What a time to be in email security! For buyers, there has never been more choice in solutions to protect your organizations. And for sellers? Well, there’s never been more of an incentive to innovate. Forrester’s just-published The Enterprise Email Security Landscape, Q1 2023 report provides an overview of 34 players in this market and guidance for security leaders and professionals on how to select and work with email security vendors.

Yes, that’s right, I said 34 players. This is kind of a new thing for this space. The enterprise email security market stagnated for years, with a single offering standing sentinel against the slings and arrows of spam, malware, and Nigerian princes: the secure email gateway (SEG). But as enterprises migrated business operations to the cloud, they grappled with complex licensing models and whether to adopt associated native security capabilities from their cloud email provider.

SEGs became a point solution hill to defend or abandon and gave rise to cloud-native, API-enabled email security (CAPES) solutions that quickly integrated with email infrastructure as an additional layer of protection.

CAPES solutions capitalize on current and former SEG customers’ fears of increasingly sophisticated phishing emails leading to business email compromise (BEC) attacks and perceptions of inadequate native security capabilities from email infrastructure providers.

This influx of innovation and capital in the space is just in time. The FBI’s Internet Crime Complaint Center reported $2.4 billion in losses to businesses defrauded by successful BEC attacks in 2021. And cyber insurer Corvus released an analysis of claims data at the end of 2022, stating that fraudulent funds transfer claims (typically associated with successful BEC attacks) surpassed claims from ransomware attacks for the first time with 28% — the most of any single category of cyber incident.

So back to the 34 players. How should security leaders and professionals decide on an enterprise email security solution? I recently kicked off a Forrester Wave™ evaluation of this space, so stay tuned for those results. In the meantime, those in the market for a new solution — or those considering the case for retaining what they know and trust — should:

  • Know your environment — and your budget. Look for solutions that offer easy integrations with extended detection and response platforms or managed detection and response providers to ensure that vital telemetry is enriching your security operations center with more information to aid in investigations. Also, determine any budget pressure you may face in the next year and how it will affect investment in trusted point solutions. If you’re asked by your CIO or CFO to make trade-offs, your enterprise email security vendor should partner with you to build a business case for keeping them on.
  • Be wary of the machine-learning magic bullet. Most CAPES vendors rely heavily on the power of artificial intelligence and machine learning to stop sophisticated attacks by learning communication and behavioral patterns to spot anomalies. But this capability is limited to factors including the quality of the algorithm training data, cadence of algorithm retraining, and how anomalies detected by the algorithm are combined with traditional alerts.
  • Think of your security analysts. Before you sign on with a vendor, be sure that a few of your security analysts take the interface for a test drive for usability and alignment with their workflows and other detection and response tools. Good analyst experience enables faster, more accurate decisions and could be the difference between one compromised endpoint and a large-scale attack.

Are you considering an enterprise email security solution? Reach out to discuss this market — and more takeaways from this research — further.