Proofpoint Email Security Appliance Review

Author: Benjamin Luck – Synworks Development Group Synworks DG Website Email:

1.0 Introduction 2.0 The Hardware/Software 3.0 Setting up the Units for Deployment and Testing 3.1 Getting Access 3.2 Setting Up IP and NMS 4.0 Setting up for a domain for the Test 5.0 System Information and Reporting 5.0 Email Quarantining 6.0 Testing the Appliance 7.0 Product Support 8.0 The Conclusion 9.0 Product Review Rating

1.0 Introduction Its exciting to get my hands on a Email Security Appliance from Proofpoint. Proofpoint is an email security, Email archiving, and data loss prevention solution vendor based in Sunnyvale, California. Its first product was the Proofpoint Protection Server for medium and large businesses. Incorporating what was described as “MLX Technology”, proprietary Machine learning algorithms applied to the problem of accurately identifying spam email, the company expanded with email encryption and virtual appliance products as well as software-as-a-service offerings. The Proofpoint email security appliance is a enterprise grade inbound and outbound spam filter, anti virus scanner, email security and content management system.

For more technical information and ordering options, take a look at the Proofpoint datasheet from the Proofpoint site. Also, the Proofpoint site contains many other network appliance equipment to suit your needs.

2.0 The Hardware/Software The Proofpoint Email Security Appliance can be installed on your own hardware with Redhat/CentOS Linux or pre-installed on a Proofpoint box with mounting parts for rack mounting. There is also the option from Proofpoint to use a internet cloud version. ie to scan your email before it even gets to your network. For our review, we will be using the pre-installed email security appliance. Deployment Options: • • • • • SaaS - Software as a service Hybrid SaaS/On-premises Hardware appliance Virtual appliance Software (own hardware)

Proofpoint Email Security Appliance Features: • • • • • • • Spam Detection Virus Protection Zero-Hour Anti-Virus Regulatory Compliance Email Content Compliance Data Security Spam Email Statistics.

3.0 Setting up the Units for Deployment and Testing

Our next steps are to review the set-up process and get the unit ready for testing. First, I needed to get access to the appliance. I will be trying to set the email security appliance up as a proxy, in front of the some mail servers. 3.1 Getting Access Access to the Proofpoint Email Security appliance is fist done by the video console, by hooking a monitor up to the appliance. Entering into the field the username of "admin" and the password of "password" (default settings). Once logged in, select the 'Proofpoint Appliance Setup Assistant Guide' from the menu. This selection will then ask and guide you through the NMS settings of the unit (IP, Netmask, Gateway, hostname, DNS etc). For this review, I will be using the default IP addresses. Then, to get the unit ready for configuration, I hooked it up to our laptop, with the IP address set to and a netmask of . Then connected the unit and after a few seconds, a link on the ethernet status appeared. Configuration is done by the web interface. You can use Firefox or Internet Explorer to connect to the unit's default IP address of Once connected, a password web page prompt will come up. Just enter into the field the username "admin" and password of "password" (default settings). Then a few things need to be set in the email security appliance before deployment.

3.2 Setting Up IP and NMS After clicking on the "Appliance" link in the side menu, a selection of menu options will drop down and appear. Clicking on the "Network" option in the "Appliance" section, brings up the basic NMS and IP settings of the Email security appliance. You can double check your configuration for the network and NMS settings.

If you have run the Proofpoint Appliance Setup Assistant Guide, the settings entered in the assistant will appear in the fields of this section. You can double check or change the basic network configuration and basic NMS settings here.

4.0 Setting up for a domain for the Test Clicking on the "Inbound Mail" option under the "Appliance" section in the menu, brings up the inbound mail routes screen. This is were I add and configure the email domains I want to filter and manage. Adding a domain, by clicking "Add", I get a set of empty fields appear.

I enter the domain name ( and mail host IP in the "Route to Hosts" section. For the test, I will be setting "route by" to SMTP, "Lookup by" to A records only and "Delivery Type" to ordered. Then hit the save changes button. Now all I have to do, is set my domain MX and SPF records to point the to the Proofpoint appliance. This can take up to 48 hours to propagate properly, depending on the DNS set-up. Also, I should not forget to open port 25 on the firewall to the Internet for mail delivery. 5.0 System Information and Reporting Clicking on the "Summary" option under the "System" section in the menu, brings up a summary of the running system. The summary page displays various runtime statistics, hardware information and general email statistics of the appliance.

There is also, various reports and statistics available under the "logs and reports" menu. The selection of reports are quite varied and comprehensive. So many report types, it was a bit over the top, but at least there is a report type for everyone.

6.0 Email Quarantining I found the Proofpoint email appliance quarantining feature excellent and easy to use. With the ability to look at the quarantining statistics and the individual spam emails for verification, testing and releasing any false positive emails.

Clicking on the "Folders" or "Messages" option under the "Quarantine" section in the menu, brings up the spam emails or the summary of the quarantine. The quarantine folders page displays various types of spam and general email statistics that are related. 7.0 Testing the Appliance

I tested the email security appliance over a one week period with a active domain with about 4000 email accounts. Above is a screen shot of the statistics from that test. I found no false positives, so I am sure that the information is accurate. Spam Statistics: Email Total 178,540 Virus/Spam Blocked 154,660/2,516 Percent of Spam blocked 88.03%

8.0 Product Support Proofpoint provides support services to help make your Proofpoint implementation successful. Enterprise email systems are critical business applications, so Proofpoint support is available 24 hours a day, 365 days a year to respond to your needs. Proofpoint has three support programs—staffed by experts in the US, Canada, Europe, Japan and Mexico—that are designed to best match our customers' support level requirements. • Gold Support: Every Proofpoint customer receives the benefits of Gold level support, including 24x7 access to Proofpoint's Enterprise Support Portal and Technical Support Engineers available via phone during business hours for emergency cases. • Platinum Support: Customers who select our Platinum support program receive access to Proofpoint's Enterprise Support Portal and phone support 24 hours a day, every day of the year for "Priority 1" support cases. • Premium and Premium Lite Support: Designed for customers who would like personalised, priority technical support, Proofpoint’s Premium and Premium Lite Support programs let you maximize the value and effectiveness delivered by Proofpoint’s email security and data loss prevention solutions. An experienced, highly-skilled Technical Account Manager (TAM) is assigned to your account and acts as an extension of your inhouse staff, helping you optimize all aspects of your Proofpoint deployment.

9.0 The Conclusion The Proofpoint Email Security Appliance is an excellent product for Email security applications and anti spam applications. Fast, reliable and with trusted Dell server hardware, this makes the unit very useful for mission critical Email applications.

Pros • • • • • • •

Very rich feature set. Easy to use support web interface as well as administrator interface. Has email security and policy features. Radius, LDAP, POP and IMAP authentication for user lookups and remote management. Can be installed on our own server, supplied box or in a cloud product. Low administration requirements. Easy to configure.

Cons • Slightly expensive subscriptions. From my professional experience, this product is one of the best email security appliance on the market. I found no false positives issues and the email filter removed more spam than any other appliance I has seen. The support for the product is good, with sales and engineering staff quick to solve technical support issues and field product orders. 10.0 Product Review Rating This is a rating from my in-house and field testing. With a rating out of 5 stars. Reliability: Ease of Setup: Performance: Price Competitive: