Research Highlights Significant Evolution in Email Security

Email is the preferred vector via which to provoke profitable cyberattacks. Statistics point out that anyplace between 90% and 95% of all such assaults contain e mail, whether or not to ship malware, to hoodwink a person into visiting a web site from which ransomware can be downloaded, or just to mimic a CEO or CFO and demand {that a} multimillion-dollar cost be expedited forthwith.

It ought to be no shock, then, that e mail safety is a core requirement for any group. So a lot in order that, in 2020, market chief and pure-play e mail safety vendor Proofpoint produced greater than $1 billion in income for the primary time.

This is a sector in transition, nevertheless, as Omdia explains in a newly printed report evaluating high e mail safety distributors, entitled “Omdia Universe: Selecting an Inbound Email Security Platform.”

Omdia qualifies the outline with the pseudo-epithet “inbound” as a result of outbound e mail safety remains to be fairly a definite market, at a a lot earlier stage in its improvement. Outbound e mail safety features a distinct set of devoted distributors, whereas only some of the inbound safety distributors have added options to deal with this requirement.

Inbound e mail safety represents the lion’s share of the general e mail safety market, and with good purpose. Dodgy e mail attachments spawned the antivirus business manner again in the Eighties, creating just a few business titans like Symantec and McAfee alongside the best way, and whereas inventive options akin to malware sandboxing have emerged to blunt the menace, e mail stays the simplest manner right into a goal atmosphere, significantly now that malware, spam, and spyware and adware symbolize only a few of the techniques adversaries make use of.

Change in the e-mail safety panorama is pushed by two main elements. First, there’s the aforementioned evolution in the kinds of assaults, with strategies akin to phishing, enterprise e mail compromise (BEC), and government fraud now predominating (and doing essentially the most financial injury). Second, as with nearly each different space of IT, is the cloud.

Cloud Changes Everything
Since Microsoft began delivering e mail from cloud-based e mail servers in 2011 with the launch of Office 365, that a part of the market has mushroomed; a decade later, the software program large now serves some 300 million company inboxes from the cloud.

One of the primary penalties of the success of Office 365, now renamed as Microsoft 365, was to power all of the distributors of on-premises e mail safety merchandise (the so-called safe e mail gateways, or SEGs), to develop cloud-based variations of their choices.

More curiously, nevertheless, a whole new market phase has now developed, made up of firms with safety platforms that attain into Office 365 through Microsoft’s utility programming interface (API). This is in distinction to SEGs, which sit in entrance of the e-mail server (or, lately, service) and depend on an MX redirect for the message to go to them first and are thus a “one-time” safety examine.

Figure 1: The SEGs transfer into the cloud. Source: Omdia

The Redmond Leviathan Enters the Ring
Just as consequentially, Microsoft’s transfer to the cloud for e mail providers additionally introduced it into the world of e mail safety, in a manner it had by no means been when it resided on company premises with an Exchange server. Its e mail safety providing now contains two completely different merchandise: Exchange Online Protection (EOP) to protect in opposition to malware, spam, and spyware and adware; and Advanced Threat Protection (ATP, now often known as Microsoft Defender) to fight extra fashionable assault methodologies.

So, is Microsoft a competitor in this market? Well, sure and no. It bundles EOP into all the varied SKUs of Microsoft 365 and gives ATP as a part of the higher-level, costlier E5 SKU. It doesn’t, nevertheless, supply them as stand-alone merchandise, and one definitely would not count on to make use of both platform to defend, say, Gmail accounts.

Nonetheless, the provision of Microsoft e mail safety merchandise does make the work of different distributors providing e mail safety for O365 that little bit tougher. Indeed, one may marvel, “If I’m already getting EOP, why do I want a SEG?”

One may ask the same query with regard to ATP and the newer technology of e mail safety distributors, which for simplicity’s sake, Omdia calls merely the non-SEGs. (A competing analysis agency refers to those distributors with acronyms together with IESS and CESS, however they are not catching on in the market, maybe as a result of no vendor desires to be categorized as being in the CESS pool!)

However, each SEGs and non-SEGs insist that their detection and remediation capabilities are significantly better than Microsoft’s, citing the variety of company clients that use them, regardless of the provision of EOP and ATP.

Meanwhile the non-SEG distributors, all of whom are far smaller than the large SEG gamers, argue {that a} mixture of Microsoft EOP, to cease the common-or-garden email-bound threats, and their know-how for defense in opposition to the extra superior assaults, is a less expensive and more practical various to the SEGs, although most of the latter have additionally added safety from phishing, BEC, and so forth in latest years.

Email as a Fourth Pillar of XDR
As Omdia was finalizing the report, some of the attention-grabbing of the non-SEGs was acquired by a safety business heavyweight, with Check Point shopping for Avanan.

Omdia highlighted Avanan as a frontrunner in the area, regardless of its minuscule measurement in contrast with the likes of fellow leaders Proofpoint and Mimecast, due to its differentiated technical strategy: It began out as an API-based non-SEG like the remainder, then added an inline inspection functionality to sit down after, somewhat than earlier than, the e-mail service, casting itself as a “final line of protection.” It additionally covers different software-as-a-service functions apart from O365 and Gmail, together with Box, Dropbox, Teams, and Slack.

The acquisition, apart from bolstering Check Point’s e mail safety providing, additionally highlights a broader development, particularly the combination of knowledge from e mail safety merchandise into so-called prolonged detection and response (XDR) platforms. XDR takes telemetry from a number of safety instruments (significantly in the areas of endpoint, community, and cloud), analyzes it centrally, often in a cloud-based knowledge lake, after which takes selections about remedial actions and pushes them again out to the person instruments for enforcement. And e mail is quick changing into the fourth compulsory pillar.

Figure 2: The 4 pillars of XDR. Source: Omdia

This scenario favors these safety distributors with portfolios overlaying all of the pillars required to feed telemetry to an XDR platform. Three of the highest 5 SEG gamers, Broadcom/Symantec, Cisco, and Barracuda, fall into that class. Numbers 1 and a couple of on the listing, nevertheless, are Proofpoint and Mimecast, neither of that are broad-based safety gamers, so each should depend on integrations with companions’ merchandise if clients need to use them in an XDR deployment. Meanwhile, Check Point has already acknowledged that the Avanan product will combine with its Infinity structure, which is its XDR providing.

Looking Ahead: The Future of Email Security
Omdia forecasts development in the cloud-based SEG-as-a-service portion of the SEG market via 2024, when it ought to attain $2 billion, up from final 12 months’s $1.6 billion.

But which distributors are greatest positioned to benefit from that development? Will or not it’s current SEG distributors, rising gamers, or certainly, will Microsoft itself search to mop up that additional e mail safety spending by enterprises?

While Omdia believes competitors will stay strong in all segments of the e-mail safety market, observers ought to watch Microsoft rigorously. The vendor has promised to speculate $20 billion in safety through the subsequent 5 years, quadrupling its present spending. Should Microsoft resolve so as to add to its current e mail safety choices, or merely make entry tougher or expensive for e mail safety distributors, the ramifications can be felt far and vast.

Related Posts