Proofpoint Protection Server offers E-mail messaging protection for large enterprises. Installed at the organization's gateway, the platform examines, classifies, and manages the disposition of E-mail messages, and, according to information provided on the Proofpoint site, can scale to support "many millions" of messages each day. Proofpoint Servers can be setup in multi-node redundant deployments; Master Console/Agent Server configurations can be deployed such that centralized configuration changes made to the "Master" server are automatically propagated to the "Agent" implementations. Additionally, multi-node configurations feature a central message quarantine and centralized reporting.

Proofpoint Protection Server is offered as software; however, the vendor's technology is also available in hardware flavors (the Messaging Security Gateway), a Virtual Edition for use with VMware-based x86 virtual servers, and a hosted service (Proofpoint on Demand).

The Protection Server itself provides multiple core technologies; on top of which are offered several separately available modules that can be loaded onto the platform per the needs of the organization. Core competencies of the product include:

- Email Firewall, which provides SMTP-level connection monitoring (i.e., DNS, MX record verification, SPF, recipient verification, and the vendor's own reputation-based technologies)

- MLX Technology, or "Machine Learning," which is based on the vendor's own algorithms--including logistic regression and information gain analysis--and allows the appliance to dynamically classify and identify unstructured content. MLX is a key technology used in the above-mentioned Email Firewall, as well as the Spam Detection and Digital Asset Security modules (see below).

- Dynamic Update Service, which automatically updates the various definitions, lexicons, and program engines themselves of the appliance as needed.

- Messaging Security Console, an LDAP/Active Directory-enabled Web-based GUI that facilitates management and configuration of the entire platform, including policy definitions, reporting, cluster configuration, etc.

On to these core technology components several individual modules are offered, each offering specific message filtering and analysis needs:

- Spam Detection, which leverages the MLX technology and is able to examine "hundreds of thousands" of structural and content attributes in an effort to classify a message as spam or ham. Features include separately controlled spam and adult content scores (so adult content can be recognized and dealt with as such even if the underlying message is not classified as spam), anti-phishing features, multi-lingual analysis, and environment-specific customization capabilities. Additionally, the MLX engine features the ability to recognize image- and pdf-based spam; through the technology's ability to combine machine learning with image analysis and the ability to extract PDF text.

- Virus Protection, via partnerships with McAfee and F-Secure.

- Zero-Hour Virus Protection, which analyzes incoming messages for similarities with suspected virus messages as identified across the vendor's global traffic analysis and quarantine's those that are suspicious at the gateway.

- Content Compliance, for policy-based monitoring and enforcement of message content and (optionally) attachments. Rules can be defined specific to file types, message size, or contents; common filters and automatically updated standard dictionaries are included for the recognition of such categories as offensive language, maximum message sizes, allowable attachment types, and more. Message violations can be replied to with an explanation, re-routed, encrypted, and rejected, among other possible actions.

- Digital Asset Security, which allows for the designation and monitoring of sensitive or confidential information. Sensitive information can be registered as such by submitting it through the console or E-mailing it to a designated address (with administrative controls available); this information is then stored in an encrypted form in the central repository. Again, multiple possible disposition actions are available for messages that are deemed to contain sensitive information; and a dual-pane quarantine view allows admins to view a violating message side-by-side with the original.

- Regulatory Compliance, for the automatic recognition of non-public information as defined in such regulations as HIPAA and GLBA.

- Secure Messaging: Made possible through a partnership with Voltage Security. The Secure Messaging Module can automatically encrypt messages for delivery, based on signals from the Regulatory Compliance, Content Compliance, or Digital Asset Security modules. The Voltage IBE system uses the recipient's own E-mail address as an encryption key; and therefore does not require the separate creation and management of digital certificates. When a message is automatically encrypted by the Secure Message module, it is held on the Proofpoint server itself; where the recipient can authenticate and decrypt the message through an SSL connection. The Secure Message module also includes a Webmail feature, allowing the recipient to reply to the message securely.

In addition to the native Voltage Security-based system in the Secure Messaging module, the vendor notes that the Proofpoint platform can also integrate with multiple 3rd party encryption platforms, including Authentica, PGP Corporation, PostX Corporation, and Sigaba.

Other available modules include Dynamic Reputation and netMLX, which seeks to block incoming messages based on the reputation of the sender's IP address; Network Content Sentry, which inspects all outbound network traffic in real-time based on the policies defined in the Regulatory Compliance and Digital Asset Security modules; the Splunk-based Proofpoint Smart Search, an appliance-based offering that provides a single interface for the searching/analysis of messages across distributed Proofpoint deployments (even if they are globally distributed), and that can be used to trace messages, analyze how they were processed, and report on their current status; and the Secure File Transfer component, which seeks to separate large and/or sensitive file attachments and deliver them independently from the normal message flow.

New features in the latest Proofpoint Protection Server release include:

- BATV Specification support, to reduce backscatter spam by uniquely tagging outbound messages such that they (the tags) can be checked and verfieid on any non-delivery reports (if the tag doesn't exist on the NDR or doesn't match, it's most likely backscatter spam)

- A base framework providing potential support for non-English languages and international (multi-byte) character sets in "every part of the product," and the translation of the GUI, docs, and online help into Japanese (the vendor states that other languages, including French, German, and Spanish, are expected in the future)

- Data loss prevention workflow enhancements; enabling admins to review, comment upon and track outbound policy violations

- Smart Search enhancements, including the ability to export in CSV or XML formats and the ability to launch searches by just entering the sender, recipient, or subject

Proofpoint Protection Server is available now; the new release is expected in November. Pricing for the on-site appliance starts at $6,750 plus annual fees; with individual modules priced separately.

Visit the Proofpoint Web site for further information.