Financial institution retires Cisco IronPort—and chooses Proofpoint over Abnormal for API-based protection

Financial institutions remain among the most targeted organizations for advanced email attacks. As threats become more sophisticated, driven by social engineering and AI, banks can no longer rely on legacy, gateway-based email security or point solutions that only address part of the problem.  

Recently, one leading bank decided to modernize its email security strategy. As part of its evaluation, the organization considered several API-based solutions, including Abnormal and Mimecast. Ultimately, the bank selected Proofpoint’s API-driven platform for its ability to deliver comprehensive inbound and outbound protection.   

The challenge: modern email threats outpacing legacy solutions   

The bank’s existing email security stack was built on Cisco IronPort, a legacy secure email gateway (SEG). This solution required constant tuning, manual policy management, and frequent troubleshooting just to maintain a baseline.  

Despite the security team’s efforts, users continued receiving phishing, spoofing, and business email compromise (BEC) threats. The tools in place relied heavily on static, signature-based detection—an approach that’s increasingly ineffective against today’s socially engineered and AI-assisted attacks.  

Beyond threat detection, strain on operations was a growing concern. The team increasingly spent their valuable time managing complex configurations. What’s more, they had limited visibility. 

The bank wanted to do more than just swap one tool for another. The security team needed:  

• Protection that could keep pace with advanced, evolving threats 
• A solution that worked out of the box, without weeks of tuning  
• An API-based architecture that integrated seamlessly with Microsoft 365 
• Coverage for both inbound threats and outbound data loss, without stitching together multiple point solutions 

The evaluation: consolidating inbound and outbound protection 

As part of its evaluation, the bank reviewed several vendors offering modern email security solutions, including Abnormal’s API-based platform.  

However, it became clear early on that Abnormal’s capabilities were focused primarily on inbound threats. The platform lacked native outbound email protection and data loss prevention (DLP) to solve for hidden data exfiltration—a critical requirement for highly regulated financial institutions.  

The bank was not looking to solve just one part of the email threat landscape. It needed a unified platform that could address:  

• Inbound phishing, impersonation, and BEC attacks 
• Outbound email risk, including accidental data exposure and intentional exfiltration  
• Operational simplicity through a single, API-based deployment model 

Mimecast advanced further in the evaluation process than Abnormal, entering a proof of concept (POC). During testing, however, Proofpoint consistently outperformed Mimecast in detection efficacy, identifying threats the competing solution missed, including:  

• Banking impersonation attempts 
• Domain-level impersonation 
• Attachment-based anomalies 

This reinforced the bank’s preference for a platform approach rather than layering point solutions with uneven coverage.  

The decision: comprehensive protection, rapid deployment 

Proofpoint emerged as the clear choice by delivering the balance of best detection efficacy, simplicity, and speed. While solutions like Abnormal provide behavioral detection for inbound threats, the bank ultimately chose Proofpoint’s API-based platform for its broader coverage, including outbound email protection, faster onboarding and closer alignment with existing security workflows. 

With Proofpoint Collaboration Security Prime, the organization deployed comprehensive inbound email protection via API in just 48 hours, with less than a day needed for configuration. This stood in stark contrast to the legacy Cisco environment, where policy tuning and updates often took weeks.  

Equally important, Proofpoint offered a clear path to extend protection beyond inbound threats. The bank gained access to  Adaptive Email DLP (AEDLP) capabilities that move beyond traditional, rule-based DLP approaches.  

These capabilities enable the organization to:  

• Prevent users from accidently sending sensitive information to the wrong recipient  
• Stop deliberate data exfiltration to personal email accounts  
• Apply adaptive controls without increasing administrative overhead 

Rather than managing separate tools for inbound protection and outbound risk, the bank was able to consolidate both under a single, API-based platform.  

The outcome: stronger security with less complexity 

By choosing Proofpoint over Abnormal and Mimecast, the organization strengthened its defenses against modern email threats while reducing its administrative burden.  

Proofpoint delivered:  

• Comprehensive inbound and outbound protection 
• Rapid deployment and immediate value 
• Simplified management through an API-first architecture  

In the financial sector, it can often take years to migrate from legacy email security platforms like Cisco. In this case, Proofpoint’s proven threat efficacy, platform breadth, and ease of deployment made the move quick and the decision easy.  

Learn more about outbound email protection by reading our blog “The growing risk of sensitive data sent to unauthorized destinations.”