Proofpoint Gets Acquired – Now What?

In April 2021, private equity firm Thoma Bravo announced its intention to acquire Proofpoint for $12.3 billion, the largest private equity cloud software acquisition in history. While investors and Wall Street reacted positively to the news judging from the jump in Proofpoint’s stock shortly after the announcement, it is still unclear how Proofpoint customers will fare post-acquisition.

We can only speculate as to what Thoma Bravo has in mind for the future of third email security vendor in their portfolio (particularly with Barracuda and Sophos already part of the Thoma Bravo family), but there are still some undeniable facts customers and prospects should be aware of based on prior private equity transactions.

Read on for what you can expect following the acquisition, and why now is the perfect time to consider upgrading your email security.

Uncertain Future

Both Proofpoint and Thoma Bravo expect the acquisition to close during the third quarter of 2021. In this near term timeframe, it is unlikely Proofpoint will make any drastic advances to its products, but customers will likely continue to experience effects of the deal long afterwards as the company adopts new strategies. For any company, mergers and acquisitions distract from a focus on the product. For customers, this can translate to uncertainty or slowdowns in product roadmap and future innovations. And while Proofpoint may prove to be an exception, previous private equity acquisitions have resulted in less customer support, less R&D spend, cost cutting around sales and marketing functions, and internal churn which may impact customers.

However, threat actors do not wait for corporate realities. With new threats moving at a dynamic pace, organizations cannot afford to risk missing a new attack due to Proofpoint’s product inactivity. On the bright side, organizations can take this opportunity to re-evaluate email security strategies. Considering that Proofpoint products will be relatively static during this period, this may be the perfect time to upgrade. When it comes to modernizing cloud email security, organizations have two primary options.

Option 1: Re-Evaluate Your Cloud Email Security Architecture

As cloud adoption continues to grow and organizations turn to cloud-based email providers, a traditional Secure Email Gateway (SEG) approach to email security becomes increasingly less relevant. Built on hosted hypervisors with limited dynamic scaling capabilities SEGs like Proofpoint can struggle to keep critical business email traffic flowing while detecting and stopping email-based attacks at the same time.

Modern, cloud-native email security architectures are much more resilient and can dynamically manage traffic spikes. These architectures also integrate seamlessly with cloud-based email providers like Microsoft 365 and Gmail. For organizations wanting to continue a cloud-forward strategy, it makes sense to take this opportunity to upgrade to a cloud-native email security infrastructure.

Option 2: Implement an Augmentation Strategy

Organizations who want to keep their Proofpoint architecture can still close security gaps and guard against risks from Proofoint’s business uncertainty by adopting augmenting security solutions. By first conducting a gap analysis of Proofpoint’s existing email security controls, you can determine security weaknesses, such as detection of malware-less business email compromise (BEC), supply-chain attacks, ransomware and low-volume targeted attacks, and add a reinforcement layer with a dedicated solution capable of stopping these hard-to-detect attacks.

At Area 1 Security, our cloud-native architecture and superior detection capabilities have earned us praise from analysts, like Gartner and GigaOm, and customers alike. Capable of detecting attacks 24 days before industry averages and blocking 30% more attacks than leading SEGs, our flexible deployment options allow for direct integration with cloud email providers for cloud-native email security. Alternatively, customers can also use Area 1 to augment Proofpoint (or other existing email security solutions) the attacks Proofpoint misses from reaching inboxes.

Despite the current business uncertainty, Proofpoint customers can still remain protected from advanced targeted attacks with Area 1 Security. To conduct a Gartner-recommended gap analysis and see what attacks Proofpoint is missing or to bolster your current email security stack, schedule a complimentary Phishing Risk Assessment with our technical team.


Kevin Wilson is a Sr. Product Manager at Area 1 Security. Throughout his 15 year in Cyber Security, Kevin has been an Analyst and Engineer in various organizations such as the U.S Navy, First Data, and Lowe’s. Previously he served as the Global Information Security Officer at Guess? Inc as well as a Product Manager for McAfee.

Democratizing email security: protecting individuals and businesses of all sizes from phishing and malware attacks

Since Area 1’s inception, our mission has always been to eliminate the #1 source of cybersecurity incidents — phishing attacks.

Phish of the Week: The power of Cloudflare + Area 1 Security

Since Area 1’s inception, our mission has always been to eliminate the #1 source of cybersecurity incidents — phishing attacks.