How has it helped my organization?
The geo-blocking is doing a very good job. I look at our SIEM to see from which countries we're getting attempted logins through Office 365. I started to correlate that with places we were getting spam from, like Brazil. We were also getting a fair amount of stuff coming in from the usual suspects, like China and North Korea. But Brazil was unexpected. I never would have guessed that there's a large hacking community down there, or machines there that are owned by hackers in other countries. The geo-blocking is important for reducing the exposure that we have.
For example, we can geo-block something and then we don't have to inspect a blocked email for a virus. Before we enabled geo-blocking, we were getting embedded viruses, and it was catching those, but now that's being caught by the geo-blocking feature.
Because our end-users are not getting spam, I'm not getting messages where people say, "I think this is spam. What do you think?" I used to get something like that six or eight times a day, so SpamTitan has definitely helped save time.
And in comparison to our previous solution from Barracuda, SpamTitan has reduced our spam by a factor of three.
What is most valuable?
I'd read that the portal software was dated from the UI perspective, but when I use it, it is very logically laid out. That is one of the things I like. I'm able to get to what I need to very quickly and manage it efficiently. Once I understood the model of how they were doing things, it was very easy to work with.
In addition, I looked at the reporting and about one-third of things that come are not spam, but they are blocked and they need to be blocked because of our rule sets. They're failing DMARC; SPF records are nonexistent. Another valuable feature is "nonexistent recipient." That eliminates a lot of noise that we would get, such as things coming in for former employees. We just don't need that mail.
What needs improvement?
The training for end-users could be improved. I would like to see a video that says, "Here's the solution and what it will look like." It would be helpful if they had something like that to set expectations.
For example, some of our end-users would go in and delete a message through the solution but they didn't know there was a popup that was part of that process. They weren't allowing popups. And then they couldn't understand why the message they had deleted was still in their mailbox when they knew that they had deleted it.
There was a disconnect regarding how things function, so they need something to show the end-user, very simply, what to expect and how you do things. They have it documented in text and with screenshots, and we went through that, but these days all of our training is done with short, three-minute videos, and people prefer that. They're not going to read anything.
For how long have I used the solution?
We've been using TitanHQ SpamTitan in earnest for 60 to 90 days. We were testing it for about three months before that.
What do I think about the stability of the solution?
The stability is good.
My concern is about what would happen if it goes down. Is it load-balanced? Is there a cluster on the other end or is this just one single server? As a mortgage bank, email is critical and everything is time-sensitive. If that's an option, or it's something that is built-in, I'm not aware of it.
From what I'm looking at, it's probably a single server having fault tolerance with two nodes. I come from regional banks and international companies and we always have multiples for failover. We're a small company and I don't know that we could afford that kind of redundancy, but I haven't had a discussion with TitanHQ about what that would look like or what it would cost. I could bring that to our executives and say, "Is this something that would be valuable given the cost?" If they were to say no, and then we had an outage, it could get expensive on our end.
How are customer service and support?
The support hours are tough for U.S.-based companies like ours, because they're in Europe. They did tell me that they're opening a support office in the U.S. There is, currently, some overlap in support, but it's difficult to get real-time support and, a lot of the time, I just need a quick answer.
That could be improved. It's not an untenable situation but it is a little bit frustrating when I've got users saying, "Hey, I need this or that," and I really need to know how to configure it.
When I do get somebody in support, they're on top of it and they do a great job, but sometimes there's a delay in getting a response.
I had to become familiar with all the different features, and how they classified things a little bit differently. But they do a good job on the help desk side of it. We had a couple of issues where the documentation wasn't there and they agreed. Two days later I was on their help site and I saw that they had built a more specific page for that. It was really encouraging that they're on top of it.
The quality of the support is great. The people I've worked with are great. It's the timeliness. Sometimes it takes a little while, going back and forth, to get the right person.
For Barracuda support we went through a service provider and it typically took a day or two before we would get a response, so SpamTitan is much better.
But compared to other companies, SpamTitan is on par with what we would get from Microsoft or Cisco, given that we are a regional bank and a larger account. With those companies, I can usually get a hold of somebody on the phone within an hour to four hours. With SpamTitan, it is mostly through email, back and forth. That means there are some delays. Sometimes, being able to talk to somebody and just say what I need to do would be better than doing it through emails.
The best support I've ever gotten, as a reference point, has been from Nutanix. That might be a model that they want to look at. I got better support from Nutanix on products that weren't even theirs. I had problems with VMware and their engineers helped solve the problem, which really engendered my confidence in their product.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
Our company has been doing managed service for 10 years with two different service providers. My job was to come in and stand up an internal IT department because they weren't happy with the services. I've been in IT for over 40 years and I typically fulfill a CTO role and help companies get their IT functioning during a major merger or acquisition. My current company is constantly in a merger and acquisition phase.
I looked at the products that our company was using but, because there was no IT department, we weren't really getting value out of those products. In all fairness, the products weren't configured optimally for this company. I said, "Well, this is an opportunity to look at something more cost-effective."
We landed on TitanHQ's SpamTitan.
We were using Barracuda, which is not a bad product. But we weren't set up with any portals so I couldn't see anything. We were getting an inordinate amount of spam and targeted spam. I was just unhappy with the company overall. I decided I had to put my own stuff in and just forklift everything else out.
How was the initial setup?
Overall, the setup was very good.
The exception was creating the proper certificate. We couldn't get it working properly. So SpamTitan created the certificate but it doesn't function properly because we still get an error message that people have to bypass. This is part of what I was talking about with the end-users getting a popup. It's like when you go to a webpage and the certificate is out of date. Our end-users are getting that error message because the certificate doesn't function properly. They thought the site was broken and I said, "No, you can bypass it. We trust this site. This is 'our site.'"
This issue with their certificate has caused a lot more communication between my team and the end-users where we have to say, "No, really, this is okay," because in general, we've trained them to not bypass messages like that. In this particular case, we know it's something we have to fix. That part of it wasn't clear in the documentation.
I've got a call tomorrow with the SpamTitan support team and I'll talk to them about getting this fixed because it is the only problem that we have right now.
Which other solutions did I evaluate?
When I talked to Barracuda from the licensing perspective, it was not as competitive as what I would have liked. We're a smaller company with about 130 employees.
Also, in a meeting with my senior management, they said that my prediction that we were going to get more spam temporarily until the SpamTitan machine learning had completed was true, but they also said they thought it was going to take much longer. Within about a week, things had settled down and they said we are getting a lot less spam than we used to with our previous solution.
We still have SpamTitan in learning mode and one of the things that I did at the beginning was to log in every day and look at all the email. When something was obviously spam I took care of it in the back end so that end-users don't have to deal with it. This week, when I looked at it, I didn't see anything that I needed to take action on. It's doing a very good job of properly identifying things.
At first, my senior management were apprehensive about SpamTitan, but now they are saying that they feel they are in control of spam. The way SpamTitan works is a little bit different because, with Barracuda, they were getting hourly updates about quarantined mail. When I told them they were only going to get updates once a day, but they could go check, they thought that was going to be more impactful, but for most people it has resulted in less noise. Our end-users are comfortable with it and it's working really well.
In our business, we get bulk notifications from different companies about the current interest rates, sometimes two or three times a day from the same company, and they go to 20 or 30 or more recipients who are our loan officers. Our end-users like that they can go into the quarantine and clear those. After a while, they'll either create a folder for those updates or they'll just say, "I don't need this anymore and I'm going to block it." They like the fact that they're all managing that independently. That's not to say they couldn't do so with Barracuda, but it required logging into a portal and knowing how to sort things. Now, it's in an email and, right from that email, they can block or allow those messages independently.
A few people in our organization didn't like it, but I said, "Look, you can just open this email and click a button and, within about 30 seconds, you'll have an email that says, "This is everything that's currently in quarantine." It's easier than having to use a browser, log in to a portal, and do that. That saves them a little time.
Overall, SpamTitan learned faster than I thought it was going to, based on other products that I've used. There was a lot more feedback. The other products are based on the users, but this one, with its AI, seems to produce tremendous improvements day-to-day. I told the teams it was going to take two to three weeks but, within a week, we had dropped the amount of spam that was getting through. By Tuesday of the following week, meaning about a week and a half after implementation, it was mature. It wasn't final—it's always going to be learning—but it was mature enough that we felt that the hand holding with the individuals and checking in were not things we needed to do anymore. Everybody was confident at that point.
What other advice do I have?
Don't discount TitanHQ because you haven't heard of them. I sit with other CISOs. We get together for dinner once a month and talk and I mentioned it but nobody had heard of them. I said, "SpamTitan has this and this feature," and I delved into some of the reasons we went with it and they were taking notes. They're excited to look at something recommended by a peer who is saying, "I've used multiple products and I like the way that these guys work. I like what they're doing and how we're stacking up our security."
TitanHQ recently acquired Cyber Risk Aware for security awareness training with phishing simulation. I mentioned that it makes sense because you could tie that into your SpamTitan and WebTitan. Your training could be based upon real metrics, in real-time, based on what people are doing. That's a very good, competitive place to be. I look forward to their growth. When I mentioned those things my colleagues were saying, "Wow, this sounds like a company we need to really seriously take a look at."
My approach is to leverage things that make sense, not because they're there. I always look at: Why? Where are we going? How do we get there? Then we can decide whether that's the right type of product or service to use going forward. We have different outcomes than we would get if we did what most people do. They say, "Well, how do we improve what we've got?" Maybe what you have doesn't fit anymore.
We also use TitanHQ's WebTitan. We just rolled that out to replace Cisco Umbrella and because the interface is very similar to SpamTitan's interface, it was very easy to roll that forward and to manage it.
So far, SpamTitan is the easiest and most efficient solution I've used. I give it a 10 out of 10.
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.