What is our primary use case?
Majorly, we use the solution for spam filtering and for alerting which emails are internal ones. With external email, it helps us to mitigate certain risks. We also use it for what you call junk profiling of emails. Basically, we block them before they enter our 0365 platforms. We also use it for certain SMTP services. Proofpoint provides an additional service known as SMTP Relay, which we could use that for sending bulk emails and just to maintain our IP addresses with a good percentage value, right, in spam value in the network so that our corporate email, even if they are sent to bulk, the reach inbox rather than going into a spam filter or junk of recipients.
How has it helped my organization?
For example, it helped our cybersecurity team to understand where to begin in terms of making sure that we had the right message labeling, especially to identify which are safe and which are potentially unsafe. The quarantine feature, which we use right where the potentially unsafe emails get stored, and people get access to it offline if they can validate and allow it. From this perspective, it is acting as a great security tool for our cyber team. Second thing, the way it's filtering is working, you know, the message filtering. The clutter, as well as the focus thing, has improved drastically. It is something that Microsoft provides, but with the introduction of Proofpoint, I think that those issues improved. Also, certain things which used to miss clutter or junk have now been better targeted now in terms of making sure that they get the right treatment if they are spam or junk, or clutter. I like its ability to quarantine emails that are potentially dangerous.
What needs improvement?
I think some of the hiccups that we had were with the number of domains that we had and how that had to be implemented in Proofpoint. They needed us to do a lot of consolidation. If we did not do that, the pricing would go high. Though we were a single organization, that looked really weird. Maybe the way they are pricing and licensing it for multiple domains in a single organization, I believe that is one area where they could work a little bit.
The other issue, I would say, is the partnership for the introduction of the tool in an organization that they have. So, for example, they have some third parties who are working with us in introducing Proofpoint and other services. For example, Secure Access was one of them, and I think there was another company that worked with us. Whoever their partners need to work in a little better manner since the moment we got support directly from Proofpoint's professionals, our overall experience got enhanced. When we were working with their partners, I felt Proofpoint needed to improve the quality of service.
For how long have I used the solution?
I have been using Proofpoint Cloud App Security Broker since 2019. Also, I don't remember the version of the solution I am using. My company is a customer of the solution.
What do I think about the stability of the solution?
Stability-wise, I rate the solution a nine out of ten. It has been pretty stable. It has been pretty good with its results, like whatever it has provided us. From stability and availability standpoints, it is pretty good.
What do I think about the scalability of the solution?
There were two aspects in which we scaled it. In one scenario, we scaled up by adding more modules, so that's more like a vertical sale where we added more products from Proofpoint, and the other one was horizontal because our mail footprint increased. So we needed more of their computing and other resources for quicker processing. Scalability-wise, I rate the solution a nine out of ten since they were pretty flexible and elastic.
Our IT team, who manages it, consists of around three people. The number of users using the tool in my company is around 47,000, which comprises white-collared and blue-collared employees.
How are customer service and support?
We have an account manager in our company, so every time my team wants to contact the support team.
How was the initial setup?
We are using the solution on the cloud, and we have a broker server on-premises, obviously, for which the setup is required. It helps us sync some of the mandatory things that Proofpoint needs. We have opted for a sales cloud service, and our exchange is hosted on Azure. Hence, it's a combination of Azure and Proofpoint SaaS servers.
The setup was complex from the standpoint that our own internal infrastructure and requirements of the applications were complex. Apart from that, if you look into the way it gets integrated into the system, I think I think if you have reliable KPIs, insights, and data points for your application, the solution won't give you a problem when trying to integrate. I would say it's not the problem of Proofpoint but more of how your organization is structured and designed for your application management overall.
What was our ROI?
For us, it has been a profitable deal. It is not just profit, but I would say a benefit for us. We could have got a cheaper deal with the extended online protection and cloud broker services from Microsoft since we had an enterprise agreement with them. It has been beneficial when we look into the overall services and how we have used the product. Also, we use it for negotiating with Microsoft.
What's my experience with pricing, setup cost, and licensing?
We had an enterprise contract with them for about 32,000 users at that point, which has now grown. I don't think I can reveal the numbers.
Which other solutions did I evaluate?
I think the better comparison for us would have been Microsoft Endpoint Protection which comes as a similar product to Proofpoint. We thought of going with Microsoft Endpoint Protection, but in the end, two factors played with it. One, we were looking out for a multi-vendor strategy when it comes to our emailing. We were looking out for a dedicated and a little bit more advanced partner when it comes to email-related solutions. Proofpoint was rated much better than Microsoft when it comes to bringing up new improvements, especially from a mailing and protection perspective, since they are like a core security-focused company. Since Microsoft feels that they are providing email, and because of that, they will provide endpoint protection as well, while it is not your core business. Based on many things, we figured out that Proofpoint is way ahead of other competitors. I think there was another company that we talked about, but I forgot its name.
What other advice do I have?
If you are a first-time user, I would definitely recommend the solution. Before making all those decisions, I think you also need to understand how your applications, particularly, are internet exposed and how much you are ready for integrations to Proofpoint since just bringing up the tool is not the only solution. You need to have your gateways, and you need to have your internal firewall security rules, exposure, and DMZs accurately configured for those applications to be exposed. Then, Proofpoint sits on top of it as a good gatekeeper for anything which is malicious, vulnerable, or dangerous for those applications. It's kind of a partnership, and you have to be well-prepared before bringing anything like Proofpoint into the environment.
I will say it was a little easy to work with Microsoft because most of the applications that my organizations have built, developed, and hosted are on Azure. My integration with Microsoft CASB during PoC was a little smoother as compared to bringing up a third-party solution. The experience with Proofpoint and its overall features was a little better and higher. The integrations and building or putting applications behind CASB in Microsoft were a little smoother compared to Proofpoint. I don't want to take anything away from the fact that they are ahead of Microsoft from a research perspective and bringing new changes and enhancements into the system.
Overall, I rate the solution an eight out of ten.
