On February 13th, 2023, Gartner published their latest ‘Market Guide for Email Security’, a research document derived from Gartner analysts’ interactions with clients that focuses on the latest challenges and evolutions in the email security market. Armorblox is also proud to be recognized as a Representative Vendor in the Gartner Market Guide for Email Security for the 3rd report in a row.

The 2023 Market Guide provides an overview of the email security market including the sub-market categories and their respective vendors. Gartner analysts provide an update on market changes and recommendations for security leaders who are responsible for protecting their organizations against email threats.

Let’s discuss what we consider to be some of the key findings from the 2023 Gartner Email Security Market Guide.

Out with the SEG, in with the ICES

Increasingly so, businesses are shifting away from the traditional Secure Email Gateway (SEG) tools and opting for Integrated Cloud Email Security (ICES) tools that can easily integrate with their cloud email providers (e.g. Microsoft and Google). Among many benefits, ICES providers often connect via API and do not require MX record changes. Gartner also notes that ICES solutions, such as Armorblox, more often provide in-context email warning banners that alert and educate end-users, reinforcing their security awareness and training.

With 70% of all organizations using cloud email solutions [1], many organizations are relying on the built-in security capabilities of these email providers. However, these platforms come with several security limitations.

Gartner recommends security professionals look to augment these native email security capabilities with an Integrated Cloud Email Security (ICES) solution. This combination allows for faster deployment and improved protection against threats that can easily bypass SEGs and native functions alone, such as BEC attacks, social engineering, and language-based email threats.

Gartner also notes that integrated solutions that use APIs to connect to native email security are easy to evaluate and prove value because:

The solutions also benefit from visibility of internal traffic and can use historic email history to quickly build machine learning (ML) baselines for improved detection. - Gartner Market Guide for Email Security, February 2023

Modern solutions, such as Armorblox, also prioritize end-to-end email encryption that is easy to use—something that can be harder to implement with traditional SEG tools.

Email encryption tools have been available for a long time, but have only been adopted by about 40% of organizations due to usability issues. SEGs commonly include encryption, but the usability differs greatly. Newer solutions that provide end-to-end encryption prioritize usability.  - Gartner Market Guide for Email Security, February 2023

It’s Time to Leverage AI and ML

Gartner recognizes that a shift away from SEG also means a shift toward AI-based solutions. Many ICES solutions, such as Armorblox, leverage AI detection techniques that can understand the context and contents of emails through natural language understanding (NLU), the same technology found in ChatGPT.

AI-based solutions, such as Armorblox, also provide outbound data protection due to their ability to detect sensitive data within emails leaving the organization, without the need for custom policies. Gartner recognizes the value of utilizing AI to protect against human error and sensitive data loss:

Inbound threats are the main driver for implementing email security, but outbound data loss, especially accidental data loss (misdirected emails), is increasingly a concern. Indeed, human error remains the most common reason for email data breaches. Solutions that use ML to analyze communication patterns to prevent inbound phishing are also being used to detect potentially misdirected emails. - Gartner Market Guide for Email Security, February 2023

Bad actors are also evolving their tactics, often deploying attacks that do not rely on links or attachments and instead use social engineering to trick users into trusting them. This means it is more important than ever to adopt email security solutions that can detect and understand these sophisticated threats. Gartner’s recommendations for security leaders include evaluating email security solutions that can detect these anomalies in email conversations for improved BEC and email account compromise protection.

Armorblox utilizes NLU, ML models, pattern recognition, and image recognition to protect users from these harder-to-detect email attacks and sensitive data loss. Click here to read our blog on how we are able to reduce data loss false positives by a factor of 10x.

Email Remains Significant Attack Vector

The market guide reports an estimated 40% of ransomware attacks are taking place through email [1]. In addition, Gartner reports a significant increase in phishing attacks and confirms that bad actors continue to use phishing as a means to exfiltrate end-user credentials.

Keeping these findings in mind, it is apparent that email security should remain top of mind for security professionals looking to guard their organizations against credential phishing, account takeover, financial loss, data loss, BEC, and more. Gartner recommends security professionals look for email security solutions that protect against phishing, email account compromise, and BEC with these recommendations:

ICES solutions provide account takeover protection which analyzes user behaviors and various other factors such as login behavior, locations, authentication methods, etc. They detect and alert which account has been compromised and take remediation actions if required. - Gartner Market Guide for Email Security, February 2023

To combat the rise in phishing attacks, Gartner recommends security professionals utilize email security solutions that have AI- and ML-based anti-phishing technology for protection.

Use email security solutions that include anti-phishing technology for targeted BEC protection that use AI to detect communication patterns and conversation-style anomalies, as well as computer vision for inspecting suspect URLs. Select products that can provide strong supply chain and AI-driven contact chain analysis for deeper inspection and can detect socially engineered, impersonated, or BEC attacks. - Gartner Market Guide for Email Security, February 2023

With an increase in credential phishing attacks, security professionals should look to adopt solutions that utilize computer vision that is able to detect malicious login pages attempting to impersonate a trusted brand or vendor.

Email Security in 2023 and Beyond

We think the Market Guide portrays email security in a state of transformation driven by the widespread adoption of cloud email and remote working conditions, as well as an increased focus on utilizing AI to detect modern email threats—such as phishing and social engineering—that use language to bypass traditional and native email security controls.

Organizations should refer to the market guide while evaluating today’s email security threats, auditing their native security capabilities, and selecting appropriate ICES solutions.

To learn more about Armorblox email security and data loss prevention solutions, take our product tour.

[1] Gartner, Market Guide for Email Security, 13 February 2023, By Analyst(s): Ravisha Chugh, Peter Firstbrook, Franz Hinner

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used here in with permission. All rights reserved.