What is our primary use case?
We use it as a corporate or as an exchange email filter to protect, to stop any executables from coming through email, and to halt phishing scams. Basically, the product is for email security. We use it for our network.
Also, if a user thinks that they didn't get an email, we can access the Proofpoint dashboard and go find missing mail that either people didn't get so we can rerelease it to them. Or if it did get quarantined, we can release and approve a sender.
You can blacklist and whitelist sender lists. If you are getting phishing scams that get through the filter, you can end up shutting those down. You can actually block the entire domain so that domain can never email you ever again.
If there is an external email outside of your network or your company, you can whitelist them if it's an unknown sender, so you don't ever have to worry about missing their emails.
How has it helped my organization?
We had an attempt for a ransomware attack and we were able to block them through Proofpoint Essentials. It's keeping us very safe. Our antivirus shut down the first one and then when the attacker tried again, we were able to block and cease all attacks. In the end, we didn't end up becoming a victim of a ransomware attack.
What is most valuable?
The solution offers very good flexibility. You can blacklist or whitelist with ease.
Their entire dashboard is excellent. It's completely user-friendly, it's easy to navigate. Anything you need to get done, you can do right from the dashboard, which is incredible.
What makes it so easy is the features of Proofpoint and how secure it is.
You could have no IT experience and go in there and control Proofpoint. If your company says "Hey, we need somebody to control Proofpoint," you could hire a kid out of high school to learn it. That's how easy it is.
What needs improvement?
The Secure Mail aspect should have an Outlook add-in, instead of an external dashboard that outside users have to access. If we send a payment to one of our customers or an ACH or a form to fill out, they have to go through this entire subscription process on a separate website to read the secure mail.
It should be like Ignite, where you can access the internal portal so then our customers aren't having to go through all these hoops just to read an email that we're trying to send them securely. That would be the one thing I would change. Basically, the Secure Mail portal wouldn't be its own portal; it would be an add-in.
For how long have I used the solution?
I've been using the solution for two years and the company itself has used it for five.
What do I think about the stability of the solution?
The solution is 100% stable. It's incredible. We haven't had any issues with it. No downtime, no hiccups. Obviously, it's not going to catch everything, however, we have the ability to go in there and block stuff that it does miss. It's an incredible solution.
What do I think about the scalability of the solution?
The scalability capability is based on the packages. We're not at the highest package, however, from what I've read, it's got some incredible scalability. With our package, it does everything we need and we have over 200 users.
It does more than what we need it to. There's stuff we don't even use as we don't use those capabilities of it. The scalability would be incredible as with 200 users we still don't touch all of its features.
As far as I know, we'll continue using it. The company has been happy with it for over five years and I've been around it for two years and it doesn't seem to be going anywhere. Now that we've added Secure Mail, it's really probably not going anywhere.
How are customer service and technical support?
I'd rate technical support eight out of ten.
You pay for what you get, and we didn't pay for the enterprise tier, so we're in a middle tier. Sometimes it does take 24 hours to hear back, however, if it's a high priority that they'll call you within 30 minutes. It's pretty incredible how prompt they are.
Once you do get a hold of them, it's not like, "Okay, well, we'll look this up and we'll call you back." No - they sit there and they'll work you through it. They'll remote into your machine if you need them to. They're excellent.
Which solution did I use previously and why did I switch?
I haven't previously used any other solution. Before, the company only used the security features in Exchange Online admin center, which obviously wasn't as secure as they wanted it to be. That's why they went to Proofpoint.
How was the initial setup?
The initial setup was straightforward. It's real easy to integrate with Active Directory exchange online. You just pretty much point and click and follow the prompts and it's there. Now, some of the whitelisting, you would have to have some experience, however, not too much. You would want someone knowledgeable to just navigate some of the approved domains and stuff like that to whitelist IPs as that portion was a little more work.
It probably took about six hours to whitelist IPs. The deployment is a moderate amount of work, however, not much, not a lot.
We didn't do a very complex setup since most of our users are silent users. They have it, however, we don't allow them access as we don't want them to be able to release something onto the network. It probably was a six-hour job to just get everybody added in from Active Directory and integrated into the system.
The maintenance is basically two people. It's all it really takes. It really only takes one person, however, there are usually two of us here that can access it and go in and clean stuff up. And as far as the roles, there's not really assigned roles for who goes in and does what. As far as users, they're silent users and active users, and only active users can actually access the portal, and then the administration is the only one that can change settings.
What about the implementation team?
We did use a consultant to help us with the implementation. Our network admin did most of the work, however, the consultants were there just to guide us through it, just in case we hit a hiccup, which we didn't.
The consultants were great. They were easy to work with. They were prompt in responses.
What was our ROI?
The biggest ROI for us was when it stopped a ransomware attack. It could have cost us a ton of money. It could have been detrimental to the company. It basically paid for itself right there.
What's my experience with pricing, setup cost, and licensing?
The licensing is basically $8/user. We pay yearly, however, they do allow for month-to-month billing.
It's just a straight licensing fee. For support, you'll pay extra for that. If you want to move up to a higher tier, I don't know how much it is, however, I know you pay more to get a higher level of support. Tier One support is way cheaper than Tier Four. You are paying pretty much to have your own project manager. Proofpoint literally assigns someone to you. When you call, it's getting taken care of by his or her team. That's pretty expensive, however, I'm not sure of the cost.
What other advice do I have?
I'd advise users to get the package with the Secure Mail feature and then make sure that you whitelist all your important IPs and then add domains of all known users, so you don't run across any blocked or missing mail.
Our users have learned to be more careful and look for more phishing attempts from it, because now they know what a normal email should look like instead of, "Hey, here's a link you need to update your password." And then just clicking away. Through this they've been able to see, because we can show them, "Look, this is blocked, this wasn't, here's why." Right. So we've been actually able to teach that culture and teach the hesitancy. With this solution, our users have become much more informed.
I'd rate the solution at a nine out of ten. It's a great product and they have great customer service, a great support team.
Which deployment model are you using for this solution?