us:
English: Americas
Key takeaways
- A construction firm still saw phishing, spam, and account takeover attempts even after deploying Abnormal’s API solution behind Barracuda.
- Proofpoint exposed advanced threats that both these solutions missed.
- After a POC, the firm decided to consolidate its email, SaaS, and supplier risk protection with Proofpoint.
Construction projects move fast, and email is the backbone of that momentum. Distributed teams, rotating subcontractors, new suppliers, and tight deadlines all rely on email and SaaS tools to coordinate bids, contracts, and payments. When those systems are compromised, the impact spreads quickly across projects and partners—and affects the bottom line.
For one growing construction services firm, their cybersecurity solutions missed enough threats that collaborating with email became a liability. After layering Abnormal’s API-based solution on top of Barracuda’s secure email gateway (SEG), the company still faced persistent phishing, spam, and account takeover attempts.
A year into deployment, it was clear that their dual-vendor approach wasn’t fully protecting them. That realization ultimately led them to replace Barracuda and Abnormal with Proofpoint—consolidating on a single, more effective platform.
The challenge: disparate tools, persistent threats
The firm used Barracuda as its email gateway. A few years earlier, they had run a Proofpoint SEG proof of concept (POC). This POC had uncovered that a significant amount of credential phishing activity, as well as a large volume of spam, was bypassing their defenses. At the time, their internal capacity had some constraints, so they had not been able to migrate to another solution.
Instead, they adopted Abnormal’s API solution to catch what Barracuda missed. But after a year of running both together, phishing and spam were still consistently reaching users’ inboxes. Highly evasive phishing attacks continued to slip past Abnormal’s detection. What’s more, the firm experienced multiple account takeovers—some of which reached downstream SaaS applications.
At the same time, the team was constantly switching between consoles to investigate and respond, depending on where they thought certain threats and emails had been quarantined.
It became clear that post-delivery API detection alone wasn’t enough, and that they needed an integrated approach. They needed stronger pre-delivery protection and a better defense against account compromise threats.
A strategic shift: focus on account takeover and defense in depth
The evaluation of the three solutions was focused on account takeover capabilities. The firm’s top priority was protecting user identities and preventing compromised credentials from impacting SaaS applications. They wanted:
- Stronger pre-delivery email protection
- Superior account takeover detection and automated remediation
- A layered, defense-in-depth security architecture
- Visibility into third-party supplier risk
They also wanted to simplify. When they had run Barracuda and Abnormal together, their environment’s complexity had increased, but their risk had not decreased.
Why Proofpoint won over Abnormal and Barracuda
During testing, the differences between each solution became clear.
Proofpoint demonstrated stronger pre-delivery protection. It identified phishing threats that both Barracuda and Abnormal missed. The firm’s security team saw firsthand how blocking threats before they reached users limited employee exposure to malicious emails. Plus, it eliminated much of the downstream investigation and remediation work, which significantly shortened response times.
Abnormal’s API-based solution handled malicious messages only after they landed in inboxes. In contrast, Proofpoint stopped many of those messages earlier—a proactive approach that had an immediate impact.
Account takeover protection was another decisive factor. During the POC, Proofpoint showed how compromised accounts could be identified and contained quickly. And automated remediation workflows reduced manual effort. Application lockout capabilities helped prevent attackers from spreading into SaaS tools after initial access. Proofpoint also gave the security team clear visibility into at-risk users.
Compared to Abnormal, the response was broader, faster, and more automated. For a firm that was focused on protecting its identities to prevent fraud, the difference mattered.
What the firm observed during the evaluation
As the evaluation progressed, the security team compared results across several critical areas:
|
Capability |
Barracuda + Abnormal |
Proofpoint |
|
Phishing protection |
Advanced threats continued reaching inboxes |
Blocked advanced phishing before delivery |
|
Detection model |
Primarily post-delivery API analysis |
Layered, pre- and post-delivery protection |
|
Account takeover response |
Alerts, but limited automated containment |
Automated remediation and application lockout |
|
SaaS application protection |
Gaps in downstream visibility |
Broader protection across collaboration apps |
|
Supplier risk visibility |
No third-party compromise insight |
Supplier Threat Protection with proactive alerts |
|
Vendor footprint |
Multiple vendors required |
Unified protection under one platform |
For the security team, the results were clear. Proofpoint delivered stronger protection earlier in the attack chain, deeper account defense, and broader visibility across their collaboration ecosystem.
Consolidating with Proofpoint Prime
What began as an email security evaluation evolved into a much larger modernization effort. After seeing Proofpoint outperform both Abnormal and Barracuda, the firm decided to consolidate. They replaced both vendors with Proofpoint and fortified their cybersecurity by adopting Proofpoint Collaboration Security Prime. They expanded protections to include advanced account takeover protection and Proofpoint Supplier Threat Protection. As part of the transition, they decommissioned KnowBe4 and consolidated on ZenGuide.
Ultimately, adopting Proofpoint Collaboration Security Prime allowed them to bring collaboration security under a single, integrated platform. The move reduced vendor sprawl and simplified management. More importantly, it delivered stronger protection across the organization.
The results: a decisive competitive win
By choosing Proofpoint over Abnormal, the construction firm significantly reduced the number of phishing and spam messages that reached user inboxes. Account takeover attempts were detected and remediated faster. SaaS application risk declined. And the security team had better visibility into supplier compromise. Overall, security improved, while operational complexity decreased.
Instead of layering API-based threat detection on top of a legacy gateway, the firm now operates with a unified, human- and agent-centric platform that’s designed to stop threats before and after delivery.
Building a more resilient collaboration environment
After a year of running Abnormal alongside Barracuda without solving their core security problems, this firm chose a different path. With Proofpoint, they strengthened their defenses, reduced third-party risk, and simplified their security architecture.
For construction firms evaluating API-only email protection solutions, the takeaway is clear: post-delivery detection alone is not enough. Stopping modern threats and protecting user accounts across cloud and SaaS applications requires a unified, defense-in-depth platform. In this evaluation, Proofpoint delivered.
Ready to strengthen your email and collaboration security?
If your organization is layering tools but still seeing phishing reach inboxes, it may be time to rethink your approach. Proofpoint helps organizations stop advanced threats before delivery, defend against account takeover, and gain visibility across their entire collaboration ecosystem—all from a unified platform.
Learn how Proofpoint can modernize your email security strategy and reduce the risk of account compromise.
Contact us to schedule a security assessment or request a demo.