Enterprise Cybersecurity Solutions, Services and Training

A Global Manufacturer's Journey: Making the Switch from Abnormal Security to Proofpoint

Share with your network!

Cybersecurity is a big concern for organizations, especially with today’s rapidly evolving digital landscape. This is especially the case for global manufacturing companies. Their complex operations spanning multiple regions and digital systems create unique security challenges when safeguarding their networks and sensitive information. In this blog, we share insights of a global manufacturing company that switched from Abnormal Security to Proofpoint. While the company is a Proofpoint customer, they requested anonymity to share their story openly.

Starting from scratch

The cybersecurity director took over about a year and a half ago. At that time, the cybersecurity infrastructure was basic. His predecessor had laid the foundation, but the business had yet to fully invest in a comprehensive cybersecurity framework.

Though they had invested in technologies such as Abnormal Security for email security, Zscaler for network security, SentinelOne for endpoint detection and response, and a predominately Microsoft Azure-based cloud infrastructure, its security posture was incomplete. The director recognized that the systems in place were siloed, operating as independent point solutions rather than an integrated ecosystem. His goal was to build a cybersecurity framework where core platforms could interconnect and complement each other, creating a more robust defense mechanism.

Cybersecurity threats

As a global manufacturer, they face several cybersecurity threats. Some are industry-specific, and some are common across sectors:

  • Supply chain risks. The supply chain is complex, with vendors and partners spread across different regions. A breach within a partner or supplier network could compromise the company’s systems, resulting in operational disruptions.
  • Ransomware attacks. Operational continuity is critical. A ransomware attack could stop production, causing significant financial and reputational damage.
  • Industrial espionage. The proprietary manufacturing techniques and intellectual property (IP) are prime targets for cybercriminals. A breach could result in the theft of valuable IP and the loss of their competitive advantage.
  • Insider threats. With a geographically dispersed workforce, insider threats—whether through malicious intent or negligence—remains an ongoing concern.
  • Operational technology (OT) security. The company’s manufacturing processes rely heavily on operational technology. An attack on OT systems could halt production and pose safety risks.
  • Third-party risk. The company depends on numerous third-party vendors and service providers, making it vulnerable to attacks originating from weaker links in the supply chain.
  • Phishing and social engineering. Human error remains a significant cause of breaches. Employees are often targets of phishing attacks that try to steal credentials or spread malware.

Moving to an integrated approach

To tackle these threats, the director emphasized the need for interoperability between cybersecurity platforms. A key point of frustration was the organization's initial reliance on Abnormal Security, a point solution focused on post-delivery email security. While effective in specific cases, Abnormal lacked the versatility and integration capabilities necessary to meet the company’s broader needs.

The director explained, "Abnormal did one thing really well, but nothing else. What I wanted was platforms that I could build upon and connect together."

Abnormal Security: Specialized but limited

At first, Abnormal Security seemed like a good investment. It provided efficient detection of specific threats, and its automation helped streamline identification of phishing and scam emails. But soon its limits became clear. It was a point solution, focusing only on limited types of emails. It lacked the comprehensive functionality required to serve as the primary email security platform.

The director needed an all-encompassing email security solution. It needed to not only stop phishing attacks but also sophisticated spear-phishing, malware, suspicious attachments that required further sandboxing analysis, and other targeted threats. His goal was to establish an ecosystem where core security tools communicated with each other, enabling a seamless and interconnected defense posture.

Another issue was the end-user experience. The director and several other company leaders noticed that suspicious emails would occasionally appear in their inboxes only to be removed seconds later. This led to a poor user experience, raising concerns about the reliability of the system. A few high-level executives, including the chairman, expressed frustration over the disappearing emails, which added further pressure to find a more integrated and reliable solution.

Abnormal’s automated responses also raised efficacy concerns, further eroding trust in the platform. In one instance, an email was flagged by a user as suspicious, only for Abnormal to clear it through automation. When the company’s security team manually reviewed the email, they realized it was a scam that Abnormal missed.

Why Abnormal wasn’t enough

After a few months of using Abnormal Security, the company experienced an email incident where remediation took several minutes, allowing a user to interact with the malicious message before it was addressed. In another case, Abnormal claimed to remediate emails immediately, but logs showed several hours delay in message deletion, during which users clicked on malicious links. These delays, combined with Abnormal’s post-delivery approach and inconsistent performance in real-time protection, led the company to reconsider a more traditional secure email gateway. This challenge is not unique. Many organizations using Abnormal face similar issues with its isolated functionality. According to a blog by Proofpoint, Abnormal's narrow focus leaves gaps in protection, particularly for enterprises needing comprehensive, layered defenses against advanced threats.

Enter Proofpoint: Building a stronger, integrated security ecosystem

Proofpoint became the clear choice due to its wide range of email security capabilities. It offered better protection against a broader range of advanced threats like ransomware, insider threats, and spear-phishing.

Unlike Abnormal, Proofpoint easily integrated with the company’s existing security tools, such as Microsoft 365 and SentinelOne. This enabled faster detection and response times. The director described Proofpoint as a solution that "does everything Abnormal does—and more."

One key improvement was that Proofpoint proactively blocked malicious emails before they ever reached inboxes. End-users no longer had issues and confusion with disappearing emails. Now they could confidently work knowing that they’re protected from threats.

Proofpoint’s emphasis on customer care and support was also a game-changer for the team. Abnormal was largely automated and distant, but Proofpoint provided dedicated support, ensuring any concerns were immediately addressed. The security team worked closely with Proofpoint experts to implement customized solutions that fit the company's specific needs, something Abnormal could not offer.

The cybersecurity director noted, “I feel like I have a level of customer care that I don’t get from all vendors. That was a key part of the decision to go with Proofpoint the first time.”

Overcoming resistance and securing leadership buy-in

One recurring challenge for cybersecurity leaders is securing budget and support from senior leadership. Fortunately, the director found that the board was supportive of his recommendations to switch to Proofpoint, particularly after a successful proof-of-concept phase and improved results in email threat interception and reduced false positives. Proofpoint’s detailed analytics and actionable insights further built trust, paving the way for continued investment in cybersecurity.

Results and impact

Within a few months of adopting Proofpoint, the company saw marked improvements. False positives decreased. The number of blocked phishing attempts increased significantly. Employees stopped reporting disappearing emails, and confidence in the security system was restored across all levels.

Proofpoint’s reporting and analytics capabilities allowed the security team to show real improvements in threat mitigation and response times, securing more resources to continue evolving the company's cybersecurity infrastructure.

A lesson in strategic cybersecurity investments

A comprehensive approach to security is essential, as shown by this organization's move from Abnormal Security to Proofpoint. While point solutions like Abnormal may be effective in niche areas, large enterprises with complex operations require more.

Proofpoint provides continuous detection and analysis throughout the email lifecycle—from pre-delivery to post-delivery to click-time, delivering end-to-end protection against modern email threats.

With a 99.99% efficacy rate, Proofpoint uses behavioral AI, threat intelligence and sandboxing techniques to stay ahead of threat actors. Proofpoint’s comprehensive protection, easy integration and proactive defense mechanisms, enabled the company to build a resilient, scalable security ecosystem.

To learn more about how you can protect your people and business, read the Proofpoint Threat Protection solution brief, and see how Proofpoint compares to the competition.