Proofpoint Email Protection Reviews

We monitor false positive and false negative cases, and we work on disclaimer, external tagging, TRAP Recall, and TRAP Dashboards.

The best features in Proofpoint Email Protection that I prefer are TRAP Recall, mainly for handling TRAP-related issues.

Email protection and spam detection, along with allow lists, block lists, and whitelisting legitimate domains, are additional features we utilize.

We handle both on-premises and cloud deployments.

We work with SOC analysts on internal infrastructure that depends upon people-centered threats such as phishing, malware, and credential theft. We use behavior-based intelligence to stop malicious content from reaching users. Proofpoint Email Protection reduces noise and improves high-fidelity alerts, prioritizing threat response quickly through integration with SOAR and SIEM tools. This provides better visibility and automated response, allowing analysts to focus on manual email threats.

The best features in Proofpoint Email Protection that I prefer are TRAP Recall, mainly for handling TRAP-related issues.

Proofpoint Email Protection's admin console provides centralized management that can be interfaced with a SOC team. We configure, monitor, and respond to threat modeling threats. It provides full visibility of email traffic, user risk, and other threats across the organization, delivering threat monitoring and people-level visibility through policy management.

Policy management allows us to prepare rule condition sets where we can allow legitimate domains, permit senders, and create rules backed by policy management. We also receive incident response capabilities, reporting, dashboarding, and scheduling of reports according to user requirements, with integration and automation with the SOC team.

Proofpoint Email Protection reduces the qualities of threats through default policy rules we have configured for credential harvesting, business email compromise, and other email-based attacks. We combine reputation analysis, behavioral detection, sandboxing, and threat intelligence. We conduct internal campaigns that improve alerts and reduce false positives.

There are user interface complexities that require integration with a SOC team, which needs time and training.

Reporting customization is a strong built-in feature, but custom report creation can limit comparison with some SIEM tools.

Integration effort requires additional configuration or tuning in a hybrid way, particularly in non-Microsoft environments.

False positives can occur with gray emails where some legitimate business emails from bulk vendors may occasionally be flagged. We can fine-tune our policies and allow lists to address this.

TAP and TRAP are often separate licenses, which can increase cost, although these are easily adaptable features.

I have been using the solution for 3.5 years.

Stability receives a rating of 8.5.

Scalability receives a rating of 9.5.

For Proofpoint Email Protection, considering the overall percentage, I believe it is more than 50 percent because it scans the vast amount of the user organization at 90 to 99 percent. In reducing false positives, we can report 40 to 50 percent improvement.

Proofpoint Email Protection pricing is high, but it provides a vast amount of security. Per month pricing ranges around $2 to $5 for mid-market organizations. For enterprises, it depends upon the infrastructure they are maintaining and can vary significantly.

Proofpoint Email Protection protects a very vast insight of cybersecurity compared to other solutions. Proofpoint has the option to migrate with TAP and TRAP, which play a very important role in recalling emails and finding the legitimate source. Other resources are good, but Proofpoint offers many advantages in user digest where they can identify legitimate emails and block from their end.

Considering Proofpoint Email Protection's end-to-end visibility in email threats, focusing on both the email and the person, it accomplishes what automation does in half the human work. During investigation, we can see full email traces and URL-based attacks.

We handle operations globally, supporting regions including Japan, Canada, and the UK across all domains. We support more than 1,000 users.

Proofpoint Email Protection operates based on rules and behavior. We have a phishing alert feature where people can view the type of phishing attack and report the email. Once reported, an alert goes to our mailbox if we hold an admin role in Proofpoint Email Protection.

Based on my experience, the solution I received from Proofpoint Email Protection rates between 8 and 9, although there might be a few gaps in response. My overall review rating for this solution is 9.

As a customer of Proofpoint Email Protection, my company uses it. Many of the use cases for Proofpoint Email Protection involve thwarting a lot of email threats, such as phishing, smishing, and many other variants. Proofpoint Email Protection is very email-based, and recently we started doing a lot of custom blocks on it where we implement some YARA rules or other custom patterns to block suspicious payloads from getting into our environment, so our use case is heavily on the email side.

The ability to create custom blocks in Proofpoint Email Protection is a very big deal for me. I enjoy being able to do that, and I appreciate the advanced phishing and BEC protection. I value that it provides a lot of advanced phishing protection and smishing for executives. The TAP, or Targeted Attack Protection, which blocks many sophisticated and URL campaigns, is really nice. One of the features that Proofpoint Email Protection has, that a lot of vendors don't have, is URL Defense, which rewrites links such that even when bad links come in an email and it recognizes them, it rewrites them so you cannot click them and they go into Proofpoint isolation part. Additionally, the Attachment Defense that sandboxes attachments and detects malware from them is impressive. I appreciate that Proofpoint Email Protection has a very good Intel platform that tracks a lot of global threats and can detect threats before they happen or inform me of threats that are salient in my environment through a lot of correlations, making it one of the best.

Using Proofpoint Email Protection definitely helps with reducing the SOC Analyst workloads. In terms of context, Proofpoint Email Protection has good contextual analysis, so it helps reduce the time to containment because we have a lot of information, and while starting up, we do not have to start many procedures from scratch. We reduce a lot of the mean time to containment, and many threats are being caught, resulting in fewer incidents to deal with, which reduces the burnout from our SOC.

The areas of Proofpoint Email Protection that could be improved or enhanced involve the email rewrite functionality. It can be aggressive sometimes, rewriting a lot of very benign content. Finding a balance is key because sometimes it blocks things that are harmless. Proofpoint Email Protection tends to err more on the side of security, which can sometimes impact operations, but I would rather have an operational impact than face a breach. There are pros and cons to that, but I would suggest maintaining a good balance between security protection and operational impact.

I have been working with Proofpoint Email Protection for over seven years.

I rate Proofpoint Email Protection a nine in terms of stability. Having a high level of stability is very important for me because this is a product that is front-facing and used to protect against threats for my organization and customers. Stability is everything. If Proofpoint Email Protection has an outage, we are either not receiving emails or not blocking the right threats. Thus, stability is a big, core requirement for this product.

In terms of scalability, I rate Proofpoint Email Protection an eight. I feel it scales pretty well and has fit a lot of the needs that we have.

We do communicate with the technical support of Proofpoint when we run into issues or something is missed, or if there is a bug. I mostly reach out when we encounter problems or need product feedback, but aside from that, we usually do not have a lot of very repeated needs to contact the technical team.

Based on my experience, I rate Proofpoint's technical support a seven or an eight. They always listen to our issues and make efforts to fix them for us. I am pretty happy with the technical support as it is right now.

Positive

Before using Proofpoint Email Protection, we did use a different solution, Agari, which was not the greatest. We decided to switch from Agari because it was not comprehensive for an enterprise's needs. I feel Agari was a better fit for smaller organizations that did not have sophisticated threats back then, but we saw that a lot of the threats and attacks we had were not covered by Agari's coverage. We had to look for a different solution because we kept getting a lot of phishing and threats that Agari did not catch, and our users still got targeted by them, with many potential compromises occurring.

Based on my involvement in the processes, I found the initial setup and deployment of Proofpoint Email Protection fairly straightforward. There were not a lot of bottlenecks.

Proofpoint provided a lot of official documentation for us to use during the initial setup or deployment, which we followed to get everything up and running. The documentation provided for Proofpoint Email Protection was pretty great and definitely helped me understand the platform, how it works, and what needed to be done to get it running. I feel they do a good job of directing you, as the documentation is extensive, covering many products and areas. They effectively guide you to the exact documentation you need, so you are not overwhelmed and can find exactly what you need.

Regarding the financial benefits of consolidating security solutions with Proofpoint Email Protection, that would have to be proven. I do not know what Proofpoint is offering in terms of other bundles; will it cost us more than what we currently have? That is very relative, so we have to see what we have now as a lot of the protections we are using and how that compares with other providers. If Proofpoint Email Protection is a lot better in terms of feature versus value, that would be favorable. Money flows in the direction of value, so evaluating whether the additional features we can replace consolidate into a native solution that costs less is crucial. It is good to have a native platform where you do not have to jump between multiple platforms to get things done since integration between platforms usually helps with information exchange, which is always a good thing if the cost-benefit analysis shows favorable numbers.

I did evaluate other options or vendors before choosing Proofpoint Email Protection. The vendors I evaluated in addition to Proofpoint Email Protection include Mimecast, Defender for O365, and Cisco Secure Email, but I feel none of them had the comprehensive suite of features that Proofpoint Email Protection offers, especially when considering the base cost. What sold it for us was the fact that we had a lot of the features included in our base subscription, meaning we did not have to buy many additional subscriptions on top of it to get what we wanted, and they had a complete set of features that fit our needs more than any other company we spoke to.

The level of visibility that Proofpoint Email Protection provides into people-based risk within my organization is decent. People-based risk is not what Proofpoint Email Protection was enhanced for, but I feel when we designed it more and gave it additional context, such as this is VIP, these are individuals' job functions, and these are the types of things that should come to this person or not, we were able to improve people protection a little. I would say it does that decently, although I do not think it is amazing in that area.

I have noticed operational efficiency after implementing Proofpoint Email Protection. There have definitely been lower incident rates, higher alert fidelity, and a lot more contextual data available to analysts, so in terms of efficiency, we are definitely operating at a higher efficiency after onboarding Proofpoint Email Protection.

I really appreciate the unified admin console in Threat Protection Workbench for managing security operations because it helps us see everything under one console. You can see your email policies, DLP policies, unified alert management, threat hunting, user risk monitoring, and good analytics across the board. It is pretty good to have a single pane for navigating through multiple products. Threat Protection Workbench is great for conducting a lot of the message analysis and sender analysis. The biggest part I appreciate is integrating the threat intelligence of whatever threat I am looking into, allowing analysts context on whether they are examining a campaign, spear phishing, or whaling. That integration of threat intelligence into Threat Protection Workbench is impressive, in my opinion.

Proofpoint Email Protection definitely reduces the quantity of threats my organization needs to protect against. There are certain things that we are very sure Proofpoint Email Protection is going to block, leading to confidence that we do not even need to generate alerts for them anymore. Even though I feel we are getting more alerts and things to look into, Proofpoint Email Protection reduces the number of alerts we need to work on, meaning an increase in threat actors targeting us does not necessarily increase our workload because there are alerts we already know and understand, allowing us to let Proofpoint Email Protection do its thing without triaging or manually addressing them unless we see other concerning TTPs.

The time required for email investigations and responses has definitely reduced with Proofpoint Email Protection's visibility and automation. A lot of our metrics show considerable improvement with TTPs because context is about fifty percent of the work. If you have the context, you can make decisions quickly; if you do not have the context, decisions slow down. With many of the contextual elements already coming from Proofpoint Email Protection, it helps us make faster decisions and contain incidents more rapidly.

I assess the overall scope and range of Proofpoint Email Protection's threat protection capabilities in addressing modern security challenges as quite good. If I had to rate it, I would give it between a seven and an eight out of ten. I believe it handles issues well because when it comes to changing TTPs or campaigns, you quickly receive all the information you need from Proofpoint Email Protection. As soon as they get new updates about any threat, they provide that information to me as a customer, which I find reassuring. As far as I know, we do not utilize Messaging Security for protection across cloud apps and file-sharing services. Overall, I rate Proofpoint Email Protection a seven, which reflects the email rewrite issues I mentioned, and those are the main improvements I would suggest—maintaining a balance between security and operational impact.

Our main use case for Proofpoint Email Protection is using the whole suite of services, including CASB, DLP, URL protection, email security, and other components.

I have configured 365 email to filter all emails through Proofpoint Email Security, and we have alerts set up for any critical or high severity incidents, receiving alerts for business email compromise and phishing attacks. We also conduct phishing training, which are some of the day-to-day tasks that we use it for.

The best features Proofpoint Email Protection offers excel in the DLP portion, although the email security is falling behind industry standards.

What I appreciate about the DLP portion specifically is that it is very detailed and customizable.

Proofpoint Email Protection has positively impacted my organization by advancing our email security posture. Before I started, there was no email security in place, so we are at least one step further in improving our security posture, although it does not meet the mark in some situations.

I have not seen specific outcomes or metrics since implementing Proofpoint Email Protection, such as a reduction in phishing incidents or improved response time.

Proofpoint Email Protection can improve in how it analyzes alerts by using more AI within its product suite to eliminate repeat alerts, such as filtering down the same attack to generate only one alert. In summary, using AI more within the platform would reduce our workload.

I would suggest advanced phishing training that uses AI to generate phishing training simulations and to catch and filter more phishing attacks. Proofpoint Email Protection feels like just the baseline approach, which is very static.

I have been using Proofpoint Email Protection for about a year and a half, as I am going on my second year with Loews Hotels.

Proofpoint Email Protection is stable for the most part.

Proofpoint Email Protection has scalability, as it is cloud-based and fully scalable.

Customer support is very poor. Whenever I submit a ticket, I feel I receive a roundabout answer, with our Technical Account Manager sending us PDFs and often ending up in a 365 versus Proofpoint debate rather than discussing the resolution. We really require more white glove services.

I rate customer support a three out of ten mainly because of the phishing attacks that are getting through, but there are also other reasons. Support does not cover the full product suite. When I ask for support, I usually receive a response to read a document rather than closely working with our organization and providing the hands-on, white glove services that we require.

Neutral

I did not previously use a different solution.

My experience with pricing, setup cost, and licensing is that pricing increases every year. It feels there are all these products within Proofpoint and our current pricing went up 10 or 15 percent, which is a significant jump year to year.

I have noticed changes in operational efficiency after implementing Proofpoint Email Protection, and operational efficiency is not there. There are numerous different web portals to access, the agent interface is very clunky, and we do not have single sign-on set up, which is a failure on our side. However, you have to navigate various portals just to get anywhere, and it is not very user-friendly due to clunky prompts and outdated document structures within Proofpoint support.

My experience with the Unified Admin Console in Threat Protection Workbench for managing security operations is that it does help. As a new user for the product, it feels a little clunky, and not everything is managed within the Unified Admin Console, as I believe CASB is separate, requiring another login. The ideal situation would be to have all these portals combined into one unified dashboard.

I did not evaluate other options before choosing Proofpoint Email Protection, as that was before I started.

Proofpoint Email Protection does miss a lot of phishing attacks, and threat actors are using AI to create these phishing attacks. We need to be able to use AI to be one step ahead of them to secure our organization. I rate Proofpoint Email Protection a five out of ten overall.

Using Proofpoint Email Protection has increased the workload for our SOC analysts. The workload has increased due to repeat alerts, as it is not smart enough to catch the repeat alerts, resulting in a lot of unnecessary alerts that could be prevented.

Proofpoint Email Protection still lacks visibility into people-based risk within our organization. I am about 50 percent through some case studies with other organizations, and I feel Proofpoint Email Protection meets in areas where other solutions make up for it and vice versa. It is a catch-22 where more AI usage by Proofpoint Email Protection would drive more value within their product.

We do utilize messaging security for protection across cloud apps and file-sharing services, but so far we have only seen moderate alerts. We try to tune the alerts to critical only due to our high tolerance for security since we are not as regulated as other organizations.

I assess the overall scope and range of Proofpoint Email Protection's threat protection capabilities in addressing modern security challenges as a five out of ten.

My advice for others looking into using Proofpoint Email Protection is to have at least two FTEs dedicated to it. I believe Loews Hotels has a corporate relationship with this vendor on the corporate side.

I have been using Proofpoint Email Protection as a part of our security operation workflow for monitoring and analyzing email-based threats across the organizations. Previously, I managed four clients, and I have been using Proofpoint Email Protection for two of them. Proofpoint Email Protection plays a very critical role in detecting phishing campaigns and malicious attachments and suspicious URLs before they reach the end users. One of the strongest aspects that I have noticed in Proofpoint Email Protection is its phishing and URL defense capability, content it triggres when user interact with any suspisous emails or links or attachments. 

I have used Proofpoint Email Protection for more than two years. In my previous organization, I used Proofpoint Email Protection for approx 2 years.

In my environment, we primarily used the TAP (Targeted Attack Protection) cloud deployment.

Proofpoint Email Protection effectively identifies malicious links using URL rewriting and time of click analysis, which is very impressive. It significantly reduces the risk of users accessing malicious websites. In several cases during incident investigations, I observed that Proofpoint Email Protection successfully blocked most of the malicious links and blocked credentials harvesting attempts. It also helps prevent malware delivery through email attachments.

From the perspective of SOC analysts, the visibility provided through large threat logs and message trace functionality is very useful during investigations. When users report a suspicious email, I can quickly research and search that message, analyze it, and check the sender reputation and review the attachment behaviors in the sandbox, and it even tells how many days back suspicious or malicious domain has been registered.

I can also determine whether similar emails have been received by other end users. Additionally, Proofpoint Email Protection integrates well with security tools such as SIEM platforms. In our environment, alerts and logs can be correlated with security telemetry. This helps SOC analysts and even SOC interns can use it; it is very user-friendly. They can also identify the broader aspects of attack patterns, such as phishing campaigns targeting multiple users.

Another benefit of using Proofpoint Email Protection is that I can quickly analyze the email if someone or endusers reports it. Before analyzing, it provides the sender address, domain name, receiver name, subject, and the entire raw email header. With Proofpoint Email Protection, if I use it for three to four months, I will be able to find out the intention of the email; it is handy and easy.

There are very few areas where Proofpoint Email Protection could improve. The user interface can sometimes feel complex for some background employees. The policy configurations may require careful tuning to reduce false positives. While fine-tuning the policies and configurations, if something is a bit off, it can cause end users to receive malicious emails or suspicious emails.

Additionally, initial setup and progression policy optimizations may take some time depending on the organization's email environment. Overall, Proofpoint Email Protection is very powerful for all users, from less experienced end users to large organizations. It is very helpful.

One area they can improve is that although Proofpoint Email Protection analyzes the entire email and then delivers it to the end users, it should indicate the exact number of end users who have already received the email. I used to copy-paste the email subject into Microsoft Defender for hunting and analysis, but Proofpoint Email Protection should present these details in a very proper UI/UX design.

I worked with Proofpoint Email Protection for approximately 2 years in my previous organization, primarily for monitoring and investigating email-based threats such as phishing, malicious attachments, and suspicious URLs.

I have not noticed any incidents or stability issues.

Proofpoint Email Protection is scalable.

I do not think I escalated anything to Proofpoint Email Protection, but I do not remember exactly. I do not think I have been in touch with Proofpoint technical team because everything was on the table; I used to use them. I do not think I created any tickets with Proofpoint technical team.

Neutral

In my previous organizations, we purchased Proofpoint Email Protection directly from Proofpoint because my previous organization used to spend a lot of money on tools to strengthen the security environment. I have been using a lot of tools; I even used KnowBe4 for security awareness training for our end users. My previous organization used to spend a lot of money on purchasing these kinds of tools that are the best in the market, and they purchased them directly from Proofpoint.

I have also worked with Cofense, which is a platform focused on phishing detection and response, particularly through user-reported phishing emails. When users click the “Report Phishing” button in Outlook, the suspicious email is forwarded to the security team or the Cofense platform for investigation. This allows security analysts to review, classify, and respond to potential phishing threats reported by end users.

However, compared to Cofense, Proofpoint Email Protection provides a broader email security capability because it functions as a secure email gateway. Proofpoint analyzes and filters malicious emails before they reach users’ inboxes using advanced threat detection techniques such as spam filtering, malware detection, and URL analysis.

In contrast, Cofense primarily focuses on post-delivery phishing reporting, investigation, and response workflows. This difference in functionality is one of the key distinctions between the two solution

For Proofpoint Email Protection, I had access to the dashboard and console.

The deployment was done in-house. Our team did it ourselves. Our team and we deployed it with the help of Proofpoint technical team and our technicians; we deployed and configured everything.

Proofpoint Email Protection provides strong protection against phishing and malicious attachments and email-borne threats. For organizations that rely heavily on email communications, they must use Proofpoint Email Protection. It is a very effective layer of defense that significantly strengthens the organization's security posture.

In many functions, it is handled within one dashboard. Because of this, I could investigate suspicious emails, malicious attachments, and suspicious URLs. That is how Proofpoint Email Protection console works, and it manages many tasks in one dashboard.

From the SOC perspective, the centralized logging and threat intelligence within Proofpoint Email Protection helps SOC analysts or any analyst to quickly identify the pattern of the attack and any campaigns, which might include suspicious campaigns, marketing campaigns, or phishing campaigns targeting multiple users. Overall, the capabilities in one simplified platform operation were good.

Regarding improvements, I used to see that our end users might have clients that started their company and became clients of our end users. Their domain used to get blocked in Proofpoint Email Protection because they started a few years ago, and their domain and email used to get blocked. Before doing any whitelisting, if the client end users reported that they were not receiving any emails from this vendor, I checked the entire websites and domain analysis and email analysis. After that, I whitelisted their domain. If any suspicious activity occurred, I asked them to communicate through other channels.

I have around 5,000 end users, and most of the email threats were already taken care of by Proofpoint Email Protection. However, a few attacker emails used to bypass so many email servers and push emails to the end users. Those kinds of emails, while they were suspicious and malicious, sometimes Proofpoint Email Protection failed to detect them. Some attackers utilized numerous email servers to deliver the malicious email payloads to the end users' mailboxes. Although Proofpoint Email Protection detects them, it does so after several hours.

Proofpoint Email Protection is important because communication with vendors and end users mainly happens through email. Organizations must invest in Proofpoint Email Protection. This is very important for securing email communications. Most attacks happen through emails themselves, whether through insider attacks or employee vulnerabilities. Organizations must use Proofpoint Email Protection. I rate this product an 8.5 out of 10.

I started working with Proofpoint Email Protection one year ago. Before that, I was working as a DLP guy in Data Loss Prevention. When I changed my companies, my current company is more focused towards Proofpoint Email Security. I got to know about email security and started learning. Now I am in a state where I am able to implement the tool, and I know how the policies are being processed and how it is getting done.

Proofpoint Email Protection has certain two modes. The first one is Core Email Protection. I am currently using the P0 bundle, which is offering Core Email Protection with SEG, which is Secure Email Gateway. Apart from that, TAP, which is Targeted Attack Protection, includes URL Defense and Attachment Defense. Apart from that, we have Threat Protection and Cloud Threat Protection. These certain things I have been using.

I am using Core Email Protection.

Proofpoint is for the enterprise customer, and they are focused only on the cloud solution. Some of the solutions are providing on-premises as well, but for email security, they specifically work on the cloud portals.

Our company is working rigorously with Proofpoint as a partner, where we are pitching this solution to the customers that we are handling, positioning the product of email security from Proofpoint. That is why we are more into it.

Proofpoint Email Protection is processing a very large number of emails, scanning a very large number of emails which is in the trillions or billions number of emails every year. Technically, they must be having a great threat intelligence because they are going through so many emails. Apart from that, they have a very good offering in which we have URL Defense, where they rewrite the URL, and once the user clicks on it, if the URL is safe, then you can go ahead; otherwise, if it is not, then the user will not be able to redirect it to the particular URL. That is awesome. Microsoft is also providing URL Defense, but they are not working actively, whereas Proofpoint is providing this in a proactive way. Apart from that, Attachment Defense is a very common thing that every other vendor is doing. TAP and TRAP are also part of it, where TRAP is the solution from Proofpoint that pulls out your email that is actually having malware or a phishing attachment. That is a very unique thing that Proofpoint Email Protection is offering in the market. That is why I can consider Proofpoint Email Protection as a number one vendor for email security.

Many things are getting done by Proofpoint Email Protection itself. There is no need that initially you are just going back into the SOC platform or any SIEM platform and creating unnecessary correlation rules to get impact and know which email is actually triggering or which email is malicious. Everything is getting done by Proofpoint Email Protection itself. That is why I would say it is making lives easier for SOC analyst guys.

Most users might be confused why Proofpoint Email Protection is providing two solutions. They should quickly transition from the old portal to the new one to avoid customer confusion regarding the availability of two portals in the market.

I don't think there are many areas for improvement. The only things I mentioned earlier regarding Google Workspace documentation could be better, and they are already working on the two consoles. Everything else is lined up.

I started working with Proofpoint Email Protection one year ago.

I don't think I have had any crashes or performance issues with it. The only limitation we have with Proofpoint Email Protection is when we implement it with Google Workspace. Sometimes, when creating connectors for implementing with Google Workspace, we encounter challenges because both Google Workspace and Proofpoint Email Protection do not have very good documentation on how to do this. If the documentation improves, those challenges could be resolved. Otherwise, everything is perfectly fine.

I don't think I have escalated any questions to Proofpoint Email Protection Tech Support yet because any challenge I have, I can get checked over the portal. Most of the things are provided over the portal, and if you do some research and development, you will be able to resolve it through the portal itself.

The setup of Proofpoint Email Protection is very straightforward and easy to implement.

Financial benefits definitely will come if you are using a good product that has a very good positioning in the market and actually gets good results. If you implement these kinds of solutions in your security stack, the first beneficial thing will be that you will not suffer any malware, and you will not face attacks, which ultimately leads to financial benefit.

I do not know much about the licensing part, but I remember one customer mentioned that it cost them around one crore for approximately three thousand users.

It is definitely cost-effective because if you implement it in your security stack, it protects you from any kind of email threats, malware, URL Defense, and Attachment Defense. Technically, if you are using a good product, you are gaining benefits later on.

Proofpoint Email Protection Threat Protection is, I would say, a nine point eight or nine point nine because they consider this based on two ways: first, on a behavioral basis, and since they have a very good amount of threat intelligence, they pass all emails through this data. If anything happens unexpectedly, such as zero-day attacks without signatures, they tackle it using behavioral analysis and sandboxing. That is the good thing.

If you line up an email security solution in the environment, when an email is sent by the user, it will land into the email security where it will check all the policies we have lined up. If it has any threat or any kind of URL which can be malicious, Proofpoint Email Protection will sandbox it and check whether it is safe or not, and then it will give you the verdict, which is the automation process. Things are getting done in a fraction of seconds. Most of the time, you are getting a verdict quickly, which is the beauty of Proofpoint Email Protection.

I actually prefer the older version of the portal. Even though the newest version is also good, where if an email is quarantined, you can easily click on the checkbox and release it from there itself, which is very easy to use, I still prefer the older version more.

I do not work with messaging security for cloud apps or file-sharing services with Proofpoint Email Protection.

I would suggest any organization invest in a good product such as Proofpoint Email Protection, as it provides very good returns in exchange. Overall, I would rate this product at a nine point nine out of ten.

From a solution architect perspective, I do not have day-to-day operational exposure to Proofpoint Email Protection, but I have conducted multiple demos, design discussions, and solution evaluations focused on email threat protection.

I primarily work with the SaaS deployment model, typically procured through authorized vendors rather than directly from Proofpoint. The environments I support range from 20,000 to 70,000 users, where Proofpoint integrates tightly with SOC operations.

When integrated with a SOC, Proofpoint provides consolidated phishing alerts that are easy for L1 analysts to understand and act upon. Analysts can quickly validate indicators (e.g., via VirusTotal), enrich alerts, and build SOAR automations around phishing response.

Proofpoint Email Protection has improved phishing detection accuracy, simplified incident response, and reduced operational overhead. Its integration with SOC workflows enables faster triage, better analyst efficiency, and consistent response outcomes. The platform’s stability and low maintenance requirements positively impact managed service delivery.

Key highlights include:

• Nexus AI, which enhances threat detection and context across email threats

• UEBA (User and Entity Behavior Analytics), providing behavioral insights that differentiate Proofpoint from many competitors

• Fraud defense and brand reputation insights, which are useful when advising customers

• Built-in security awareness and guidance, helpful for both customers and service providers

From an MSP perspective, multi-tenant administration could be improved. Managing multiple customers from a single, unified console would significantly enhance efficiency when one administrator supports several environments.

3.5 Years

have not experienced any downtimes, crashes, or performance issues.

Scalability is not an issue.

The technical support and customer service teams are very good.

Neutral

I have worked with Abnormal AI, Mimecast, and Microsoft Defender for Office 365.Compared to Other provider, Proofpoint offers stronger proactive threat detection and better analytics for phishing and business email compromise. 

NA

NA

Pricing is competitive for an enterprise-grade email security solution. While some alternatives may be slightly cheaper, the difference is not significant. The pricing aligns reasonably well with the capabilities provided.

Proofpoint Email Protection is well-suited for medium to large enterprises that require strong phishing detection, SOC integration, and scalable email security. It is particularly effective in environments where email security is part of a broader managed security or SOC model.

As a security engineer, I use Proofpoint Email Protection because it has been implemented for one of our larger customers. I work for an MSP, and we have a large customer, a major European airline, whose entire email security is currently managed with Proofpoint Email Protection. We are subscribed to multiple products including Email Protection, EFD, and Threat Protection. The use case is mainly to control mail flow to and out of the domain. The majority of the use case is to prevent malicious emails from getting through emails by filtering emails using latest threat intel and sender reputation. As a daily breakdown, we fine-tune rules and release emails from quarantine using Targeted Attack Prevention or other Threat Intelligence.

My most favorite thing about Proofpoint Email Protection is definitely how well it filters emails. The number of emails is a major volume that Proofpoint handles. For the last 24 hours, we received 65,000 plus emails, 4,619 of them have been filtered away, and 60,000 plus have been delivered. Proofpoint actually recognized a vast amount of threats that are targeting the actual network of the customer environment, which is one of my favorite things about it. They do most of the heavy lifting when it comes to attack surface management.

Proofpoint Email Protection has massively improved the attack surface by defending against email borne threats. Looking at reports, I can see there are various attack campaigns running for the past month or so. Without Proofpoint Email Protection, most of these emails would have, slipped through Exchange, gotten into the user's mailbox, and created a lot of trouble for the organization. Thus, Proofpoint Email Protection has definitely improved defenses.

More granular permissions or options within the Targeted Attack Prevention dashboard would be nice because when there are known threats detected and emails are quarantined post-delivery, we have no actual way to gather further forensic evidence within that detection. Further or granular options to manage anything within Targeted Attack Prevention would be beneficial.

Regarding the Unified Admin Console in the protection workbench, the Unified Console provides access to four different dashboards from here, including Threat Protection Workbench, Email Protection, Targeted Attack Prevention Dashboard, Threat Response, and Unified Management. However, there are a couple of things missing. We use URL Isolation, and the Proofpoint Isolation Portal does not appear under the protection unified dashboard, which is a problem. It is annoying because I have to save a long bookmark and use it whenever I need to access it. Apart from that, we also use Proofpoint's CASB solution, which is the Cloud Access Security Broker solution, and it has a separate dashboard that is not linked to the Protection Workbench or the Admin Portal where everything is shown as a collective under the catalog. Those two portals are not appearing here for some reason. I would very much like to have them here, as that is one of those things that annoys me now and then.

I have been working with Proofpoint Email Protection for four years now.

I have noticed some lagging and issues with the Proofpoint Protection Server, which is not the cloud solution or the Admin Portal solution. It seems to lag quite a lot when we try to work with folders, quarantine folders, or configure anything in there. Especially the search takes too long. To narrow it down, the issue is with the Proofpoint Protection Server or what they call the Pod.

Proofpoint Email Protection can be scaled effectively. I do not think there are any limits to how far Proofpoint Email Protection can be implemented as a solution, regardless of how big or wide a company is.

I contacted the technical support of Proofpoint Email Protection, and the quality has always been great. I have been working with them for four years, so quality-wise, there is always a solution provided within SLAs. About 80% of the time, I have had instances where it takes a while for them to respond and I have had to follow up, though that was a while back. The quality is great, and they always have a solid response, and I would rate it nine.

As an email protection tool, we have used Defender for Office, which is Exchange-based. It lacks the capabilities that Proofpoint Email Protection provides as a dedicated email security product. I cannot really compare them, but we mostly use Defender for Office as a layered protection approach, as Exchange lies under Proofpoint Email Protection.

Looking at the documentation, the initial installation and deployment of Proofpoint Email Protection is not difficult. All resources were provided considering that this was implemented on a major airline and has been operating for two decades or so, only with Exchange or Defender, on-premises Exchange protection included. It has not been a difficult project because only two engineers were required and it was completed within a month or so following an initial POC.

We manage Proofpoint Email Protection on our end because we co-manage the solution with colleagues from the airline. As for maintenance, mostly it is firewall rule management, meaning mail flow rule management. Recently, we made a migration from the on-premises threat response and attack prevention setup to the cloud, solution Threat Response. Proofpoint email protection is quite easy to manage.

Using Proofpoint Email Protection has had a major positive impact on our SOC analyst workloads. We receive alerts in the SOC regarding post-delivery detections, which are very helpful. It has not increased the workload, but it has actually fine-tuned the workload. Proofpoint certainly does most of the heavy lifting 

I am not entirely sure about the pricing, but I have heard that a lot of money has been spent by our customer for this tool. The tool has been there for nearly five years. I was not part of the implementation team, and I am certainly not part of the purchasing or license management. So I cannot answer that.

I have been working in my current field for five years. I would give this product an overall rating of eight.

Proofpoint Email Protection serves as our email security solution. The entire SOC team uses Proofpoint Email Protection. The granularity in admin access is different, so each team has their own access to Proofpoint Email Protection. SOC people and four admins with complete access to Proofpoint Email Protection use the system, so overall, only the SOC and email security team have access to it.

Proofpoint Email Protection works on policies, so everything is under the admin's control, and the admin can stop emails. If there are email attacks, the admin can detect and stop them immediately without having to contact support. The admin can perform everything in the console itself. Proofpoint Email Protection has very good granularity of access, and the detections are excellent. It has different types of detection for malware, phishing, spam, adult content, and bulk emails with different engines working behind the scenes, so the detections are quite accurate. The blocking system is effective, so if an email is on the block list, it will remain on the block list. The UI experience for admins is quite feasible and easy to navigate.

I prefer Proofpoint Email Protection to other solutions. I have used Microsoft Defender, Check Point Harmony Email & Collaboration, and Proofpoint Email Protection. Proofpoint Email Protection is better for admins to manage overall, though it has higher false positives. However, the navigation, UI experience, working experience, and detections are very good in Proofpoint Email Protection compared to other tools.

Proofpoint Email Protection easily detects even legitimate emails as spam or phishing, which has increased the workload. However, if an email is detected as phishing after delivery, Proofpoint Email Protection has a module called TRAP to pull back the emails. It also has URL Rewriting, which reduces the workload because everything is done by Proofpoint Email Protection itself, resulting in less manual interaction.

Proofpoint Email Protection detects risks and has a dashboard that shows how high-risk users are based on the emails they receive and their interactions. Based on that information, we can proceed with our investigation, and if remediation is needed, we can implement it. Proofpoint Email Protection identifies high-risk users, and we can put alerts on people we want to monitor, such as any CSOs or CISOs, to ensure their mailbox is not under threat.

For a beginner level, someone who is very new to email security might find it difficult to manage as an admin. Navigation can be concerning because Proofpoint Email Protection has different consoles, such as for TRAP, and it has many modules within it, which might be difficult to navigate. Proofpoint Email Protection has a lot of false positives, and the infrastructure is a bit complex. I was not part of the deployment, but I have heard that the deployment process is a bit complex. The support is good, though it can sometimes be slow.

I have been using Proofpoint Email Protection for two and a half years.

Proofpoint Email Protection is a stable product, and I would rate it an eight.

Scalability is good, and I would say Proofpoint Email Protection does not have any issues with scalability, so I would give it a nine.

The support is good, though it can sometimes be slow.

I prefer Proofpoint Email Protection to other solutions. I have used Microsoft Defender, Check Point Harmony Email & Collaboration, and Proofpoint Email Protection. Proofpoint Email Protection is better for admins to manage overall.

I was not part of the deployment, but I have heard that the deployment process is a bit complex.

I would say more than 50 percent because before we were vulnerable to email-related threats, and now it is drastically reduced, so Proofpoint Email Protection was a good decision made by the organization. Before deploying Proofpoint Email Protection, we were frequently attacked by phishing and DDoS. After deploying Proofpoint Email Protection, it has reduced attacks up to 80 percent, and the remaining 20 percent are unexpected DDoS attacks. After Proofpoint Email Protection, phishing has been completely eliminated, so it is working very efficiently.

I prefer Proofpoint Email Protection to other solutions. I have used Microsoft Defender, Check Point Harmony Email & Collaboration, and Proofpoint Email Protection. Proofpoint Email Protection is better for admins to manage overall.

I would rate this review a nine out of ten.