Simplification is one of our core company values, and moving to Sublime directly supported that goal.
US Signal is a leading provider of cloud, colocation, and managed IT services, enabling organizations to deploy infrastructure and applications wherever they operate. With a customer-first model and a growing portfolio of cloud and AI-driven services, security plays a central role in maintaining trust across a diverse customer base.
As US Signal expanded, both organically and through acquisition activity, the security team faced a growing challenge: how to protect a rapidly scaling organization without multiplying cost or operational burden. What had once been manageable began to strain under growth, as email investigations and threat volume increased, forcing the team to rethink how they approached protection and scale.
Before adopting Sublime, US Signal relied on a layered email security approach that combined a legacy on‑prem gateway with an API-based detection layer. Each system solved a different problem, but the handoff between them introduced friction.
“We were effectively stitching together a traditional gateway with an API-based solution, and that added a lot of administrative overhead,” explained Josh Hanisch, Security Architect at US Signal. Investigations required analysts to move back and forth between systems to piece together what had actually happened.
That friction became more pronounced during a company acquisition. As teams combined and headcount grew, onboarding new analysts into a fragmented security workflow became increasingly inefficient.
“As we combined teams during the acquisition, it was very hard to be efficient when everyone had to log into multiple systems just to do basic security work,” said Megan Adams, Senior Manager of Security Operations at US Signal.
Leadership also questioned whether it made sense to keep adding email security tools and cost linearly just to support company growth. The team needed a solution that could scale without compounding complexity.
US Signal’s evaluation was driven by a clear strategic priority. Consolidating tools was not just about cost savings; it was about creating a security program that could grow without overwhelming the team.
“Simplification is one of our core company values, and moving to Sublime directly supported that goal,” said Megan Adams, Senior Manager of Security Operations at US Signal.
During evaluation, Sublime stood out for its ability to replace multiple tools while delivering stronger detection outcomes. The platform consistently caught sophisticated phishing techniques while dramatically reducing false positives, giving the team confidence in both protection and efficiency.
Rather than forcing trade-offs between automation and oversight, Sublime delivered an autonomous experience by default, with visibility and control available when needed.
The team also valued Sublime’s approach to transparency and usability. Despite initial concerns about introducing complexity during an acquisition, the platform proved intuitive for both security and IT teams, making it easier to collaborate and standardize processes.
After deploying Sublime, US Signal fundamentally changed how it handled email threats. Instead of reacting to alerts across multiple systems, the team gained a single, adaptive layer of defense that could evolve with new attack techniques.
“Going from three tools down to Microsoft plus Sublime dramatically reduced complexity for our team,” said Josh Hanisch, Security Architect at US Signal. More importantly, the team gained visibility into how detections worked and the ability to respond when something slipped through.
That adaptability proved critical when US Signal encountered a phishing attack that abused legitimate infrastructure in a way they had not previously seen. Traditional indicators offered little signal. Sublime identified the behavior, allowing the team to adjust protections quickly.
By the time a similar technique reappeared, protections were already in place. What would have required a full reinvestigation became a quick validation. The system had learned and the response loop had closed.
Operationally, the impact was measurable. Investigations that once required over an hour each day now take roughly an hour per week. The streamlined workflow also strengthened collaboration. User reporting is unified, investigations live in a single system, and onboarding new team members is significantly easier.
“That shift has made our team more effective and allowed us to focus on the work that actually matters,” Adams noted.
At the leadership level, the change was equally clear. Email security no longer dominates the team’s bandwidth. Instead of reacting to alerts, the team is proactively strengthening defenses and confident that when new attack techniques emerge, protections will adapt just as quickly.
With a consolidated foundation in place, US Signal is well-positioned to continue growing without revisiting the same operational challenges.
As threats evolve and the business expands, Sublime gives US Signal confidence that their email security program can adapt automatically to new techniques, without adding tools, cost, or vendor bottlenecks.
“When I showed Sublime to our IT team, the reaction was, ‘Wait, that’s it?’” Hanisch recalled. “That simplicity really stuck with people.”
The reduction in complexity with Sublime means more people can understand and use the tool, which ultimately makes the whole organization more secure.
We saw a phishing attack that abused legitimate Microsoft infrastructure in a way we hadn’t encountered before. Sublime picked up on it, and by the next time it showed up, protections were already in place.
Before Sublime, when an alert came in, you almost always had to check all three tools to understand what happened.
We liked that Sublime delivered the automation we wanted while giving us visibility and control when we needed it. It meant we could replace multiple tools with one.
Simplification is one of our core company values, and moving to Sublime directly supported that goal.
See how Sublime delivers autonomous protection by default, with control on demand.
.svg)
