This blog post is part of a three-part series that explores why companies are choosing Proofpoint Data Security solutions. It focuses on the unique challenges of various industries when it comes to keeping data safe.
It’s vital for organizations to protect their intellectual property. This is especially true in industries where innovation and proprietary knowledge are a competitive advantage. For one multinational chemical company that was preparing to split into three independent businesses, it became a critical mission to gain control of its sensitive data.
This blog post explores how this company overcame its Microsoft data security challenges and strengthened its data protection strategy with Proofpoint.
The challenge: managing data amid a complex spin-off
As this Fortune 500 company planned to split off into three publicly traded entities, the CISO faced the pressing task of mitigating insider data loss risks. Because it already had a Microsoft E5 license, the company initially used Microsoft Purview for data loss prevention (DLP). After all, Purview was included with their license at no extra cost. So why invest in another DLP tool?
But within the first six months the CISO's team found that Purview had numerous, critical shortcomings. They included:
- Operational inefficiencies. To analyze data, Purview needed to have predefined written policies—a rigidity that made it labor-intensive.
- Inadequate alerting. Purview's alert options were not flexible. This was particularly true when it came to detecting insider threats. For the company to get customized alerts, it needed to integrate Purview with Microsoft Sentinel, which carried significant operational costs.
- Disjointed platforms. To manage insider data loss, its team had to navigate multiple Microsoft consoles. This complicated the team’s workflows and wasted valuable time.
- Fallback to manual processes. Frustrated by these limitations, the team resorted to building a custom tool to extract data from Purview and using Excel spreadsheets to manage insider threats—a far cry from an optimal solution.
In the words of the company’s cybersecurity leader, “If I use Microsoft as the primary platform for data protection, I’m putting my company at risk for data loss.”
Immediate results with Proofpoint
By selecting Proofpoint Enterprise Data Loss Prevention (DLP), the company achieved immediate, tangible improvements. During the proof of concept (POC), Proofpoint revealed critical vulnerabilities that Microsoft missed, such as:
- Unprotected Microsoft SharePoint Online. Documents were accessible to anyone with a link
- Unauthorized data sharing. Employees were found sharing sensitive data via personal email accounts.
- Undetected account takeovers. The company had no visibility into account takeovers.
Once Proofpoint was fully deployed, the results were striking:
- Dramatic reduction in data loss. The company reduced data loss from 2,000 GB (or 200,000 files) per month to blocking 4,000 high-risk events monthly.
- Streamlined operations. Our unified console significantly enhanced operational efficiency. Not only did Proofpoint make it easier to triage alerts across cloud, endpoint and email systems, but our console also sped up investigations and responses.
- Simplified exclusion management. Writing exclusions in Purview took 30 minutes and could take up to a day to deploy. With Proofpoint, exclusions were written in 10 minutes and rolled out to users within 20 minutes.
- Accurate alerting and investigation. Proofpoint delivered dramatically lower false positives and investigations that were seamless—all within a single dashboard.
Why Proofpoint: efficiency, time to value and visibility
Ultimately, the company chose to complement Purview with Proofpoint in their environment. The reasons for its decision came down to three factors.
1. Operational efficiency
Our human-centric approach provides deep insights into user intent as well as patterns around data access. We also provide content- and context-based rules, which ensure that data loss incidents are accurately detected while false positives and negatives are minimized. What’s more, our unified dashboard simplifies workflows. As a result, their team’s investigations have been reduced from 36-40 per month down to zero.
2. Time to value
After spending six months struggling with Purview, the company quickly realized positive results with Proofpoint. Not only was deploying Proofpoint straightforward, but our alerts were trackable right out of the box.
Microsoft Information Risk Management (IRM) requires a separate agent for screen recordings and complex configurations. Compare that to Proofpoint Insider Threat Management (ITM), which has a dual-purpose agent fully integrated with Proofpoint Endpoint DLP. This design simplifies processes and saves time.
3. Visibility
Missed data loss events can sink any DLP program. Proofpoint unifies the telemetry across email, cloud applications and endpoints. As a result, analysts get key context that enables them to interpret data events effectively. Although Purview offered some context, its multiple dashboards and complex integrations led to missed incidents.
When “free” really isn’t free
Proofpoint helped the company mitigate significant risks. During the POC, our team designed an insider threat program with specific use cases and assisted in policy creation. In the process, it became clear that Purview could not meet the company’s insider threat mitigation needs. What’s more, Microsoft was simply unable to match our level of involvement.
In the end, the company’s cybersecurity leader was able to make her case to management for investing in Proofpoint by showing how it helped to save on costs and improve operational efficiency.
“Free doesn’t always mean it’s a good thing,” she said. “Proofpoint costs money, but it comes with value and efficiency.”
Learn more
To find out how other companies are using Proofpoint to protect their sensitive data from risky users, read the other blog in this series:
For an analyst point of view on Microsoft Purview, download the complimentary Gartner® report, Demystifying Microsoft’s Data Security Capabilities and Licensing.