When email threats began slipping past their defenses, a leading U.S.-based insurance provider realized that “good enough” security was no longer enough. With millions of customers depending on them for auto, home and life coverage, the stakes were high. Every email represented not just communication—but trust. And when that trust was put at risk, the company knew it was time to consolidate, simplify and upgrade its email security.
The challenge: fragmented protection and growing complexity
The insurer was a long-time Proofpoint customer that used Email Fraud Defense (EFD) to protect against their domain being spoofed. To bolster detection against targeted Microsoft 365 attacks, they had also deployed Abnormal AI several years earlier.
But over time, the company’s security landscape—and its risk profile—evolved.
And its security operations center (SOC) faced growing challenges:
- Operational strain. Analysts were spending too much time managing vendor integrations instead of proactively hunting threats.
- Limited visibility. Disconnected point solutions delivered fragmented views. This made it difficult for analysts to trace threats across email and collaboration platforms.
- Too many tools and dashboards. Each platform had its own console as well as its own reporting format and requirements for integration.
The objective: consolidation without compromise
As the company’s security matured, its leadership made a strategic decision. It needed to streamline the email security stack to reduce cost, complexity, and risk.
This was its wish list:
- One platform for email security across detection, authentication, and data protection
- Fewer contracts and integrations to manage
- Unified visibility across email, collaboration, and data
Satisfied with Proofpoint EFD, the insurer looked to Proofpoint as its preferred platform for this project. The Proofpoint portfolio had expanded since they had become a customer to now include API-first email protection, ZenGuide Security Awareness, and Adaptive Email DLP to stop misdirected emails and hidden exfiltration. As a result, the company could finally bring all their critical capabilities together.
The evaluation: head-to-head comparison
It was important to the SOC team that consolidation didn’t come at the expense of security efficacy. So, before fully migrating to Proofpoint, they ran the Proofpoint Core Email Protection API in parallel with Abnormal’s system to directly compare them.
The insurer evaluated Proofpoint’s expanded platform, including:
- Core Email Protection API for threat detection, investigation, and response
- Adaptive Email DLP to automatically stop sensitive data loss
- ZenGuide Security Awareness to strengthen human resilience
During testing, the SOC team kept Abnormal in production and evaluated Proofpoint in a side-by-side comparison. Here’s what they found:
- Proofpoint identified 20% more threats than Abnormal during the evaluation period.
- The platform also detected employee data exfiltration to personal email accounts—activity that had previously gone unnoticed.
- Analysts reported faster triage times and clearer incident context thanks to integrated threat intelligence and unified alerts.
Proofpoint vs. Abnormal
In short, Abnormal provided detection capabilities, but Proofpoint offered broader, more integrated coverage that addressed the full scope of email and data security.
|
Proofpoint capabilities |
Abnormal |
|
Detect and prevent threats across inbound, outbound, and internal emails |
Detect threats for inbound and internal email only |
|
Combine message authentication, email threat protection, DLP, and security awareness in one platform |
Provides email threat protection only |
|
Provide centralized visibility and reporting |
Provide separate dashboards requiring manual correlation |
|
Use global threat intelligence from 2.8 million customers |
Use threat intelligence that’s limited to Abnormal’s ~3,500 current customers |
Proofpoint’s platform delivered full-spectrum email and collaboration security. As a result, the insurer could confidently consolidate vendors without sacrificing detection or control.
Why Proofpoint came out ahead
The insurer’s decision to fully consolidate on Proofpoint came down to three key differentiators:
- Superior threat detection. Proofpoint’s multilayered approach—spanning email, cloud collaboration tools, and internal traffic—delivers stronger, earlier detection of targeted threats.
- Broader coverage. Beyond inbound protection, Proofpoint’s capabilities extend to authentication, data loss prevention, and user education, which provides a holistic defense.
- Simplified operations. With Proofpoint’s single, integrated platform and shared intelligence across modules, the SOC gains visibility and efficiency. This reduces noise and frees resources for strategic initiatives.
The results: simplified security, strengthened protection
Since switching to Proofpoint, the insurance provider has achieved several measurable improvements:
- Improved threat visibility. Consolidated reporting provides end-to-end insights across email and collaboration tools.
- Greater efficiency. Analysts report fewer false positives and faster investigations.
- Reduced vendor sprawl. The company combined three platforms into one unified Proofpoint ecosystem.
- Enhanced user resilience. Targeted awareness training delivered by Proofpoint ZenGuide helps users identify more threats.
In short, the insurer achieved what it set out to do: it deployed simpler, stronger, and smarter email security.
Conclusion
By consolidating with Proofpoint, the insurer aligned its security posture with its operational goals—strengthening detection while reducing complexity. The partnership delivered not just improved protection, but peace of mind in an environment where trust is everything.
Ready to reduce vendor sprawl and strengthen your defenses?
Explore how Proofpoint Prime Threat Protection delivers unified detection, automation and visibility—so your SOC can focus on stopping threats, not stitching together point solutions.
