In today’s fiercely competitive environment, keeping an organisation’s crown jewels safe is a C-level imperative. And it’s easy to see why: data is the lifeblood of every organisation. What’s more, it’s what differentiates it from competitors. This is especially the case for services companies, which rely on scalability, speed and partnerships for their success.
In this blog post, we share insights from a global Fortune 500 services company about why they chose Proofpoint over Microsoft to protect their sensitive data from risky users.
A growing business brings increased risks
When the company first reached out to Proofpoint, it was facing several challenges that were driving its need to better protect its data.
For starters, it was experiencing strong demand and scaling rapidly in response. As a leader in business services, the company’s supplier contracts and business processes contain intellectual property that fuels its efficient service delivery model. Yet, as the business grew and became more complex, there was an increased risk for data loss and business disruption. The CISO knew this and wanted to be proactive about managing these risks.
The company also needed to address audit findings that were associated with data loss and, in doing so, improve its cybersecurity posture. The CISO knew he would need to implement a DLP programme enabled by a solution that provided visibility across cloud, email and endpoints. However, he didn’t have the expertise to do this in-house—and worse, he didn’t know how to get started.
Data classification: myth vs reality
A Microsoft E5 customer, the company initially reached out to the vendor for assistance. In response, Microsoft informed them that to accurately start protecting data, it would first need to classify and label all its data. With terabytes and terabytes of data, the idea of classification quickly became a daunting task. And that wasn’t the only hurdle. The effort would also need to involve the legal team, which would need to agree to the classification process. This could further delay the project.
Aware of how long this could all take, the company consulted Proofpoint. We provided a different perspective and exposed the myth that all data needs to be classified before it can be protected.
With Proofpoint Enterprise Data Loss Prevention (DLP), you can start protecting your data on Day One; data doesn’t need to be classified to be detected. Instead, DLP rules and detectors can identify sensitive data movement and risky behaviour in real time and generate alerts. DLP analysts can correlate and triage alerts to determine the user’s intent and take the appropriate response. With this approach, the company could start benefiting from Proofpoint DLP instantly.
Immediate results with Proofpoint
The hosted proof of concept (POC) with Proofpoint lasted less than two weeks. During that time, the scale of risky behaviour quickly became apparent. Thanks to the visibility provided by Proofpoint, the CISO and security team could see the risks in their environment right away. This was a stark contrast to the arduous task of classification, which the company had undertaken with Microsoft in parallel to the POC.
Several findings during the POC validated assumptions by the CISO. He had suspected that data was leaking from the company. However, this was the first time he could see it happening. Proofpoint revealed that an HR employee was forwarding resumes and applications to their home computer. Based on the nature of the content, this was a clear violation of company policy, raising suspicion.
One of the POC’s most revealing data points was the high volume of alerts that were generated by users who were browsing generative AI (GenAI) websites. In addition, the POC uncovered six instances of potential cloud account compromises, which resulted in three files being abused post-compromise by an attacker. What’s more, 11 emails were sent to the wrong person, which had the potential to result in data loss.
|
Use Case |
DLP Channel |
POC Findings |
|
Data loss via GenAI sites |
Endpoint |
Over 700 alerts of users browsing to GenAI sites |
|
Account compromise |
Cloud |
6 suspicious logins and 3 abused files |
|
Email misdelivery |
|
11 misdirected emails |
Summary of POC findings.
Standing up a DLP programme
The CISO decided to invest in Proofpoint Enterprise DLP but was facing a dilemma: how would the solution be deployed and optimised going forward without any DLP expertise in house?
Proofpoint guided the company through the basics of how to start a successful DLP programme. Most importantly, a DLP programme goes beyond technology—it also includes processes and people. Proofpoint provided details about the deployment process, which includes:
- Identifying critical use cases
- Reviewing and refining policies
- Implementing business logic
As a result, the company chose to partner with Proofpoint Managed Information Protection, which provides a team of experts to optimise the DLP programme on a continuous basis.
Why Proofpoint: value, visibility and expertise
The company chose Proofpoint over Microsoft because it met their business objectives. Namely, it wanted to scale at speed and decrease its risk at the same time by protecting its sensitive data. Here’s how the CISO summed up this decision:
“We chose Proofpoint [to help us stand up a DLP programme] because we feel like it’s the best value. Some people like to haggle on price to get the value. I prefer to go with the right solution and the right team that will help us be successful. That’s why I chose Proofpoint as our partner in this initiative.”
In short, the company chose Proofpoint because we offer:
- Quick time to value. The company could start protecting data on Day One during the short POC—it didn’t need to undertake a long, cumbersome classification project first.
- Visibility. The company suspected its employees were engaging in risky behaviour and violating corporate policy. We provided human-centric, cross-channel visibility so that its security team could take action.
- Proven expertise. Proofpoint Managed Information Protection helps optimise the company’s DLP programme with a holistic approach to people, processes and technology through a combination of products and services.
Learn more
Read more about how Proofpoint can help you protect sensitive data and contain insider risks. Learn how our team of experts can help you accelerate your path to DLP maturity.