This blog originally appeared in November 2020 on the Area 1 Security website, and was issued in advance of Cloudflare's acquisition of Area 1 Security on April 1, 2022. Learn more.
On Sept. 8, Gartner published its latest Market Guide for Email Security (Gartner Doc ID: G00722358). Given the continued increase of phishing and advanced attacks, ongoing enterprise migration to cloud email providers and the recent transition to remote work for many organizations, we at Area 1 Security believe this is an aptly-timed update.
One new item of particular note in the report is Gartner’s new category of Integrated Email Security Solutions (IESS). While Area 1 Security was also recognized as a Representative Vendor in the Gartner 2019 Market Guide for Email Security, Gartner has now named Area 1 Security as a Representative Vendor for IESS. According to Gartner: “They [IESSs] often include other capabilities such as machine-learning-based detection trained on existing emails, image analysis, account takeover detection and image recognition of URLs to identify phishing attacks as well providing protection for internal emails and M-SOAR functionality.”
We believe, Area 1 Security, as an IESS, provides the core functionalities of a SEG, but has the advantage of being very quick and easy to deploy, without requiring changes to the email flow at the gateway through direct integrations with Office 365 and Google G Suite.
As an increasing number of threats bypass legacy Secure Email Gateways (SEGs), Area 1 Security’s customers and prospects have increasingly expressed that traditional SEGs don’t adequately address their security needs. In fact, we are often brought in to either replace or supplement SEGs such as those from Proofpoint, Agari and Mimecast.
With SEGs missing over 30 percent of phishing campaigns, IESS solutions like Area 1 Security offer an attractive SEG replacement.
Additional Highlights from the Market Guide for Email Security
Per our understanding, Gartner advises security and risk management leaders responsible for email security to “Address gaps in the advanced threat defense capabilities of an incumbent secure email gateway (SEG) by either replacing them or supplementing them with complementary capabilities via API integration.” Some customers may decide to address these gaps by replacing an incumbent SEG with an IESS.
Also, as noted in the report, “Integrated protection, because it has historical data on communication patterns, can use its social graph to flag anomalous messages as suspicious” and integrated solutions also “increasingly using natural language processing and understanding to identify account takeover attacks.”
The Market Guide highlights differentiating capabilities for next-generation email security products:
Network SandboxContent Disarm and ReconstructionURL Rewriting and Time-of-Click AnalysisRemote Browser IsolationDisplay Name Spoof DetectionDomain-Based Message Authentication, Reporting and Conformance on Inbound EmailLookalike Domain DetectionAnomaly Detection
Per our understanding, Gartner also lists additional differentiating email security capabilities such as graymail handling, data protection, and post-delivery protection and M-SOAR.
Area 1 Security believes it provides coverage across all the above differentiating capabilities (seven fully, and one in prototype / planned phase as of this quarter). The table below is a quick analysis of the key capabilities outlined within the 2020 Email Security Market Guide and how our technology fulfills each criteria. Where relevant, the matrix highlights capabilities that we believe are unique to our Area 1 Horizon™ service.
Differentiating Capabilities Matrix - Area 1 Analysis
| Capabilities referenced in the 2020 Market Guide for Email Security* | Area 1 Coverage | Area 1 Capabilities |
|---|---|---|
| Network Sandbox | Yes | UNIQUE: Dual sandboxing. In-the-wild sandboxing for preemptive campaign identification; inline sandboxing as messages flow through the service |
| Content Disarm and Reconstruction | Yes | Area 1 deconstructs content into discrete pieces and reconstructs as needed to make an assessment on the attachment UNIQUE: Encrypted payload scanning; including the ability to unscramble inline passwords (either as text or as an image) to open up the payload for analysis. UNIQUE: Image assessments and reconstruction using advanced computer vision techniques for brand impersonation detection. |
| URL Rewriting and Time-of-Click analysis | Yes | Ability to defang Ability to rewrite UNIQUE: Invokes instant crawl on links that need escalated assessments UNIQUE: Assessing nested URLs within attachments, especially PDFs and archives |
| Display Name Spoof Detection | Yes | Simple and complex matches Header and body matches UNIQUE: Exact and fuzzy matches using configurable Levenshtein distance algorithms UNIQUE: Non-directory based matches UNIQUE: Multivariate matches based on message analytics and sentiment UNIQUE: Conversation / thread analysis for Type 3 & 4 BECs UNIQUE: Partner social graph for auto-discovery of business partners UNIQUE: Verdict escalations for active fraud campaigns |
| Domain-Based Message Authentication, Reporting and Conformance on Inbound Email | Yes | Automated spoof detection Automated SPF / DKIM / DMARC based analysis Envelope-From and Mail-From mismatch detection |
| Lookalike Domain Detection | Yes | Automated cousin domain detections UNIQUE: Automated new domain registration detections; cousin or non-cousin based |
| Anomaly Detection | Yes | Metadata analysis Content analysis Historical / trend analysis |
| APBC (Anti-Phishing Behavioral Conditioning / Training) | N/A | Area 1 currently does not focus on end user education or training use cases |
| Graymail Handling | Yes | Spoof and spam detections New domain detections also trigger marketing messages detections, with the ability to mark or notify the user of such messages |
| Data Protection | N/A | Area 1 currently does not focus on outbound email delivery and DLP use cases but integrates quickly and seamlessly with many DLP solutions and partners |
| Postdelivery Protection and M-SOAR (Mail Security Orchestration, Automation and Response) | Yes | UNIQUE - Integrated, cloud-scale automated triage and detection search, cluster wide UNIQUE - Integrated, cloud-scale message trace, cluster wide Detection details reports API-based JSON access to detections and full messages Integrated message retraction and post-delivery actions SIEM integrations, SOAR hooks NOTE: No additional license or products needed, unlike other vendors. |
| Integration Into Security Tools | Yes | Integration with DNS for protected web browsing as part of service Integration with data analysis tools, SIEMs, SOARs, identity platforms, firewalls, network security tools and proprietary systems |
*Bolded capabilities are part of Gartner’s key selection criteria for next-generation email security
According to Gartner, “As organizations migrate to cloud email, the need to reevaluate email security is even greater.” The rise of malware, Business Email Compromise (BEC) attacks and other sophisticated email threats also means organizations should revisit their email security architecture.
To assess whether Area 1 Security can help address gaps in your current email security defenses, contact us for a free Phishing Risk Assessment, here.- Gartner, “Market Guide for Email Security,” Mark Harris, Peter Firstbrook, Ravisha Chugh, 8 September 2020.
Gartner Disclaimer:
Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.