Proofpoint Essentials Email Security

What Is Proofpoint Essentials?

Proofpoint is the world’s largest email security provider, with over 2,000 employees and annual revenues of over $1bn. Proofpoint Essentials is their solution for small- to mid-sized businesses, which comprises two products: email security and security awareness training.

Proofpoint Essentials Email Security deploys a secure email gateway to protect organizations against email-borne threats such as spam and graymail. Essentials also includes options for email encryption and archiving.

Proofpoint Essentials New Packages

In February 2023, Proofpoint released a major overhaul of the pricing packages for Proofpoint Essentials, including three new packages: Business+, Advanced+ and Professional+. These features include:

Email Warning Tags

Proofpoint can now tag email messages with notes to help users make better security decisions. This includes informational tags (a grey banner), which indicate external email content, and warning tags (a yellow banner), which indicate that an email has failed DMARC checks, or has been sent from high-risk locations or a newly registered domain. These tags are shown on all devices and mail clients, including desktop, web and mobile.

One-Click Message Pull

If an email has been delivered to a user by mistake, admins can now use the Proofpoint logs to quickly pull email messages from recipients’ inboxes. Emails can also be redelivered to recipients if needed. This feature is only available for Microsoft 365 users.

Predictive URL Defense

All current Proofpoint packages include URL defense, a feature that rewrites links within email messages so they are scanned by Proofpoint at time of click. This prevents users from visiting malicious websites, such as phishing pages. However, links are not scanned before they are clicked on by users.

Predictive URL Defense is a newly added feature which sandboxes links before they are delivered to users so, if a malicious URL is detected, the email is automatically quarantined before it hits a users’ inbox, further reducing the risk of phishing attack. This feature is available as part of the Advanced+ and Professional+ packages.

Advanced BEC Defense

Proofpoint has released an improved detection engine to improve analysis and detection of advanced email compromise scans. This engine can analyze several factors such as header information, contact relationships, and sender reputation to more accurately prevent BEC attacks. This feature is available as part of the Advanced+ and Professional+ packages.

How Does Proofpoint Work?

Connection Control

Before an email comes into Proofpoint’s gateway, Proofpoint checks the sender’s IP address and carries out a reverse DNS lookup to discover whether the IP address has a PTR record, helping prevent Denial of Service attacks.

Proofpoint acquired Cloudmark to perform this connection check. Cloudmark monitors around 12% of global email traffic, which enables them to gather a wealth of real-time data and makes this check extremely effective. Emails with a malicious IP address are blocked automatically with very few false positives, so this feature requires little to no management.

DMARC Analysis

Once accepted into the Proofpoint Essentials platform, Proofpoint carries out DMARC checks on the email, combining the authentication mechanisms for DKIM and SPF. If the email fails these checks, Proofpoint blocks or quarantines it, as per admin-configured policies. Admins can override these checks on a domain basis by adding exceptions for certain domains whose SPF is known to be broken/incorrectly set up.

Anything that fails DMARC checks is logged, and the user informed by a quarantine digest report. Admins can control whether a digest is sent, how frequently it’s sent, what content it contains, and whether users can preview and release emails. These policies can be defined globally or at a user level, not per user group.

Security Features

Virus Scanning And Sandboxing

Proofpoint scans all emails for viruses using two commercial antivirus engines, plus its own sandboxing element. The protection offered at this stage is dependent on your subscription to the service.

The Advanced and Pro packages offer attachment sandboxing. If any attachments come in with an unknown MD5 hash, Proofpoint detonates them in a secure sandbox environment to prevent the spread of malware.

The Business, Advanced, and Pro packages include the Attachment Defense Reputation Service, which allows or blocks emails based on whether they’ve historically been deemed safe or malicious within Proofpoint’s sandbox environment. Business+, Advanced+ and Pro+ offer predictive URL defense.

Spam Filtering

Proofpoint Essentials scans all emails with two types of spam filter. The first is based on spam sensitivity, and searches for impersonation and mass spam attacks. For best results, we recommend that organizations keep this filter at the default setting of 7.

The second filter (“Quarantine bulk email”) blocks mass emails, such as newsletters. This can be toggled on or off by admins.

Admin Controls

Policy Configuration

Proofpoint Essentials offers pre-built policies that can be customized, as well as conditional policy configurations (IF/OR/THEN). This functionality is limited; policies can only be changed at a user level, not at a group level. Organizations that need to be able to manage policies across different user groups should consider Proofpoint’s enterprise product, instead.

Ease Of Use

Proofpoint Essentials was designed to protect Microsoft Outlook and Exchange email clients, and deploys very quickly within Microsoft 365 environments. Admins can sync Essentials with Azure or Active Directory so that, if a user joins or leaves the company or creates a new alias, those changes are automatically reflected in Proofpoint.

This level of integration and syncing isn’t available with Google Workspace, so there is a lot of management overhead for Google users in terms of managing the user set. Admins must manually upload the user list into Proofpoint, after which Proofpoint automatically detects new users by monitoring email activity. Admins must then manually review each new user created in Proofpoint to check whether they’re a genuine new user, an alias, or otherwise.

Overall, the platform’s interface is very simple and easy to navigate, especially when compared to Microsoft’s own email security solution. The spam filtering dashboard is particularly intuitive, allowing admins to manage all policies from one place.

Proofpoint Essentials Pricing

Proofpoint Essentials Email Security has a total of six pricing options.

• Business: includes inbound and outbound email filtering. $36.36/user/year
• Business:+ includes inbound and outbound email filtering with predictive URL defense and one-click message pull.$40.32/user/year
• Advanced: includes the Business package features plus attachment sandboxing, email encryption, and social media protection. $49.56/user/year
• Advanced:+ includes the Business+ package features plus attachment sandboxing, email encryption, and social media protection, with advanced BEC detection and email waning banners. $61.56/user/year
• Professional: includes the Advanced package features plus email archiving. $70.32/user/year
• Professional+ includes the Advanced+ package features plus email archiving. $82.32/user/year.

Expert Insights Verdict

Proofpoint Essentials Email Security is a strong email security solution that delivers enterprise-grade security to small businesses at a reasonable price point.

It is highly effective at identifying and blocking spam emails and performs checks relatively quickly; it generally takes no more than 15 minutes for Proofpoint to scan, sandbox, and deliver a new or unknown email with an attachment.

The platform’s weaknesses lie in the fact that it lacks contextual awareness around “normal” email communication patterns and doesn’t scan internal emails.

However, Proofpoint’s recent update to Essentials, including email warning banners, BEC Defense URL Defense and one-click message pull, improves the effectiveness of the service when it comes to preventing phishing advanced BEC attacks compared to other email gateways on the market.

Proofpoint Essentials was designed for businesses with up to 500 users, but our technical team found that it can be deployed just as effectively for larger businesses.

However, enterprises using Essentials will be limited by the lack of complexity when it comes to policy configuration. As such, we wouldn’t recommend it to organizations with more than 1,500 users, or those with requirements for group-based policies.

Proofpoint Essentials is easy to deploy—particularly within Outlook and Exchange—and requires very little ongoing maintenance. This makes it an ideal solution for SMBs using Microsoft 365 that are looking to block spam and graymail from their users’ inboxes.

Overall, we recommend that any SMB looking to protect their Microsoft 365 email environment against spam, graymail and Denial of Service attacks consider shortlisting Proofpoint Essentials Email Security.