When Goliath Eats David: Why Tacking API-Based Tools onto a SEG Won't Solve Email Security

Acquisitions are common in cybersecurity. More specifically, legacy email security providers have been on a buying spree in the past few years, acquiring niche API-based providers. An API-based architecture for email security can offer greater detection efficacy than legacy secure email gateways (SEGs), and AI-native detection methods outperform the complex rules and configurations required by legacy technology. With tech giants wanting to keep their leading position in the market, it isn’t entirely surprising that this industry consolidation is occurring.

What is surprising is the assumption that by acquiring this next generation of providers legacy giants will somehow be improved. If history is any indication, acquisitions usually leave both the acquirer and the acquired worse off than before the deal. And that says nothing of the customers that rely on them.

So, why is it such a challenge for (in this case) email security organizations to make these acquisitions successful, and what are the risks to the customers of all involved parties?

The SEG is a dinosaur. And that’s not just my biased opinion, as it has now been two years since Forrester referred to SEGs as “slowly becoming dinosaurs” in the 2021 edition of The Forrester Wave: Enterprise Email Security. With manual configurations, lengthy deployment processes, painstaking and costly regular maintenance, and the many, many damaging attacks that slip through the cracks, SEG providers needed to modernize if they wanted to stay relevant.

And modernize they did. Some of the major players released API-based alternatives, enhanced their detection capabilities with proprietary AI, and began to position themselves in direct competition with their next-generation AI-native counterparts. They saw the writing on the wall and realized that they needed to innovate if they wanted to stay ahead of both the bad actors and their competition.

But with so much time, effort, and dollars spent on their own technology, why are we seeing this shift to acquisition? To me, it’s a clear signal that those API alternatives and proprietary “award-winning” AI models were not solving the problem quite as effectively as they had originally hoped.

So they turned to the next idea and started acquiring API providers in an effort to solve the problem. Unfortunately for customers, there are a number of reasons why resorting to acquisition is likely not the silver bullet solution legacy providers expected.

API-based solutions aim to supplant gateways, creating an “oil and water” situation once the acquired and acquirer seek to integrate—and acquisitions, after all, are rarely as successful as participants hope. Here’s why:

• Gateway solutions and API-based solutions are drastically different technologies. Solutions that deploy via API and use AI to detect attacks were originally designed to streamline security operations and automate remediation of both auto-detected and user-reported email threats. This stopped more attacks and freed up security resources to allow for focus on other critical tasks. In contrast, SEG solutions require intensive tuning and configuration and ultimately miss attacks that lack known indicators of compromise: the exact opposite experience. Adding an API-based solution to a SEG simply enhances detection without making email security any more efficient for the customer. In doing so, it may stop more attacks, but it also adds more overhead and maintenance for the same result.

• Two products are now competing in the same portfolio. With legacy solutions attempting to play catch up with their new competitors and ‌modern technologies attempting to sunset the legacy solutions, an acquisition creates an environment where two competing products must now play nice. To make this work, the two organizations will have to create a go-forward strategy where they determine which of the solutions works best for each use case—and then determine how to integrate them. Customers must then wait for integrations to be built as the acquiring organization determines how to package the new solutions. And that says nothing of the most critical concern, as the two teams must now allocate engineering resources to continue developing both solutions in a way that’s satisfying to new and current customers of either provider. Often, the answer is sacrificing the development of the old in favor of the shiny and new, inviting bugs and other technology challenges customers can’t afford.

So what does all this mean? In simple terms, legacy providers are not built to develop or assimilate modern technologies and processes.

Increasingly, security teams want to take advantage of Microsoft’s native protection coupled with best-in-breed detection outcomes via API-based email security. To facilitate this, their strategy has become “replace the SEG,” not “complement the SEG.” In fact, 70% of Abnormal’s customers remove the SEG entirely due to the efficacy of Abnormal and the cost savings realized when paired with native security in Microsoft 365 or Google Workspace.

There’s a reason Abnormal reached $100 million in annual recurring revenue in only four years, and why we now protect nearly 15% of the Fortune 500. Our ability to help customers prevent the full spectrum of modern and emerging email threats is unmatched. We have helped over 1,700 organizations streamline email security operations and continue to expand into adjacent SaaS applications and platforms to secure the future of cloud communication threats.

All said these acquisitions do not fundamentally change the email security landscape. If anything, this frenzy of acquisition by incumbent providers gives more credence to the benefits of an AI-native, API-based approach. Instead of complicating this new technology with legacy parts and maintenance, Abnormal is solely focused on streamlining email security operations while delivering greater detection efficacy.

To learn more about Abnormal Security and see why you should put your trust in the AI-native leader in email security, schedule a demo today.