Before Sublime, we were spending close to two hours a day managing email security. Now it’s just two hours a week, and we have even stronger protection.
Personio is Europe’s leading HR platform, helping 15,000 small and medium-sized enterprises manage recruiting, onboarding, payroll, and performance from a single, secure system. Headquartered in Munich, the company’s cloud-based model makes trust, transparency, and efficiency essential to every interaction with its customers.
As a fast-growing SaaS provider, Personio’s security team operates in a high-velocity environment where email is both mission-critical and a primary attack surface. "Trust isn’t optional; it’s the foundation of our business,” said Neelima Vedi, Lead Corporate Security Engineer at Personio. “We have to keep email secure without disrupting the workflows that our customers depend on.”
Within weeks of implementing Sublime, Personio achieved near-total automation of email security operations and full visibility into every email detection, a transformation that redefined how its lean security team worked.
Before implementing Sublime, Personio was reliant upon legacy email security that could no longer keep up, a common challenge with one-size-fits-all platforms that create friction between security and business enablement. Investigations were slow and reactive, dependent on a black-box solution that left the team guessing why emails were flagged or missed. Each incident required manual effort that pulled Security Engineers away from more impactful and strategic work.
The limitations weren’t just operational. False positives interrupted legitimate business communications, while real threats sometimes slipped through undetected. Teams across sales, HR, and finance were affected, undermining productivity and trust, two values core to Personio’s brand.
As a fast-scaling SaaS provider, Personio prides itself on efficiency and seamless user experience. Yet the company’s manual, ticket-based approach to email investigations created friction between security and business enablement. Protecting the company came at the expense of speed, something Personio’s leaders found unacceptable.
Determined to eliminate these inefficiencies, Personio’s security team began evaluating new solutions with three priorities in mind: transparency, autonomy, and measurable improvement. They conducted a 30-day proof of concept using historical email data to compare detection accuracy, deployment time, and operational impact.
Sublime’s agentic architecture and explainable detection model empowered Personio to take back control. For the first time, every detection could be traced, tested, and tuned by their own team, creating a foundation of trust in the system’s decisions.
The proof of concept validated the decision. Sublime’s tailored, org-specific protection model delivered 30 percent fewer false positives and a demonstrably higher catch rate than competing tools. Sameh Hassan, Lead Security Analyst at Personio, and his team confirmed the findings in real-time investigations. “We tested Sublime against live threats, and it consistently outperformed every other platform,” he said. “That’s when we knew it was the right choice.”
What stood out most, though, was the partnership. “The Sublime team felt like an extension of ours,” Hassan said. “They’re proactive, always available, and deeply invested in our success. When we share feedback, it’s about refinement, not fixes. Every interaction makes the platform stronger.”
With Sublime, Personio's email defenses became autonomous by default, giving analysts the full visibility and control on demand they needed. “Sublime isn’t just another security product,” Vedi added. “It has given us full visibility into detection logic and the flexibility to apply tailored protections without vendor bottlenecks.”
The transition was quick and seamless, with no disruption to users or existing workflows. Within days, Sublime was fully operational, providing immediate insight and automated protection without requiring complex setup or ongoing tuning.
The results followed fast. The team went from spending 1.5–2 hours per day managing and investigating email security to less than two hours per week. Investigations that once took hours now took 10–15 minutes. “Before Sublime, every investigation took one to two hours,” Hassan said. “Now, in a few clicks, we can see the full context of a message and move on.”
Sublime’s Autonomous Security Analyst (ASA) took over triage for user-reported emails, automatically handling 95 percent of reports. The rise in employee participation, from just a handful of reports to more than twenty a week, became a strength rather than a burden.
With automation eliminating manual overhead, Personio’s security engineers redirected their focus to proactive detection work and strategic improvements. They didn’t just gain time, they gained control, insight, and greater confidence.
Today, Personio’s email defenses run with near-total automation and complete transparency. Personio now uses the time saved to adapt its defenses automatically, using Sublime’s platform to create new coverage and stay ahead of emerging threats without vendor delays.
“Sublime keeps evolving with us,” Vedi said. “We can trust it to scale as our business grows without slowing us down.”
Trust isn’t optional; it’s the foundation of our business, We have to keep email secure without disrupting the workflows that our customers depend on.
Security shouldn’t make it harder for people to do their jobs, We needed a solution that could keep us safe – and keep the business moving. We had strong security intentions but limited tools. Every investigation was a time sink, and the lack of visibility made it harder to have full confidence that we were truly protected.
I’d worked with every major vendor in the market, but once I saw what we could build with Sublime, I knew it would be the solution that most effectively solved our pain points and what had been slowing us down.
The Sublime team felt like an extension of ours, They’re proactive, always available, and deeply invested in our success. When we share feedback, it’s about refinement, not fixes. Every interaction makes the platform stronger.”
Before Sublime, every investigation took one to two hours. Now, in a few clicks, we can see the full context of a message and move on.
User reports jumped from two a week to more than twenty, and 95 percent of them are handled automatically.
Sublime keeps evolving with us, We can trust it to scale as our business grows without slowing us down.
See how Sublime delivers autonomous protection by default, with control on demand.
.svg)
