Proofpoint Essentials Email Security

Overview

With over 2,000 employees and annual revenues of over $1bn, Proofpoint is the world’s largest email security provider, trusted to secure more than 50% of the Fortune 100 and the top five banks globally. Proofpoint Essentials is their solution for small- to mid-sized businesses, which comprises two products: email security and security awareness training. Proofpoint Essentials Email Security deploys a secure email gateway to protect organizations against email-borne threats such as spam and graymail. With effective spam filtering, attachment sandboxing and URL defense features, Proofpoint Essentials provides SMBs with enterprise-grade security at a cost-effective price point.

Key Features

Connection Control

Before an email comes into Proofpoint’s gateway, Proofpoint checks the sender’s IP address and carries out a reverse DNS lookup to discover whether the IP address has a PTR record, helping prevent Denial of Service attacks. Proofpoint acquired Cloudmark to perform this connection check. Cloudmark monitors around 12% of global email traffic, which enables them to gather a wealth of real-time data and makes this check extremely effective. Emails with a malicious IP address are blocked automatically with very few false positives, so this feature requires little to no management.

DMARC Analysis

Once accepted into the Proofpoint Essentials platform, Proofpoint carries out DMARC checks on the email, combining the authentication mechanisms for DKIM and SPF. If the email fails these checks, Proofpoint blocks or quarantines it, as per admin-configured policies. Admins can override these checks on a domain basis by adding exceptions for certain domains whose SPF is known to be broken/incorrectly set up. Anything that fails DMARC checks is logged, and the user informed by a quarantine digest report. Admins can control whether a digest is sent, how frequently it’s sent, what content it contains, and whether users can preview and release emails. These policies can be defined globally or at a user level, not per user group.

Virus Scanning And Sandboxing

Proofpoint scans all emails for viruses using two commercial antivirus engines, plus its own sandboxing element. The protection offered at this stage is dependent on your subscription to the service. The Advanced and Pro packages offer attachment sandboxing. If any attachments come in with an unknown MD5 hash, Proofpoint detonates them in a secure sandbox environment to prevent the spread of malware. The Business, Advanced, and Pro packages include the Attachment Defense Reputation Service, which allows or blocks emails based on whether they’ve historically been deemed safe or malicious within Proofpoint’s sandbox environment.

Spam Filtering

Proofpoint Essentials scans all emails with two types of spam filter. The first is based on spam sensitivity, and searches for impersonation and mass spam attacks. For best results, we recommend that organizations keep this filter at the default setting of 7. The second filter (“Quarantine bulk email”) blocks mass emails, such as newsletters. This can be toggled on or off by admins.

Policy Configuration

Proofpoint Essentials offers pre-built policies that can be customized, as well as conditional policy configurations (IF/OR/THEN). This functionality is limited; policies can only be changed at a user level, not at a group level. Organizations that need to be able to manage policies across different user groups should consider Proofpoint’s enterprise product, instead.

Ease Of Use

Proofpoint Essentials was designed to protect Microsoft Outlook and Exchange email clients, and deploys very quickly within Microsoft 365 environments. Admins can sync Essentials with Azure or Active Directory so that, if a user joins or leaves the company or creates a new alias, those changes are automatically reflected in Proofpoint. This level of integration and syncing isn’t available with Google Workspace, so there is a lot of management overhead for Google users in terms of managing the user set. Admins must manually upload the user list into Proofpoint, after which Proofpoint automatically detects new users by monitoring email activity. Admins must then manually review each new user created in Proofpoint to check whether they’re a genuine new user, an alias, or otherwise. Overall, the platform’s interface is very simple and easy to navigate, especially when compared to Microsoft’s own email security solution. The spam filtering dashboard is particularly intuitive, allowing admins to manage all policies from one place.

Pricing And Plans

Proofpoint Essentials Email Security is available via four packages: • Beginner includes inbound and outbound email filtering for $1.65/user/month • Business includes the Beginner package features plus data loss prevention filters, the Attachment Defense Reputation Service, and URL Defense for $3.03/user/month • Advanced includes the Business package features plus attachment sandboxing, email encryption, and social media protection for $4.13/user/month • Professional includes the Advanced package features plus email archiving for $5.86/user/month

Best Suited For

Proofpoint Essentials was designed for businesses with up to 500 users, but our technical team found that it can be deployed just as effectively for larger businesses. However, enterprises using Essentials will be limited by the lack of complexity when it comes to policy configuration. As such, we wouldn’t recommend it to organizations with more than 1,500 users, or those with requirements for group-based policies. Proofpoint Essentials is easy to deploy—particularly within Outlook and Exchange—and requires very little ongoing maintenance. This makes it an ideal solution for SMBs using Microsoft 365 that are looking to block spam and graymail from their users’ inboxes.

Final Verdict

Proofpoint Essentials Email Security is a very strong traditional email security solution that delivers enterprise-grade security to small businesses at a reasonable price point. It is highly effective at identifying and blocking spam emails and performs checks relatively quickly; it generally takes no more than 15 minutes for Proofpoint to scan, sandbox, and deliver a new or unknown email with an attachment. The platform’s weaknesses lie in the fact that it is a very traditional tool: it lacks contextual awareness around “normal” communication patterns and doesn’t scan internal emails, so it doesn’t pick up on highly targeted attacks such as spear phishing. However, this is a weakness of all SEGs. Proofpoint is currently developing a new module designed to identify and prevent more targeted threats within Microsoft 365. This is expected to include warning banners to potentially malicious emails and give users the ability to remediate emails post-delivery with a “phish alarm” plugin. Overall, we recommend that any SMB looking to protect their Microsoft 365 email environment against spam, graymail and Denial of Service attacks consider shortlisting Proofpoint Essentials Email Security.