Review: Proofpoint Makes Encryption Easier

Setting up the encryption feature requires answering a few questions, such as what the domain name to be used is, and configuring at least one of what the company calls response profiles, giving the actions available to recipients of encrypted messages. For example, you can allow messages to be forwarded within the original sender’s or recipient’s domain. You can have different profiles that are mapped to particular users or groups, too.

After the initial setup, you press a “test” button in the administrative interface to make sure you’ve done everything properly, and the software will report any errors. This is a nice feature.

Administrators have granular control over the Proofpoint encryption keys. You can undelete previously deleted keys, change the expiration timestamp for a key and toggle the access to a secure message for each recipient of the message.

Proofpoint has some caveats when using Outlook and Exchange for encrypted messages. First, you should examine two Microsoft Knowledge Base articles (912939 and 958881) to set up Exchange to work properly with Proofpoint’s Encryption. If using the combination of Outlook 2007 running on Windows Vista, when a user receives an encrypted message, he or she should open (rather than save and then open) the attachment in order to authenticate and decrypt the message. The decryption routine won’t work if the attachment is saved first.

I uncovered another issue when I used Microsoft’s proprietary Exchange Rich Text message format to send encrypted messages. Proofpoint recommends turning off this option in Exchange globally—or for users who do frequent encryptions—because this special format can’t be sent to non-Exchange/Outlook recipients.

Clever search and navigation

As mentioned above, administrators can easily search for particular messages, including the encrypted ones. Also included in the product is a large collection of preset reports on top senders, common viruses detected and other message trends. This is fairly typical for email products of this class. You just scroll down the list of reports and select the reporting period (such as last day, week or month) and click on the report. You can export the information to a spreadsheet, email it or further customise the output.

There’s a lot more than encryption in Proofpoint’s Protection Server. It offers a powerful email policy and rules processing engine, similar to old standards such as Sendmail’s Sentrion and other email heavyweights. If you’re looking to upgrade your email server with a single security device, this might be the ticket.

There are modules for anti-spam processing, for antivirus (licensed from F-Secure) and for general email firewall tasks, such as blocking messages with large attachments or attached executable files. These all cost extra and are licensed for a particular number of user mailboxes. The pricing scheme is complex, one might say annoyingly so.

Proofpoint has also put a lot of work into its data loss prevention rule sets. While not as fully featured as a dedicated DLP product from Code Green or others, these rule sets have the ability to add compliance rules around detecting Social Security numbers and credit card strings that are included in emails. But Proofpoint charges dearly for this module, too, reflecting the higher fees DLP providers can get for their offerings.

The bottom line is that Protection Server is a worthwhile product (or service, if you purchase the web version) that you may want to look at if your existing email system is ready to be replaced.