CDW Limited

CDW ProofPoint Essentials

ProofPoint Essentials provides email security to protect business email both with the advanced protection of URL and Attachment Defence and Data Loss Prevention capabilities as well as comprehensive Email Continuity features to keep business communications up and running at all time.

Features

  • Owns all security technology in solution
  • Smart Search: Comprehensive message tracing across mail agents in seconds.
  • URLs Sandboxing time of click, time of delivery (predictive analysis).
  • Sandboxing of URLs found inside attachments.
  • Attachment Sandboxing
  • Attachments delivered as-is (unaltered state)
  • Dedicated threat research team keeping up with changing threat landscape
  • Dynamic Imposter email classifier rules adjust as attackers change tactics
  • Business Continuity ensuring email flow during outage.
  • Essentials Archiving

Benefits

  • Protects people from malicious attachments in email
  • Protects people from malicious URL's in attachments and email
  • Respond to threats faster
  • Protects people from impersonation attacks
  • Continue to send/receive email during outages, e.g Office 365 outage
  • Data Loss Prevention and Content Filtering
  • Community based intelligence contains more than 800 billion data points
  • Deployment On-Prem or Cloud
  • Archiving utilized for search antime - anywhere
  • Easy to enforce retention policies

Pricing

£23.53 to £45.63 per user per year

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 10

427389780454475

CDW Limited

Andy Wood

0161 837 7744

tenders@uk.cdw.com

Service scope

Service scope
Software add-on or extension Yes, but can also be used as a standalone service
What software services is the service an extension to Extension to messaging platform services – eg On Premise Exchange, Office 365, Google Apps
Cloud deployment model Private cloud
Service constraints See Service Level Agreement
System requirements Existing mail server, eg; Exchange, o365, Zimbra, Lotus Notes

User support

User support
Email or online ticketing support Email or online ticketing
Support response times "Dependant on issue priority:
P1 - 1 hr response
P2 - 4 hr response
P3 - end of next business day
P4 - 1 business week"
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support Web chat
Web chat support availability 24 hours, 7 days a week
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Via support portal - login required
Web chat accessibility testing N/A
Onsite support No
Support levels 1 level only
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Installation and training / knowledge share available with dedicated engineer
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction Data extraction tools driven by customer.
End-of-contract process Services cease to function.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install Yes
Compatible operating systems
  • Android
  • IOS
  • MacOS
  • Windows
  • Windows Phone
  • Other
Designed for use on mobile devices Yes
Differences between the mobile and desktop service N/A
Accessibility standards None or don’t know
Description of accessibility N/A
Accessibility testing N/A
API Yes
What users can and can't do using the API Utilisation of a reporting dashboard - eg Palo Alto
API documentation Yes
API documentation formats HTML
API sandbox or test environment No
Customisation available No

Scaling

Scaling
Independence of resources All Proofpoint SaaS systems are actively monitored with local agents collecting hundreds of metrics specific to hardware, networking, and OS. All metrics are measured against a baseline compiled from historical data. Acceptable thresholds are defined based on a combination of optimal performance targets and historical baselines.

Analytics

Analytics
Service usage metrics Yes
Metrics types Granular Reporting of message flow, deep analysis into threats
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Reseller (no extras)
Organisation whose services are being resold Proofpoint

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Other
Other data at rest protection approach .
Data sanitisation process Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach Data extraction tools driven by customer.
Data export formats Other
Other data export formats N/A
Data import formats Other
Other data import formats N/A

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks Proofpoint has documented information security program consisting of policies, procedures and standards that aligns with the requirements of NIST 800-53 and ISO 27001. The program is owned by the Proofpoint Global Information Security group, and includes a continuous monitoring program consisting of monthly and quarterly evidence collection and review, and an annual SOC 2 Type II audit of the program.
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability https://www.proofpoint.com/sites/default/files/30427798_proofpoint_essentials_sla_-_pfpt_august_08152015.pdf
Approach to resilience https://www.proofpoint.com/sites/default/files/30427798_proofpoint_essentials_sla_-_pfpt_august_08152015.pdf
Outage reporting https://www.proofpoint.com/sites/default/files/30427798_proofpoint_essentials_sla_-_pfpt_august_08152015.pdf

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
Access restrictions in management interfaces and support channels Identity federation with existing provider (for example Google apps)
Username or password
Access restriction testing frequency At least every 6 months
Management access authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards NIST 800-53
Information security policies and processes Proofpoint's information security program includes policies, standards, and procedures addressing physical and logical access controls, encryption, hardening, business continuity, and security awareness training.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach All changes to the Proofpoint services are required to be documented and reviewed and approved by the Proofpoint Change Review Board that includes security representatives.
Vulnerability management type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach Proofpoint's vulnerability management process includes regular internal and external vulnerability scanning, review of findings and ranked for applicability and criticality, and procedures for testing and remediation of those vulnerabilities within defined timeframes.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach Distributed monitoring for availability and capacity of the services, along with distributed security monitoring, including IDS and security audit log monitoring.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Documented incident response plan includes procedures for the detection, investigation, remediation, and communication to customers of security incidents.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No

Pricing

Pricing
Price £23.53 to £45.63 per user per year
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Full service offering as a Proof of Concept for 2 weeks as standard at customers request

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑