Global data provider replaces Abnormal with Proofpoint to strengthen its email security and reduce costs

Key takeaways 

• Side-by-side testing showed Proofpoint detected hundreds of confirmed threats that Abnormal missed. 
• Paying more for email security did not translate into better protection. 
• Proofpoint enabled the firm to consolidate email security, data protection, and archiving to reduce overall costs. 

After years of missed threats and manual investigations with Barracuda, one global company decided it needed to modernize its email security strategy. At the time, Microsoft 365 (M365) provided its core email platform, while Barracuda was used solely for email archiving. For post-delivery email protection, it relied on Abnormal, which was integrated with M365.  

That setup came under scrutiny when Abnormal introduced a substantial price increase without offering additional capabilities or coverage.  

At the same time, the company's security team recognized that email risk was growing more complex. Social engineering attacks, account takeover attempts, and data exposure risks increasingly required a broader, more integrated approach. Fragmented point solutions were no longer enough.  

What the company needed  

As the team reassessed its cybersecurity strategy, they identified five priorities:  

1. Stronger inbound email threat detection  
2. Better visibility for investigation and analysis  
3. Fewer false positives  
4. Protection beyond email, including data loss and account takeover risks 
5. Reduction in overall spend by consolidating vendors  

With these goals in mind, the company evaluated Proofpoint as an alternative to Abnormal. 

Proofpoint and Abnormal were put to the test  

The customer used data to assess potential replacements, integrating Proofpoint with M365 to sit alongside their Abnormal deployment. A side-by-side analysis meant that Proofpoint could evaluate the same data as Abnormal—and reveal critical gaps.  

Where Abnormal fell short  

Abnormal had several limitations that made it harder for the security team to investigate incidents and respond with confidence. 

• Abnormal provided only partial email headers. This limited forensic analysis and made it difficult to fully validate potential threats.  
• Abnormal analyzed messages in isolation rather than across sender domains. As a result, there wasn't a holistic view of sender behavior.  
• Abnormal generated a high volume of ambiguous alerts. That translated into more manual review and investigation than the team preferred. 

These factors overwhelmed the team with unclear alerts. They had to spend a lot of time on manual review, and it was harder for them to quickly identify real threats. 

What Proofpoint uncovered  

Proofpoint flagged just 32 emails as suspicious. Compare that to the 657 that were flagged by Abnormal. According to the customer, Proofpoint’s suspicious messages were clearly malicious, while Abnormal’s “borderline” category contained a high volume of false positives.  

Overall, Proofpoint demonstrated clear advantages in this test:  

• Proofpoint detected 326 confirmed threats that Abnormal did not identify at all. 
• Proofpoint had an overall malicious email detection that was 1.5x higher than Abnormal. 
• Proofpoint delivered greater accuracy when it came to threat classification compared to Abnormal. 

Figure 1. Proofpoint accurately labelled over 600 emails that Abnormal misclassified as borderline. 

More than 95% of the emails that Abnormal labelled borderline were classified as spam by Proofpoint. This underscores the difference in each solution’s precision. 

• Proofpoint detected more than 39,000 spam messages.  
• Abnormal only detected roughly 2,000 spam messages. 

For the security team, Proofpoint’s ability to detect more spam meant less wasted SOC analyst time and more focus on real threats. 

Why Proofpoint was a better fit 

Beyond stronger email detection, Proofpoint addressed broader security and operational needs. For the price that the company was paying for Abnormal’s inbound email protection, with Proofpoint they could consolidate:  

• Email security 
• Data loss prevention  
• Account takeover protection 

Proofpoint also enabled the company to replace Barracuda archiving. This meant that the team could consolidate email security and data archiving. In short, Abnormal simply could not compete.  

Figure 2. Proofpoint's Threat Protection Workbench provides a single location to see all detection values. 

The result: better protection, lower cost, and higher confidence  

By choosing Proofpoint the company achieved:  

• Higher efficacy against advanced email threats  
• Dramatically fewer false positives  
• Deeper visibility for investigation and response  
• Broader protection across email, data, and account takeover  
• Lower overall cost—and a consolidated platform  

Most importantly, the security team was confident that their email security investment delivered protection that they could measure. 

A decision backed by evidence  

For this company, the decision between Proofpoint and Abnormal came down to  results. When tested against real threats, Proofpoint consistently outperformed in every category. That made Proofpoint the clear choice. 

See how your email security compares 

Get an objective view of how your email security performs against real-world threats. A Proofpoint threat assessment helps you identify gaps, reduce risk, and understand how your current protections compare. Request a free threat assessment. 

To learn more about enhancing M365 security, download our e-book: More Secure Together: Proofpoint and Microsoft.