CF20: 2023's 20 Top Email Security Providers You Should Know
Fortinet is here. So is Barracuda. See who else made this prestigious list and why.
![Twenty, 20, SD-WAN providers, email security Twenty, 20, SD-WAN providers, email security](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt1623fbe456f4d7d3/6523f96f6868b42e553c7c45/shutterstock_790434142.jpg?width=700&auto=webp&quality=80&disable=upscale)
Jörge röse-oberreich/Shutterstock
Omdia’s Fernando Montenegro counts Fortinet among top email security providers based on market presence and innovation. And Canalys’ Matthew Ball cited Fortinet among noteworthy providers. For the second quarter of its fiscal 2023, Fortinet reported revenues totaling $1.3 billion, an increase of 25.5% compared to $1.03 billion for the same quarter of 2022.
Mimecast is among top email security providers, Montenegro said. And Ball said it’s a top competitor. In July, Mimecast announced the release of its Protection for Microsoft Teams for its email security cloud integrated customers, allowing them to work protected across the hybrid attack surface.
Security solutions for additional collaboration channels, such as Microsoft SharePoint, Microsoft OneDrive, Slack and Google Workspace will follow.
Montenegro counts Abnormal among top email security providers based on market presence and innovation. And Ball said it’s a top competitor. In August, Abnormal announced it surpassed $100 million in annual recurring revenue (ARR). It now protects more than 1,300 customers, including Maersk, ADT, Choice Hotels, Xerox, University of Kentucky, Mattel, Domino’s and Avery Dennison, as well as more than 12% of the Fortune 500.
Perception Point is among top email security providers based on market presence and innovation, Montenegro said. And Ball said it’s among main providers. In August, Perception Point introduced a new AI model to combat the growing threat of generative AI-based BEC attacks. This detection model identifies large language model (LLM) patterns to counter the rising abuse of generative AI in social engineering attacks.
Montenegro counts Barracuda among top email security providers. And Ball said it’s among top competitors. In April, Barracuda introduced new application protection plans for customers to protect websites, applications and APIs with enterprise-grade protection. The new plans combine ML-powered web application, API, distributed denial of service (DDoS) and bot protection with zero trust security to help prevent today’s most complex threats.
OpenText is a top contender based on market presence and innovation, Montenegro said. With the acquisitions of Webroot, Carbonite and more in recent years, OpenText has become a giant in cybersecurity.
“Succinctly, I’d say an effective solution integrates easily, has strong performance (very low false negatives and very low false positives), robust automation support, and makes good use of organizational knowledge and modern threat intelligence,” Montenegro said.
Montenegro said Broadcom is among top email security providers based on market presence and innovation. Broadcom expects to complete its $61 billion acquisition of VMware on Oct. 30. That date comes later than Broadcom originally hoped and after a series of regulatory holdups in different parts of the world. The latest challenge comes from China’s antitrust authority.
Montenegro counts Check Point Software Technologies among top email security providers based on its market presence and innovation. And Ball said it’s a top competitor. Check Point bolstered its cloud email security capabilities with the acquisition of Avanan.
Montenegro said Google is among top email security providers and Ball counts it among top competitors. In July, Google unveiled new security and privacy features for its search engine, browser, email service and Android operating system as part of an online safety push.
Montenegro counts Cisco among top email security providers based on market presence and innovation. And Ball said it’s among top providers. Cisco is massively increasing its security capabilities with its planned $28 billion acquisition of Splunk. In July, Cisco completed its acquisition of Armorblox, a privately held AI/ML-based security software company. The first application of Armorblox’s advanced techniques will be improved email security.
Microsoft is among top email security leaders, Montenegro said. However, Microsoft has hit a bit of a rough patch with its security. For example, a Microsoft engineer’s compromised corporate account allowed a China-based threat actor to gain access to email accounts as early as 2021 to spy on the U.S. State and Commerce departments, and other U.S. government agencies.
Montenegro counts Cloudflare among top email security providers based on market presence and innovation. Early this year, Cloudflare announced several new zero trust email security solutions, compatible with any email provider, to protect employees from multichannel phishing attacks, prevent sensitive data being exfiltrated via email, and help businesses speed up and simplify deployments.
Montenegro said Darktrace is among top email security providers. And Ball said it’s among top contenders. In April, Darktrace announced availability of a new upgrade to Darktrace/Email, its email security offering. Darktrace/Email’s new capabilities include an AI-employee feedback loop, account takeover protection, insights from endpoint, network and cloud, and behavioral detections of misdirected emails.
Ironscales is among top email security contenders, Montenegro said. And Ball said it’s a top competitor. In August, Ironscales announced its summer 2023 release featuring the beta launch of GPT-powered phishing simulation testing (PST), an expansion to its generative AI portfolio, to help employees personalize cyber training given the exponential rise in socially engineered attacks. In addition, it announced a new accidental data exposure (ADE) capability, which alerts employees when sending potentially sensitive information, thereby adding a critical layer of outbound email protection to its inbound security.
Cofense is among top email security providers based on market presence and innovation, Montenegro said. In July, Cofense announced the general availability of Cofense Protect+ MSP, a multitenant, advanced email security and protection solution that aims to protect organizations from sophisticated email attacks. MSPs and MSSPs can now offer their customers a solution and manage all of their client’s instances from one pane of glass.
Fortra is a top contender based on market presence and innovation, Montenegro said.
“For me, effective email security goes beyond email to protect how employees communicate and collaborate,” said Forrester’s Jess Burn. “Phishing and BEC attacks are no longer limited to email. Communication and collaboration applications like Teams and Slack are growing as attack vectors, but due to years of security and awareness training for telltale signs of phishing, end users don’t necessarily see those attacks coming. Protections developed for the email inbox must extend to messaging, file sharing and SaaS applications, and cover the day-to-day workflows of your employees. When selecting or renewing with an enterprise email security vendor, understand which is delivering or prioritizing a more comprehensive approach to protecting all the ways that your people work.”
Montenegro counts Proofpoint among top contenders in email security based on market presence and innovation. This month, Proofpoint unveiled new features and content to its suite of security awareness solutions designed to prepare users to defend themselves and their organizations against today’s most advanced cyber threats.
Sophos is among leading email security providers based on market presence and innovation, Montenegro said. Sophos recently added new features and technologies to Sophos Email. Among the new features, Sophos Email post-delivery protection automatically removes messages containing attachments and URLs that are benign at the time of delivery, but later become active and malicious. In addition, for Microsoft 365 customers, its new mail flow rules tamper protection alerts customers and provides one-click resolution, restoration and correction to configurations and mail flow.
Montenegro counts Trellix among top email security providers. In July, Trellix Email Security earned the highest possible AAA and 100% total accuracy ratings in the SE Labs Email Security Test, beating Microsoft Defender and Google Workplace Enterprise. SE Labs is an independently owned and operated testing company evaluating security products and services to enhance information technology.
Trend Micro is among top email security providers based on market presence and innovation, Montenegro said. And Ball said it’s among top contenders. In July, Trend Micro rolled out Trend Vision One – Endpoint Security, which unifies prevention, detection and response for user endpoints, servers, cloud workloads and data centers. Trend Vision One provides security for every layer of an organization’s diverse IT infrastructure, including endpoint, servers, email, cloud services, networks, 5G and OT.
Trend Micro is among top email security providers based on market presence and innovation, Montenegro said. And Ball said it’s among top contenders. In July, Trend Micro rolled out Trend Vision One – Endpoint Security, which unifies prevention, detection and response for user endpoints, servers, cloud workloads and data centers. Trend Vision One provides security for every layer of an organization’s diverse IT infrastructure, including endpoint, servers, email, cloud services, networks, 5G and OT.
Email security providers are in a constant race to keep up with changing workplace patterns and behaviors, and the ever-escalating threat landscape.
According to Fortra, the volume of nefarious emails impersonating enterprises reached its highest point this year, with attacks such as business email compromise (BEC) making up 99% of reported threats. Historically, most of the threats reported in user inboxes have been BEC attacks, but 99% represents by far the highest share since Fortra began tracking this data point.
In BEC attacks, phishers imitate legitimate senders by spoofing their email addresses or compromising their accounts. In some BEC scams, attackers impersonate co-workers or executives to persuade victims to conduct wire transfers, buy gift cards or steal sensitive personal information like tax documents.
Our latest CF20 focuses on email security providers. Analysts with Omdia, Forrester and Canalys weigh in on email security market trends and what it takes to be a successful provider.
Fortune Business Insights expects the global email security market to grow from $4.25 billion in 2023 to $8.9 billion by 2030. That’s a compound annual growth rate (CAGR) of a little more than 11%.
More Expected from Email Security
Fernando Montenegro, senior principal analyst with Omdia, which shares a parent company with Channel Futures (Informa), said a cutting-edge email security provider nowadays has to do a lot more than just basic spam filtering.
Omdia’s Fernando Montenegro
“As with other areas of cybersecurity, there’s significant value to understanding the context of things,” he said. “In the case of email, there’s a tremendous amount of insights to be gained from organizational history, organizational structure, existing threat intelligence and a lot more.”
Artificial intelligence (AI) has been used in email security for decades, Montenegro said. The basic techniques of Bayesian analysis have been deployed to detect spam pretty much since spam first originated, and continue to be used today. There are a ton of classification problems in email security (is this message spam or not, malicious or not) that rely on machine learning (ML).
“Generative AI is, to me, less directly impactful right now, but one can expect progress there both for defenders and attackers,” he said.
Generative AI and Email Security
Jess Burn, senior analyst at Forrester, said tools like ChatGPT for phishing text and Stable Diffusion for phishing landing/login pages are making it easier for attackers to successfully scam targets by improving believability and increasing scale.
Forrester’s Jess Burn
“Generative AI’s ability to create compelling text and images will considerably improve the quality of phishing emails and websites, but it doesn’t really change much in terms of how to defend against phishing attacks,” she said. “I think a lot of folks are enamored with AI and ML right now for defense, as well, and in many cases ML models are helping to thwart very sophisticated phishing and BEC attacks. But there are things you can do to ensure you’re not overly reliant on AI and ML to catch something just as it’s hitting the in-box. The No. 1 thing, in my opinion, is to implement Domain-based Message Authentication, Reporting & Conformance (DMARC) because, when properly configured and maintained, DMARC can stop spoofing and impersonation attempts from getting in at all by rejecting those fake addresses.”
Beyond Outlook or Gmail
Matthew Ball, chief analyst at Canalys, which also shares a parent company with Channel Futures (Informa), said changes in working behavior and heightened threat levels have increased email security requirements.
Canalys’ Matthew Ball
“Obviously you need it on any device,” he said. “I think it’s more than just protecting Outlook or Gmail. It’s also protecting broader Teams and Slack, as well as in app communications as well, where there’s any kind of file sharing happening. Within Salesforce CRM, for example. It’s expanding that coverage. But I think the thing that’s dictating what makes a successful email security solution is the ability basically to evolve with the threat landscape. And that’s obviously escalating quite a lot via email.”
We’ve compiled a list in the slideshow above, in no particular order, of 20 top email security providers. It’s based on analysts’ feedback and recent news reports. The list, by no means complete, includes a mix of well-known providers as well as lesser-known ones making strides in email security.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author(s)
You May Also Like