When Avanan pioneered in 2016 the concept of securing Microsoft 365 with API, customers needed to be educated about this novel approach. Another milestone to what we now know is the future of email security was in 2018, when we explained in a high-profile blog why Proofpoint and Mimecast are ineffective in securing Microsoft 365. Since then, with Avanan's thousands of customers, Gartner's Peer Insights for email security, Gartner's 2020 market guide, and more, the API approach is now the mainstream for securing cloud-based email.
So, what is special about today that makes us declare the final victory of the API?
Most recently, Mimecast, one of the leaders among the legacy SEG providers, announced a new API solution called CyberGraph. Mimecast acquired an unknown API-based company called MessageControl, a struggling startup that had very little market impact, and with that Mimecast now tries to jump on the API bandwagon.
For Mimecast, this is probably too little too late. We are already at thousands of customers using API and continue to displace legacy solutions in countless companies. Mimecast, with their version-1 API product, separated from everything else they do, with no inline option, can no longer change that.
But for us, this announcement by Mimecast marks the full cycle of the victory of the API approach we pioneered. Mimecast is probably the last and final of all legacy email security vendors to identify this trend. A few years back, I remember having a conversation with their team, explaining to them API— how easy it is to install and the amazing capabilities it adds. To this, they responded: “What’s wrong with changing the MX record?” So, to have them send a cold email to customers with the subject "No need to change your MX Record"—well, for us, that's the taste of victory.
… But not all APIs are born equal
The fundamental success of Avanan's email solution is its superior A.I. that translates to the best catch rate. This is the first reason customers give when asked why they chose Avanan.
We were the first company to implement true machine-learning that is specifically designed to block the phishing and malware attacks that Microsoft and Google miss. This gave us a huge lead over the competition—whether it’s the legacy vendors that are gradually transitioning to API or the many copycat startups that are trying to follow in our footsteps.
And because of our unique inline positioning, along with thousands of customers and a significant percentage of the global Microsoft 365 customers, we are able to train the AI on the specific attacks that are missed by Microsoft and block the most sophisticated and targeted threats.
By deploying inline, Avanan can block malicious emails before they happen. The key flaw of all other API-based solutions is they cannot block emails inline, meaning they can only respond to, and not prevent, malicious emails.
For some of the smaller start-ups, this is okay. They’re coming to the market as a “supplement” to email security, not a replacement. This is why Gartner refers to them as “Cloud Email Security Supplements”. It's a “Vitamin-D” supplement, not the cure. As such, they will always remain niche players and can’t really disrupt the market.
The bigger vendors understand that in order to provide a complete email security solution you need to be able to be inline. Their problem is that they don’t know how, also being inline via API is an Avanan patent that we assume they don’t want to breach. Because they don’t have the technology to be inline via API, they continue to sell two solutions—the legacy Secure Email Gateway, with the needed functionality but with the legacy architecture, and another one with API but with a very limited feature set.
The future of email security still has many chapters left to be written. But the disruption is well under way. Cisco and Symantec are looking for the exit door, and we speculate that Mimecast and Proofpoint will soon start reporting declining revenues.
And from the chapters already written, here's what we know:
- Cloud-email is best secured via API
- Email security must have inline functionality
- Best catch rate is achieved with dedicated Machine-Learning algorithms that are trained on attacks that the default layer miss
- And securing the entire suite - all lines of communication, is a necessity
Avanan is the only one to checks all those boxes, and we have since we started.