Proofpoint delivers strong messaging security

Proofpoint Messaging Security Gateway (with Protection Server 4.0)
Proofpoint
Price: $9,750 for P800 appliance, plus annual subscription fees for selected software modules

Viruses, spam, spyware and worms inflict heavy cleanup costs, loss of productivity, and often force companies to implement multiple layers of protection. Therefore, companies just cannot afford to pile more software on already overburdened servers, workstations and desktops.

Proofpoint's Messaging Security Gateway email security appliance claims to solve these threats by taking care of them before they reach the email server.

Installation/Configuration: A
The mid-range P800 we tested runs Proofpoint Protection Server 4.0 on a hardened Linux platform. To get started, simply change the default password and basic network settings so the device can be plugged in to the existing network and be accessed via its secure Web interface.

A quick-start wizard takes you through the setup, where you can configure the domains and email servers to be protected.

Considering the number of features and settings available, the Web interface is well designed, presenting sections and subsections for easy configuration.

Global policies preventing common attacks are created automatically. More granular policies, including spam rules, can be based on groups or even individual users and their attributes.

Effectiveness: B+
The appliance, powered by F-Secure's Anti-Virus engine, handled suspect email well, stopping 94 percent of the spam; only two of 188 quarantined messages were false positives.

The software inspects each message in different ways, from structural analysis to reverse DNS query, and also detects foreign language spam. The antispam engine also learns from the actions taken by users on quarantined mail.

The embedded email firewall protects the network from buffer overruns, directory harvest and other connection-level attacks. Proofpoint also offers an optional module for zero-day viruses.

The compliance module inspects inbound and outbound mail for defined text, numbers or regular expressions, and confidential information, such as patient records and credit card numbers.

Management: B
The engine contains more than 50,000 rules, and more are added weekly through regular updates. You can also create custom rules to ensure important email is not quarantined.

Organizations with need for multiple devices can manage them from a master Web interface. High availability and failover support can also be configured with ease.

Users and groups can be added in multiple ways, from LDAP directories to CSV files.

Reporting: B
Proofpoint Messaging Security Gateway offers more than 30 reports with various statistics and in-depth information for executive management. You can also customize these reports before exporting, mailing, or publishing them on a URL. The reports are comprehensive and cover a wide audience, from executive management to a privacy officer.

Verdict
Proofpoint Messaging Security Gateway is a highly recommended, affordable solution for big enterprises that need protection from email-based attacks.

Testing methodology
The Proofpoint P800 appliance was configured to protect emails from a single email server in our lab environment. We let it inspect emails for a single domain for about three weeks during the review.

This review originally appeared in the Sept. 2006 edition of Information Security magazine.