When Goliath Eats David: Why Tacking API-Based Tools onto a SEG Won't Solve Email Security

See why acquiring an API-enabled email security startup isn't enough to improve a secure email gateway's detection capabilities.
November 7, 2023

Acquisitions are common in cybersecurity. More specifically, legacy email security providers have been on a buying spree in the past few years, acquiring niche API-based providers. An API-based architecture for email security can offer greater detection efficacy than legacy secure email gateways (SEGs), and AI-native detection methods outperform the complex rules and configurations required by legacy technology. With tech giants wanting to keep their leading position in the market, it isn’t entirely surprising that this industry consolidation is occurring.

What is surprising is the assumption that by acquiring this next generation of providers legacy giants will somehow be improved. If history is any indication, acquisitions usually leave both the acquirer and the acquired worse off than before the deal. And that says nothing of the customers that rely on them.

So, why is it such a challenge for (in this case) email security organizations to make these acquisitions successful, and what are the risks to the customers of all involved parties?

Adding Modern Features to a Legacy Tool Doesn’t Make It Less Legacy

The SEG is a dinosaur. And that’s not just my biased opinion, as it has now been two years since Forrester referred to SEGs as “slowly becoming dinosaurs” in the 2021 edition of The Forrester Wave: Enterprise Email Security. With manual configurations, lengthy deployment processes, painstaking and costly regular maintenance, and the many, many damaging attacks that slip through the cracks, SEG providers needed to modernize if they wanted to stay relevant.

And modernize they did. Some of the major players released API-based alternatives, enhanced their detection capabilities with proprietary AI, and began to position themselves in direct competition with their next-generation AI-native counterparts. They saw the writing on the wall and realized that they needed to innovate if they wanted to stay ahead of both the bad actors and their competition.

But with so much time, effort, and dollars spent on their own technology, why are we seeing this shift to acquisition? To me, it’s a clear signal that those API alternatives and proprietary “award-winning” AI models were not solving the problem quite as effectively as they had originally hoped.

So they turned to the next idea and started acquiring API providers in an effort to solve the problem. Unfortunately for customers, there are a number of reasons why resorting to acquisition is likely not the silver bullet solution legacy providers expected.

Tacking on Modern APIs Won’t Strengthen Legacy SEG Providers

API-based solutions aim to supplant gateways, creating an “oil and water” situation once the acquired and acquirer seek to integrate—and acquisitions, after all, are rarely as successful as participants hope. Here’s why:

  • Gateway solutions and API-based solutions are drastically different technologies. Solutions that deploy via API and use AI to detect attacks were originally designed to streamline security operations and automate remediation of both auto-detected and user-reported email threats. This stopped more attacks and freed up security resources to allow for focus on other critical tasks. In contrast, SEG solutions require intensive tuning and configuration and ultimately miss attacks that lack known indicators of compromise: the exact opposite experience. Adding an API-based solution to a SEG simply enhances detection without making email security any more efficient for the customer. In doing so, it may stop more attacks, but it also adds more overhead and maintenance for the same result.

  • Two products are now competing in the same portfolio. With legacy solutions attempting to play catch up with their new competitors and ‌modern technologies attempting to sunset the legacy solutions, an acquisition creates an environment where two competing products must now play nice. To make this work, the two organizations will have to create a go-forward strategy where they determine which of the solutions works best for each use case—and then determine how to integrate them. Customers must then wait for integrations to be built as the acquiring organization determines how to package the new solutions. And that says nothing of the most critical concern, as the two teams must now allocate engineering resources to continue developing both solutions in a way that’s satisfying to new and current customers of either provider. Often, the answer is sacrificing the development of the old in favor of the shiny and new, inviting bugs and other technology challenges customers can’t afford.

So what does all this mean? In simple terms, legacy providers are not built to develop or assimilate modern technologies and processes.

Why Abnormal Stands Alone

Increasingly, security teams want to take advantage of Microsoft’s native protection coupled with best-in-breed detection outcomes via API-based email security. To facilitate this, their strategy has become “replace the SEG,” not “complement the SEG.” In fact, 70% of Abnormal’s customers remove the SEG entirely due to the efficacy of Abnormal and the cost savings realized when paired with native security in Microsoft 365 or Google Workspace.

There’s a reason Abnormal reached $100 million in annual recurring revenue in only four years, and why we now protect nearly 15% of the Fortune 500. Our ability to help customers prevent the full spectrum of modern and emerging email threats is unmatched. We have helped over 1,700 organizations streamline email security operations and continue to expand into adjacent SaaS applications and platforms to secure the future of cloud communication threats.

All said these acquisitions do not fundamentally change the email security landscape. If anything, this frenzy of acquisition by incumbent providers gives more credence to the benefits of an AI-native, API-based approach. Instead of complicating this new technology with legacy parts and maintenance, Abnormal is solely focused on streamlining email security operations while delivering greater detection efficacy.

To learn more about Abnormal Security and see why you should put your trust in the AI-native leader in email security, schedule a demo today.

Schedule a Demo
When Goliath Eats David: Why Tacking API-Based Tools onto a SEG Won't Solve Email Security

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

Integrates Insights Reporting 09 08 22

Related Posts

B Complex Case of Account Compromise Blog
Discover how Abnormal helped one organization detect the sophisticated tactics an attacker used to compromise an employee's email account.
Read More
B Cross Platform Account Takeover
Discover the dangers of cross-platform account takeover, the challenges of detecting this attack, and how to implement proactive protection against ATO.
Read More
B 5 17 24 Legal
Learn how cybercriminals use superficial disclaimers to deceive others while facilitating illegal activity on cybercrime forums.
Read More
B Cybersecurity Influencers Blog 2024
Stay up to date on the latest cybersecurity trends, industry news, and best practices by following these 15 innovative and influential thought leaders on social media.
Read More
B 5 13 24 Docusign
Cybercriminals are abusing Docusign by selling customizable phishing templates on cybercrime forums, allowing attackers to steal credentials for phishing and business email compromise (BEC) scams.
Read More
Abnormal employees honored as CRN 2024 Women of the Channel for their influential leadership in the tech industry.
Read More