Cohort 1 · SAT-led legacy

Verified 2026-05-19 · Decays 2026-11-19

Proofpointsat led legacyVerified 2026-05-19

Proofpoint reads the inbox. Moxso reads the workday.

Why we win

  • Workday-wide signal
  • Individual risk trajectory
  • Replace at renewal, keep TAP
Open closing

Walk away when

  • TAP-bundled awareness extension
  • VAP-driven enterprise where email IS the risk
  • Information Protection consolidation mandate
Open walk-away

Three buyers

  • The Security LeaderA clear view of whether human risk is going up or down, with NIS2 audit artefact...
  • The Security BuilderSignal that covers the full workday — not email-only telemetry bolted onto a tra...
  • The Head of ITA platform that runs without the email-security bundle dependency — not a SKU th...
Open three buyers

Three places we differ

  • SignalWhat does the platform see outside the inbox — and does it track what's targeting your ind...
  • PersonaCan the platform produce a 90-day individual risk trajectory at role level today?
  • ComplianceWhat does Security Awareness produce for an EU NIS2 auditor at the Article 21(2)(f) level?
Open three differences

Objections / 4 ranked

  1. 01Email incumbent
  2. 02VAP signal
  3. 03Risk-based learning
  4. 04Information Protection
Open objections

Why they buy

Email security incumbent at enterprise scale. Targeted Attack Protection is Gartner-recognised and embedded. VAP (Very Attacked People) is the strongest signal-led training architecture in the SAT cohort.

Open one-line

Landmines to lay / one per call, don't stack

  1. 01Proofpoint's VAP is fed by TAP email attack telemetry. What signals does the platform read outside the inbox?
  2. 02VAP groups people into Very Attacked People at population level. Can the platform produce a 90-day individual risk trajectory?
  3. 03What is the Security Awareness renewal date, and would replacing just that licence keep the TAP and ITM contracts intact?
  4. 04What does Security Awareness produce for an EU NIS2 auditor at the Article 21(2)(f) level – training delivery, or behavioural chan...
  5. 05When a regional sector attack lands through a non-email channel – credential stuffing, supply chain – does VAP reflect it?
  6. 06Security Awareness is part of Information Protection at a $1B+ email security company. How often does the SAT roadmap get prioriti...
Open landmines