We get a lot of questions about Gartner's Magic Quadrant for Email Security. The simple answer: Gartner no longer publishes a Magic Quadrant for Email Security.
They last published their MQ for email security in 2017. They may do so again in the future. Their last MQ does not include "next-gen" email security vendors.
However, they offer do very useful resources on the topic.
The first one is the Gartner Peer Insights for Email Security. This contains reviews from actual customers for over 30 different email security vendors, including Avanan. In these reviews, you can see detailed information of these vendors in the past 12 months. We are proud that over 200 customers have reviewed Avanan over the last year—more than any other email security vendor. We're also proud that we have the highest rating of any vendor.
The second resource is the annual Gartner Market Guide for Email Security. They just published the 2020 edition, and it has a lot of great information that we've summarized below:
In the report, they analyzed the landscape of threats and the types of security best positioned to defend against them.
They found that email "is still the most commonly used attack vector for both opportunistic and targeted attacks."
Further, they recommend stepping away from SEGs. As they say, "Address gaps in the advanced threat defense capabilities of an incumbent secure email gateway (SEG) by either replacing them or supplementing them with complementary capabilities via API integration."
Amongst the top threats, they found that impersonation and account takeover attacks are increasing, especially because users are placing far too much trust in identity. Further, they found that no one solution can stop BEC attacks, but rather it needs to come from a combination of technology and education.
They recommend, at a high level, that those responsible for email security need to invest in anti-phishing technology to help protect against BEC and account takeovers. As Gartner says, "seek solutions for BEC protection that use AI to create a baseline for and detect communication patterns and conversation-style anomalies. For account takeover attacks, seek solutions that use computer vision when reviewing suspect URLs."
Decision-makers also need to invest in a security solution that protects against internal email and collaboration and file-sharing tools. As they write, "Organizations need to ensure that both internal and external email is secured as well as collaboration tools that are being used." Further, they say it's essential to, "Prioritize intradomain message protection as an important starting point. There are many account takeover scenarios in which an attacker can leverage intradomain messages to move laterally and compromise internal resources."
Additionally, they noted that there is a "growing trend of supplementing the built-in security tools with additional API-based solution as well as traditional security email gateway solutions" and that many 'Integrated Email Security Solutions,' like Avanan, "can be a viable alternative to gateway protection."
When evaluating email security offerings, Gartner recommends looking for the following features:
|Gartner Recommendations||Avanan Offers|
|Business Email Compromise Protection with AI-driven communication and conversational analysis||Yes|
|Content Disarm and Reconstruction||Yes|
|URL Rewriting and Time of Click Analysis||Yes|
|Remote Browser Isolation||No|
|Lookalike Domain Detection||Yes|
|Anti-Phishing Behavioral Conditioning||No|
|Securing Collaboration Platforms||Yes|
|Account Takeover Protection||Yes|
|Layered inbound, outbound and internal detection capabilities||Yes|
|Internal email protection||Yes|
Gartner's recommendations start with ensuring you are constantly learning and monitoring your security needs so as to best protect them. In addition, they recommend investing in technology to help detect and prevent BEC and account takeover attacks, as those are increasing in prominence and devastation. Along those lines, protecting internal emails is a high priority, because account takeovers can start there and move east-west.
Through its unique, patented technology, Avanan is able to protect and secure your company against these issues. Avanan deploys inline, meaning it is able to see and stop all malicious emails—internal, inbound or outbound. Additionally, Avanan scans a year's worth of emails to build a trusted reputation network, and role-based, contextual analysis identify threats that others miss. And because Avanan is able to scan and quarantine internal emails and files in real-time, there is built-in protection against east-west attacks.
That sort of protection is one of the reasons that Avanan was selected as the 2019 Gartner Peer Insights Customers' Choice for Email Security.
And it's why we continually receive five-stars from customers on the platform, including reviews such as:
"An easy button for email security."
Greater security. Greater visibility. Excellent set of tools. Non-disruptive.
As these sorts of attacks increase in prominence, an email security solution needs to be able to adapt. Because Avanan is the only solution that sees emails after default security but before the user inbox, we are in a position to see and stop the latest attack methods and trends.