Perception Point Advanced Email Security Reviews

Email protection from:

1. All malicious attachments. 
2. Phishing URLs
3. Phishing and spam emails.

We work mostly with Slack for incident management with their Incident Response team. Everything is recorded, maintained, and operated in Slack. This is easier for every team, making it easier for us to stick with this solution. They are online. We show evidence. In general, we have good communication.

Email is still the first victim, e.g., it is number one for hackers to use. This is why you want to have the best protection against those attempts. The mechanism Perception Point Advanced Email Security has against malicious, phishing attempts and all these hackers' attempts via email was the main reason to use this solution. It protects the company from all the email attempts that can put the company at risk.

They can do better on the spam. Today, Perception Point is not our only solution. We have two solutions, and they are the second in line because the spam filtering is not yet the best. 

From an operational perspective, as a customer, we want to have the ability to do all the changes that we want. I don't want to have to approach the Perception Point guys, and say, "Please do: A, B, C, D." I prefer to have my guys do our customizations.

I started to use Perception Point Advanced Email Security even before my current position. So, I would have been using it for about four years.

In the four years that I worked with them, we have had maybe two downtimes. Obviously, that is a good percentage of uptime. I haven't had any big issues with them. So, the stability is very good.

Two security engineers manage the solution out of the SOC.

We started small, then we expanded. Because it is a cloud-based solution, it is very easy to scale. 

From a user perspective, there are around 7,000 mailboxes with almost 300,000 emails a day. The solution is fully deployed (100 percent).

We have used the technical support. Usually we use them when we have a false positive or false negative. It depends. We are using Slack, so they answer right away. They check and investigate it, so the technical support is quite good.

The vendor commits to the solution’s effectiveness when it comes to detection, but this is around an accuracy and detection rate of 99.5 percent. They sometimes miss and we find them. Obviously, we report them back, then they try to fix and solve them for the next time, which is a good thing. 

It is very important that the vendor’s Incident Response team work in the background and proactively help. They are also providing 24/7 support, so if something is happening while it is night, holidays, or weekends, then it is important that they will be proactive if they find something suspicious or something that requires actions. Therefore, we need them to be responsible. Some of this stuff, we can manage on our own, but there is stuff that they need to do on the back-end.

I see from time to time that Perception Point is being proactive. They approach us, and say, "Can you check this, and this?" So, it does seem that they are an extension of my incident response.

Once we report any stuff that we found, and for some reason haven't detected, they do everything very fast. It is almost real-time, and they are closing this gap. If they found something that they missed, or we told them, then they acted quickly.

We had an email protection system that wasn't as good before. Now, our block percentage is much higher. So, we have fewer incidents happening in the company. Obviously, this shows in the ROI. I don't need my guys to start dealing with all these incidents. Perception Point Advanced Email Security also provides a very good investigation report of what it was trying to do. Then, we take it and leverage it, using it to improve our detection in our protection systems. Therefore, we have increased the effectiveness of our detection against malicious attacks, plus our SOC team is not spending as much time dealing with them.

We added Perception Point Advanced Email Security. We still have Fortinet FortiMail because of the anti-spam. Fortinet is the first in line to block the spam, but they are second in line when blocking all the malicious stuff.

The initial setup was very straightforward. We did it in two phases, mostly. 

The phase one: Right away, we did all the malicious attachments. Obviously, we did it first in detection mode. After we saw there were not too many false positives, we changed it to block mode quite fast. It took one to two weeks, then we just changed it to block mode. 

The second phase was phishing URLs, which was a little more complicated than attachments. It was for detection only on URLs. We whitelisted all the legit URLs that had false positives. Once we finished with whitelisting, we enabled it on block mode. From that moment, it was quite straightforward. There were no issues. 

We can go into full production (fully live) with this solution in one month.

Sometimes, we have a URL that goes into a whitelist, but it happens once a month or something. It is a very low number. 

After deploying the solution, you can see all the blocking right away.

One security engineer deployed it out of the SOC.

For specific incidents coming via email, we have reduced our SOC team time dealing with problems by 99 percent.

Perception Point Advanced Email Security has helped us reduce our false positive rate. We currently have a 99 percent success rate with one percent false positives. 

The solution has helped to reduce the number of alerts received by our endpoint layer. We have around 99.5 percent accuracy. This has affected our security operations a lot. The ROI has been very good. My guys have spent less time on investigating incidents from the endpoint, because it was already blocked on the Perception Point level. 

They are not the most expensive vendor. There are much more expensive vendors. They are not cheap, but they are not the most expensive. They are somewhere in the middle.

The pricing is for the number of emails. There are additional costs for the number of files and scans.

I did evaluate two other solutions, Mimecast and Bitdam. Eventually, it was a combination of cost, integration, and support. I did want something that would work very fast and adjust to my needs. Also, the cost was important. We wanted something priced in the middle, not too expensive nor cheap.

Perception Point Advanced Email Security had a very good detection rate score. Obviously, that was one of the reasons we chose them eventually. It was not only because they are nice, but because the solution was top-ranked.

If you are looking for a one stop solution that will deal with all your email security, then they are probably not the perfect one because you will still need to add more tools. If you are looking to be the best in security and stop all security threats coming through via email, add this solution to your current environment and trust that they have 99.9 success rates when blocking any malicious stuff. Depending on the company, you can either add them to your portfolio or replace other solutions that are not as good as them.

You need to remember to whitelist your internal services so they will not get blocked. For example, sometimes there are internal services that the company uses. Because they are internal, and not coming from the outside, most security tools will detect them as suspicious.

I would rate this solution as a nine out of 10.

Our primary use case is to secure our email channel. We're using Perception Point only for our email users.

Among the most valuable benefits are the results we have seen from the detection engine. Since implementing Perception Point, we have had zero suspicious emails coming into our inbox. We have seen a 100 percent decrease in attempts.

And there have been no false positives. There have been no cases where we could not see emails, due to Perception Point mistakenly blocking them, that we should be able to see. Everything is working as it should.

One of the most valuable features is the service provided by the incident response team. There have been cases where we have suspected that emails were fraudulent or something was suspicious. In those cases, we immediately contacted the incident response team through the platform, and we had a response in less than a minute. They confirmed that those emails were not fraudulent, and we were able to continue with those emails. The response and the capability and the professionalism of the team have been some of the good aspects. It has been very positive on the customer service side.

I don't have anything bad to say about the product.

One feature that might be nice to have, and I don't know if Perception Point could actually do this, would be that when you are sending an email with sensitive information, Perception Point would either block it or trigger a message saying, "Are you sure you want to send this kind of information to these recipients?" Something like that, before you make a mistake, would be helpful. Some type of AI agent that determines what, for us, is sensitive information, would be great.

We've been using Perception Point Advanced Email Security for exactly one year.

We haven't seen any hiccups. We've had full usability and haven't seen anything that was not working or that impacted our business operations. We have seen 100 percent uptime.

It's hard for me to talk about scalability because we only have about 15 employees. So in our case there are no scalability issues. But I know customers, friends of mine, whose companies have tens of thousand employees and use Perception Point, and they have had the same feedback about scalability: no scalability issues.

We used Microsoft ATP.

Before Perception Point, we had a high number of malicious emails coming in; constant attacks and nothing was blocking them, including phishing attacks and account-information takeover attempts. Because we're a financial institution, we were very much at risk of having funds wired to a fraudulent account. We noted numerous attempts. As a result, we researched the market and we chose Perception Point for our email channel.

I was working closely with our IT manager at the time of the deployment, and it took us less than five minutes to configure Perception Point for all of our employees. There are about 15 of us in the company, but it was super-fast and super-easy. It didn't affect our work at all. And we saw immediate impact, meaning after five minutes we were up and running, and we actually saw impact and improvements the same day.

The time to value, in terms of the solution stopping threats was between minutes and hours. It depends on when the malicious email was sent, but it really was immediate.

The pricing compared to the value Perception Point brings is super-competitive. They're not the cheapest in the market, but the value and the quality of the product are superior to anything else in the market, so we don't mind paying more for it. The value for money makes total sense for us.

Pricing is based on the number of accounts and seats that Perception Point covers. We are using 15 accounts, and if we become a larger company we'll just add more seats to the pricing. There is alignment between value and pricing, which we like.

Other than Microsoft, the solution that we had used, Perception Point was our first PoC, and we decided to proceed with them.

On the plus side for Perception Point were the 

• detection engine and high detection rate
• false-positive rate
• incident response team
• configurability, meaning set up time. 

Those are the main pros. There weren't any cons, honestly. They didn't fall short on anything.

Comparing the detection rates between Perception Point and Microsoft, there was a huge difference. We went from about 10 to 20 malicious attacks per day to zero today.

As for false positives, because Microsoft didn't even block most things, we didn't have any false positives when using their solution, but we had many alerts because so many things penetrated the system. So trying to compare false positives is not apples-to-apples. With Perception Point we have a 100 percent detection rate and zero false positives.

Get rid of everything you have and move to Perception Points, or at least try it. 

One of the things we really liked about the solution is that we were able to test it for about a week. There is an option to test Perception Point in parallel with what you have. That means nothing changes. Your emails still go through whatever solution you have in place, but you also see, on the side, what Perception Point detects and comes up with. We saw this huge quantity of alerts that we hadn't seen before. We saw how many malicious attacks and emails were coming into our inboxes. That was an eye-opener for us. The PoC was super-easy. It was a five-minute setup time and nothing happened on our business side. We were able to keep running as normal.

Once you try it out and you see the value, you see how much better it is than anything else, the decision is pretty easy.

The platform is great, it's easy to understand and configure. There are no issues on the product side. And I love the quick incident response team that you can reach out to.

We are today using this product for email filtering and we plan to use it later for file filtering on cloud-sharing platforms.

This solution is very effective at detecting malicious content and very fast in adapting to new threats. There have been new types of attacks which, instead of attaching malicious files to emails, have been attaching to Google Docs that are hosted on the Google Cloud. Within a couple of days, Perception Point updated the engine to a filter and block such attacks. For us, it was very beneficial because the users are not allowed to open attachments, but when people asked them to view a document on the cloud, they weren't used to it. This left them open to this type of attack.

The Perception Point incident response team acts like our own SOC team, which is important because we do not have a SOC, but rather a limited incident response team. This means that any external assistance allows us to work on the more critical areas and identify the events that we have to investigate. In general, it significantly reduces our internal workload.

When it comes to incident management, I think that the Perception Point incident analysis is very fast. It usually takes less than an hour to go back with initial reactions, and they adapt the technology very fast as well. They provide either interim solutions or full solutions to all of the incidents that are identified.

In terms of engine optimization, ever since we started working with Perception Point, we have been able to monitor improvements to their capabilities, including adaptations they have made. Moreover, our own team was able to work with the system and ask for improvements, and they've all been done very fast.

Perception Point has helped to reduce our false positive rate by approximately 90%. More generally, it has reduced the total number of alerts we get. We used to have more than 100 endpoint alerts per month and it has been reduced to individual ones. Overall, that is a greater than 90% drop in alerts.

The most valuable feature is the ability to identify malicious content and phishing emails and reduce the workload we have to do in terms of security. The quarter before we used Perception Point, we had about 400 positive identifications of malicious content being used by employees, probably getting them via email. Since using Perception Point, we have almost nothing.

The only thing that can be improved in Perception Point is the in-depth analysis and attribution to cyberattack groups. This is an issue I have raised with their product team. Currently, when we get malicious content, we don't know where it came from. One of the things that worries me the most, as a sysop, is whether we are being targeted by any of the cybercrime groups. This is something that Perception Point doesn't do, so I have another cyber threat intelligence team that does the investigating. Ideally, Perception Point should offer this as part of their service.

We have been using Perception Point Advanced Email Security for the past four or five months.

We are using it as a SaaS and since we have been using it, there have been no noticeable service interruptions.

It seems to be very scalable. It's cloud-based, so it should be able to scale nicely. We haven't done load tests because our load is not very high.

We have about 1,400 people who are protected by this product, and they work in every role that you find in an enterprise. We are located in Asia, Europe, and North America.

The technical support is very good. Most of the time, they reply within one hour.

Prior to Perception Point, we were using a solution by Barracuda. We switched because Barracuda didn't provide the capability to filter emails and block the malicious content we wanted.

The initial setup was very simple and straightforward. As we are using Perception Point as a mail relay, it only involved changing the MX record or DNS records in order to relay our email messages to Perception Point, and whitelisting the Perception Point addresses in our email systems. It was a very simple configuration, and it was up and running very fast.

We have many domains, and some of them took some time, our major domain was done first and it was completed within one day.

After deployment, it started providing value immediately. That said, it took a few weeks before we identified everything that needed to be whitelisted or blacklisted.

It requires some administration in terms of blacklisting and whitelisting rules for URLs of domains. There are some cases that the out-of-the-box solution doesn't identify properly, especially when there are misconfigurations by people that we communicate with.

I managed the deployment, but someone on my team did the technical setup.

We have seen ROI in the form of reduced security team activity, a reduction of employees clicking on phishing emails and malicious content, a reduction in the need to re-image machines that have been infected by malware, and a reduction in the incident response (IR) activities.

We were able to get reasonable pricing that matches the ROI we want, so I think that it is the correct price point.

We evaluated other solutions including Mimecast, Sasa Software, Forcepoint, and a couple more. Some of the products that we looked at didn't offer a full SaaS solution so we didn't consider them.

We didn't perform a full pilot program with the rest of the vendors because we had a situation where we wanted to deploy very quickly. We were in a dialogue with Perception Point, it performed perfectly, and we just decided to move on with them.

My advice for anybody who is considering Perception Point is that there are no false negatives and no false positives with this product. Overall, I am very happy with it.

I would rate this solution a nine out of ten.

It transports rules from our mail system to their scanning mechanism.

It is a very straightforward solution. The mail just goes through their system. They scan it, and if there are any cases of cyber threats, then they will be stopped over there. We don't really feel the system. It is like fire-and-forget.

We have an organization which mostly uses mail to communicate. Today, there are a lot of social engineering attacks that go through vectors of sending you URLs to have phony websites for credential harvesting or a URL that will inject some kind of a payload into your browser. This system actually cleans it, blocks it, or alerts the user. This is what we find to be very good and how it protects our organization. We are not using the system per se; it is just protecting us. Think about it like going with some type of a shield that actually protects you.

In our case, we have a lot of mail traffic. So, we estimate something like 20 attacks a month. However, it really depends how your organization is targeted. If your organization is a target organization, you are probably going to have more attacks. This system will prevent you from being a victim of these types of attacks.

We have only had one false positive with Perception Point Advanced Email Security.

It keeps my emails safe. This is the main feature.

The solution’s effectiveness when it comes to detection is very good. It has a very good mechanism. It scans our emails. It identifies any threat or phishing attempts and phishing campaigns as well as any bad reputation, servers, or links, then it blocks them. This is what I find to be very good about this system. This is what we are always looking for.

Its websites for analysis need to be a bit more approachable for people who are less technical. Technically, it is a fire-and-forget solution. So, you want to be able to implement this solution for a lot of companies who don't have security operation teams (SOCs) behind them. You need to have something where a secretary can jump onto this console and release whatever she needs to release. Therefore, it needs to be written in a very specific non-technical language.

I have been using it for three to four months - not very long.

It is very stable. There are no issues.

One person is needed for maintenance, e.g., if you need to release a false positive, but we haven't really had this experience yet. Otherwise, no one is needed.

I presume Perception Point Advanced Email Security was built on a robust system where you can grow with it.

The users in our organization are my technical leader and me.

The technical support team is very good. They are responsive and knowledgeable.

We are working with someone specific at Perception Point who is doing a very good job. This is important because if you have a false positive or something that needs further investigation, then you will need to use the Incident Response team. So, you want to have a very good connection with them.

The Incident Response team is very good at what they are doing when it comes to the incident responses. It is a very good company. I really recommend it.

Our previous mail system, when it came to cleaning phishing links, was not very good.

We didn't switch. We added this solution as an additional security layer. The threat of a social engineering attack, crypto viruses, and all these URLs which will download something to your computer or will redirect for credential harvesting is becoming a bigger problem. People are attacking the human factor behind the computer, not the system itself. In this case, Perception Point Advanced Email Security is a good protecting layer for these kinds of attacks.

The initial setup was a bit complex when it came to the transport rule, which was needed to create a 365 account on Microsoft. We did that with the Perception Point support team. They did this together with us. I would like this to be a little more accessible, explaining why they are doing this or put it into place.

Our deployment took half an hour to an hour. Configuration was required on Office 365.

After deployment, the solution started delivering value immediately, when it comes to stopping threats.

We worked with the Perception Point support team. Together, we opened the console.

It took just one guy to set up the transport rule on Office 365.

Perception Point Advanced Email Security has helped to reduce the number of alerts received by our endpoint layer. It blocks the URL which downloads the payloads to the machines or is alerted that the URL is suspicious. Technically, it is preventing the payload from being downloaded to our machines, then the endpoint protection is not activated.

Because of the reduction in alerts, you don't need to start running around and checking each one of the computers to see what is happening or go into the console every now and then to check it. That is not happening, since you don't have anything to check. You are actually saving on your security team management. This has saved us a couple of hours. 

It's very difficult to find return on investment when it comes to security mechanisms, because there is no return on investment until something happens. If you have a crypto virus where someone will ask you for ransomware of a million dollars, this is your return on investment. We are trying to eliminate the option for this. When you come upon this ransomware, it is already too late. So, it's very difficult to calculate the ROI on this.

It is more of an insurance policy. However, in insurance, you still have your personal fees as well as a fee if something happens, where you take part of the damage upon yourself. I think this solution is more robust and bulletproof.

When compared to other solutions on the market, it is relatively fair.

We used other solutions, like IronPort, and decided to add an additional layer.

I would advise someone, "Go and do it."

This solution is a security layer that needs to be done or implemented in any organization because of the risks that people have today when it comes to attacking human factors. This is a good blocking solution for these attack vectors.

We are considering right now to extend the solution to SharePoint and OneDrive. We are looking for the budget.

I would rate this solution as a 10 out of 10.

We are using Perception Point Advanced Email Security for filtering or securing our email system.

The most valuable feature of Perception Point Advanced Email Security is the filtering and securing of emails.

It would be helpful for Perception Point Advanced Email Security to have more integration with other solutions.

I have been using Perception Point Advanced Email Security for approximately one year.

I rate the stability of Perception Point Advanced Email Security a nine out of ten.

We have approximately 500 secured mailboxes using this solution in my organization.

I rate the scalability of Perception Point Advanced Email Security a ten out of ten.

I did not use the support from Perception Point Advanced Email Security. However, we did use the support from the dealer we purchased the solution from.

I have previously used IRONSCALES. When comparing IRONSCALE and Perception Point Advanced Email Security, they are very similar. However, IRONSCALE is less expensive.

The price of the solution is high.

I rate the price of Perception Point Advanced Email Security a two out of ten.

I rate Perception Point Advanced Email Security a nine out of ten.

We are using it to screen all emails coming into our infrastructure and email system. So, it is screening and blocking anything noted as malicious. It tags anything noted as spam, which gives us a frontline defense on all emails coming into our organization.

The vendor’s Incident Response team is very good when it comes to incident management, improving the security of our email system immensely.

Perception Point Advanced Email Security has absolutely helped to reduce our false positive rate. We have had half a dozen or less false positives since we have started using it.

I find the solution very valuable. It does what it is supposed to do. It works. 

The solution’s effectiveness when it comes to detection is very good. It is stopping malicious emails and tagging emails noted as spam. So, we are able to disseminate those emails, get what we need, and block clearly malicious emails. It saves us a lot of valuable time. It keeps our users safe, e.g., the majority of emails that they would have gotten in the past don't even make it into their inbox.

This is an option to preview an email in their console, and that could be improved. If you open the preview, then it auto scrolls. Therefore, it is hard to look at the email when it is going to the next page or scrolling. It should not have the auto-scroll.

We have been using it since July or August of last year.

The stability is excellent. We have not had any issues connecting to the platform or with the stability of the platform.

The amount of emails that we get is steady.

We are at roughly 200 inboxes that the solution is protecting.

Their support is very good and they respond quickly. If we do have a false positive or potential false positive, we are able to work with them in a quick, timely fashion. So, if we do notice an email, and if it is a false positive, then we get that noted with them. They do a very good job of fixing any false positive so they do go through the next time. We get those fixed right away.

When there is a potential false positive or miss, we work directly with them. Then, it is sorted out very quickly. We have not had to wait to get a resolution. 

We used MDaemon as our email, Absolution, and Windows.

Because it is set up in SaaS, there is not much in the way of setup from our point of view. You just install it, then it goes.

After deployment, the solution started delivering value immediately when it came to stopping threats.

I save 30 minutes to one hour a day with this solution.

We haven't had any incidents that would compromise the company, so we haven't had to spend any time remediating anything.

We would always like it to be cheaper and save more money. However, we are getting the value from it.

We did not evaluate other options.

The solution works. There are very few false positives. It does what it is supposed to do, stopping it at the source.

The company does not plan to increase its usage in the near future.

I would rate this solution as a 10 out of 10.

The primary use case is for email security.

The most valuable feature I have found is the speed of scanning emails.

I think the interface could be improved in the next release. I think making the solution more user-friendly would be helpful.

I have been using Perception Point Advanced Email Security for the past year.

Perception Point Advanced Email Security is definitely stable for our needs.

We found Perception Point Advanced Email Security to be scalable.

Technical support is very good.

The initial setup was complex and it is similar to out-of-the-box service.

We evaluated Proofpoint, which is higher priced than Perception Point Advanced Email Security.

I would rate Perception Point Advanced Email Security an eight out ten.

We're not yet clients of Perception Point. We have been running a PoC on their email security product for about two months. My managers are still going through some steps to see if we will finalize something with them.

The main component of their product is email security and their solution has been proven to be quite good at catching the bad guys.

The solution has pretty good detection. It has some particular areas that are—if "unique" is not the right word—strong points for them. 

• It has modules to detect malware and that is a strong point.
• It has a very nice way of showing you, directly in the product, a lot of details about certain pieces of malware. It goes very deep and even shows you the assembly code.
• It also does detonations on files and shows you the results in different operating systems. That is very useful. 
• And it has pretty good capabilities for catching malware campaigns that other products are not really catching.

Coming from products in the Microsoft stack, Perception Point doesn't really give you, as an admin, a lot of options to make changes yourself. It's more on their side to make changes in the back end. That's something they could improve on in the future.

Also, the search functionality is kind of tricky or buggy. When you enter some text to search, you have to scroll down to find the search button. It's a bit more friendly on the Microsoft side, or maybe I'm just more used to Microsoft. But if you copy a piece of text, like the subject of an email, and you paste it in the Perception Point search, you cannot modify it. You have to modify it before you paste it. That's just the way their text input field works. They need to pay some attention to the search functionality.

Also, you cannot really see graphs of evolution over time. You can choose various timeframes like one day, one week, one month, or a custom timeframe, but you cannot really see any evolution or compare graphs. You can't really see what the spikes were in one month. Perception Point does have a very graphical layer and they tell you, "We stopped this many emails with this layer, and we stopped this many emails at this other layer," which is very nice, but I would love to see a graph showing evolution and spikes.

We didn't have issues where the service wasn't available. That was okay.

The only little issues that we had were on the identity side, where we would invite a person to join the sandbox that they created for us, we would give them a role, but at some point they would lose access, and we would have to do some steps again. I'm not sure why that happened. But we didn't have service interruptions or anything like that.

We ran the PoC in a way that almost all emails that had to go to Perception Point did. It handled that volume pretty well and I didn't see any kind of issues. And I don't expect to see any issues if we were to scale it even more with a bigger volume of emails. We onboarded close to 5,000 email accounts into Perception Point.

Because Perception Point is not such a big company right now, I found that they are very responsive. The account team, the team that we did the PoC with, was very friendly. They answered all of our queries and they were always there. Even if we didn't directly communicate with the IR team, the person that we were in touch with, who had connections with the IR team, was always available. He was always giving us a heads up telling us, "We caught this campaign," or asking us if we needed anything. They were very friendly, responsive, and professional.

We didn't communicate with the support team. The account team took care of anything we needed. But they were excellent.

The way we set up the PoC, just required us to set up a tiny transport rule and that was it. I'm not sure, when you put it into production as your main solution, what that process would be like. For us, having it as a second solution, on top of Defender, it was very straightforward.

We didn't let Perception Point actually stop anything in the PoC. The stopping task was still left to our main production system which is Defender. Our approach in the PoC was that we wanted to see what they would detect beyond our current solution. If I had let Perception Point stop anything, it would have stopped some pretty important campaigns in terms of malware, credential harvesting, and the like. But right now, it's just in detection mode.

During the PoC we didn't really use or talk to the Perception Point Incident Response team. We had two contact points on their side, and one of them was working closely with their IR team, but my colleagues and I didn't interact with their IR team. I know that behind the scenes the IR team was active, at some points blocking things or analyzing things.

I was the primary person who set up and tested Perception Point, in my role as senior security engineer. And one of my colleagues, who is handling email in his role as a cloud operations engineer, was involved. We also had our manager who is our director of IT, and another colleague who is a security analyst involved.

Our main email security solution is Microsoft Defender for Office 365. During the Perception Point PoC, we put the two products alongside one another, and we did see better results for some malware campaigns with Perception Point. There were some campaigns in which Defender for Office didn't catch things and Perception Point did.

We didn't really look for false positives. We were looking more to see if Perception Point could complement our detection stack. There were some things, legitimate domains that we were using, that Microsoft blocked and Perception Point didn't. If Perception Point had been our primary product, it probably wouldn't have blocked them. But in a similar way, Perception Point also blocked some stuff that was not actually malicious.

Perception Point has a very good engine for image recognition, like logos, and it was able to stop some phishing. Anyone could see they were phishing attempts, but somehow, Defender for Office 365 sometimes didn't catch them. Perception Point did, every time.

Perception Point is a good solution. It's definitely worth testing. Every customer's environment is different, and not all companies are targeted in the same way, either because they are in different industries or they have a different number of employees. But phishing is definitely a very important attack vector, and Perception Point's product is very good. It's worth giving it a try, to at least run a PoC to see how it works.

The PoC was a very good experience and, at this point, I'm just waiting for my managers to make a decision about the product.