up the encryption feature requires answering a few questions, such as what the
domain name to be used is, and configuring at least one of what the company
calls response profiles, giving the actions available to recipients of
encrypted messages. For example, you can allow messages to be forwarded within
the original sender's or recipient's domain. You can have different profiles
that are mapped to particular users or groups, too.
the initial setup, you press a "test" button in the administrative
interface to make sure you've done everything properly, and the software will
report any errors. This is a nice feature.
Administrators have granular control over the Proofpoint encryption
keys. You can undelete previously deleted keys, change the expiration timestamp
for a key and toggle the access to a secure message for each recipient of the
has some caveats when using Outlook and Exchange for encrypted messages. First,
you should examine two Microsoft Knowledge Base
articles (912939 and 958881) to set up Exchange to work properly with
Proofpoint's Encryption. If using the combination of Outlook 2007
running on Windows Vista, when a user receives an
encrypted message, he or she should open (rather than save and then open) the
attachment in order to authenticate and decrypt the message. The decryption
routine won't work if the attachment is saved first.
I uncovered another issue when I used Microsoft's proprietary
Exchange Rich Text message format to send encrypted messages. Proofpoint
recommends turning off this option in Exchange globally-or for users who do
frequent encryptions-because this special format can't be sent to
mentioned above, administrators can easily search for particular messages,
including the encrypted ones. Also included in the product is a large
collection of preset reports on top senders, common viruses detected and other
message trends. This is fairly typical for e-mail products of this class. You
just scroll down the list of reports and select the reporting period (such as last
day, week or month) and click on the report. You can export the information to
a spreadsheet, e-mail it or further customize the output.
There's a lot more than encryption
in Proofpoint's Protection Server. It offers a powerful e-mail policy and rules
processing engine, similar to old standards such as Sendmail's Sentrion and
other e-mail heavyweights. If you're looking to upgrade your e-mail server with
a single security device, this might be the ticket.
There are modules for anti-spam
processing, for antivirus (licensed from F-Secure) and for general e-mail
firewall tasks, such as blocking messages with large attachments or attached
executable files. These all cost extra and are licensed for a particular number
of user mailboxes. The pricing scheme is complex, one might say annoyingly so.
Proofpoint has also put a lot of
work into its data loss prevention rule sets. While not as fully featured as a
dedicated DLP product from Code Green or others, these rule sets have the
ability to add compliance rules around detecting Social Security numbers and
credit card strings that are included in e-mails. But Proofpoint charges dearly
for this module, too, reflecting the higher fees DLP
providers can get for their offerings.
The bottom line is that Protection
Server is a worthwhile product (or service,
if you purchase the Web version) that you may want to look at if your existing
e-mail system is ready to be replaced.
David Strom is a writer, blogger and speaker with years of
experience in the information technology field.
Proofpoint On Demand Protection
Server v 126.96.36.199
P340 Proofpoint Messaging Security
892 Ross Drive
Sunnyvale, CA 94089
408 517 4710
Up to 250 Users: $3995
Regulatory Compliance: +$6950
There are two bundles of these
modules that are less expensive. Prices go up for additional users.