Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Email Security Recommendations
From: "Greer, Thomas N" <tg04 () TXSTATE EDU>
Date: Mon, 12 Nov 2012 20:54:36 +0000

We've been using Proofpoint for nine years now on both inbound and outbound E-mail.  It's been highly effective, with 
few false positives.  There is little administrative overhead involved in running it - just monitoring and responding 
to the small number of false negatives and false positives.

We also have the optional encryption and regulatory compliance modules.  Our IT Security teams handle the day-to-day 
operation of those, but from what I know they look good.

In our initial evaluation against another product, the deciding factor was the quality of support provided.  Since that 
time, Proofpoint's support has been consistently responsive and effective.

I'll be more than happy to discuss details of our experience, if anyone is interested.

Tom Greer  (tg04 () txstate edu<mailto:tg04 () txstate edu>)
Core Systems
Texas State University

-----Original Message-----
From: Sherry Callahan [mailto:scallahan () KUMC EDU]
Sent: Friday, November 09, 2012 2:59 PM
Subject: Re: Email Security Recommendations


I think I've mentioned here before that we're a long time user of the Proofpoint email encryption product.  We have it 
in our outbound email stream, but not in-bound (so no spam or virus filtering).  We have been extremely happy with the 
product so far, and I'm trying to convince our network folks to put Proofpoint behind our Barracudas as a test to see 
how effective the Barracudas are.  We tend to see a lot of spam and viruses making it through, and Proofpoint claims 
they are more effective than Barracuda.

On the encryption side, we have a "Send Securely" button within Outlook that users can click to designate that an email 
should go out encrypted.  If they forget to do that and send out sensitive information, the Regulatory Compliance 
functionality within Proofpoint can identify that and automatically encrypt.  We have it configured to then send an 
email to the sender to let them know that the email was encrypted (as a "teachable moment".)

Also, one unintended benefit that we've found for our Proofpoint implementation is that it's been very effective in 
catching replies to phishing emails.  Catching someone trying to send out their password and not allowing that to go 
out is much better than cleaning up a compromised mailbox.

I'd be happy to talk to you at length about Proofpoint if you have other questions.

Sherry Callahan
Director, Information Security
University of Kansas Medical Center
(913) 588-0966 | scallahan () kumc edu<mailto:scallahan () kumc edu>

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bryan S. 
Sent: Friday, November 09, 2012 1:41 PM
To: Sherry Callahan; The EDUCAUSE Security Constituent Group Listserv
Subject: [SECURITY] Email Security Recommendations

We are currently Postini users and are looking to move to a new product to battle incoming spam and viruses, and 
encrypt sensitive data leaving the university as well as outbound spam filtering.  We have narrowed our search to 
Proofpoint, Barracuda, McAfee, and Axway.  I looking for input from other Universities who are using one of these 
products to get real world feedback.


Bryan McLaughlin
Information Security Officer
Creighton University
bmclaughlin () creighton edu<mailto:bmclaughlin () creighton edu>

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]