Key Takeaways from the 2023 Gartner Market Guide for Email Security

Email security is an unsolved problem that has taken on new dimensions as attackers have evolved their techniques, increasing their sophistication and shifting their focus to additional communications channels like Slack and Microsoft Teams. The Gartner Market Guide for Email Security, a summary of 1500+ Gartner and customer interactions over the course of over a year, examines how today’s technology solutions can be deployed to address modern email security challenges.

Despite the wide availability of technology solutions, as Gartner provides dozens of options in the report, security teams are still reckoning with three major pain points:

1. Email continues to be a significant attack vector for both malware and credential theft through phishing. In fact, 40% of ransomware attacks are initiated through email and 19% of total data breaches are due to compromised or stolen credentials, resulting in $4.5 million in losses.

2. Business email compromise (BEC) and vendor email compromise (VEC) are increasing and are causing direct financial loss. Users place too much trust in the identities associated with email, which is inherently vulnerable to deception and social engineering.

3. Security threats including malware, phishing, and account takeovers have shifted to non-email channels like Slack and Teams, with attacks that are often initiated over email, but continued on adjacent communication platforms.

Compounding these trends is the fact that users still perceive email as a secure communication channel, and place a high degree of trust in the identities they interact with over email. In fact, recent research by Abnormal shows just how much—as only 2.1% of all attacks that land in end-user inboxes are reported to the SOC team. Attackers abuse this inherent user trust to carry out socially-engineered attacks that begin over email and cost billions in losses each year.

The report states that security leaders supplement the native capabilities of existing cloud email solutions with third-party Integrated Cloud Email Security (ICES) solutions. The report also recommends the use of solutions that use AI to detect communication patterns and conversation-style anomalies.

We believe that Abnormal’s fundamentally different approach to cloud email security provides the best protection against existing and emerging attack techniques, by learning the behavior of every identity within and outside of an organization, building enhanced context, and applying enriched identity and context awareness to evaluate the risk of every event. By doing so, Abnormal can detect and block the most advanced attacks that other solutions miss.

To learn more about the 2023 Gartner Market Guide for Email Security, view the full report here or continue reading.

In an effort to help security teams make sense of the complicated email security market and select the right technologies to alleviate their challenges, Gartner categorizes the vendors in the market into four categories: secure email gateway (SEG), integrated cloud email security (ICES), native cloud email security, and email data protection (EDP) solutions.

SEGs have traditionally been the primary method to protect email from inbound and outbound threats, but are no longer sufficient to protect organizations from the advanced VEC, BEC, and credential theft that are causing cost and concern among so many security teams. Even those traditional SEG providers who claim to provide AI capabilities are not adding additional value beyond what is available in an ICES solution.

As a result, in the 2023 Market Guide for Email Security, Gartner advises security buyers to supplement existing native cloud email providers and legacy secure email gateway solutions with increasingly popular integrated cloud email security solutions, like the Abnormal Cloud Email Security platform. According to Gartner, the number of organizations who choose to deploy an ICES-like approach to email security will increase from 5% to 20% by 2025—an exponential growth spurt.

“I didn’t see the value that an SEG would provide on top of [our enterprise email] and Abnormal Security. We haven’t noticed any loss by not having an SEG, we just noticed gain. So I basically redeployed the budget I used to spend on the SEG to Abnormal Security.” - Global Technology Services Director, Commodities Sector.

According to Gartner, ICES solutions have one core trait in common: their deployment technique. All ICES solutions use API access to the cloud email provider to analyze email content without the need to change the MX records.

But not all ICES solutions are built equally; they must deliver underlying core competencies in order to deliver on the promise of protection against sophisticated attack techniques.

Throughout the report, Gartner highlights critical capabilities to look for in ICES solutions. These capabilities include, but aren’t limited to the following:

• ML- and AI-based anti-phishing technology for BEC protection is used to analyze conversation history to detect anomalies.

• The ability to monitor internal email traffic across an organization, build communication graphs, and baseline user activity to detect suspicious behavior.

• Account takeover protection, which analyzes user behaviors and various other factors such as login behavior, locations, and authentication methods to detect and remediate compromised accounts.

• API integrations into collaboration platforms like Slack and Microsoft Teams to filter malicious content or suspicious interactions across multiple applications.

“Account takeovers have been completely remediated with Abnormal Security.” - Chief Information Officer, Fintech.

Secure email gateways and native cloud email security providers aren’t measuring up to the task of comprehensive protection against sophisticated email attacks.

We believe that differentiated protection against sophisticated email attacks requires a fundamentally different approach to cloud email security. According to Gartner, users still put a high degree of trust in the identities they interact with over email. Thus, any detection method used to stop attackers from exploiting trust must start from a deep understanding of user identity.

In order to stop account takeovers, vendor fraud, and BEC, Abnormal learns the behavior of every identity within and outside of an organization. The platform then correlates behavioral identity learnings with tens of thousands of context signals to identify anomalies with high precision, assessing the risk of every individual email message based on content analysis with advanced NLP/NLU models.

Watch this demo video to see how we do it:

Attackers have discovered new ways to infiltrate cloud email—beginning with the front door of inbound email and moving onto side channels like Microsoft Teams, Slack, and others.

Abnormal helps security teams address these emerging attack patterns and uncover risky user activity with the information available in our Knowledge Bases. PeopleBase showcases when configuration changes or administrative rights occur across every person in your organization, and AppBase features event streams that detail the changes users are making across third-party collaboration applications.

Security Posture Management further distills event data into posture-specific configuration changes and provides real-time insight to administrators. These changes can be quickly acknowledged through an automated workflow so teams can stay aware of changes and mitigate risks when necessary—no matter where they start.

In a crowded and convoluted email security market, only Abnormal takes a fundamentally different approach to detecting and remediating never-seen-before cyberattacks.

View the complete 2023 Gartner Market Guide for Email Security here or request a demo today to see Abnormal in action.