proofpoint enterprise vs. mcafee email gateway

Proofpoint Enterprise vs. McAfee Email Gateway (Formerly IronMail from CipherTrust and Secure Mail from Secure Computing)

Proofpoint, Inc. 892 Ross Drive Sunnyvale, CA 94089 P 408 517 4710 F 408 517 4711 [email protected] www.proofpoint.com

mailto:[email protected]

Email is unquestionably the primary form of business communications. Unfortu-nately it is also one of the most vulnerable channels for security attacks, data leakage, and fraud. To protect against the ever-changing nature of email security threats, email security solutions must be constant-ly updated and improved. Spammers and criminal syndicates are continually evolv-ing their tactics, and email defense systems must keep pace—or, better yet, keep one step ahead.

CONTENTS

Executive Summary 4

The Evolution of Spam and Malware Threats 4

Finding an Innovative, Adaptive Defense Solution for the Enterprise 4

Section 1 - Product Fit with Market Needs 5

Technical Strengths Across Anti-Spam, Anti-Virus, and Data Loss Prevention 6

Anti-Spam and Anti-Virus Effectiveness 6

Comparing Anti-Spam Defenses 7

Comparing Anti-Virus Defenses 8

Different Approaches to Policy Management 8

Architectural Complexity and Total Cost of Ownership 9

Path to SaaS: Comparing Deployment and Migration Options 10

Section 2 - Product Committment 11

McAfee has Zero Major Releases Between 2006 - 2011 11

Section 3 - Email Security and Product Expertise 12

Engineering Organization 12

Support Organization 12

Conclusion 12

About Proofpoint, Inc. 13

Proofpoint Competitive Comparison - Proofpoint Enterprise vs. McAfee Email Gateway

EXECUTIVE SUMMARYEmail is unquestionably the primary form of business communications. Unfortunately, it is also one of the most vulnerable channels for security attacks, data leakage, and fraud. To protect against the ever-chang-ing nature of email security threats, email security solutions must be constantly updated and improved. Spammers and criminal syndicates are continually evolving their tactics, and email defense systems must keep pace—or, better yet, keep one step ahead.

If you rely on McAfee Email Gateway (formerly known as CipherTrust IronMail and Secure Mail), the legacy email security and compliance solution from McAfee, your organization is vulnerable to attack. The various vendors who have been responsible for this product over the past five years—first CipherTrust, then Secure Computing, then McAfee, and now Intel—have done almost nothing to develop or enhance the product in that time. In IT security, idleness creates risk. By failing to keep up with new threats, such as social media attacks and dynamic-IP botnets, McAfee and its predecessors have left customers vulnerable to spam and virus attacks—and hence vulnerable to lost data, lost productivity, regulatory penalties and fines, and dam-age to brand and reputation.

This white paper examines recent trends in spam and malware and the resulting requirements for enter-prise email security. Then, drawing on customer testimonials and on-site test results, the paper examines the effectiveness of McAfee Email Gateway to protect enterprise customers against spam and email-borne malware. For contrast, the paper compares the McAfee solution to Proofpoint Enterprise, Proofpoint’s email security and compliance platform. This paper is intended to help enterprises assess which solution is more likely to meet their ongoing IT security and compliance needs.

THE EVOLUTION OF SPAM AND MALWARE THREATSEnterprises should expect the onslaught of spam to continue. Botnets aren’t going away. Criminal syndi-cates won’t abandon a profitable business. In 2011 and beyond, attacks will likely become more frequent, targeted, devious, and malicious.

What characterizes spam in 2011? There are several new threat types that cannot be stopped by legacy solutions, especially those that haven’t evolved to keep up:

• Botnets and snowshoe networks now send spam with dynamic IP addresses within a single spam campaign

• Phishing and low-volume targeted attacks not only compromise your organization’s brand, but also “fly under the radar” of most legacy filters

• Blended threats combine the worst of traditional SMTP-based attacks with newer HTTP-based threats

• Social engineering continues as users are exploited for their trust in social networks such as Facebook

• Outbound spam is now one of the largest threats to an organization’s brand, and can be ex-tremely difficult to block with older uni-directional or reputation-based systems

How do new types of spam change the requirements for anti-spam defenses? Defenses must become more sophisticated. They can’t simply rely on just one or two techniques for detecting spam; they need to be able to consider a myriad of factors in email traffic, including up-to-the-moment intelligence about spam attacks occurring elsewhere. And they must continuously evolve, applying the latest analysis of spam and malware attacks to protect enterprises 24/7.

In short, to defend against evolving threats, defenses must themselves evolve. Enterprises should look for email security and compliance solutions that are dynamic, adaptive, and proven.

FINDING AN INNOVATIVE, ADAPTIVE DEFENSE SOLUTION FOR THE ENTERPRISEDeploying an innovative email security and compliance platform is an important part of any enterprise security strategy. The following sections compare McAfee Email Gateway to Proofpoint Enterprise across three broad axes:

• The overall technical fit of the McAfee and Proofpoint product to the market’s needs.

Email defense systems must evolve to keep pace. The McAfee product line has not been able to keep up with the new phase of malware attacks. In fact, the last major release of the product occurred well before new security threats such as dynamic-IP botnets and social-media phish-


ing schemes had become common at all. Tests in live customer environments demonstrate that McAfee overlooks a dangerous amount of spam and malware.

• Product commitment by McAfee and Proofpoint

How committed are the vendors to their respective product lines? One way to tell is to examine a company’s history of product releases, which is a useful proxy for investment levels in R&D.

• Email security and product expertise by McAfee and Proofpoint

Email security is a complex, mission-critical issue. To create the best products and deliver enterprise-class support, a vendor must build up stable engineering and support organizations with deep expertise in email technology, security practices, and more. Unfortunately for McAfee customers, the original CipherTrust team seems to be long gone, after the successive acquisi-tions by Secure Computing, McAfee, and now, Intel.

As the tables below make clear, there are significant differences between McAfee and Proofpoint. For example, the McAfee Email Gateway product group has not issued a major release in five years; they seem to have simply stopped innovating. And if the past five years provide any indication of the next five, then it’s safe to say that McAfee Email Gateway customers can expect little in the way of product innovation and improved security in the coming years—despite the increasingly malicious and complex threats that spammers and hackers are directing at enterprise email servers. McAfee is in direct contrast with Proof-point, which has innovated continually over the same period, and maintains a healthy and active roadmap.

Section 1

Product “fit” with market needs McAfee Proofpoint

Technical strength - anti-spam, anti-virus, and DLP •

Simple to manage with low TCO •

Enable path to SaaS •

Section 2

Product commitment McAfee Proofpoint

Number of major releases between 2006-2011 0 4

Number of minor releases between 2006-2011 4 12

Section 3

Long-term email security and product expertise McAfee Proofpoint

Within engineering •

Within support organization •

Section 1 - Product Fit with Market NeedsThe lack of product development has taken its toll on the quality of the McAfee Email Gateway product and feature set, causing product functionality to fall behind the market leaders. This is a story that Proof-point has been hearing repeatedly from many McAfee Email Gateway customers, and many of those cus-tomers are making the strategic decision to abandon the McAfee email solution and to adopt Proofpoint Enterprise instead. Having evaluated both products, these customers inevitably reach the same conclusion: Proofpoint’s solution is technically superior; the McAfee Email Gateway is a legacy product with severe deficiencies that leave employees vulnerable to attacks; ongoing total costs of ownership can be high, since hardware refreshes result in the addition of too many appliances and the administrative cost of the cluster is high; requires too many appliances and too much ongoing management by administrators; and the risks of staying with McAfee in light of evolving threats in areas such as phishing and targeted attacks are simply too great to continue with this costly, defective status quo. For the sake of email security and compliance, these customers are switching from McAfee and investing in Proofpoint.


Technical Strengths Across Anti-Spam, Anti-Virus, and Data Loss PreventionVaried threats require varied defenses. Proofpoint Enterprise offers a number of features that are not avail-able in the McAfee Email Gateway. These features are shown in the matrix below. As this comparison shows, Proofpoint Enterprise is a more complete email security and compliance platform with consolidated management, reporting, and flexible deployment options.

Technical Comparison Between McAfee Email Gateway and Proofpoint

Email Security (Anti-Spam and Anti-Virus) McAfee Proofpoint

Reputation-based spam detection • •

Machine learning technology for outbound spam detection •

Granular spam classification and dispositions •

Selection of anti-virus engines • •

Zero-hour anti-virus detection for zero-day protection • •

Email Compliance (DLP and Encryption) McAfee Proofpoint

Pre-configured compliance policies • •

Smart identifiers - algorithmic checks of structured data •

Managed dictionaries - pre-defined and updated libraries •

Advanced proximity and correlation analysis •

Policy-based encryption • •

Flexible encrypted message delivery • •

Per-message encryption keys • •

End-user encryption controls •

DLP incident dashboard for administrative remediation •

Self remediation of DLP violations •

ICAP integration with Web proxies for Web 2.0 compliance •

Management McAfee Proofpoint

Consolidated and aggregated reporting for multiple devices •

DLP Dashboard - consolidated view of compliance activity •

Deployment Options McAfee Proofpoint

Appliance • •

Software •

Private Cloud •

Public Cloud •

Table 1: Feature comparison showing Proofpoint Enterprise is a more complete email security and compliance platform

Anti-Spam and Anti-Virus EffectivenessBottom Line: McAfee’s ineffective anti-spam and anti-virus detection leaves your organization and end users vulnerable.

To detect the latest attacks, email security and compliance solutions require constant updates. Out-of-date defenses leave enterprises vulnerable to attack. When attacks get through, employee productivity suf-


fers, overworked email administrators and IT staff must scramble to mitigate the problem, and enterprises are put at risk for regulatory penalties.

Former McAfee Email Gateway customers, who have grown dissatisfied with McAfee’s spam detection technology, regularly evaluate Proofpoint Enterprise Protection behind McAfee in the inbound mail stream. The test results often surprise these customers because Proofpoint is able to detect spam that passed through McAfee’s filters undetected, and therefore poses a large risk to the organization. Undetected and leaked spam into the enterprise can make up a significant percentage of the overall mail stream.

MCAFEE EMAIL GATEWAY PROOFPOINT ENTERPRISE EMAIL SERVER

McAfee Email Gateway

Inbound email

Proofpoint Enterprise Email Server

INBOUND EMAIL


Inbound email

Proofpoint Enterprise Email ServerMcAfee Email Gateway

Inbound email


Figure 1: Email flow when Proofpoint Enterprise is evaluated behind McAfee in the email stream

To cite a customer case study (and a typical example), over a 30 day period, Proofpoint detected an ad-ditional 5% of spam (as a percentage of the total mail stream) for that enterprise customer when placed behind McAfee, as Figure 1 above illustrates. As shown in Figure 2 below, Proofpoint filtered 4,539,684 messages in the mail stream that passed the McAfee Email Gateway filters, and detected:

• 177,871 messages as spam

• 53 messages as infected with a virus

These are messages that passed McAfee’s email security features and would have reached your users’ in-boxes and caused lost employee productivity along with costly virus infections.

Spam Detection SummaryRule ID Last 4 Hours Last 24 Hours Last 7 Days Last 30 Days

Total % Total % Total % Total %

notspam 46,027 95.2% 181,606 94.6% 899,628 93.1% 4,234,408 93.3%

notspam_adultspam 2 0.0% 17 0.0% 134 0.0% 821 0.0%

probablespam 155 0.3% 655 0.3% 3,200 0.3% 23,346 0.5%

probablespam_adultspam 0 0.0% 0 0.0% 16 0.0% 53 0.0%

safe 466 0.9% 4,042 2.1% 36,308 2.7% 126,584 2.8%

spam 1,707 3.5% 5,738 3.0% 37,021 3.8% 153,132 3.4%

spam_adultspam 2 0.0% 15 0.0% 188 0.0% 1,340 0.0%

Total 48,339 99.9% 192,073 100% 966,495 99.9% 4,539,684 100%

Figure 2: Spam detection report showing Proofpoint detected over 150,000 spam messages when deployed behind McAfee Email Gateway in the email stream

Comparing Anti-Spam DefensesProofpoint’s anti-spam technology offers several important benefits over the competing technology from McAfee. First, Proofpoint is able to granularly classify spam, which gives email administrators tremendous control when configuring spam policies. For example, they can decide to drop all phishing messages and adult-based spam while quarantining other less dangerous spam.

Second, Proofpoint is able to detect outbound spam—spam sent from compromised systems within the enterprise, along with spam sent inadvertently by an enterprise’s employees. Outbound spam can seriously damage a company’s reputation. Once email servers across the Internet identify the enterprise as a source


of spam, they may block or drop legitimate email from the enterprise, disrupting business communications and cutting the enterprise off from its customers and partners.

Spam defenses that overly rely on reputation analysis for spam detection (rejecting email from certain domains because of their reputations as spammers) are unable to detect outbound spam, because they inherently trust IP addresses from their own domains. Similarly, spam defenses that rely on simplistic con-tent scoring will overlook outbound spam that employs the latest sophisticated techniques of spammers. And, of course, many anti-spam systems were never designed to filter both inbound and outbound traffic in the first place. They naively assume that all outbound traffic should be trusted—a naive assumption, as any analysis of an enterprise’s email traffic will show.

Proofpoint, which does filter both inbound and outbound traffic, avoids the heuristic blind spots of other anti-spam defenses by complementing reputation analysis with robust, patent-pending, machine-learning technology that evaluates hundreds of thousands of message attributes. Using this sophisticated analy-sis—which Proofpoint continually updates in real-time—Proofpoint is able to reliably detect spam from any source, including an enterprise’s own email servers. As a result, Proofpoint, unique among email se-curity vendors, delivers highly accurate, two-way protection against spam, protecting customers’ reputa-tions as well as their productivity. (For more information about Proofpoint anti-spam technology and how outbound spam detection can protect your company’s email reputation, please see Proofpoint’s Anti-Spam white paper.)

Comparing Anti-Virus DefensesSurprisingly, on-site tests with real McAfee customers found that, in addition to admitting too much spam into enterprise networks, the McAfee Email Gateway also exposed customers to virus infections. In another enterprise customer example covering a 40 day period, Proofpoint detected 72 viruses that passed McAfee’s Email virus filters. The chart below analyzes 53 of those viruses, which were found in the first 30 days.

Virus Protection SummaryRule ID Last 4 Hours Last 24 Hours Last 7 Days Last 30 Days

Viruses Detected 0 0 19 53

Rank Last 7 Days

1 trojan-downloader.w32/oficla.1x 13

2 trojan-downloader.w32/oficla.1v 2

3 corrupted 1

4 trojan.agent.new 1

5 trojan-downloader.w32/oficla.1z 1

6 gen:variant.kazy.11190 1

Figure 3: Virus report showing that Proofpoint Enterprise detected 53 viruses in email messages over 30 days when deployed behind McAfee Email Gateway in the mail stream

Viruses remain a costly threat to the enterprise. A decade ago, many viruses clogged networks or crashed desktop systems. New viruses are more malicious. They can erase data, shutdown servers, and install root-kits that put systems under the control of botnet syndicates. Costs per incident vary, but it’s not unusual for remediation and downtime costs for a single incident to reach $100,000. Enterprises should strive to eliminate all viruses from their email streams—and 100% protection against viruses is what Proofpoint Enterprise delivers.

Different Approaches to Policy ManagementFormer McAfee Email Gateway customers report that McAfee has been slow to introduce email compli-ance features, such as the ability to create accurate information security policies for regulatory compliance and document fingerprinting. McAfee’s data loss prevention (DLP) technology originates from the acqui-sition of Reconnex in August of 2008. Judging by the number of hotfixes released after the acquisition, the recent integration of the Reconnex product into the McAfee Email Gateway platform has created perfor-mance and stability problems to the platform.

http://www.proofpoint.com/anti_spam_whitepaper

http://www.proofpoint.com/anti_spam_whitepaper


Because McAfee never updates or manages the DLP dictionaries - the company ships static, pre-config-ured policies on the McAfee Email Gateway platform - McAfee customers may find themselves filtering email traffic with an out-of-date or incomplete set of dictionary terms or policy rules. McAfee’s inaction puts customers at risk for data leakage whenever regulations change and dictionaries need updating, such as when a new drug or medicine is approved by the FDA, or a new disease or cancer is identified. Such changes are not automatically updated to the enterprise’s HIPAA policy (as is the case with Proofpoint). In industries such as finance and healthcare, changes like this occur regularly. For example:

• In healthcare, annual updates for ICD-10-CM (International Classification of Diseases, 10th Edition, Clinical Modification) and ICD-10-PCS

• Updates for SSN issuance in July 2011

Customers that have evaluated both technologies have determined that McAfee’s DLP technology and policy engine are not as robust and accurate as Proofpoint’s (For example, the McAfee product cannot create complex Boolean rules, such as defining a policy based on a sender+keyword pattern. Proofpoint supports Boolean rules of this complexity and greater.). Proofpoint offers built-in regulatory compliance policies, Smart Identifiers1, and Managed Dictionaries to make creating, managing, and enforcing policies easy, flexible, and transparent. Proofpoint updates its Managed Dictionaries automatically, reducing ad-ministrator workload and reducing the chances that out-of-date filtering policies will be applied to email traffic.

Policy-based encryption is another important area of consideration when considering DLP. Proofpoint’s policy-based encryption is powerful and easy to use. For example, in its latest release, Proofpoint intro-duced per-message key management features, which give administrators the option of allowing end users to manage their encrypted messages, through revoking, expiring, or restoring encryption keys. This func-tionality, which can reduce administrative workload, is not available on the McAfee solution.

Architectural Complexity and Total Cost of OwnershipBottom Line: A complex architecture can be difficult and costly to manage.

Redundant or large deployments requiring multiple McAfee Email Gateway appliances are costly and dif-ficult to manage. The McAfee architecture divides common email security functions across multiple dedi-cated appliances, increasing capital and operating costs. For example, McAfee requires a separate appliance for use as a Central Quarantine Server, and a separate appliance for use as a Control Center. A McAfee Email Gateway deployment that began as three appliances can easily double in size. Combined with poor spam detection and a weaker policy engine, management and administration of the solution can become a huge burden, often requiring administrators to log into multiple user interfaces to perform common tasks such as pulling reports, or setting up a server to perform the sole task of hosting encrypted messages. The numerous devices not only take up data center space, power, and administrative man-hours, they lead to repeated spikes in capital expenditures every three years when the devices reach their end-of-life and need to be replaced.

Proofpoint’s integrated architecture avoids the financial and operational problems associated with deploy-ing separate appliances for management, quarantine consolidation, or encrypted message delivery. As a re-sult, the Proofpoint solution delivers a dramatically lower Total Cost of Ownership (TCO). Appliances can be clustered, where one appliance acts as a Master to aggregate and consolidate data for multiple Agents, as well as to centrally manage the configuration of the entire cluster. Each of the appliances in this cluster can also filter inbound and outbound email; thus, the clustered appliances have multiple purposes, unlike McAfee’s appliances which are used solely as a Quarantine Server or Control Center.

A typical deployment scenario illustrating architectural cost considerations between the two products is shown in Figure 4.

“The Security team has chosen to use Proofpoint’s DLP for email even though they purchased Reconnex at the same time on a different project.”

Former McAfee Email Gateway customer


Proofpoint

Management

Quarantined Emails

Encrypted Emails

Administrator Access

End User Access

McAfee Email Edge Gateway

McAfee Email Gateway Control Center

McAfee Secure Web Delivery Server

McAfee Email Gateway Appliances

McAfee Email Gateway Quarantine ServerManagement

Quarantined Emails

Encrypted Emails


End User Access





McAfee Email Gateway Quarantine Server Management

Quarantined Emails

Encrypted Emails


End User Access





McAfee Email Gateway Quarantine Server


Inbound email



Inbound email


MCAFEE EMAILGATEWAY CONTROL CENTER

ADMINISTRATOR ACCESS

MCAFEE EMAILGATEWAY APPLIANCES

MCAFEE EMAILEDGE GATEWAY


Inbound email

Proofpoint Enterprise Email ServerMCAFEE EMAIL GATEWAYQUARANTINE SERVER


Inbound email

Proofpoint Enterprise Email ServerMCAFEE SECUREWEB DELIVERY SERVER

END USER ACCESS

QUARANTINEDEMAILS

ENCRYPTED EMAILS

McAfee

Management

Quarantined Emails

Encrypted Emails


End User Access






Management

Quarantined Emails

Encrypted Emails


End User Access







Inbound email

Proofpoint Enterprise Email ServerPROOFPOINT MASTER

ADMINISTRATOR ACCESS

PROOFPOINT AGENT(S)

END USER ACCESS

Proofpoint Agent(s)

Administrator AccessEnd User Access

Proofpoint Master

MANAGEMENT

Figure 4: Architectural cost considerations in a typical deployment scenario for McAfee vs. Proofpoint.

To drive costs down even further, as outlined in the next section, Proofpoint customers also have the op-tion of running all their email security services in the cloud or in a private cloud / virtualized infrastructure in Proofpoint’s global network of SAS70-Type II data centers. Administrators can manage all Proofpoint services through a single, integrated, and secure user interface.

Path to SaaS: Comparing Deployment and Migration OptionsBottom Line: The McAfee Email Gateway does not provide an effective migration Path to SaaS.

Another trend over the past few years for enterprises that are looking for an email security and compliance solution is the adoption of cloud services, including Software-as-a-Service (SaaS), because of the cost savings, cost predictability, ease of management, and economies of scale. McAfee has recognized this trend and acquired MxLogic, a SaaS provider of email security services, in November of 2009 - a move intended to “bolster [its] security as a service lineup.”2

Almost two years later, McAfee still has yet to integrate the security technologies from the MxLogic ac-quisition, the Reconnex acquisition, and the Secure Computing acquisition. For enterprise customers that need a pure cloud or hybrid solution, McAfee recommends the deployment of two completely separate and non-cohesive products (using different technologies, a different user interface, and a separate administra-tive experience). While the McAfee Email Gateway was proven in enterprise environments five years ago, the MxLogic solution was deployed mostly by small businesses, as their average customer size at the time of the acquisition was 100 users.3

Proofpoint Enterprise has been deployed successfully in many different environments, from the world’s largest organizations with millions of users, to medium sized enterprises spanning several hundred us-ers (Proofpoint supports both private cloud and public cloud installations). When switching from one deployment model to another, Proofpoint customers do not need to learn new products, processes, and user interfaces; they simply continue using the interfaces and technologies they are already familiar with.

EMAIL SECURITY DEPLOYMENT MODES

• On-Premises Deployed as an appliance or

software

• PrivateCloud Deployed as a virtual appliance

• PublicCloud Deployed as a Software-as-a-

Service


Question to ask McAfee: “Has your email security solution been proven in on-premises, hybrid, public cloud, or private cloud deployments?”

Section 2 - Product CommitmentSecure Computing did not make any major improvements to IronMail when it acquired CipherTrust in 2007. This neglect continued when McAfee acquired Secure Computing in November 2008. Four acquisi-tions (counting the recent Intel purchase of McAfee) and five years later, customers are still waiting for feature and product commitments to be fulfilled, having received only patches and maintenance releases.

McAfee has Zero Major Releases Between 2006 - 2011As mentioned earlier, innovation in this market is key to protecting your organization from malware. His-torical product releases are a viable proxy for past innovation, and a good predictor of a future, active roadmap. The last product release from the original CipherTrust was IronMail version 6.5.4 in 2006. Since then, there have been a total of three product releases, two of which were focused around rebranding the product due to acquisitions, and two focused around a product name change. Since taking ownership of the IronMail/Secure Mail product, McAfee has only made just one minor release available to customers, and five subsequent Hotfixes (see next section for details). These release milestones are listed below:

July 2007: Secure Computing releases IronMail version 6.7.0

Feb 2008: Secure Computing releases Secure Mail version 6.7.1

Mar 2010: McAfee releases McAfee Email Gateway version 6.7.2

Proofpoint, on the other hand, has taken a different approach: the company has never stopped innovat-ing, and continues to release new capabilities and feature enhancements on a regular basis, benefitting customers and protecting them from the latest email and malware threats. Since 2006, Proofpoint has distributed four major product releases and 12 minor product releases, as shown in Figure 5 below. 4

14

12

10

8

6

4

2

0

MAJOR RELEASES MINOR RELEASES

NUMBER OF RELEASES: 2006–2011

Proofpoint

0

4 4

12

Proofpoint McAfee

McAfee

Figure 5: Since 2006, the McAfee Email Gateway product has had zero major releases.

Ancillary products, such as McAfee Email Gateway Encryption and Email Gateway Control Center (an administrative interface), have received minor updates, but these products are not designed to directly deliver anti-spam and anti-virus defenses—that’s the job of the McAfee Email Gateway, which continues to operate without any major updates.

Questions to ask McAfee: “What features are on your roadmap?” or “What features were included in your previ-ous releases?”


Section 3 - Email Security and Product ExpertiseMergers and acquisitions frequently lead to employee turnover. Not surprisingly, the three successive ac-quisitions of the IronMail product and team—first the acquisition of CipherTrust by Secure Computing, then the acquisition of Secure Computing by McAfee, and most recently the acquisition of McAfee by Intel—has left few to none of the original team members in place. It’s fair to ask whether this flight of tal-ent has caused product quality and customer service to suffer. Certainly, product development has slowed to a crawl.

Questions to ask McAfee: How many McAfee (now Intel) employees really understand the workings of these products? How many are prepared to significantly rework and support these legacy products, in order to deliver the sophisticated email defenses that enterprises need in 2011?

Engineering Organization

Bottom Line: Engineering No Longer Has Email Security Expertise – Their Only Release Requires Constant Patches

Instead of innovating and protecting customers from the latest email related security threats, McAfee has been concentrating its development efforts on maintenance releases. Since McAfee acquired Secure Computing and released McAfee Email Gateway version 6.7.2, there have only been four Hotfix releases, as shown below:

May 2010: McAfee releases McAfee Email Gateway version 6.7.2 Hotfix 2

June 2010: McAfee releases McAfee Email Gateway version 6.7.2 Hotfix 3

Sept 2010: McAfee releases McAfee Email Gateway version 6.7.2 Hotfix 4

Mar 2011: McAfee releases McAfee Email Gateway version 6.7.2 Hotfix 5

Email security solutions require constant innovation and need to adapt to market needs, in order to protect businesses from the sophisticated, increasingly targeted security threats affecting enterprises. As an example of a recent attack, a breach at RSA began with a seemingly benign two day spear-phishing attack, where at least one employee retrieved an email from their junk mail folder and subsequently entered their credentials on a fake webpage.5 Proper defenses against spear-phishing could have alleviated the breach.

Proofpoint has a powerful policy engine with granular spam classifiers to prevent this type of workflow from happening. Granular spam classification allows administrators to send pure spam messages to end-user quarantines, and more dangerous phishing messages to a separate administrative quarantine not accessible to end users. Often these quarantined phish messages might be deleted automatically or further submitted to law enforcement for forensic review. Our development and security research team is focused on email, so Proofpoint is continually improving its products and technology to stay ahead of hackers and malicious users, or to respond to dynamic regulatory requirements.

Question to ask McAfee: “How are you innovating to defend against the latest threats, such as phishing and spear-phishing attacks?”

Support OrganizationBottom Line: Poor Support Will Impact Your Business

McAfee’s lack of email security and product expertise within their support organization can have con-sequences on the flow of email for your business and the productivity of your email administrators. To troubleshoot a product issue or mail flow problem in a timely manner, your IT staff should have immedi-ate access to a support engineer who is familiar with the product and typical email infrastructure. It can take several phone calls to reach a knowledgeable support engineer for the Email Gateway product family in larger companies such as McAfee, who offer a broad product portfolio, or who may not have the deep expertise to troubleshoot an acquired product after the original staff has departed the organization.

At Proofpoint, we recognize email is a business-critical application. Our entire support staff has deep ex-pertise in our security and compliance solutions - as that is our core business. Support engineers are trained to provide the highest level of technical expertise.

Question to ask McAfee: “How many CipherTrust support engineers have you retained?”

CONCLUSIONFive years ago, the former IronMail product, now McAfee Email Gateway, was a viable email security plat-form. Perhaps as a result of multiple company acquisitions, product development has stalled, and—as for-mer customers repeatedly tell us—product quality and support seem to have deteriorated, leaving IronMail

RECENT EMAIL-BASED ATTACKS AND

THREATS

• September 2010 VBMania/“HERE YOU HAVE”

• September2010 HTML attachments containing

JavaScript

• April2010 RSA Breach

• April2010 Epsilon Breach

“We made a strategic decision to move off of McAfee’s IronMail to address the virus and spam effectiveness issues we were experiencing. Proofpoint showed us that their focus was on e-mail security and compliance and proved it with superior customer service and support.”

Tom Norman, PostmasterGrand Valley State University


users vulnerable to attack and data leakage. It seems unlikely that Intel’s recent acquisition of McAfee will turn things around. Momentum has been lost, and customers find that major threats are going unmet, exposing their organizations to risk. Major threats are going unmet. Users are vulnerable, and are likely to remain so.

Having grown disillusioned with the IronMail product and McAfee’s inaction, many Email Gateway cus-tomers are switching to a best-of-breed solution, Proofpoint Enterprise, to meet their email security and compliance requirements. Since it was founded in 2001, Proofpoint has remained focused on email security and compliance. Proofpoint is happy to provide a list of recent McAfee replacements and references for your review. Unlike McAfee, Proofpoint continues to innovate, introducing new features and products, especially around anti-spam and advanced threat detection, email security and compliance, and email encryption. Proofpoint’s roster of major enterprise customers—which includes industry leaders in finance, healthcare, manufacturing, and retail, as well as major government agencies—testifies to the success and viability of Proofpoint’s technology and services.

ABOUT PROOFPOINTProofpoint focuses exclusively on the art and science of cloud-based email security, eDiscovery and com-pliance solutions. Organizations around the world depend on Proofpoint’s expertise, patented technologies and on-demand delivery system to protect against spam and viruses, safeguard privacy, encrypt sensitive information, and archive messages for easier management and discovery. Proofpoint’s enterprise email solutions mitigate the challenges and amplify the benefits of enterprise messaging. Learn more at www.proofpoint.com.

1 “Smart identifiers” combine regular expressions with algorithmic checks to ensure detection accuracy and eliminate false positives.

2 ZDNet article dated July 30, 2009.3 ZDNet article dated July 30, 2009 that states MxLogic had “40,000 customers and 4 million end users.”4 Major Proofpoint releases since 2006 include: 3.0, 4.0, 5,0, 6.0.5 “RSA SecurID breach began with spear phishing attack”, TechTarget , April 4, 2011

http://www.proofpoint.com


US Worldwide HeadquartersProofpoint, Inc.

892 Ross Drive

Sunnyvale, CA 94089

United States

Tel +1 408 517 4710

US Federal OfficeProofpoint, Inc.

13800 Coppermine Road

Suite 203

Herndon, VA 20171

United States

Tel +1 703 885 6809

Asia PacificProofpoint APAC

Suntec Tower 2,

9 Temasek Boulevard,

31F

Singapore 038989

Tel +65 6559 6128

EMEAProofpoint, Ltd.

200 Brook Drive

Green Park

Reading, UK

RG2 6UB

Tel +44 (0) 870 803 0704

JapanProofpoint Japan K.K.

BUREX Kojimachi

Kojimachi 3-5-2,

Chiyoda-ku

Tokyo, 102-0083

Japan

Tel +81 3 5210 3611

CanadaProofpoint Canada

210 King Street East,

Suite 300

Toronto, Ontario,

M5A 1J7

Canada

Tel +1 647 436 1036

MexicoProofpoint Mexico

Salaverry 1199

Col. Zacatenco

CP 07360

México D.F.

Tel: +52 55 5905 5306

Proofpoint focuses exclusively on the art and science of cloud-based email security, eDiscovery and compliance solutions. Organizations around the world depend on Proofpoint’s expertise, patented technologies and on-demand delivery system to protect against spam and viruses, safeguard privacy, encrypt sensitive information, and archive messages for easier management and discovery. Proofpoint’s enterprise email solutions mitigate the challenges and amplify the benefits of enterprise messaging.

www.proofpoint.com

©2011 Proofpoint, Inc. Proofpoint, Proofpoint Archive, and Proofpoint DoubleBlind Encryption are trademarks or registered trademarks of Proofpoint, Inc. in the United States and other countries. All other trademarks contained herein are property of their respective owners. 05/11


proofpoint enterprise vs. mcafee email gateway

Documents