What is most valuable?
From an email security standpoint, the best features are that it is very convenient to configure new rules onto it and it gives very good insight on what has entered my system and what the email security solution has taken action upon. It has future analytical insight on what kind of attacks it could come across which would have already penetrated your system that you should be aware of. If there is anything which has already propagated inside the system, we can look into the other email security solutions to get that validated and then it gets things under control.
What needs improvement?
There is a lot of room for improvement towards the phishing kind of email filtering, with the different hijacking attacks, and with the kind of password attacks which these phisher attackers do. The engine is intelligent enough to block any link which is coming in the email because it checks the quality of the reputation of the link. But it is written by a very intelligent person using a very localized domain so it lacks that functionality. There are other solutions available in the market, such as Proofpoint and Barracuda, that have slightly better intelligence around that, maybe they have more attack feeds coming in or maybe they are working a little harder on the resource side. Their response towards such emails is very granular whereas Trend Micro's is higher.
Maybe email security is not the goal for Trend Micro, because the other players like Proofpoint, Barracuda and Microsoft are working essentially on the email security. So they are very focused and since the products are completely driven towards email security they give a better posture and have better performance there. But from a threat prevention point of view and as the first wall of anti-virus defense, Trend Micro tends to be a superior product.
For how long have I used the solution?
I have been using Trend Micro Email Security for two and a half to three years.
What do I think about the stability of the solution?
Stability-wise, we have not found any challenges so far.
I don't know if I can fully comment on that, because we have a limited base, a limited number of users, and maybe our organization is not the organization which should ideally comment on the stability. But the solution has been available all the time, there was no downtime in our service period and we are not facing any challenges regarding availability.
How are customer service and technical support?
In India they provide very good support.
We have not faced any kind of challenges here. I'm not sure about other regions and their services there. For us, it has been a very good experience, because the vendor we work with has very good expertise in Trend Micro. The OEM itself is there and they are available most of the time, even 100% of the time. So it's good.
Whenever we had some issues with our email services, they were all available.
How was the initial setup?
The initial setup was very straightforward. I think it took us 15 days.
It was very, very quick because we were on the cloud setup. It was just a few steps so that our emails go there, get filtered and then come back to us. Then a few fine tunings so that we don't block legitimate emails.
Which other solutions did I evaluate?
I think the email security domain is a very mature domain now. If you look at Gartner, for example, they have stopped publishing their quadrants for email security because they have declared that it's a very mature market and players which are in email security already know that they are very deep into the services.
What other advice do I have?
On a scale of one to ten, I would give Trend Micro Email Security a seven.
Some of their features should focus more on preventing the emails which are malicious in nature from entering into the user mailbox and they should have a feature to completely remove it from the entire email system. For example Microsoft has an option where if there is a malicious email you can just identify it and with one click you can delete every email in the system in the organization for whoever has received it. Similarly, there must be some kind of awareness mechanism for the user, even for whoever is not receiving it. They should be able to send out some kind of email or some kind of awareness to the user not to respond to any malicious services. In my experience throughout my career, making your users aware of email threats helps to get control of the threat by almost 70%.
If you receive 10 emails out of which four to five would be spams, one or two may be malicious. If you are aware of it you will not respond to it. But in the initial stages, you might have clicked on the link or responded to their request. But eventually, when you learn about these malicious things, you automatically hesitate responding to them, or maybe you just don't read them. Those kinds of responsive behavior comes with time. If you teach your people they will not respond and your email security solution will look better because people will not get into the wrong traps.
For small to medium sized business, Trend Micro Email Security fits very well because cost-wise it is effective and because their technical resources are widely available in India, the Asia Pacific region, and in Europe. However, when we look at it from an enterprise user perspective, where the number of users can be huge, we take more of a risk opting for a less expert solution. In terms of email security, I would not rate Trend Micro as an expert solution. There are others available which are doing this better than Trend Micro. Once Trend Micro is at their scale, at that point only would I recommend Trend Micro. But for the small and medium industries, I would recommend it because they have limited budgets and they work in a different sector of the market.
But for the enterprise customers, I think they should look at some better solutions which are dedicated for email security. Email is the most critical part of the organization, so you should always choose the expert.
Which deployment model are you using for this solution?