Proofpoint Email Protection Reviews

We use the solution to stop email attacks, such as credential phishing, impersonation, and some forms of spear phishing. It also helps prevent attacks that bypass email authentication protocols like SPF and DMARC.

It's the top choice because no company can operate without security. Ensuring email protection is a major priority for any organization when building its infrastructure. It effectively stops sophisticated attacks launched by advanced threat actors. It can identify attacks related to impersonation, deception, identity theft, business email compromise, and more.

One major threat is QR code phishing, along with TOAD (Telephone-Oriented Attack Delivery). TOAD attacks don't include links, URLs, or attachments in emails. Instead, attackers try to trick you into calling them, often by offering something enticing like a 50% discount on football matches. Once you call, they may try to get your two-factor authentication code or send malicious links to your personal email, bypassing security controls. Proofpoint has consistently detected and prevented these kinds of deceptive attacks.

I have been using Proofpoint Email Protection for five years.

The product is stable. 

It's top-rated for scalability because of its architecture. It uses a central management solution called Master and supports adding up to 25 or 30 agents. Each agent can handle a significant number of users, so with 2 agents, you can cover 5,000 to 10,000 users. Given this setup, 25 to 50 agents can manage even larger user bases. These agents are servers, not software installed on individual machines, which allows for excellent scalability.

The initial setup is straightforward and user-friendly, but it does require experts to implement. It's not something that regular users can handle. You need skilled professionals who have a good understanding of email systems, Office 365, Exchange, email flow, and SMTP protection. While the process is simple, having knowledgeable people is essential for a successful implementation.

It starts with an offline configuration in the first phase, keeping everything inactive and not migrating traffic right away. This allows you to validate policies, mail traffic, and mail flow without affecting live operations. Once everything is validated, the cutover happens in phase two. After ensuring the cutover is successful, you can then move on to the tuning phase.

I’ve done this many times. The initial setup duration depends on the company size, the complexity of the policies, the rules in place, and whether the setup is complex or straightforward.

They have their own dedicated Protection Services team and rely on certified professional service engineers on the ground.

To protect email effectively, you need to secure it across multiple channels—external, internal, and even after delivery. Proofpoint is the top choice for comprehensive email protection because it covers all these aspects. Gartner has stated that to fully protect email, you need coverage across all channels, and Proofpoint is the only vendor with a platform capable of doing that.

It operates using the MLX engine along with AI to protect against business email compromise. Some of the engines within the solution rely purely on AI. The system can be left to learn normal behavior over two to three weeks. Once it understands this behavior, it provides protection based on what it has learned. We also acquired a vendor called TCL, which excels in detecting attacks through advanced analysis and AI.

Tuning requires time; it's not difficult to maintain but needs careful adjustment. It may take about a week to ensure everything is optimized according to best practices, focusing on tuning rather than just configuration.

The primary use case of Proofpoint Email Protection is to ensure email security for both incoming and outgoing emails.

The most valuable feature is the option to edit the inbound security. 

In terms of improvement, I have some concerns regarding the effectiveness of Proofpoint's phishing protection. There is room for improvement in detecting and preventing phishing attacks. While the solution performs well in some aspects, it struggles with phishing threats. There are other solutions on the market that do a good job with that.

I have been using the solution for three years.

In terms of stability, the solution performs well. We have not experienced any issues or downtime.

The solution is scalable enough for our organization. Approximately 2,000 people use it at our company daily.

We are currently working with both Proofpoint and Abnormal Security, but we plan on completely switching to Abnormal Security soon. Proofpoint needs to work on its performance in handling spam and phishing and to improve its services when it comes to AI or ML-based solutions. Even if Proofpoint decides to roll out such features, it will take some time. There are competitors on the market who already offer those features, and that is why we opted for Abnormal Security.

The initial setup is quite easy. It took one day to deploy the solution because our team needed to edit SPF, DKIM, and DMARC records, which took some time as well.

My advice to people who are considering using Proofpoint would be to properly evaluate the services it offers. During the POC phase, you should assess all features offered, including phishing protection, and ensure they are up to date. You should compare Proofpoint with other vendors in the market before making a decision. Overall, I would rate the solution a six out of ten.

The archive feature is valuable.

The solution can be improved by including a real-time block list and giving the user more control over customizations. 

We have used the solution for ten years.

The solution is stable. I rate it a ten out of ten.

The solution is not very scalable.

We rate our experience with customer service and support an eight out of ten.

Positive

We previously used Barracuda.

The initial setup took half a day to configure, and two people were required for deployment.

I rate the solution a nine out of ten. The solution is good, but the scalability can be improved and the solution can be optimized.

We use it as a corporate or as an exchange email filter to protect, to stop any executables from coming through email, and to halt phishing scams. Basically, the product is for email security. We use it for our network.

Also, if a user thinks that they didn't get an email, we can access the Proofpoint dashboard and go find missing mail that either people didn't get so we can rerelease it to them. Or if it did get quarantined, we can release and approve a sender.

You can blacklist and whitelist sender lists. If you are getting phishing scams that get through the filter, you can end up shutting those down. You can actually block the entire domain so that domain can never email you ever again. 

If there is an external email outside of your network or your company, you can whitelist them if it's an unknown sender, so you don't ever have to worry about missing their emails. 

We had an attempt for a ransomware attack and we were able to block them through Proofpoint Essentials. It's keeping us very safe. Our antivirus shut down the first one and then when the attacker tried again, we were able to block and cease all attacks. In the end, we didn't end up becoming a victim of a ransomware attack.

The solution offers very good flexibility. You can blacklist or whitelist with ease.

Their entire dashboard is excellent. It's completely user-friendly, it's easy to navigate. Anything you need to get done, you can do right from the dashboard, which is incredible. 

What makes it so easy is the features of Proofpoint and how secure it is. 

You could have no IT experience and go in there and control Proofpoint. If your company says "Hey, we need somebody to control Proofpoint," you could hire a kid out of high school to learn it. That's how easy it is.

The Secure Mail aspect should have an Outlook add-in, instead of an external dashboard that outside users have to access. If we send a payment to one of our customers or an ACH or a form to fill out, they have to go through this entire subscription process on a separate website to read the secure mail.

It should be like Ignite, where you can access the internal portal so then our customers aren't having to go through all these hoops just to read an email that we're trying to send them securely. That would be the one thing I would change. Basically, the Secure Mail portal wouldn't be its own portal; it would be an add-in.

I've been using the solution for two years and the company itself has used it for five.

The solution is 100% stable. It's incredible. We haven't had any issues with it. No downtime, no hiccups. Obviously, it's not going to catch everything, however, we have the ability to go in there and block stuff that it does miss. It's an incredible solution.

The scalability capability is based on the packages. We're not at the highest package, however, from what I've read, it's got some incredible scalability. With our package, it does everything we need and we have over 200 users.

It does more than what we need it to. There's stuff we don't even use as we don't use those capabilities of it. The scalability would be incredible as with 200 users we still don't touch all of its features.

As far as I know, we'll continue using it. The company has been happy with it for over five years and I've been around it for two years and it doesn't seem to be going anywhere. Now that we've added Secure Mail, it's really probably not going anywhere.

I'd rate technical support eight out of ten.

You pay for what you get, and we didn't pay for the enterprise tier, so we're in a middle tier. Sometimes it does take 24 hours to hear back, however, if it's a high priority that they'll call you within 30 minutes. It's pretty incredible how prompt they are. 

Once you do get a hold of them, it's not like, "Okay, well, we'll look this up and we'll call you back." No - they sit there and they'll work you through it. They'll remote into your machine if you need them to. They're excellent.

I haven't previously used any other solution. Before, the company only used the security features in Exchange Online admin center, which obviously wasn't as secure as they wanted it to be. That's why they went to Proofpoint.

The initial setup was straightforward. It's real easy to integrate with Active Directory exchange online. You just pretty much point and click and follow the prompts and it's there. Now, some of the whitelisting, you would have to have some experience, however, not too much. You would want someone knowledgeable to just navigate some of the approved domains and stuff like that to whitelist IPs as that portion was a little more work. 

It probably took about six hours to whitelist IPs. The deployment is a moderate amount of work, however, not much, not a lot.

We didn't do a very complex setup since most of our users are silent users. They have it, however, we don't allow them access as we don't want them to be able to release something onto the network. It probably was a six-hour job to just get everybody added in from Active Directory and integrated into the system.

The maintenance is basically two people. It's all it really takes. It really only takes one person, however, there are usually two of us here that can access it and go in and clean stuff up. And as far as the roles, there's not really assigned roles for who goes in and does what. As far as users, they're silent users and active users, and only active users can actually access the portal, and then the administration is the only one that can change settings.

We did use a consultant to help us with the implementation. Our network admin did most of the work, however, the consultants were there just to guide us through it, just in case we hit a hiccup, which we didn't. 

The consultants were great. They were easy to work with. They were prompt in responses.

The biggest ROI for us was when it stopped a ransomware attack. It could have cost us a ton of money. It could have been detrimental to the company. It basically paid for itself right there.

The licensing is basically $8/user. We pay yearly, however, they do allow for month-to-month billing.

It's just a straight licensing fee. For support, you'll pay extra for that. If you want to move up to a higher tier, I don't know how much it is, however, I know you pay more to get a higher level of support. Tier One support is way cheaper than Tier Four. You are paying pretty much to have your own project manager. Proofpoint literally assigns someone to you. When you call, it's getting taken care of by his or her team. That's pretty expensive, however, I'm not sure of the cost.

I'd advise users to get the package with the Secure Mail feature and then make sure that you whitelist all your important IPs and then add domains of all known users, so you don't run across any blocked or missing mail.

Our users have learned to be more careful and look for more phishing attempts from it, because now they know what a normal email should look like instead of, "Hey, here's a link you need to update your password." And then just clicking away. Through this they've been able to see, because we can show them, "Look, this is blocked, this wasn't, here's why." Right. So we've been actually able to teach that culture and teach the hesitancy. With this solution, our users have become much more informed.

I'd rate the solution at a nine out of ten. It's a great product and they have great customer service, a great support team.

Proofpoint Email Protection is the best solution from the perspective of email security. The solution has a lot of email protection features for spam and phishing campaigns, and it also has a platform to educate the end users.

Proofpoint Email Protection is an expensive solution.

I have been using Proofpoint Email Protection for two years.

We haven’t faced any issues with the solution’s stability.

Since Proofpoint Email Protection is a cloud-based solution, it is easily scalable. Proofpoint Email Protection is more suitable for enterprise businesses.

Proofpoint Email Protection can be deployed within two to three days.

Proofpoint Email Protection has helped companies save money by protecting them against email phishing and spam campaigns.

Overall, I rate Proofpoint Email Protection ten out of ten.

I am the CIO, I have consultants.

We use Proofpoint Email Protection to filter out malicious emails.

We have a lot fewer malicious emails coming in since implementing this product.

The setup was easy.

It was easier to use Microsoft than Proofpoint.

We had some issues with their sales consultant. We got into a dispute and he ended up leaving the company. It's unknown if he was unhappy being at the company, or if it was a reflection of the company, but I can say that their sales consultant was not good.

I think they have everything that I would want in the advanced version.

There are certain things, I would want. I would want better spear phishing protection in the essentials package.

I have been working with Proofpoint Email Protection for two years.

It's a subscription, and we are always using the latest version.

The stability is fine.

The scalability is good.

I am going to reiterate. To move to a more sophisticated email security solution was cost-prohibitive. When you compare it to others, it was too expensive.

All users of the company, all departments were using this solution.

The technical support was okay. I think it was good, although it wasn't outstanding.

It would be excellent, f they had chats and instantaneous responses. That would make it better.

We always struggled with getting on the phone with someone.

We were able to get the same security levels using Microsoft that we were getting with Proofpoint.

With this company, we used Proofpoint straight out of the gate.

We have now switched to Microsoft. The features were definitely there. It was more integrated; people don't have to go to a different website to see what was quarantined. They can see it right in their account on Outlook.

Microsoft is easier to use, it's more integrated, and it's cheaper. It was cheaper than their advanced module, for sure, but it was comparable to their basic package.

The initial setup was straightforward. It was easy to set up.

It took few hours to set up. It was really quick.

We have an admin that would go in to see what was quarantined every now and again a quarter of full-time equivalent approximately 10 hours a week.

This solution was being used every day, 24 hours a day.

We used a consultant to deploy the solution.

I have had a relationship with this consultant for more than 20 years. If I keep a consultant for that long it's because they are worth their weight.

It is always a pleasant experience working with them.

For sure, we have seen a return on investment. It does what it's supposed to do, which is to protects you.

If Proofpoint was the only product out there, I would gladly pay for it. It would be fine and good. But they are not the only game in town. Their competitors managed to give the same level of protection for much less.

The Basic Email Coverage is pretty close to the same price as the Extended Email Security of other companies.

To start basic at Proofpoint, let's say more expensive than other basic packages.

To jump into the Advanced versions of Proofpoint, the costs multiply four or five times, which made it not feasible for us. Being multiple times more expensive, it very much less attractive.

I would advise people to look at the options.

It does what it says it's going to do. The only issue is the cost.

I would rate Proofpoint Email Protection an eight out of ten.

We primarily use the solution to block malicious email and spam in bulk.

The URL rewrites on the solution are excellent.

The system offers good flexibility.

The initial implementation is pretty easy to handle.

The solution is quite reliable and doesn't fail.

The solution needs to better detect emails that don't have a malicious payload. They need to ensure those that have a link to a malicious Google Drive or something like that are captured.

We find the cost to be prohibitive.

Their smart search needs to be much more intuitive and flexible.

I've been using the solution for five years.

The solution is very stable. It doesn't crash or freeze and we don't experience bugs or glitches. It's quite reliable.

We don't plan on increasing the solution's usage in the future.

Technical support is very, very good. We've found them to be knowledgeable and responsive. We're satisfied with the level of service.

The initial setup was not complex at all. It was pretty straightforward.

The solution is quite expensive.

Right now, we're paying about $80,000.

We're simply customers of the solution. We don't have a business relationship with the company.

I'm not sure which version of the solution we are using. 

The advice that I would give to other companies who are considering using the solution is to really test the systems, even for outlandish attacks, to see if it will hold up.

For me personally, I actually have two Proofpoint accounts. I have a Proofpoint account for something completely unrelated to B&H and I was able to prove that's almost anything you think of you can do, although it might not say in the documentation or the people at Proofpoint might not think of that scenario, however, it's still a way to achieve almost everything you were trying to achieve with your email filter. 

The flexibility is unbelievable. And you could get very creative. You just need to be very careful to not mess it up. However, you could get extremely creative to accommodate real case scenarios.

Overall, I'd rate the solution nine out of ten.

Most customers interested in Proofpoint Email Protection have problems with spam, or their email security solution cannot detect phishing or spam, so they want to replace it with Proofpoint Email Protection.

Proofpoint Email Protection is a good product, and its most beneficial feature is the Threat Response Auto-Pull. I also like that it's an integrated email security solution.

The accessibility of Proofpoint Email Protection, particularly access to product trials, could be improved. It's hard to get a trial for Proofpoint Email Protection, and many customers prefer not just to do the POC or demo but try the product out, including Proofpoint Email Protection add-ons.

In the product's next release, I want more email servers added, such as Lotus Domino, rather than Proofpoint Email Protection focusing on just Microsoft Office 365 Exchange and Gmail.

I've been working with Proofpoint Email Protection for about eight months or a year.

Proofpoint Email Protection is pretty stable, so it's a nine out of ten for me.

Proofpoint Email Protection is scalable, an eight out of ten, scalability-wise. It has a large capacity, so in most cases, seventy to eighty percent of customers won't have issues with user capacity and email traffic, whether that traffic is coming in or out.

I often contact Proofpoint Email Protection technical support, and it's excellent, so it's a ten out of ten for me.

Positive

Proofpoint Email Protection is the first email security solution I've worked with because this is the first company I joined after I graduated.

The initial setup for Proofpoint Email Protection wasn't that easy, but it wasn't too complex either. I'd rate it an eight out of ten.

It took one month to less than two months to deploy Proofpoint Email Protection.

My team configures the platform to receive the incoming email from the domain and then send it to the customer's email server. For other configurations, it would depend on what the customer wants. Another team is in charge of Proofpoint Email Protection deployment while I do the presale work and capture feature requirements.

The licensing model for Proofpoint Email Protection is simple. It's based on the number of users and, in some cases, the amount of email traffic for the on-premise deployment, but the licensing isn't complicated.

The number of users depends on the customer. For example, it could range from one hundred to twenty thousand in the banking industry. The total price for Proofpoint Email Protection depends on the number of licenses you have.

You don't have to pay additional fees apart from the standard licensing fees.

Price-wise, Proofpoint Email Protection is a five out of ten because it's a pretty expensive solution.

My company is not using Proofpoint Email Protection, but it's a distributor based in Thailand.

I am trying to remember the exact version of the solution, but it should be the latest one.

Proofpoint Email Protection is mainly deployed on the cloud because many of my customers prefer a cloud solution unless the customer works in a bank or financial institution. Still, I have some customers that deployed it on-premises.

Two to three people take care of product deployment. My company didn't receive customer Proofpoint Email Protection maintenance requests this year because it just started working with Proofpoint, but maybe next year, it will.

Proofpoint Email Protection is best for medium to large businesses because it's pretty pricey so smaller companies would go for another product, or maybe Proofpoint Essentials. Still, since Proofpoint Essentials cannot customize policies or have the same usability as the enterprise product, smaller companies usually aren't interested in it.

My advice to anyone planning to implement Proofpoint Email Protection is that if you want a complete platform for email security, this product is the answer. There's no better email security solution than Proofpoint Email Protection if you can afford its price.

I'm rating the product as nine out of ten. I took away one point because of its price.