Educause Security Discussion
mailing list archives
Re: Email Security Recommendations
From: "Greer, Thomas N" <tg04 () TXSTATE EDU>
Date: Mon, 12 Nov 2012 20:54:36 +0000
We've been using Proofpoint for nine years now on both inbound and outbound E-mail. It's been highly effective, with
few false positives. There is little administrative overhead involved in running it - just monitoring and responding
to the small number of false negatives and false positives.
We also have the optional encryption and regulatory compliance modules. Our IT Security teams handle the day-to-day
operation of those, but from what I know they look good.
In our initial evaluation against another product, the deciding factor was the quality of support provided. Since that
time, Proofpoint's support has been consistently responsive and effective.
I'll be more than happy to discuss details of our experience, if anyone is interested.
Tom Greer (tg04 () txstate edu<mailto:tg04 () txstate edu>)
Texas State University
From: Sherry Callahan [mailto:scallahan () KUMC EDU]
Sent: Friday, November 09, 2012 2:59 PM
Subject: Re: Email Security Recommendations
I think I've mentioned here before that we're a long time user of the Proofpoint email encryption product. We have it
in our outbound email stream, but not in-bound (so no spam or virus filtering). We have been extremely happy with the
product so far, and I'm trying to convince our network folks to put Proofpoint behind our Barracudas as a test to see
how effective the Barracudas are. We tend to see a lot of spam and viruses making it through, and Proofpoint claims
they are more effective than Barracuda.
On the encryption side, we have a "Send Securely" button within Outlook that users can click to designate that an email
should go out encrypted. If they forget to do that and send out sensitive information, the Regulatory Compliance
functionality within Proofpoint can identify that and automatically encrypt. We have it configured to then send an
email to the sender to let them know that the email was encrypted (as a "teachable moment".)
Also, one unintended benefit that we've found for our Proofpoint implementation is that it's been very effective in
catching replies to phishing emails. Catching someone trying to send out their password and not allowing that to go
out is much better than cleaning up a compromised mailbox.
I'd be happy to talk to you at length about Proofpoint if you have other questions.
Director, Information Security
University of Kansas Medical Center
(913) 588-0966 | scallahan () kumc edu<mailto:scallahan () kumc edu>
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bryan S.
Sent: Friday, November 09, 2012 1:41 PM
To: Sherry Callahan; The EDUCAUSE Security Constituent Group Listserv
Subject: [SECURITY] Email Security Recommendations
We are currently Postini users and are looking to move to a new product to battle incoming spam and viruses, and
encrypt sensitive data leaving the university as well as outbound spam filtering. We have narrowed our search to
Proofpoint, Barracuda, McAfee, and Axway. I looking for input from other Universities who are using one of these
products to get real world feedback.
Information Security Officer
bmclaughlin () creighton edu<mailto:bmclaughlin () creighton edu>