Energy and infrastructure create the foundation of our modern world. We interact with these services so frequently they often blend into the background of our daily lives. It becomes easy to forget that behind the buildings, transportation and energy services that we rely on, there are entire companies managing and maintaining them.
But who makes sure those companies can safely do their work protected from human-targeted cyberattacks?
One of Proofpoint’s customers in the infrastructure management industry recently asked themselves that exact question. Using both data and real-world experience to compare Proofpoint and Abnormal Security email security solutions, they came to an unsurprising conclusion.
The situation: where Abnormal falls short
Our customer spent years relying on a combination of Microsoft E3 and E5 security tools. During this time, they saw the volume of their incoming email-borne threats increase exponentially. Even though they had dedicated staff who remediated missed and user-reported messages, the workload became too much for their security and IT teams to manage.
To fill the growing gaps in their security, our customer initially opted for Abnormal Security. Although they found Abnormal’s trial results impressive at first, they quickly found their product inadequate for their live production environment.
With billions of dollars in revenue and thousands of employees to protect, our customer had good reason to be concerned. The following are some threat examples that they saw landing in user inboxes daily with Abnormal:
- Complex URL-based threats. These attacks guide victims through multistep links to a malicious webpage. They include extended URL-to-URL (U2U) attack chains and strategic URL redirection, and they are extremely difficult for basic email security tools to follow. This makes it more likely for bad actors to be successful. In fact, Proofpoint Threat Research data shows that URL threats have more than doubled, up 119%, over the last three years.
- Spear phishing. Our customer noticed both companywide low-level phishing attacks and highly specialized advanced phishing focused on specific, important individuals. Phishing threats like these can lead to a host of other cyberattacks and are the No. 1 threat human-targeted threat by volume.
- Malware attacks. Malware, like ransomware, is often a consequence of such unobstructed phishing attacks. Without the ability to analyze URLs or sandbox attachments, the customer had to fight malware threats on two fronts. Not only did they have to manage malware threats directly in their inboxes, but they also had to deal with links that lead to malware infected sites, like those containing SocGholish.
These threats would be worrying on their own. But Abnormal’s deficiencies didn’t stop there. Our customer noted an unusually high number of false positives. These are legitimate messages sent to quarantine that hinder regular business communications.
When the customer raised these issues with Abnormal, they were met with disinterest or silence. They described ineffective conversations with untrained and outsourced support personnel. Often their calls went unanswered all together. After being rescheduled and stood up, their SOC team had enough. Less than six months into their initial contract, they turned to Proofpoint.
Results: Proofpoint delivers what Abnormal only promises
The team began their evaluation of Proofpoint with open eyes and clear decision criteria. They were committed to finding the ideal partner to complement their Microsoft email environment. Below are the key areas where they compared Proofpoint and Abnormal.
Comprehensive and continuous detection efficacy: Proofpoint wins
Results: Proofpoint detected nearly 260,000 spam emails and potential threats that Abnormal had missed over the two-week evaluation period.
Proofpoint provided advanced protection from malicious URLs and additional visibility that gave the customer insights into issues that they didn’t know they had. Issues like telephone-oriented attack delivery (TOAD) threats, QR codes in attachments and more being delivered to users. On top of that, Abnormal identified 2,400 potential false positives which the security team had to manually review. In contrast, Proofpoint boasts an industry-leading false positive rate of less than 1 in 19.7 million messages.
These results are partially due to Abnormal’s heavy reliance on Microsoft’s inadequate email filtering and analysis. Abnormal cannot sandbox URLs, leaving users vulnerable to threats in links and URL redirects like phishing and malware. This—coupled with the critical nature of our customer’s work and the long dwell times—led them to believe that Abnormal presented an unacceptable risk. This reinforces Proofpoint’s own threat research. We’ve found that 1 in 7 clicks on dangerous links happen within just 60 seconds of an email’s arrival.
What this security team determined to be a crucial need for pre-delivery defense led them to Proofpoint. That’s because Proofpoint features the industry’s only URL sandboxing which detonates threats in links before they’re delivered. But Proofpoint’s protection goes beyond stopping URL threats before the inbox.
Our Proofpoint Nexus detection stack identifies and stops the widest range of modern cyber threats pre-delivery, post-delivery and at the time of click. Rather than only relying on behavioral algorithms, Proofpoint offers a wholistic and continuous approach whichallows us to apply the right technique to the right threat at the right time.
Ability to streamline operations: Proofpoint wins
Results: Even before onboarding, Proofpoint began automatically remediating more than 80% of identified and user-reported messages.
While this number has since improved, it quickly and significantly freed up security resources for our customer. Almost immediately, full-time employees who were dedicated to email response could start working on higher priority projects. According to internal Proofpoint research, this reflects a broader trend for our customers. On average, they see their time spent on remediation activities decrease by more than 90%.
Proofpoint data shows that Abnormal not only struggles with efficacy but also with accuracy. The false positives mentioned above, though frustrating, are typically straightforward to triage. The greater risk comes from false negatives—malicious emails that slip past Abnormal’s detection stack. They force administrators to manually identify and remove them before they cause harm. For organizations that are already struggling with limited resources, this ongoing additional maintenance becomes unsustainable in the long term.
Proofpoint stops more malicious and unwanted messages, which reduces the number of incidents that security and IT teams need to investigate. Customers who switch to Proofpoint see 30% more malicious messages blocked on average. When we focus on Abnormal customers, the number can be as high as 75-80%. In addition, we automate abuse mailbox management, including workflows for responding to user-reported messages. This additional efficiency is included in Proofpoint Core Email Protection, but it costs extra with Abnormal.
Collaborative and proven approach: Proofpoint wins
Results: Proofpoint’s email security leadership spans more than 20 years and is frequently recognized by industry experts and analysts.
Because our customer experienced lagging support and technical assistance, they prioritized finding a partner with a strong reputation to act as their strategic security advisor. They praised Proofpoint's services team who managed their onboarding. This same team stayed with them well after deployment to provide training, create custom reporting and ensure their team’s success. Unfortunately, Abnormal’s support didn’t reach out to the customer until after they’d already left.
Unlike Abnormal, our all-in-house support team is always available. We have service centers around the globe with support personnel located in APAC, EMEA and North America. Additional assistance is available through Proofpoint Premium Services (not offered by Abnormal). Our managed email protection can take over responding to incidents, managing mail flow and more. This cooperative approach results in our 90%+ retention rate for existing customers.
Finally, by partnering with Proofpoint, this customer instantly became part of our larger Proofpoint community. They gained access to our tech leader roundtables and industry-specific security councils where CISOs and practitioners trade advice and share ideas. Proofpoint’s credibility with experts and the broader market quickly made our customer feel at ease.
Lessons for security leaders
Through the evaluation, we found that Abnormal missed 92% of malware threats, 45% of URL-based threats and 36% of phishing attacks that were captured by Proofpoint.
Our customer expressed frustration with these missed threats, which put users at risk. Their high false positive rates consumed their limited security bandwidth. And their lackluster support left the customer with little to no options for long-term success.
After experiencing Proofpoint’s human-centric security and reviewing the data, our customer’s decision was simple. They signed a multiyear contract with us upfront. Since then, they have begun supplementing their security strategy with email authentication, impersonation protection, and more to better protect their people and business.
Ultimately, modern enterprises cannot rely solely on niche security tools. Instead, they need a comprehensive approach to security that covers every stage of the email lifecycle from the moment an email is sent to the instant a user interacts with it and beyond.
Proofpoint’s continuous, end-to-end detection offers a level of protection that surpasses narrowly focused security tools like Abnormal. For energy and infrastructure leaders whose services the world depends on, adopting a defense-in-depth strategy isn’t just an upgrade—it’s essential.
Take the next step to protect your people and business from human-centric cyberattacks. Learn more about Proofpoint Threat Protection.
