CF20: 2023's 20 Top Email Security Providers You Should Know

Email security providers are in a constant race to keep up with changing workplace patterns and behaviors, and the ever-escalating threat landscape.

According to Fortra, the volume of nefarious emails impersonating enterprises reached its highest point this year, with attacks such as business email compromise (BEC) making up 99% of reported threats. Historically, most of the threats reported in user inboxes have been BEC attacks, but 99% represents by far the highest share since Fortra began tracking this data point.

In BEC attacks, phishers imitate legitimate senders by spoofing their email addresses or compromising their accounts. In some BEC scams, attackers impersonate co-workers or executives to persuade victims to conduct wire transfers, buy gift cards or steal sensitive personal information like tax documents.

Our latest CF20 focuses on email security providers. Analysts with Omdia, Forrester and Canalys weigh in on email security market trends and what it takes to be a successful provider.

Fortune Business Insights expects the global email security market to grow from $4.25 billion in 2023 to $8.9 billion by 2030. That’s a compound annual growth rate (CAGR) of a little more than 11%.

More Expected from Email Security

Fernando Montenegro, senior principal analyst with Omdia, which shares a parent company with Channel Futures (Informa), said a cutting-edge email security provider nowadays has to do a lot more than just basic spam filtering.

Omdia’s Fernando Montenegro

“As with other areas of cybersecurity, there’s significant value to understanding the context of things,” he said. “In the case of email, there’s a tremendous amount of insights to be gained from organizational history, organizational structure, existing threat intelligence and a lot more.”

Artificial intelligence (AI) has been used in email security for decades, Montenegro said. The basic techniques of Bayesian analysis have been deployed to detect spam pretty much since spam first originated, and continue to be used today. There are a ton of classification problems in email security (is this message spam or not, malicious or not) that rely on machine learning (ML).

“Generative AI is, to me, less directly impactful right now, but one can expect progress there both for defenders and attackers,” he said.

Generative AI and Email Security

Jess Burn, senior analyst at Forrester, said tools like ChatGPT for phishing text and Stable Diffusion for phishing landing/login pages are making it easier for attackers to successfully scam targets by improving believability and increasing scale.

Forrester’s Jess Burn

“Generative AI’s ability to create compelling text and images will considerably improve the quality of phishing emails and websites, but it doesn’t really change much in terms of how to defend against phishing attacks,” she said. “I think a lot of folks are enamored with AI and ML right now for defense, as well, and in many cases ML models are helping to thwart very sophisticated phishing and BEC attacks. But there are things you can do to ensure you’re not overly reliant on AI and ML to catch something just as it’s hitting the in-box. The No. 1 thing, in my opinion, is to implement Domain-based Message Authentication, Reporting & Conformance (DMARC) because, when properly configured and maintained, DMARC can stop spoofing and impersonation attempts from getting in at all by rejecting those fake addresses.”

Beyond Outlook or Gmail

Matthew Ball, chief analyst at Canalys, which also shares a parent company with Channel Futures (Informa), said changes in working behavior and heightened threat levels have increased email security requirements.

Canalys’ Matthew Ball

“Obviously you need it on any device,” he said. “I think it’s more than just protecting Outlook or Gmail. It’s also protecting broader Teams and Slack, as well as in app communications as well, where there’s any kind of file sharing happening. Within Salesforce CRM, for example. It’s expanding that coverage. But I think the thing that’s dictating what makes a successful email security solution is the ability basically to evolve with the threat landscape. And that’s obviously escalating quite a lot via email.”

We’ve compiled a list in the slideshow above, in no particular order, of 20 top email security providers. It’s based on analysts’ feedback and recent news reports. The list, by no means complete, includes a mix of well-known providers as well as lesser-known ones making strides in email security.