Re: Email Security Product That Supports Customer Entry of Malicious Messages

["Davis, Kevin" <kedavis () DAVIDSON EDU>]

Out of curiosity — is anyone using Office 365’s Advanced Threat Protection for URL rewrite and other capabilities, or 
compared it to Proofpoint?  After some recent phishing we are interested in looking at both solutions but will need to 
be very cost-sensitive in whatever we do….

Kevin

--
Kevin Davis
Deputy CIO & Director, Core Services
Davidson College ITS

(704) 894-2405 (office) | (919) 599-8194 (mobile)

From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> on behalf of "Pifer, Michael" <pifer () GRINNELL EDU<mailto:pifer () GRINNELL EDU>>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>>
Date: Wednesday, March 22, 2017 at 4:41 PM
To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE 
EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: Re: [SECURITY] Email Security Product That Supports Customer Entry of Malicious Messages

Gary;

Like you, we are on Proofpoint, and have had some messages not be identified as phishing early on, and end users being 
allowed to visit the site.

I have been able to in all cases submit a ticket to Proofpoint with high priority about the link being a phishing link, 
and then have them back trace the users who did click the link and visit the site to follow-up with and pretty quickly 
block the site as a phishing site.

Have you submitted this request to Proofpoint as a product enhancement feature request?   I certainly will now that you 
have talked through the request, the ability to have more control over that aspect vs. the need to put in a ticket and 
wait would be very nice.

Michael Pifer
Information Security Technical Specialist
Information Technology Services
Grinnell College, Grinnell IA  50112
(641) 269-9990
http://www.grinnell.edu/its/<https://mail3.grinnell.edu/owa/redir.aspx?C=66dd17c03c7d4efba572916c487c9309&URL=http%3a%2f%2fwww.grinnell.edu%2fits%2f>
Technology Services Desk (641) 269-4901

"Phishing" is a scam designed to steal your personal data.
If you receive an email asking for information such as your user name and password, your Social Security number or 
credit card number do not supply the information requested, it is likely a phishing email.
Report phishing emails received to the Services Desk at (641) 269-4901, submit a ticket at https://help.grinnell.edu or 
email TechnologyServicesDesk () help grinnell edu<mailto:TechnologyServicesDesk () help grinnell edu>.


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Flynn, 
Gary - flynngn
Sent: Wednesday, March 22, 2017 12:54 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Email Security Product That Supports Customer Entry of Malicious Messages

Hi,

We use Proofpoint and most of the time it works great. It has protected us from major attacks many times.

It's URL rewrite component is missing one feature that would make it much better. As with any blacklist oriented 
security product, some malicious messages get through. Unfortunately, the product does not allow us to teach our 
appliance about those messages so it can block the URL and provide us exposure information.

Is anyone aware of an email security product that supports such a feature?

thanks,

Gary Flynn
JMU IT Security
James Madison University

My brain can handle preemptive and cooperative multitasking pretty well. Parallel processing, not so much.