The Best Email Security Companies: Rankings and Reviews

The modern email security landscape is filled with competitors, established and new, touting various approaches to protect inboxes from email attacks. Picking a security provider requires research and will depend on your organization’s needs.

Find out which email security choices customers love, how they combat email threats, their pros and cons, and how to evaluate them.

Abnormal is an AI-powered email security company with cloud-native API architecture. The Abnormal solution ingests thousands of signals across multiple platforms to build a baseline of the known-good behavior of every employee and vendor in an organization based on communication patterns, sign-in events, and thousands of other attributes. It then applies advanced AI models including natural language processing (NLP) and behavioral analytics to detect abnormalities in email behavior that indicate a potential attack.

Most reviewers liked the intuitive dashboard, automatic remediation of dangerous emails, pricing, overall efficacy, and the innovative AI approach. A few complained about occasional false positives, a desire for more customization, and a need for additional documentation. Addressing these concerns is a key element of the Abnormal roadmap.

• 4.8 from 25+ G2 reviews

• 4.8 from 160+ Gartner Peer Reviews

Avanan is a cloud email security provider with an API-enabled solution. The company uses AI and ML to analyze emails “after default layers, but before the inbox.” Its solution uses a trusted network reputation to identify BEC attacks across external vendors and internal users. Avanan’s software integrates directly with Microsoft 365 and Google Workspace, and coverage extends to collaboration apps including Teams and Slack.

Avanan customers like the comprehensive interface, robust reporting, easy deployment, and continued detection improvement. Other customers took issue with a lack of customer support, false positives, expensive subscription costs, downtime, and some hiccups in the setup process.

• 4.7 from 300+ G2 reviews

• 4.7 from 500+ Gartner Peer Reviews

Barracuda’s email protection is built for Microsoft 365, offering encryption, DLP, automatic remediation, and protection from common attacks like phishing and malware. The secure email gateway is Barracuda’s most common email protection product, and customers can choose from three different tiers of features. The premium tier comes with security awareness training, cloud archiving, and zero-trust access to Microsoft 365.

Customers like the spam filter, virus scanning, and encryption. Other customers complained about the complicated and technical setup, configuration, and management processes.

• 4.2 from 80+ G2 reviews

• 4.5 from 250+ Gartner Peer Reviews

Broadcom acquired Symantec in 2019 to add enterprise email security to its product offerings. Symantec provides email security for cloud email providers like Microsoft 365, and Google Workspace as well as on-premises email servers. The company touts email threat isolation, insider threat prevention, security awareness training, DLP, encryption, and built-in integrations as the main selling points.

Customers like Symantec’s encryption feature, simple cloud email integration, email filtering and quarantining, and the ease of exporting data. Other reviewers disliked the lack of customer support, cost, number of false positives, and the counterintuitive interface.

• 3.7 from 30+ G2 reviews

• 4.4 from 115+ Gartner Peer Reviews

Cisco’s cloud-based secure email gateway is built for Microsoft 365. While the product has undergone various name changes, the approach remains the same: block incoming email threats and outgoing data loss using threat intelligence, URL and attachment scans, and domain analysis. Cisco recently acquired Armorblox, a cloud email security company.

Cisco customers complimented the encrypted messages and attachments features, its ability to detect spoofed emails and domains, and the diverse offerings across Cisco’s product portfolio. Other customers complained about the manual effort in quarantining and reviewing emails, DLP features that require custom rules, and a cumbersome interface.

• 4.3 from 25+ G2 reviews

• 4.5 from 220+ Gartner Peer Reviews

Fortinet offers various email security solutions among its sizable umbrella of cybersecurity products. Its email security products are available in three forms: FortiMail Cloud (on-prem and cloud-based), virtual machines (also on-prem and cloud-based), and appliances (on-prem only). Within each bucket, customers can choose from various features and licensing tiers. They tout zero-day threat protection, sandboxing, DLP, and ease of integration as strong points.

Customers like the numerous configuration and policy options, stability and reliability, and integration across other Fortinet products. Other customers took issue with the difficulty of configuring and customizing settings, a challenging setup and deployment, and delayed customer service response.

• 4.3 from 20+ G2 reviews

• 4.7 from 210+ Gartner Peer Reviews

IRONSCALES’ AI-enabled cloud email security approach is designed to detect and prevent phishing and BEC attacks for enterprises and SMBs alike. It’s available in three tiers: Starter, Email Protect, and Complete Protect, with the highest tier offering account takeover detection, Microsoft Teams protection, and user training. The API solution integrates directly into Microsoft 365 or Google Workspace.

Customers like the admin portal’s overview and ease of use, the ability to remediate misidentified emails, and the training offerings. Other customers found it difficult to identify and search for incidents in the portal, occasional spam false positives, and manually parsing through emails.

• 4.8 from 20+ G2 reviews

• 4.8 from 80+ Gartner Peer Reviews

Mimecast is an established email security provider primarily known for its secure email gateway, although the company has recently launched a cloud-based solution. Its SEG integrates with Microsoft 365 and Google Workspace across hybrid or on-premise environments, and its cloud email security offering is built to layer Microsoft 365.

Some reviewers praise Mimecast’s malware detection, URL protection, price, and performance in large, complex email environments. Other reviewers dislike the missed attacks, complex setup, creating and managing user training folders, clunky interface, and lack of customer support.

• 4.4 from 175+ G2 reviews

• 4.4 from 420+ Gartner Peer Reviews

Proofpoint’s primary email protection offering is its secure email gateway, sold both as an on-premises and as a cloud service. The company touts multilayered detection focusing on email content and sender reputation to identify threats. While their product suite is tailored to enterprise customers, Proofpoint also sells a cheaper solution built for SMBs using Microsoft 365.

Reviewers liked Proofpoint’s custom firewall rules, DLP encryption, and breadth of offerings. Other reviewers complained about missed attacks and found the product interface to be overly complex and antiquated with an arduous setup and login process.

• 4.6 from 250+ G2 reviews

• 4.5 from 640+ Gartner Peer Reviews

Sophos’ email security detection system is built on “threat intelligence, reputational and behavioral analysis, and state-of-the-art machine learning.” They specifically highlight phishing, malware, and impersonation attacks as primary areas of focus. The company also touts DLP and encryption as two strong selling points. Sophos email security is available as a gateway, with Google Workspace via MX record redirect, or direct API integration with Microsoft 365.

Sophos customers like the extent of customization available to users, the ease of integrating with the Sophos firewall, and the deployment simplicity for the API option. Other customers complained about confusing documentation, mail flow issues, and unresponsive customer service.

• 3.7 from 20+ G2 reviews

• 4.2 from 15+ Gartner Peer Reviews

Trend Micro is a longstanding cybersecurity company that offers email security solutions among its sizable stable of products. The company states that its email security uses “cross-generational threat techniques” including machine learning, sandboxing, and DLP. Trend Micro touts the ease of integration with its other products for a layered security approach as a primary benefit. Customers can choose between two tiers—standard or advanced—neither of which requires on-prem hardware.

Customers like the ease of consolidating security products under the Trend Micro umbrella, DLP, and the easy reporting and remediation system. Other customers complained about ineffective quarantining, false positives, and a clunky and slow interface.

• 4.6 from 10+ G2 reviews

• 4.6 from 40+ Gartner Peer Reviews

1. Does it block email attacks? How? Simply put, does the email security solution actually detect sophisticated malicious emails? Ask for real-world examples of email attacks without links, attachments or known bad senders. Some email security solutions rely on threat intelligence and indicators of compromise to identify an attack. Others rely on behavioral analysis and organizational understanding to uncover anomalous emails.

2. How does the architecture work? Email security solutions are available as an on-premises physical device (usually a secure email gateway) or directly integrated into an organization’s cloud email provider via API. According to the 2023 Gartner Market Guide for Email Security, API-enabled email security is the modern choice.

3. Is it easy to implement and maintain? A recurring complaint among customer reviews across various email security providers is complexity and workload. Some solutions require custom policies, manual remediation, mail flow interruptions, and more, requiring hours of attention every week. An email security tool should simplify your job, not complicate it.

4. Can it integrate with existing workflows and tools? Vendor consolidation is top of mind across security budgets. A modern security solution should work alongside existing security measures including native security from a cloud email provider, endpoint detection tools, and SOAR, SIEM, and XDR solutions.

5. Does it provide ROI? An excellent security product is worth its cost, and companies should be able to demonstrate it. Between decreasing workload and preventing costly attacks, choose an email security solution that can more than pay for itself.

6. Is it equipped for an evolving threat landscape? Generative AI has removed entry barriers for cybercriminals to send convincing emails, and it’s a major concern for security professionals. Look for an email provider that is prepared for the next generation of email attacks.