Leading Paper Manufacturer

The Challenge
Staying secure through growth

This manufacturer employs approximately 14,000 people across more than 60 locations in North America and serves customers in 90 countries. The company produces roughly three billion board feet of lumber and other products each year. Protecting operations at this scale requires a strong, consistent security posture.

“Our biggest concerns are malware threats, and phishing and credential phishing are also high on the list,ˮ said the senior threat intel analyst. “We are also facing a lot of voice attacks, such as telephone-oriented attack delivery (TOAD), as well as supplier threats. Like any organization with public-facing accounts payable departments, we have had a ton of invoice fraud attempts.ˮ

As this company grew through acquisition—adding thousands of employees and more than 15,000 mailboxes—security became harder to manage. Newly acquired companies brought their own tools and vendors, creating fragmented visibility and increasing operational overhead. Each solution required its own console, workflows and integrations, slowing investigations and making security harder to manage.

The Sr. threat intel analyst and his team needed to simplify the environment while gaining better insight into threats so they could do more with fewer tools and less manual effort.

The Solution
A unified approach to stopping human-centric threats

The organization had already experienced success using Proofpoint security products like Proofpoint Targeted Attack Protection (TAP), Threat Response Auto-pull (TRAP) and Nexus People Risk Explorer (NPRE). When the team evaluated options to consolidate security, Proofpoint Prime Threat Protection emerged as the strongest choice.

Other vendors offered limited protection in isolated areas, but lacked the breadth, depth and integration they needed. “Abnormal provided account compromise protection, but they were not able to offer layered solutions to support multiple vendors,ˮ said the Sr. threat intel analyst.

Proofpoint Prime Threat Protection brings together multiple threat defense capabilities into a single, human-centric platform. It identifies and remediates account takeovers, supply chain threats and impersonation attacks using a unified workflow. Nexus AI enables detection across email, messaging, cloud apps and collaboration tools—protecting employees wherever they work.

Because the organization already used several Proofpoint products, deployment was fast and straightforward. The platform integrated seamlessly with the companyʼs CrowdStrike security information and event management (SIEM) system. “A lot of components were already set up, and we had previously integrated them,ˮ the analyst said. “We just added in fields to pull in the CrowdStrike SIEM. I didn't have to do a single thing.ˮ

In addition to threat protection, the manufacturer uses Proofpoint ZenGuide to deliver targeted, risk-based security awareness training that helps employees recognize and avoid threats in real time.

“We do awareness training and regular phishing simulations that are both targeted and broad,ˮ the analyst explained.

The Results
Saving time & reducing security costs

With Proofpoint Prime Threat Protection in place, the manufacturer strengthened its security while reducing the number of tools and vendors it relied on. This streamlined approach saved both time and money.

“For a company of our size, replacing Abnormal has probably saved us almost US$250,000,ˮ said the analyst. The manufacturer also gets stronger protection against multifaceted attacks, including account compromise, supplier threats and business email compromise (BEC). Unlike previous tools, Proofpoint delivers actionable context so the team can see why an alert triggered and what action to take.

“With Proofpoint, we have supplier threat protection that is automated, with a lot more granular detail,ˮ said the analyst. “Itʼs much better than what we had with Abnormal.ˮ

The analyst and his team especially appreciated the additional detail that Proofpoint provides when identifying a supply chain attack.

“Proofpoint can show the justification for the alert. This makes it clear that the attacker is trying to direct us to the wrong site to respond. Proofpoint collects all the open source intelligence (OSINT) for me, and weʼre done.ˮ

Reducing vendor sprawl also simplified integrations and day-to-day monitoring.

“I use a defense-in-depth approach, and having just one vendor really benefits us through cost savings and time savings,ˮ said the analyst. “Setting up an additional vendor for our SIEM more than doubles the time we need, because I have to do a use case for each.ˮ

With Proofpoint in place, the organization has a more consistent, manageable security posture—one that supports growth while protecting its people, data and manufacturing operations.