Proofpoint Protection Server offers E-mail messaging protection for large enterprises. Installed at the organization's gateway, the platform examines, classifies, and manages the disposition of E-mail messages, and, according to information provided on the Proofpoint site, can scale to support "many millions" of messages each day. Proofpoint Servers can be setup in clustered, redundant deployments; Master Console/Agent Server configurations can be deployed such that centralized configuration changes made to the "Master" server are automatically propagated to the "Agent" implementations. Additionally, clustered configurations feature a central message quarantine and centralized reporting.

Proofpoint Protection Server is offered as software; however, the vendor's technology is also available in hardware flavors (the Messaging Security Gateway), a Virtual Edition for use with VMware-based x86 virtual servers, and a hosted service (Proofpoint on Demand).

The Protection Server itself provides multiple core technologies; on top of which are offered several separately available modules that can be loaded onto the platform per the needs of the organization. Core competencies of the product include:

- Email Firewall, which provides SMTP-level connection monitoring in collaboration with the vendor's MLX engine (see below). The Email Firewall watches for suspicious activity on SMTP connections (number of connections, type of activity, recipient validity and content of messages on each IP address), and when identified, can apply policy-based SMTP rate controls to the traffic, blocking or throttling the connection. The product also support gateway-to-gateway TLS encryption of messages, and optional authentication of senders/receivers via TLS.

- MLX Technology, or "Machine Learning," which is based on the vendor's own algorithms--including logistic regression and information gain analysis--and allows the appliance to dynamically classify and identify unstructured content. MLX is a key technology used in the above-mentioned Email Firewall, as well as the Spam Detection and Digital Asset Security modules (see below).

- Dynamic Update Service, which automatically updates the various definitions, lexicons, and program engines themselves of the appliance as needed.

- Messaging Security Console, an LDAP/Active Directory-enabled Web-based GUI that facilitates management and configuration of the entire platform, including policy definitions, reporting, cluster configuration, etc. As mentioned above, in a clustered deployment, the entire cluster can be managed via the master server's Security Console.

On to these core technology components several individual modules are offered, each offering specific message filtering and analysis needs:

- Spam Detection, which leverages the MLX technology and is able to examine "hundreds of thousands" of structural and content attributes in an effort to classify a message as spam or ham. Features include separately controlled spam and adult content scores (so adult content can be recognized and dealt with as such even if the underlying message is not classified as spam), anti-phishing features, multi-lingual analysis, and environment-specific customization capabilities. Additionally, the MLX engine features the ability to recognize image- and pdf-based spam; through the technology's ability to combine machine learning with image analysis and the ability to extract PDF text.

- Virus Protection, via partnerships with McAfee and F-Secure.

- Zero-Hour Virus Protection, which analyzes incoming messages for similarities with suspected virus messages as identified across the vendor's global traffic analysis and quarantine's those that are suspicious at the gateway.

- Content Compliance, for policy-based monitoring and enforcement of message content and (optionally) attachments. Rules can be defined specific to file types, message size, or contents; common filters and automatically updated standard dictionaries are included for the recognition of such categories as offensive language, maximum message sizes, allowable attachment types, and more. Message violations can be replied to with an explanation, re-routed, encrypted, and rejected, among other possible actions.

- Digital Asset Security, which allows for the designation and monitoring of sensitive or confidential information. Sensitive information can be registered as such by submitting it through the console or E-mailing it to a designated address (with administrative controls available); this information is then stored in an encrypted form in the central repository. Again, multiple possible disposition actions are available for messages that are deemed to contain sensitive information; and a dual-pane quarantine view allows admins to view a violating message side-by-side with the original.

- Regulatory Compliance, for the automatic recognition of non-public information as defined in such regulations as HIPAA and GLBA.

- Secure Messaging: Made possible through a partnership with Voltage Security. The Secure Messaging Module can automatically encrypt messages for delivery, based on signals from the Regulatory Compliance, Content Compliance, or Digital Asset Security modules. The Voltage IBE system uses the recipient's own E-mail address as an encryption key; and therefore does not require the separate creation and management of digital certificates. When a message is automatically encrypted by the Secure Message module, it is held on the Proofpoint server itself; where the recipient can authenticate and decrypt the message through an SSL connection. The Secure Message module also includes a Webmail feature, allowing the recipient to reply to the message securely.

In addition to the native Voltage Security-based system in the Secure Messaging module, the vendor notes that the Proofpoint platform can also integrate with multiple 3rd party encryption platforms, including Authentica, PGP Corporation, PostX Corporation, and Sigaba.

Other available modules include Dynamic Reputation and netMLX, which seeks to block incoming messages based on the reputation of the sender's IP address; Network Content Sentry, which inspects all outbound network traffic in real-time based on the policies defined in the Regulatory Compliance and Digital Asset Security modules; the Splunk-based (see related link below) Proofpoint Smart Search, an appliance-based offering that provides a single interface for the searching/analysis of messages across distributed Proofpoint deployments (even if they are globally distributed), and that can be used to trace messages, analyze how they were processed, and report on their current status; and the new Secure File Transfer component, which seeks to separate large and/or sensitive file attachments and deliver them independently from the normal message flow. With Secure File Transfer, users send messages as they would E-mail attachments; with the Proofpoint engine automatically handling the file in a separate transmission channel (recipients are provided with a link that they can access to retrieve the files). The files are delivered using encryption communications, and separate policies can be defined to automatically delete the file after it is downloaded or after a set amount of time (expiry). Return receipts/audit trails provide compliance forensics as to the delivery of the files.

Proofpoint Protection Server is available now. Visit the Proofpoint Web site for further information.

product submission by EITPlanet Staff

E-Mail this page to a colleague
send info about Proofpoint Protection Server

Suggest a link
for the Proofpoint Protection Server fact sheet