ago
I see that your "Cons" listed are actually things that are within your control. URL Filtering: You have the ability to choose how (or if) the URLs are rewritten. This can be changed in the Email Protection tab>Targeted Attack Protection>URL Defense>URL Rewrite Policies. User Setup: This feature can be set to perform a user import at your desired level (as often as 5 minutes if you want). We have ours configured to import every 2 hours between normal business hours. Go to the System tab>User Management>Import/Auth Profiles> and then create (or edit) your import profile schedule. I recommend reading the Administration guide, using the Help menu, or contacting your Proofpoint support rep for assistance in making the changes.

Proofpoint is fine, but not great

Overall Satisfaction with Proofpoint Email Security and Protection