We just raised a $30M Series A: Read our story

Proofpoint Email Protection Competitors and Alternatives

Get our free report covering Palo Alto Networks, Microsoft, Microsoft, and other competitors of Proofpoint Email Protection. Updated: October 2021.
540,884 professionals have used our research since 2012.

Read reviews of Proofpoint Email Protection competitors and alternatives

RL
Email Adminstrator at Merchants Capital Resources, Inc.
Real User
Top 20
Filters out links and spam, stopping junking from getting through

Pros and Cons

  • "There is a huge return compared to if we didn't have a gateway appliance, as far as blocking malicious emails."
  • "I use the search all the time. Sometimes, it is hard to search for things and things are hard to find. People come to me all the time, saying, "This email didn't get through." Then, I go searching and don't find it on the first search. You have to think about alternative searches. I don't know if there is an easier way that they could help to find things. I don't know how they could simplify it, because now everybody else is using the cloud and everything is coming from Office 365, or whatever. It is just not the same environment from years ago where everybody had their own server and you could search easier."

What is our primary use case?

We are using it for our email gateway security for all our inbound and outbound email. We use a lot of the URL filtering and spam filtering as well as the dictionaries, e.g., if they try to spoof employee names.

How has it helped my organization?

We didn't have an email gateway initially. As spam was ramping up, the junk was getting through. So, we needed a gateway. We then worked with a local company who sold us this product and some training as well as how to get it up and running, configuring it. Over the years, they have been constantly changing it.

What is most valuable?

We use a lot of their search features to search for emails that have come through. Our end users come through it. They say, "This didn't email didn't arrive," or "How did this email get through?" So, I am constantly searching through message tracing and using that all the time.

What needs improvement?

I use the search all the time. Sometimes, it is hard to search for things and things are hard to find. People come to me all the time, saying, "This email didn't get through." Then, I go searching and don't find it on the first search. You have to think about alternative searches. I don't know if there is an easier way that they could help to find things. I don't know how they could simplify it, because now everybody else is using the cloud and everything is coming from Office 365, or whatever. It is just not the same environment from years ago where everybody had their own server and you could search easier.

When you run a trace and you are in the cloud, it's harder. You run a trace and it generates trace results. I haven't figured out how to get those off of the cloud. I don't know if there is a path to open up a ticket on that.

For how long have I used the solution?

Before it was purchased by Cisco, we had already been using IronPort since 2005 or earlier.

What do I think about the stability of the solution?

It is very stable. We have never had any problems.

The way we are using it now, it does require maintenance. I decided to take a zero trust for URL links coming in emails or unknown links. Then, if there is a link that somebody wants to get through, then I have to add that to the list to allow it. So, there are some dictionaries and things to maintain the way we are running it now that we didn't have in the past. For many years, we got it running, then forgot about it. It just ran and ran. Now, I think it is just a different environment due to the level of phishing emails, etc. 

The way that we are running it now, there is more to maintain, like the dictionaries and the list of employees, so somebody doesn't spoof an employee's name. It takes maybe an hour or so a week to update the dictionaries and things like that. 

Right now, I'm the only one maintaining it.

What do I think about the scalability of the solution?

The scalability is good. It seems like it still has capacity in the cloud. It is hard to tell in the cloud. However, the ones that we had on-prem were running real close to their limit for whatever reason: memory swapping and CPU utilization. So, we had to do something there. Right now, it seems like there is capacity/room to grow.

The solution protects 450 users. We plan to gradually increase users.

How are customer service and technical support?

They have always been good when helping with problems. They are responsive and always come up with an answer.

Which solution did I use previously and why did I switch?

We migrated from Cisco ESA to Cisco Cloud Email Security. 

The appliances were getting close to the end of life. They were using a lot of CPU, so it was time to do something with them. IT management seems to be going more to the cloud now, so it made sense to go to the Cisco Cloud solution. The machines that we had on-prem were really slow. For whatever reason, they were getting real slow. When we went to the cloud, we got away from that problem.

How was the initial setup?

For the initial deployment, we might have spent a week getting it up and running. Then, we went for a day or two to training.

There wasn't really any downtime involved during the migration from our on-prem to Cisco Cloud Email Security, which was important to us. We didn't want to interrupt email flow. So, we prepared it, then there was a cutover. 

The migration from the vendor’s on-prem to Cloud Email Security wasn't too difficult.

What about the implementation team?

A few times, we needed Cisco's expertise in the migration process to solve some problems for free. Because it is in the cloud, you can't get to the command line interface to access and download/upload files. So, I had to rely on Cisco for that.

What was our ROI?

There is a huge return compared to if we didn't have a gateway appliance, as far as blocking malicious emails.

What's my experience with pricing, setup cost, and licensing?

The licensing was all transferred. A fair amount of the configuration had to be done by hand. We didn't transfer the people safe list and block lists. There were a number of things that we didn't transfer because they were in the cloud. It was a matter of going through and reconfiguring.

Which other solutions did I evaluate?

The familiar user interface was important in our decision to migrate from Cisco’s on-prem to Cloud Email Security. We have a lot of other projects going on. Being able to migrate to something that we were already familiar with versus migrating to Proofpoint or something else was a major decision factor. I didn't have to invest that much time, resources, and learning in a whole new product.

If you compare it over Proofpoint, it was a big savings. It was very competitive. It saved us from buying new appliances. Though, I don't know that would have been a big expense, because I didn't do a cost analysis of staying on-prem and replacing the appliances. We were more comparing the solution to Proofpoint, and the cost was considerably less than Proofpoint. It was already in place and working for us on-prem. So, I didn't want to move to Proofpoint because there would have been much more to learn.

Some of the things that we were doing in Cisco, we can't do it the same way in Proofpoint, from as much as I have looked at it. I know there is a difference. They have different solutions. They have some solutions that aren't configurable at all, such as, the lower price ones. They have another one where you are just like a tenant and everybody gets the same thing, then for it to be customizable, it is a lot more expensive. In orders of magnitude, it is more expensive than Cisco, which didn't make sense. With all the little tweaks and customizations that we're doing, I couldn't see how to do that based on the time I spent looking at Proofpoint. It might be doable, but I didn't figure out how to do it. So, I think Cisco is a little more configurable than Proofpoint for tweaking. I could be wrong, but that is my impression.

What other advice do I have?

There wasn't much of a learning curve involved in migrating from Cisco’s on-prem to Cloud Email Security because they are very similar. There were just a few things that were different.

It is a good product. Be prepared to invest time in learning it, like anything. You need to have somebody who is a key administrator, like any enterprise-level product that you would bring in. Even if you will have Salesforce or whatever, you need to have an administrator who knows how to keep it running.

Email threats just keep getting worse and worse, so you need to keep on your toes.

I would rate this solution as a nine (out of 10).

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
DS
General Manager -Mfg at a consumer goods company with 5,001-10,000 employees
Real User
Top 10
Easily configurable solution suitable for small to medium businesses

Pros and Cons

  • "The best features are that it is very convenient to configure new rules onto it and it gives very good insight on what has entered my system and what the email security solution has taken action upon."
  • "There is a lot of room for improvement towards the phishing kind of email filtering, with the different hijacking attacks, and with the kind of password attacks which these phisher attackers do."

What is most valuable?

From an email security standpoint, the best features are that it is very convenient to configure new rules onto it and it gives very good insight on what has entered my system and what the email security solution has taken action upon. It has future analytical insight on what kind of attacks it could come across which would have already penetrated your system that you should be aware of. If there is anything which has already propagated inside the system, we can look into the other email security solutions to get that validated and then it gets things under control.

What needs improvement?

There is a lot of room for improvement towards the phishing kind of email filtering, with the different hijacking attacks, and with the kind of password attacks which these phisher attackers do. The engine is intelligent enough to block any link which is coming in the email because it checks the quality of the reputation of the link. But it is written by a very intelligent person using a very localized domain so it lacks that functionality. There are other solutions available in the market, such as Proofpoint and Barracuda, that have slightly better intelligence around that, maybe they have more attack feeds coming in or maybe they are working a little harder on the resource side. Their response towards such emails is very granular whereas Trend Micro's is higher.

Maybe email security is not the goal for Trend Micro, because the other players like Proofpoint, Barracuda and Microsoft are working essentially on the email security. So they are very focused and since the products are completely driven towards email security they give a better posture and have better performance there. But from a threat prevention point of view and as the first wall of anti-virus defense, Trend Micro tends to be a superior product.

For how long have I used the solution?

I have been using Trend Micro Email Security for two and a half to three years.

What do I think about the stability of the solution?

Stability-wise, we have not found any challenges so far.

I don't know if I can fully comment on that, because we have a limited base, a limited number of users, and maybe our organization is not the organization which should ideally comment on the stability. But the solution has been available all the time, there was no downtime in our service period and we are not facing any challenges regarding availability.

How are customer service and technical support?

In India they provide very good support.

We have not faced any kind of challenges here. I'm not sure about other regions and their services there. For us, it has been a very good experience, because the vendor we work with has very good expertise in Trend Micro. The OEM itself is there and they are available most of the time, even 100% of the time. So it's good.

Whenever we had some issues with our email services, they were all available.

How was the initial setup?

The initial setup was very straightforward. I think it took us 15 days.

It was very, very quick because we were on the cloud setup. It was just a few steps so that our emails go there, get filtered and then come back to us. Then a few fine tunings so that we don't block legitimate emails.

Which other solutions did I evaluate?

I think the email security domain is a very mature domain now. If you look at Gartner, for example, they have stopped publishing their quadrants for email security because they have declared that it's a very mature market and players which are in email security already know that they are very deep into the services.

What other advice do I have?

On a scale of one to ten, I would give Trend Micro Email Security a seven.

Some of their features should focus more on preventing the emails which are malicious in nature from entering into the user mailbox and they should have a feature to completely remove it from the entire email system. For example Microsoft has an option where if there is a malicious email you can just identify it and with one click you can delete every email in the system in the organization for whoever has received it. Similarly, there must be some kind of awareness mechanism for the user, even for whoever is not receiving it. They should be able to send out some kind of email or some kind of awareness to the user not to respond to any malicious services. In my experience throughout my career, making your users aware of email threats helps to get control of the threat by almost 70%.

If you receive 10 emails out of which four to five would be spams, one or two may be malicious. If you are aware of it you will not respond to it. But in the initial stages, you might have clicked on the link or responded to their request. But eventually, when you learn about these malicious things, you automatically hesitate responding to them, or maybe you just don't read them. Those kinds of responsive behavior comes with time. If you teach your people they will not respond and your email security solution will look better because people will not get into the wrong traps.

For small to medium sized business, Trend Micro Email Security fits very well because cost-wise it is effective and because their technical resources are widely available in India, the Asia Pacific region, and in Europe. However, when we look at it from an enterprise user perspective, where the number of users can be huge, we take more of a risk opting for a less expert solution. In terms of email security, I would not rate Trend Micro as an expert solution. There are others available which are doing this better than Trend Micro. Once Trend Micro is at their scale, at that point only would I recommend Trend Micro. But for the small and medium industries, I would recommend it because they have limited budgets and they work in a different sector of the market.

But for the enterprise customers, I think they should look at some better solutions which are dedicated for email security. Email is the most critical part of the organization, so you should always choose the expert.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
JE
Head Of Finance And Administration at a financial services firm with 1,001-5,000 employees
Real User
Top 5Leaderboard
Good gateway and email security with an easy initial setup

Pros and Cons

  • "It's really quite user-friendly. In terms of technical superiority and the product itself, there are no complaints. It is really cutting edge."
  • "We have subscribed to an archival service, and yet, when we have to get our data out, we have to pay a fee to get our own data. They charge an extraction fee."

What is our primary use case?

We use Mimecast as our email gateway. We also use it as our archival service. All those phishing, anti-phishing, spear phishing, spamming, and other security filters that they have, we use all of them.

What is most valuable?

We have found email security very good.

The gateway is excellent. 

We have found the archival services to be very valuable.

It's really quite user-friendly. In terms of technical superiority and the product itself, there are no complaints. It is really cutting edge.

The initial setup is straightforward.

What needs improvement?

It was not so much about the product itself, however, their business model needs improvement. We have subscribed to an archival service, and yet, when we have to get our data out, we have to pay a fee to get our own data. They charge an extraction fee. This is something which really worries us as a company.

For how long have I used the solution?

I've used the solution for about six years at this point. It's been a while.

What do I think about the stability of the solution?

The solution is stable. There aren't bugs or glitches. It doesn't crash or freeze. It's very good.

What do I think about the scalability of the solution?

The solution can scale well. If a company needs to expand, it can do so rather easily.

We have grown from about 2,600 users to about 4,000 users. We have added additional geography as well. The product is resilient enough to take care of all of this.

How are customer service and technical support?

We have contracts and we are also subscribed to a service plan. Whenever we have used it, the service levels have been very good and we have no reason to complain.

Which solution did I use previously and why did I switch?

We were previously thinking of an alternative to Mimecast for two reasons. The main reason is as an organization, we are in the financial service industry, and we have to show some data resiliency to our regulators. However, due to the fact that we're present in 30 countries, what happens is all Mimecast data is centrally hosted in one particular grid, which is preventing us from showing data resiliency to them. I want a solution that allows me to selectively map users to a particular geography. 

How was the initial setup?

We didn't find the initial implementation complex. It was pretty easy and rather straightforward.  We didn't run into trouble.

We are a complex organization. We are present in 30 countries. It was a mix of on-prem and some were in Office 365. Due to the set up of our own architecture, we had to undergo some labor, however, otherwise, the entire process was pretty straightforward.

What's my experience with pricing, setup cost, and licensing?

We typically use a subscription service. If there are version upgrades. We automatically get upgraded to the latest version, as it's a software as a service setup. We don't need to update it as Mimecast takes care of it.

If you need to extract data from their archival service, there is an additional fee involved.

As we are an enterprise customer and we have a relationship with them, what we are told by the reseller is that we pay about 40% of their list price for this product.

It's an expensive solution. There are other competitors, like Barracuda, who offer similar services. We believe that over the years, they have picked up, and their pricing is much more competitive than Mimecast. As an organization, Microsoft itself has really matured over the years. They offer probably 90% of what Mimecast is offering, and then you don't have to pay anything extra for it because it comes with part of the Office 365 licenses. That is why we also believe that there is a lot of room for Mimecast to get their act together, pricing-wise.

Which other solutions did I evaluate?

We evaluated a few other options such as Cisco IronPort as a security service. We evaluated Proofpoint. The comprehensive solution that Mimecast offers, however, really made us sign on the dotted line.

What other advice do I have?

We're just an end-user.

We use their Perimeter Defense plan, we use their Continuity plan, we also use email to archive. These are the three scales that we use from them.

I would advise others considering the solution to technically evaluate their competencies, their highs, and lows, first. Also, read the fine print, and understand the exact costs. A company will need to understand natively how much of Mimecast capabilities does Microsoft offer if you just subscribe to an Office 365 license. It might make them rethink using this solution.

From a technical standpoint, I would rate the solution eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
reviewer1389069
Customer Success Engineer at NetBeez
Real User
Top 10
The feature set is incredibly granular and allows for deep levels of customization

Pros and Cons

  • "The best part is, I rarely have to access the portal as everything is set up and tweaked the way I wanted it. But the feature set is incredibly granular and allows for deep levels of customization."
  • "I guess I would say maybe quick access to training material for end-users. I know partners have access to this but I as an end-user do not have immediate access to new update information."

What is our primary use case?

I use this to protect my primary and shared email boxes for my small business.  I only have a few email addresses so getting enterprise-grade protection for a smaller account is normally difficult.

I utilize every feature ranging from Spam Filtering & ATP to the automated encryption and archiving feature.

The best part is, I rarely have to access the portal as everything is set up and tweaked the way I wanted it. But the feature set is incredibly granular and allows for deep levels of customization.

How has it helped my organization?

I don't have to worry about malicious attacks.  My emails are automatically encrypted and automatically archived. This allows me to save time & money.  I do not have to fuss with each and every suspicious email that comes in and I have it set to give me a report every 4 hours.  So I never miss an email and give myself the opportunity to make sure that everything bad is caught and everything good can be allowed through. This service has allowed me to focus on my core environment and ensure the safety of my customer's data.

What is most valuable?

Spam report is nice as it not only tells me what is malicious but allows me to release annoying but unharmful emails in case I wanted to view them.

The automatic encryption feature is nice because encryption is quite frankly, frustrating to understand. All I had to do was configure rules and the rest was history.

The new ATP features to help combat fraud and name spoofing has been very useful.

I like the simplicity of the signature aspect where I can make quick and easy updates to any and all mailboxes on the fly

What needs improvement?

Right now everything is working fine. Everything is out of flash and migrated into HTML5. The customization has come a long way since this product launched in 2018. Searching and finding emails is as simple as ever. I guess I would say maybe quick access to training material for end-users. I know partners have access to this but I as an end-user do not have immediate access to new update information. Maybe I should check the portal more and it may be available, but they made the product in a way where you can easily set and forget.

For how long have I used the solution?

I have been using this solution since the release, almost two years.

What do I think about the stability of the solution?

I have had no downtime that I can recall.

What do I think about the scalability of the solution?

Should scale to tens of thousands easily.

How are customer service and technical support?

I've only contacted them a few times, response was quick.

Which solution did I use previously and why did I switch?

Office 365 ATP and I did not want to have all of my eggs in 1 basket. Also, Office 365 ATP is limited regarding customization.

How was the initial setup?

With the Azure Directory sync, it took a few minutes.

What about the implementation team?

I did it myself no vendor.

What was our ROI?

I only pay maybe a few hundred a year but I probably save thousands.

What's my experience with pricing, setup cost, and licensing?

The initial setup took minutes, tweaking everything took maybe an hour to set up to my liking. The costs is very inexpensive compared to other solutions.

Which other solutions did I evaluate?

  • Proof Point
  • App River
  • Barracuda
  • Spam Titan

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
KS
Senior Security Architect at a tech services company with 51-200 employees
Real User
Top 20
Easy to install and secures users against URL relay attacks, spam, and malicious attachments

Pros and Cons

  • "The most valuable feature is the URL relay protection because it protects users from phishing attacks."
  • "In the next release of this solution, I would like to see more user awareness, such as information about phishing email attacks that have been prevented."

What is our primary use case?

We are a technical services company and we work with many different solutions, including the Sophos Email Appliance. We currently have a couple of customers who use Sophos.

This solution is for the secure delivery of inbound email. There are various use cases including checking email against spam, DNS or configuration related issues, and spoofing-related security issues. It also checks URL in emails, as well as for malicious attachments. All of these things are checked before the email is delivered to the user.

What is most valuable?

The most valuable feature is the URL relay protection because it protects users from phishing attacks.

What needs improvement?

The frequency in which this solution receives technical updates should be improved. If they are to be rated as the number one email appliance then they should also be the first to receive updates. It should happen across all of the customers, immeidately.

In the next release of this solution, I would like to see more user awareness, such as information about phishing email attacks that have been prevented.

The baselining and reporting is better with some of the competing solutions.

For how long have I used the solution?

We have been dealing with the Sophos Email Appliance for more than a year.

What do I think about the stability of the solution?

This is a very stable solution.

What do I think about the scalability of the solution?

Being cloud-based, the email appliance is very scalable.

How are customer service and technical support?

I have been part of the implementation team for this solution, and once that is complete, we hand it over to the managed services team. We have never had issues that required contacting support.

Which solution did I use previously and why did I switch?

We have implemented the Sophos Email Appliance for clients, but we have also deployed similar solutions by Mimecast and Proofpoint. These products have some easy-to-go connectors with Office 365.

How was the initial setup?

The initial setup is straightforward. The time required for setup and deployment is between five and seven working days.

What about the implementation team?

We have our own teams in-house for implementation, deployment, and maintenance.

What other advice do I have?

My advice is that every organization should select an email security appliance, based on their requirements. Even if they are using Microsoft Office 360 Protection, they should still be using a cloud-based email security solution because there are some specific security rules and controls that are applied through these appliances.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

Private Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Get our free report covering Palo Alto Networks, Microsoft, Microsoft, and other competitors of Proofpoint Email Protection. Updated: October 2021.
540,884 professionals have used our research since 2012.