Proofpoint Enterprise vs. McAfee Gateway (Formerly IronMail from CipherTrust and Secure Mail from Secure Computing)

Transcription

1 Proofpoint Enterprise vs. McAfee Gateway (Formerly IronMail from CipherTrust and Secure Mail from Secure Computing) Proofpoint, Inc. 892 Ross Drive Sunnyvale, CA P F [email protected]

2 is unquestionably the primary form of business communications. Unfortunately it is also one of the most vulnerable channels for security attacks, data leakage, and fraud. To protect against the everchanging nature of security threats, security solutions must be constantly updated and improved. Spammers and criminal syndicates are continually evolving their tactics, and defense systems must keep pace or, better yet, keep one step ahead.

3 CONTENTS Executive Summary 4 The Evolution of Spam and Malware Threats 4 Finding an Innovative, Adaptive Defense Solution for the Enterprise 4 Section 1 - Product Fit with Market Needs 5 Technical Strengths Across Anti-Spam, Anti-Virus, and Data Loss Prevention 6 Anti-Spam and Anti-Virus Effectiveness 6 Comparing Anti-Spam Defenses 7 Comparing Anti-Virus Defenses 8 Different Approaches to Policy Management 8 Architectural Complexity and Total Cost of Ownership 9 Path to SaaS: Comparing Deployment and Migration Options 10 Section 2 - Product Committment 11 McAfee has Zero Major Releases Between Section 3 - Security and Product Expertise 12 Engineering Organization 12 Support Organization 12 Conclusion 12 About Proofpoint, Inc. 13

4 EXECUTIVE SUMMARY is unquestionably the primary form of business communications. Unfortunately, it is also one of the most vulnerable channels for security attacks, data leakage, and fraud. To protect against the ever-changing nature of security threats, security solutions must be constantly updated and improved. Spammers and criminal syndicates are continually evolving their tactics, and defense systems must keep pace or, better yet, keep one step ahead. If you rely on McAfee Gateway (formerly known as CipherTrust IronMail and Secure Mail), the legacy security and compliance solution from McAfee, your organization is vulnerable to attack. The various vendors who have been responsible for this product over the past five years first CipherTrust, then Secure Computing, then McAfee, and now Intel have done almost nothing to develop or enhance the product in that time. In IT security, idleness creates risk. By failing to keep up with new threats, such as social media attacks and dynamic-ip botnets, McAfee and its predecessors have left customers vulnerable to spam and virus attacks and hence vulnerable to lost data, lost productivity, regulatory penalties and fines, and damage to brand and reputation. This white paper examines recent trends in spam and malware and the resulting requirements for enterprise security. Then, drawing on customer testimonials and on-site test results, the paper examines the effectiveness of McAfee Gateway to protect enterprise customers against spam and -borne malware. For contrast, the paper compares the McAfee solution to Proofpoint Enterprise, Proofpoint s security and compliance platform. This paper is intended to help enterprises assess which solution is more likely to meet their ongoing IT security and compliance needs. THE EVOLUTION OF SPAM AND MALWARE THREATS Enterprises should expect the onslaught of spam to continue. Botnets aren t going away. Criminal syndicates won t abandon a profitable business. In 2011 and beyond, attacks will likely become more frequent, targeted, devious, and malicious. What characterizes spam in 2011? There are several new threat types that cannot be stopped by legacy solutions, especially those that haven t evolved to keep up: Botnets and snowshoe networks now send spam with dynamic IP addresses within a single spam campaign Phishing and low-volume targeted attacks not only compromise your organization s brand, but also fly under the radar of most legacy filters Blended threats combine the worst of traditional SMTP-based attacks with newer HTTPbased threats Social engineering continues as users are exploited for their trust in social networks such as Facebook Outbound spam is now one of the largest threats to an organization s brand, and can be extremely difficult to block with older uni-directional or reputation-based systems How do new types of spam change the requirements for anti-spam defenses? Defenses must become more sophisticated. They can t simply rely on just one or two techniques for detecting spam; they need to be able to consider a myriad of factors in traffic, including up-to-the-moment intelligence about spam attacks occurring elsewhere. And they must continuously evolve, applying the latest analysis of spam and malware attacks to protect enterprises 24/7. In short, to defend against evolving threats, defenses must themselves evolve. Enterprises should look for security and compliance solutions that are dynamic, adaptive, and proven. FINDING AN INNOVATIVE, ADAPTIVE DEFENSE SOLUTION FOR THE ENTERPRISE Deploying an innovative security and compliance platform is an important part of any enterprise security strategy. The following sections compare McAfee Gateway to Proofpoint Enterprise across three broad axes: The overall technical fit of the McAfee and Proofpoint product to the market s needs. defense systems must evolve to keep pace. The McAfee product line has not been able to keep up with the new phase of malware attacks. In fact, the last major release of the product occurred well before new security threats such as dynamic-ip botnets and social-media phish- Page 4

5 ing schemes had become common at all. Tests in live customer environments demonstrate that McAfee overlooks a dangerous amount of spam and malware. Product commitment by McAfee and Proofpoint How committed are the vendors to their respective product lines? One way to tell is to examine a company s history of product releases, which is a useful proxy for investment levels in R&D. security and product expertise by McAfee and Proofpoint security is a complex, mission-critical issue. To create the best products and deliver enterprise-class support, a vendor must build up stable engineering and support organizations with deep expertise in technology, security practices, and more. Unfortunately for McAfee customers, the original CipherTrust team seems to be long gone, after the successive acquisitions by Secure Computing, McAfee, and now, Intel. As the tables below make clear, there are significant differences between McAfee and Proofpoint. For example, the McAfee Gateway product group has not issued a major release in five years; they seem to have simply stopped innovating. And if the past five years provide any indication of the next five, then it s safe to say that McAfee Gateway customers can expect little in the way of product innovation and improved security in the coming years despite the increasingly malicious and complex threats that spammers and hackers are directing at enterprise servers. McAfee is in direct contrast with Proofpoint, which has innovated continually over the same period, and maintains a healthy and active roadmap. Section 1 Product fit with market needs McAfee Proofpoint Technical strength - anti-spam, anti-virus, and DLP Simple to manage with low TCO Enable path to SaaS Section 2 Product commitment McAfee Proofpoint Number of major releases between Number of minor releases between Section 3 Long-term security and product expertise McAfee Proofpoint Within engineering Within support organization Section 1 - Product Fit with Market Needs The lack of product development has taken its toll on the quality of the McAfee Gateway product and feature set, causing product functionality to fall behind the market leaders. This is a story that Proofpoint has been hearing repeatedly from many McAfee Gateway customers, and many of those customers are making the strategic decision to abandon the McAfee solution and to adopt Proofpoint Enterprise instead. Having evaluated both products, these customers inevitably reach the same conclusion: Proofpoint s solution is technically superior; the McAfee Gateway is a legacy product with severe deficiencies that leave employees vulnerable to attacks; ongoing total costs of ownership can be high, since hardware refreshes result in the addition of too many appliances and the administrative cost of the cluster is high; requires too many appliances and too much ongoing management by administrators; and the risks of staying with McAfee in light of evolving threats in areas such as phishing and targeted attacks are simply too great to continue with this costly, defective status quo. For the sake of security and compliance, these customers are switching from McAfee and investing in Proofpoint. Page 5

6 Technical Strengths Across Anti-Spam, Anti-Virus, and Data Loss Prevention Varied threats require varied defenses. Proofpoint Enterprise offers a number of features that are not available in the McAfee Gateway. These features are shown in the matrix below. As this comparison shows, Proofpoint Enterprise is a more complete security and compliance platform with consolidated management, reporting, and flexible deployment options. Technical Comparison Between McAfee Gateway and Proofpoint Security (Anti-Spam and Anti-Virus) McAfee Proofpoint Reputation-based spam detection Machine learning technology for outbound spam detection Granular spam classification and dispositions Selection of anti-virus engines Zero-hour anti-virus detection for zero-day protection Compliance (DLP and Encryption) McAfee Proofpoint Pre-configured compliance policies Smart identifiers - algorithmic checks of structured data Managed dictionaries - pre-defined and updated libraries Advanced proximity and correlation analysis Policy-based encryption Flexible encrypted message delivery Per-message encryption keys End-user encryption controls DLP incident dashboard for administrative remediation Self remediation of DLP violations ICAP integration with Web proxies for Web 2.0 compliance Management McAfee Proofpoint Consolidated and aggregated reporting for multiple devices DLP Dashboard - consolidated view of compliance activity Deployment Options McAfee Proofpoint Appliance Software Private Cloud Public Cloud Table 1: Feature comparison showing Proofpoint Enterprise is a more complete security and compliance platform Anti-Spam and Anti-Virus Effectiveness Bottom Line: McAfee s ineffective anti-spam and anti-virus detection leaves your organization and end users vulnerable. To detect the latest attacks, security and compliance solutions require constant updates. Out-ofdate defenses leave enterprises vulnerable to attack. When attacks get through, employee productivity suf- Page 6

7 fers, overworked administrators and IT staff must scramble to mitigate the problem, and enterprises are put at risk for regulatory penalties. Former McAfee Gateway customers, who have grown dissatisfied with McAfee s spam detection technology, regularly evaluate Proofpoint Enterprise Protection behind McAfee in the inbound mail stream. The test results often surprise these customers because Proofpoint is able to detect spam that passed through McAfee s filters undetected, and therefore poses a large risk to the organization. Undetected and leaked spam into the enterprise can make up a significant percentage of the overall mail stream. Inbound INBOUND Inbound Inbound McAfee McAfee Gateway GatewayProofpoint McAfee Proofpoint Enterprise Gateway Enterprise Proofpoint Server Enterprise Server MCAFEE GATEWAY PROOFPOINT ENTERPRISE SERVER Server Figure 1: flow when Proofpoint Enterprise is evaluated behind McAfee in the stream To cite a customer case study (and a typical example), over a 30 day period, Proofpoint detected an additional 5% of spam (as a percentage of the total mail stream) for that enterprise customer when placed behind McAfee, as Figure 1 above illustrates. As shown in Figure 2 below, Proofpoint filtered 4,539,684 messages in the mail stream that passed the McAfee Gateway filters, and detected: 177,871 messages as spam 53 messages as infected with a virus These are messages that passed McAfee s security features and would have reached your users inboxes and caused lost employee productivity along with costly virus infections. Spam Detection Summary Rule ID Last 4 Hours Last 24 Hours Last 7 Days Last 30 Days Total % Total % Total % Total % notspam 46, % 181, % 899, % 4,234, % notspam_adultspam 2 0.0% % % % probablespam % % 3, % 23, % probablespam_adultspam 0 0.0% 0 0.0% % % safe % 4, % 36, % 126, % spam 1, % 5, % 37, % 153, % spam_adultspam 2 0.0% % % 1, % Total 48, % 192, % 966, % 4,539, % Figure 2: Spam detection report showing Proofpoint detected over 150,000 spam messages when deployed behind McAfee Gateway in the stream Comparing Anti-Spam Defenses Proofpoint s anti-spam technology offers several important benefits over the competing technology from McAfee. First, Proofpoint is able to granularly classify spam, which gives administrators tremendous control when configuring spam policies. For example, they can decide to drop all phishing messages and adult-based spam while quarantining other less dangerous spam. Second, Proofpoint is able to detect outbound spam spam sent from compromised systems within the enterprise, along with spam sent inadvertently by an enterprise s employees. Outbound spam can seriously damage a company s reputation. Once servers across the Internet identify the enterprise as a source Page 7

8 of spam, they may block or drop legitimate from the enterprise, disrupting business communications and cutting the enterprise off from its customers and partners. Spam defenses that overly rely on reputation analysis for spam detection (rejecting from certain domains because of their reputations as spammers) are unable to detect outbound spam, because they inherently trust IP addresses from their own domains. Similarly, spam defenses that rely on simplistic content scoring will overlook outbound spam that employs the latest sophisticated techniques of spammers. And, of course, many anti-spam systems were never designed to filter both inbound and outbound traffic in the first place. They naively assume that all outbound traffic should be trusted a naive assumption, as any analysis of an enterprise s traffic will show. Proofpoint, which does filter both inbound and outbound traffic, avoids the heuristic blind spots of other anti-spam defenses by complementing reputation analysis with robust, patent-pending, machine-learning technology that evaluates hundreds of thousands of message attributes. Using this sophisticated analysis which Proofpoint continually updates in real-time Proofpoint is able to reliably detect spam from any source, including an enterprise s own servers. As a result, Proofpoint, unique among security vendors, delivers highly accurate, two-way protection against spam, protecting customers reputations as well as their productivity. (For more information about Proofpoint anti-spam technology and how outbound spam detection can protect your company s reputation, please see Proofpoint s Anti-Spam white paper.) Comparing Anti-Virus Defenses Surprisingly, on-site tests with real McAfee customers found that, in addition to admitting too much spam into enterprise networks, the McAfee Gateway also exposed customers to virus infections. In another enterprise customer example covering a 40 day period, Proofpoint detected 72 viruses that passed McAfee s virus filters. The chart below analyzes 53 of those viruses, which were found in the first 30 days. Virus Protection Summary Rule ID Last 4 Hours Last 24 Hours Last 7 Days Last 30 Days Viruses Detected Rank Last 7 Days 1 trojan-downloader.w32/oficla.1x 13 2 trojan-downloader.w32/oficla.1v 2 3 corrupted 1 4 trojan.agent.new 1 5 trojan-downloader.w32/oficla.1z 1 6 gen:variant.kazy Figure 3: Virus report showing that Proofpoint Enterprise detected 53 viruses in messages over 30 days when deployed behind McAfee Gateway in the mail stream Viruses remain a costly threat to the enterprise. A decade ago, many viruses clogged networks or crashed desktop systems. New viruses are more malicious. They can erase data, shutdown servers, and install rootkits that put systems under the control of botnet syndicates. Costs per incident vary, but it s not unusual for remediation and downtime costs for a single incident to reach $100,000. Enterprises should strive to eliminate all viruses from their streams and 100% protection against viruses is what Proofpoint Enterprise delivers. Different Approaches to Policy Management Former McAfee Gateway customers report that McAfee has been slow to introduce compliance features, such as the ability to create accurate information security policies for regulatory compliance and document fingerprinting. McAfee s data loss prevention (DLP) technology originates from the acquisition of Reconnex in August of Judging by the number of hotfixes released after the acquisition, the recent integration of the Reconnex product into the McAfee Gateway platform has created performance and stability problems to the platform. Page 8

9 Because McAfee never updates or manages the DLP dictionaries - the company ships static, pre-configured policies on the McAfee Gateway platform - McAfee customers may find themselves filtering traffic with an out-of-date or incomplete set of dictionary terms or policy rules. McAfee s inaction puts customers at risk for data leakage whenever regulations change and dictionaries need updating, such as when a new drug or medicine is approved by the FDA, or a new disease or cancer is identified. Such changes are not automatically updated to the enterprise s HIPAA policy (as is the case with Proofpoint). In industries such as finance and healthcare, changes like this occur regularly. For example: In healthcare, annual updates for ICD-10-CM (International Classification of Diseases, 10th Edition, Clinical Modification) and ICD-10-PCS Updates for SSN issuance in July 2011 Customers that have evaluated both technologies have determined that McAfee s DLP technology and policy engine are not as robust and accurate as Proofpoint s (For example, the McAfee product cannot create complex Boolean rules, such as defining a policy based on a sender+keyword pattern. Proofpoint supports Boolean rules of this complexity and greater.). Proofpoint offers built-in regulatory compliance policies, Smart Identifiers 1, and Managed Dictionaries to make creating, managing, and enforcing policies easy, flexible, and transparent. Proofpoint updates its Managed Dictionaries automatically, reducing administrator workload and reducing the chances that out-of-date filtering policies will be applied to traffic. Policy-based encryption is another important area of consideration when considering DLP. Proofpoint s policy-based encryption is powerful and easy to use. For example, in its latest release, Proofpoint introduced per-message key management features, which give administrators the option of allowing end users to manage their encrypted messages, through revoking, expiring, or restoring encryption keys. This functionality, which can reduce administrative workload, is not available on the McAfee solution. The Security team has chosen to use Proofpoint s DLP for even though they purchased Reconnex at the same time on a different project. Former McAfee Gateway customer Architectural Complexity and Total Cost of Ownership Bottom Line: A complex architecture can be difficult and costly to manage. Redundant or large deployments requiring multiple McAfee Gateway appliances are costly and difficult to manage. The McAfee architecture divides common security functions across multiple dedicated appliances, increasing capital and operating costs. For example, McAfee requires a separate appliance for use as a Central Quarantine Server, and a separate appliance for use as a Control Center. A McAfee Gateway deployment that began as three appliances can easily double in size. Combined with poor spam detection and a weaker policy engine, management and administration of the solution can become a huge burden, often requiring administrators to log into multiple user interfaces to perform common tasks such as pulling reports, or setting up a server to perform the sole task of hosting encrypted messages. The numerous devices not only take up data center space, power, and administrative man-hours, they lead to repeated spikes in capital expenditures every three years when the devices reach their end-of-life and need to be replaced. Proofpoint s integrated architecture avoids the financial and operational problems associated with deploying separate appliances for management, quarantine consolidation, or encrypted message delivery. As a result, the Proofpoint solution delivers a dramatically lower Total Cost of Ownership (TCO). Appliances can be clustered, where one appliance acts as a Master to aggregate and consolidate data for multiple Agents, as well as to centrally manage the configuration of the entire cluster. Each of the appliances in this cluster can also filter inbound and outbound ; thus, the clustered appliances have multiple purposes, unlike McAfee s appliances which are used solely as a Quarantine Server or Control Center. A typical deployment scenario illustrating architectural cost considerations between the two products is shown in Figure 4. Page 9

10 Inbound Inbound McAfee Proofpoint McAfee Edge Gateway Encrypted s McAfee Secure Web Delivery Proofpoint PROOFPOINT Server Agent(s) AGENT(S) Inbound McAfee Edge Gatew Encrypted s McAfee Gateway McAfee Proofpoint MCAFEE Edge Enterprise Gateway McAfee Edge Gateway McAfee Quarantined Secure Server Web s Delivery Server McAfee EDGE GATEWAY Edge Gateway Encrypted s Encrypted s Encrypted s McAfee Gateway Appliances ENCRYPTED S McAfee Secure Web Delivery Server McAfee Gateway McAfee Secure Web Delivery Server McAfee Proofpoint MCAFEE Secure SECURE Enterprise Web Delivery Server McAfee Server Gateway Quarantine Server Manageme Quarantined s WEB DELIVERY SERVER Inbound McAfee Gateway Appl Quarantined QUARANTINED s Quarantined s Quarantined S s MANAGEMENT McAfee Gateway Quarantine Server McAfee Gateway Control Center McAfee MCAFEE Gateway McAfee Appliances Gateway Proofpoint Enterprise Server McAfee Gateway Appliances Proofpoint PROOFPOINT Master MASTER McAfee GATEWAY APPLIANCES Gateway Appliances McAfee Gateway McAfee Gateway Proofpoint Quarantine Enterprise Server Server Management McAfee Gateway MCAFEE Quarantine GATEWAY Server McAfee Gateway Quarantine Server End User Management Access QUARANTINE SERVER Management McAfee Gateway Contro Inbound McAfee Gateway McAfee Gateway Control Center McAfee Proofpoint Gateway Enterprise End Control Center User Server Access MCAFEE END USER ACCESS McAfee Gateway Control Center GATEWAY CONTROL CENTER End User Access End User Access End User Access End User Access END USER ACCESS Administrator ADMINISTRATOR Access Administrator ACCESS Access Administrator Acces Administrator Access Administrator ADMINISTRATOR Access Administrator ACCESS Access Figure 4: Architectural cost considerations in a typical deployment scenario for McAfee vs. Proofpoint. To drive costs down even further, as outlined in the next section, Proofpoint customers also have the option of running all their security services in the cloud or in a private cloud / virtualized infrastructure in Proofpoint s global network of SAS70-Type II data centers. Administrators can manage all Proofpoint services through a single, integrated, and secure user interface. SECURITY DEPLOYMENT MODES On-Premises Deployed as an appliance or software Private Cloud Deployed as a virtual appliance Public Cloud Deployed as a Software-as-a- Service Path to SaaS: Comparing Deployment and Migration Options Bottom Line: The McAfee Gateway does not provide an effective migration Path to SaaS. Another trend over the past few years for enterprises that are looking for an security and compliance solution is the adoption of cloud services, including Software-as-a-Service (SaaS), because of the cost savings, cost predictability, ease of management, and economies of scale. McAfee has recognized this trend and acquired MxLogic, a SaaS provider of security services, in November of a move intended to bolster [its] security as a service lineup. 2 Almost two years later, McAfee still has yet to integrate the security technologies from the MxLogic acquisition, the Reconnex acquisition, and the Secure Computing acquisition. For enterprise customers that need a pure cloud or hybrid solution, McAfee recommends the deployment of two completely separate and non-cohesive products (using different technologies, a different user interface, and a separate administrative experience). While the McAfee Gateway was proven in enterprise environments five years ago, the MxLogic solution was deployed mostly by small businesses, as their average customer size at the time of the acquisition was 100 users. 3 Proofpoint Enterprise has been deployed successfully in many different environments, from the world s largest organizations with millions of users, to medium sized enterprises spanning several hundred users (Proofpoint supports both private cloud and public cloud installations). When switching from one deployment model to another, Proofpoint customers do not need to learn new products, processes, and user interfaces; they simply continue using the interfaces and technologies they are already familiar with. Page 10

11 Question to ask McAfee: Has your security solution been proven in on-premises, hybrid, public cloud, or private cloud deployments? Section 2 - Product Commitment Secure Computing did not make any major improvements to IronMail when it acquired CipherTrust in This neglect continued when McAfee acquired Secure Computing in November Four acquisitions (counting the recent Intel purchase of McAfee) and five years later, customers are still waiting for feature and product commitments to be fulfilled, having received only patches and maintenance releases. McAfee has Zero Major Releases Between As mentioned earlier, innovation in this market is key to protecting your organization from malware. Historical product releases are a viable proxy for past innovation, and a good predictor of a future, active roadmap. The last product release from the original CipherTrust was IronMail version in Since then, there have been a total of three product releases, two of which were focused around rebranding the product due to acquisitions, and two focused around a product name change. Since taking ownership of the IronMail/Secure Mail product, McAfee has only made just one minor release available to customers, and five subsequent Hotfixes (see next section for details). These release milestones are listed below: July 2007: Secure Computing releases IronMail version Feb 2008: Secure Computing releases Secure Mail version Mar 2010: McAfee releases McAfee Gateway version Proofpoint, on the other hand, has taken a different approach: the company has never stopped innovating, and continues to release new capabilities and feature enhancements on a regular basis, benefitting customers and protecting them from the latest and malware threats. Since 2006, Proofpoint has distributed four major product releases and 12 minor product releases, as shown in Figure 5 below NUMBER OF RELEASES: Proofpoint Proofpoint McAfee 4 4 McAfee 0 MAJOR RELEASES MINOR RELEASES Figure 5: Since 2006, the McAfee Gateway product has had zero major releases. Ancillary products, such as McAfee Gateway Encryption and Gateway Control Center (an administrative interface), have received minor updates, but these products are not designed to directly deliver anti-spam and anti-virus defenses that s the job of the McAfee Gateway, which continues to operate without any major updates. Questions to ask McAfee: What features are on your roadmap? or What features were included in your previous releases? Page 11

12 Section 3 - Security and Product Expertise Mergers and acquisitions frequently lead to employee turnover. Not surprisingly, the three successive acquisitions of the IronMail product and team first the acquisition of CipherTrust by Secure Computing, then the acquisition of Secure Computing by McAfee, and most recently the acquisition of McAfee by Intel has left few to none of the original team members in place. It s fair to ask whether this flight of talent has caused product quality and customer service to suffer. Certainly, product development has slowed to a crawl. Questions to ask McAfee: How many McAfee (now Intel) employees really understand the workings of these products? How many are prepared to significantly rework and support these legacy products, in order to deliver the sophisticated defenses that enterprises need in 2011? Engineering Organization RECENT -BASED ATTACKS AND THREATS September 2010 VBMania/ HERE YOU HAVE September 2010 HTML attachments containing JavaScript April 2010 RSA Breach April 2010 Epsilon Breach We made a strategic decision to move off of McAfee s IronMail to address the virus and spam effectiveness issues we were experiencing. Proofpoint showed us that their focus was on security and compliance and proved it with superior customer service and support. Tom Norman, Postmaster Grand Valley State University Bottom Line: Engineering No Longer Has Security Expertise Their Only Release Requires Constant Patches Instead of innovating and protecting customers from the latest related security threats, McAfee has been concentrating its development efforts on maintenance releases. Since McAfee acquired Secure Computing and released McAfee Gateway version 6.7.2, there have only been four Hotfix releases, as shown below: May 2010: McAfee releases McAfee Gateway version Hotfix 2 June 2010: McAfee releases McAfee Gateway version Hotfix 3 Sept 2010: McAfee releases McAfee Gateway version Hotfix 4 Mar 2011: McAfee releases McAfee Gateway version Hotfix 5 security solutions require constant innovation and need to adapt to market needs, in order to protect businesses from the sophisticated, increasingly targeted security threats affecting enterprises. As an example of a recent attack, a breach at RSA began with a seemingly benign two day spear-phishing attack, where at least one employee retrieved an from their junk mail folder and subsequently entered their credentials on a fake webpage. 5 Proper defenses against spear-phishing could have alleviated the breach. Proofpoint has a powerful policy engine with granular spam classifiers to prevent this type of workflow from happening. Granular spam classification allows administrators to send pure spam messages to enduser quarantines, and more dangerous phishing messages to a separate administrative quarantine not accessible to end users. Often these quarantined phish messages might be deleted automatically or further submitted to law enforcement for forensic review. Our development and security research team is focused on , so Proofpoint is continually improving its products and technology to stay ahead of hackers and malicious users, or to respond to dynamic regulatory requirements. Question to ask McAfee: How are you innovating to defend against the latest threats, such as phishing and spear-phishing attacks? Support Organization Bottom Line: Poor Support Will Impact Your Business McAfee s lack of security and product expertise within their support organization can have consequences on the flow of for your business and the productivity of your administrators. To troubleshoot a product issue or mail flow problem in a timely manner, your IT staff should have immediate access to a support engineer who is familiar with the product and typical infrastructure. It can take several phone calls to reach a knowledgeable support engineer for the Gateway product family in larger companies such as McAfee, who offer a broad product portfolio, or who may not have the deep expertise to troubleshoot an acquired product after the original staff has departed the organization. At Proofpoint, we recognize is a business-critical application. Our entire support staff has deep expertise in our security and compliance solutions - as that is our core business. Support engineers are trained to provide the highest level of technical expertise. Question to ask McAfee: How many CipherTrust support engineers have you retained? CONCLUSION Five years ago, the former IronMail product, now McAfee Gateway, was a viable security platform. Perhaps as a result of multiple company acquisitions, product development has stalled, and as former customers repeatedly tell us product quality and support seem to have deteriorated, leaving IronMail Page 12

13 users vulnerable to attack and data leakage. It seems unlikely that Intel s recent acquisition of McAfee will turn things around. Momentum has been lost, and customers find that major threats are going unmet, exposing their organizations to risk. Major threats are going unmet. Users are vulnerable, and are likely to remain so. Having grown disillusioned with the IronMail product and McAfee s inaction, many Gateway customers are switching to a best-of-breed solution, Proofpoint Enterprise, to meet their security and compliance requirements. Since it was founded in 2001, Proofpoint has remained focused on security and compliance. Proofpoint is happy to provide a list of recent McAfee replacements and references for your review. Unlike McAfee, Proofpoint continues to innovate, introducing new features and products, especially around anti-spam and advanced threat detection, security and compliance, and encryption. Proofpoint s roster of major enterprise customers which includes industry leaders in finance, healthcare, manufacturing, and retail, as well as major government agencies testifies to the success and viability of Proofpoint s technology and services. ABOUT PROOFPOINT Proofpoint focuses exclusively on the art and science of cloud-based security, ediscovery and compliance solutions. Organizations around the world depend on Proofpoint s expertise, patented technologies and on-demand delivery system to protect against spam and viruses, safeguard privacy, encrypt sensitive information, and archive messages for easier management and discovery. Proofpoint s enterprise solutions mitigate the challenges and amplify the benefits of enterprise messaging. Learn more at www. proofpoint.com. 1 Smart identifiers combine regular expressions with algorithmic checks to ensure detection accuracy and eliminate false positives. 2 ZDNet article dated July 30, ZDNet article dated July 30, 2009 that states MxLogic had 40,000 customers and 4 million end users. 4 Major Proofpoint releases since 2006 include: 3.0, 4.0, 5,0, RSA SecurID breach began with spear phishing attack, TechTarget, April 4, 2011 Page 13

14 US Worldwide Headquarters Proofpoint, Inc. US Federal Office Proofpoint, Inc Coppermine Road Asia Pacific Proofpoint APAC Suntec Tower 2, EMEA Proofpoint, Ltd. 200 Brook Drive Japan Proofpoint Japan K.K. BUREX Kojimachi Canada Proofpoint Canada 210 King Street East, Mexico Proofpoint Mexico Salaverry Ross Drive Suite Temasek Boulevard, Green Park Kojimachi 3-5-2, Suite 300 Col. Zacatenco Sunnyvale, CA Herndon, VA F Reading, UK Chiyoda-ku Toronto, Ontario, CP United States United States Singapore RG2 6UB Tokyo, M5A 1J7 México D.F. Tel Tel Tel Tel +44 (0) Japan Canada Tel: Tel Tel Proofpoint focuses exclusively on the art and science of cloud-based security, ediscovery and compliance solutions. Organizations around the world depend on Proofpoint s expertise, patented technologies and on-demand delivery system to protect against spam and viruses, safeguard privacy, encrypt sensitive information, and archive messages for easier management and discovery. Proofpoint s enterprise solutions mitigate the challenges and amplify the benefits of enterprise messaging Proofpoint, Inc. Proofpoint, Proofpoint Archive, and Proofpoint DoubleBlind Encryption are trademarks or registered trademarks of Proofpoint, Inc. in the United States and other countries. All other trademarks contained herein are property of their respective owners. 05/11