When Proofpoint Fell Short: Why a Fortune 500 Insurance Provider Turned to Abnormal for Advanced Threat Detection

• Industry: F500 Insurance Provider

• Mailboxes: 25,000+

• Email Infrastructure: Microsoft 365 E5 + Proofpoint Secure Email Gateway + Abnormal Human Behavior AI Platform

Abnormal transformed this Fortune 500 insurance provider’s overall security stack, offering more comprehensive protection and detecting advanced attacks that its Proofpoint SEG was failing to catch.

Positioned downstream in the mail flow, Abnormal detects only threats that bypass the gateway, capturing data that demonstrates the SEG’s shortcomings, including:

• Detection Efficacy:

  • During a three-month period, Abnormal detected 6,454 malicious messages that Proofpoint missed, including 4,791 phishing attacks and 42 business email compromise attacks. Abnormal also detected 18 account takeover cases where email accounts had been successfully compromised.

• Workforce Productivity Impact:

  • Over that same quarter, the company’s employees received more than 13.3 million graymail messages. Without an effective graymail filtering solution, these emails would have cluttered inboxes and required significant time for manual deletion.

• SOC Productivity Impact:

  • Within this timeframe, employees reported 5,117 emails for review. Since each email takes an average of 15 minutes to manually review, the SOC faced a potential loss of up to 426 hours of productivity each month without AI-powered automatic remediation.

With Abnormal’s AI fortifying its security framework, this insurance leader has reduced its risk, increased its efficiency, and boosted SOC productivity.

Abnormal’s behavioral AI analyzes thousands of signals to baseline normal employee and vendor behavior and identify high-risk anomalies with precision—protecting the organization from sophisticated attacks that traditional defenses like Proofpoint can miss.

• Risk Avoidance:

  • Based on the number of attacks identified for remediation, the average compromise rate Abnormal has observed for the customer’s industry segment*, and the average cost per incident**, the malicious emails missed by Proofpoint during the three-month period could have resulted in estimated total annual losses of more than $650,000 if similar undetected attacks had continued at this pace.

• Increased Inbox Efficiency:

  • Abnormal’s AI automatically learned user preferences and decluttered employee inboxes; this functionality saved employees up to 6,193 hours per month*** in a single quarter.

• Improved SOC Productivity:

  • Abnormal’s AI Security Mailbox fully automated the handling of user-reported emails. Because each email previously required an average of 15 minutes of SOC analyst time to review, this freed up an average of 341 SOC hours per month during the one-quarter observation period—freeing up the capacity of approximately 2 additional full-time employees.

Because of Abnormal, this insurance provider can now feel more confident in its defense-in-depth security stack. Implementing the Abnormal Human Behavior AI Platform ensures that additional attacks are stopped, more employee time is saved, and the SOC team is freed to focus on higher-priority tasks.

Customer Testimonial: "Abnormal analyzes the content of the email using many signals, including urgency, unusual sending patterns or behaviors, and other components not easily detected by humans. Abnormal was added as an additional layer of protection for its behavioral AI and ML approach and how it helps prevent attacks intended to exploit human vulnerability"

Find out why enterprises across industries are moving from Proofpoint to Abnormal. Get started with a demo today, and we’ll show you the proof of the Abnormal value.

* Source: Abnormal Internal Operations Data

** Source: Average cost figures taken from the following third-party studies: NetDiligence Cyber Claims Study 2023 Report, 2023 Unit 42 Ransomware and Extortion Report, IBM Cost of a Data Breach, The Parallax View

***Based on the following calculation: 13,377,048 graymail messages * 5 seconds required to read each message