Educause Security Discussion mailing list archives

Re: Email Security Recommendations

From: Sherry Callahan <scallahan () KUMC EDU>
Date: Fri, 9 Nov 2012 20:59:09 +0000

Bryan,

I think I've mentioned here before that we're a long time user of the Proofpoint email encryption product.  We have it 
in our outbound email stream, but not in-bound (so no spam or virus filtering).  We have been extremely happy with the 
product so far, and I'm trying to convince our network folks to put Proofpoint behind our Barracudas as a test to see 
how effective the Barracudas are.  We tend to see a lot of spam and viruses making it through, and Proofpoint claims 
they are more effective than Barracuda.

On the encryption side, we have a "Send Securely" button within Outlook that users can click to designate that an email 
should go out encrypted.  If they forget to do that and send out sensitive information, the Regulatory Compliance 
functionality within Proofpoint can identify that and automatically encrypt.  We have it configured to then send an 
email to the sender to let them know that the email was encrypted (as a "teachable moment".)

Also, one unintended benefit that we've found for our Proofpoint implementation is that it's been very effective in 
catching replies to phishing emails.  Catching someone trying to send out their password and not allowing that to go 
out is much better than cleaning up a compromised mailbox.

I'd be happy to talk to you at length about Proofpoint if you have other questions.

Sherry Callahan
Director, Information Security
University of Kansas Medical Center
(913) 588-0966 | scallahan () kumc edu


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bryan S. 
McLaughlin
Sent: Friday, November 09, 2012 1:41 PM
To: Sherry Callahan; The EDUCAUSE Security Constituent Group Listserv
Subject: [SECURITY] Email Security Recommendations

We are currently Postini users and are looking to move to a new product to battle incoming spam and viruses, and 
encrypt sensitive data leaving the university as well as outbound spam filtering.  We have narrowed our search to 
Proofpoint, Barracuda, McAfee, and Axway.  I looking for input from other Universities who are using one of these 
products to get real world feedback.

Thanks,

Bryan McLaughlin
Information Security Officer
Creighton University
bmclaughlin () creighton edu

Current thread:

Email Security Recommendations McLaughlin, Bryan S. (Nov 09)
- Re: Email Security Recommendations Sherry Callahan (Nov 09)
- Re: Email Security Recommendations Katsuya Uchida (Nov 10)
- <Possible follow-ups>
- Re: Email Security Recommendations Greer, Thomas N (Nov 12)