At a glance
- Within just one month of using Darktrace / EMAIL, the volume of suspicious emails requiring analyst attention dropped by 75%, saving analysts 45 hours per month on analysis and investigation.
- By offloading most manual, repetitive tasks to Darktrace / EMAIL, the company’s skilled security analysts can focus on developing new capabilities and tackling more complex, rewarding projects.
- Darktrace recently detected and blocked a highly sophisticated and personalized phishing email that spoofed a Microsoft SharePoint and Teams website and used advanced engineering to impersonate the school of an employee’s family member.
- The transition from the incumbent solution to Darktrace / EMAIL was seamless and undetectable to the company’s vast of customers and partners, reinforcing the security organization’s role as a business enabler—protecting the company and reducing risk without adding friction.
Securing a complex, distributed business without disruption
The company remains at the forefront of technological innovation and transformation; however, its success and ambitions come with the challenges of managing a distributed global business—balancing digital advancements, existing technology investments, and evolving compliance requirements.
Optimizing a complex tech stack for scalable growth
The organization operates a diverse technology stack spanning Windows, Mac, Linux, and multiple cloud environments, creating a complex and challenging IT landscape. The company’s Chief Information Security Officer (CISO) emphasizes the need for efficiency and agility. “Our goal is to scale and deliver new capabilities without increasing headcount, ensuring that costs remain proportionate to growth.”
Balancing security, governance, and business agility
Committed to responsible practices, this industry leader prioritizes secure and trustworthy technology for its customers who rely on its solutions. “Balancing business agility with governance is a constant challenge," said the CISO. "There’s always a natural push and pull, which I believe is healthy—but achieving the right balance is delicate.”
Protecting critical workflows without impacting productivity
For the organization, email is much more than just a communication tool. “Email plays a critical role in our engineering workflows and is fundamental to how we build our products.” Because of this, the company is extremely cautious about implementing any solution that could introduce friction or disrupt productivity. “There is zero tolerance for disruption, which is why we take a deliberate and methodical approach when evaluating, selecting, and deploying our tools and solutions,” he said.
More than a vendor: A security partner invested in success
To ensure an optimal security infrastructure, the enterprise security team regularly evaluates market technologies to their existing solutions. With the rapidly evolving threat landscape, the CISO said they “wanted to validate whether we still had best-in-class protection and the right controls in place to secure our organization. It was about assessing whether we could do better in our ongoing effort to fine-tuning our approach to achieve the best possible outcome.”
The team evaluated 15 different email security vendors based on the following criteria:
- Efficacy to detect threats
- Ability to integrate with existing tooling
- Ease of use
- A vendor’s approach to partnership
They initially narrowed the list to five vendors, conducting demo sessions for deeper evaluations before selecting three finalists for a proof of value (POV). “We analyzed actual malicious emails with each vendor to assess the accuracy of their detections, allowing for an objective comparison,” said the CISO. Through this rigorous process, the Darktrace / EMAIL security solution emerged as the best fit for their business. “Darktrace’s product performed well and showed a genuine commitment to partnering with us in the long-term to ensure our success.”
The team objectively understood where there were gaps across the different vendors, where they were strong, and where they could use improvement. “Based on the analysis, we knew that Darktrace / EMAIL could deliver as the data supported it, in our specific use cases.
Partnership, integrity and respect
Throughout the evaluation process, the importance of partnership and mutual respect remained an essential factor to the CISO. “I wanted a company we could develop a long-term strategic partnership with, one that could extend far deeper than just email.” A key factor in choosing Darktrace was the commitment and engagement of its team at every level of the organization. “Darktrace showed integrity, patience and a genuine investment in building a strong relationship with my team. That's why we're here today.”
“Together, we've delivered some fantastic outcomes”
For the organization, Darktrace / EMAIL has played a crucial role in reducing risk, empowering analysts, and enabling a lean, effective security strategy. “Together, we've delivered some fantastic outcomes,” said the CISO.
Reducing risk. Empowering analysts
“Within that first month, we saw a 75% drop in suspicious emails that that required manual review, which reduced the time my team spent analyzing and investigating by 45 hours per month,” said the CISO. The security team values Darktrace / EMAIL not only for its ease of use but also for the time it frees up for more meaningful work. “Giving my team the opportunity to tackle complex challenges they enjoy and find more stimulating is important to me.” As they continue to fine-tune and optimize balance levels within Darktrace / EMAIL, he expects even greater efficiency gains in the coming months.
Maximizing protection while staying lean
It’s important for the security group to be proportionate with their spending, said the CISO. “It's all about what is enough security to enable the business. And that means, as our organization grows, it's important that we are as lean and as efficient as possible to deliver the best outcomes for the business.” Embracing an AI-powered automated approach is an essential component to achieving that goal. By offloading most manual, repetitive tasks to Darktrace / EMAIL, the company’s skilled security analysts can focus on more strategic and proactive initiatives that enable the business.
Protecting employees from advanced social engineering threats
Recently, Darktrace detected a malicious email targeting an employee, disguised as a spoofed Microsoft SharePoint and Teams website. What made this attack particularly sophisticated was its personalization — it impersonated the school where the employee’s family member attended. Unlike mass malicious emails sent to thousands of people, this was a highly targeted attack, leveraging advanced social engineering tactics to exploit connections within the education system and between family members.
Protecting without disrupting
A seamless migration is often overlooked but is critical to success for any organization, said the CISO. With a wide ecosystem of partners, email is a highly visible, business-critical function for the organization — "any friction or downtime would have an immediate impact and could throttle the entire business,” he said. However, the transition from their previous solution to Darktrace / EMAIL was exceptionally smooth. “No one realized we changed providers because there was no disruption — no incidents at all. I cannot emphasize just how important that is when I'm trying to position our security organization as an enabling function for the business that protects and reduces risk without adding friction.”
A security partnership for the future
“To survive as a business over the next few years, adopting AI is no longer optional—it’s essential,” said the CISO. However, with the cybersecurity market becoming increasingly saturated, selecting the right solutions and vendors can be overwhelming. He stresses the importance of choosing strategic partners who not only deliver the outcomes you need, but also deeply understand your organization’s unique environment. “You’re only as strong as your partners. Technology innovation and the cybersecurity market are always changing. At some point every solution will face a challenge—it’s inevitable. The differentiator will be how people respond when that happens.”
.avif)
.avif)
![Pivoting off the previous event by filtering the timeline to events within the same window using timestamp: [“2026-02-18T09:09:00Z” TO “2026-02-18T09:12:00Z”].](https://cdn.prod.website-files.com/626ff4d25aca2edf4325ff97/69a8a18526ca3e653316a596_Screenshot%202026-03-04%20at%201.17.50%E2%80%AFPM.png)
