When it comes to securing emails, relying on a single provider isn’t straightforward.
That, at least, is Gartner’s view, expressed in the synthesis of the latest Magic Quadrant dedicated to this market. The firm justifies this stance notably by the difficulty of measuring the effectiveness of detections. It moreover recommends combining offerings, as overlaps between them are increasing and favor negotiating discounts.
Another observation: the distinction between SEG (Secure Email Gateway) and ICES (Integrated Cloud Email Security) is beginning to blur. In Gartner’s terminology, ICES is to SEG what EDR is—at least to some extent—to antivirus: an evolution that, reinforced by behavioral analysis, aims to go beyond signature-based detection. They are also less perimeter-focused, typically integrating with mail systems via APIs (some use routing rules or journaling).
Most SEG vendors now offer API-based deployment options. Meanwhile, ICES are increasingly enriched to perform pre-delivery protection, either via MX records or by adjusting the rules governing mail flow.
Most vendors now offer some form of security for collaborative applications. In parallel, phishing simulations are evolving with the help of language models. These models also contribute to expanding the linguistic support of detection engines, just as computer vision and dynamic web-page analysis do. The detection of invalid recipients also advances thanks to this same foundation (validation based on prior conversations).
Trend Micro n’est plus « leader » ; Darktrace et Microsoft le deviennent
From edition to edition of Gartner’s Magic Quadrant, the mandatory functional criteria have largely remained the same. In broad terms, the objective has always been to deliver an independent product capable of blocking or filtering unwanted traffic, analyzing files, and protecting against malicious URLs. Last year, protecting against account compromise through various analytical tools was also required. This year, those tools are viewed from another angle: analyzing the content of messages and exposing their semantic structure to admins.
Cisco, ranked last year, is not on the list this time because it did not meet all of these criteria. Egress and Perception Point have also vanished from view, but because they were acquired respectively by KnowBe4 and Fortinet.
On the “execution” indicator, which reflects the market’s demand responsiveness (product/service quality, pricing, customer experience, etc.), the situation is as follows:
| Rank | Vendor | Annual Change |
| 1 | Proofpoint | = |
| 2 | Check Point | + 2 |
| 3 | Darktrace | + 5 |
| 4 | Abnormal AI | + 1 |
| 5 | Mimecast | + 1 |
| 6 | Trend Micro | – 4 |
| 7 | Microsoft | – 4 |
| 8 | KnowBe4 | – 1 |
| 9 | Fortinet | + 1 |
| 10 | IRONSCALES | – 1 |
| 11 | Barracuda | + 2 |
| 12 | Cloudflare | = |
| 13 | Libraesva | new entrant |
| 14 | RPost | new entrant |
On the “vision” indicator, which reflects strategies (sectoral, geographic, commercial, marketing, product…):
| Rank | Vendor | Annual Change |
| 1 | Abnormal AI | = |
| 2 | KnowBe4 | + 3 |
| 3 | Proofpoint | – 1 |
| 4 | Mimecast | – 1 |
| 5 | Check Point | + 4 |
| 6 | Darktrace | + 6 |
| 7 | Barracuda | = |
| 8 | Cloudflare | + 5 |
| 9 | IRONSCALES | – 3 |
| 10 | Microsoft | = |
| 11 | Fortinet | – 3 |
| 12 | Trend Micro | – 8 |
| 13 | Libraesva | new entrant |
| 14 | RPost | new entrant |
Of the six vendors rated as “leaders” last year, five remain in that position: Abnormal AI, Check Point, KnowBe4 (via Egress), Mimecast, and Proofpoint. Trend Micro has fallen to the “challengers” group (stronger in execution than in vision). Darktrace and Microsoft, previously “challengers,” are now leaders.
Chez Abnormal AI, les derniers développements ne convainquent pas
Abnormal AI stands out for its marketing investments, the quality of its customer relationships, and its business strategy, which makes it particularly competitive in professional services.
However, Gartner notes that its recent developments have failed to broaden coverage to the most significant threats, and highlights the relatively limited commercial resources outside Europe and North America compared with other “leaders,” as well as a smaller staff in areas such as product management and threat intelligence research.
Check Point, pas le plus présent sur les shortlists
Beyond the viability of its business in this segment, Check Point, like Abnormal AI, has robust customer-relations practices. Gartner also praises an intuitive interface and broad coverage of the use cases encountered in securing emails.
Check Point, however, appears on the shortlists less frequently than other “leaders.” It has also developed its vertical strategy and its ability to regionalize services less than the others.
Chez Darktrace, l’effet des ajustements tarifaires se fait attendre
Darktrace stands out for a marked increase in its technical-support headcount. It also has a roadmap that Gartner regards as well-aligned with emerging needs and potentially generating opportunities relative to the competition.
The price adjustments implemented since the previous Magic Quadrant are yet to be fully reflected in customer sentiment, Gartner notes. It also points out, compared with the other “leaders,” a less aggressive marketing approach and a lag in regionalization capabilities.
Moins de profondeur fonctionnelle chez KnowBe4
Like Darktrace, KnowBe4 stands out for its roadmap, balancing protection against account compromise with securing collaboration tools. Its vertical strategy also pays off, as evidenced by the acquisition of Egress and the overall viability of the business.
KnowBe4, however, does not offer the same depth of functionality as the other “leaders.” It also lags in customer relations and marketing (not a clearly differentiated positioning).
Avec Microsoft, attention au bundling
Beyond its viability and market tenure in this space, Microsoft distinguishes itself by the breadth of its support and training resources—also including third-party offerings. And by its ability to respond effectively to emerging threats.
On the services and support front, quality proves variable. As for the product strategy, it is not fully aligned with needs, due to a focus on features that improve efficiency rather than security. There is also caution regarding the tendency to bundle with other products: Microsoft uses a higher degree of bundling than other vendors.
Le licensing s’est complexifié chez Mimecast
Gartner values the technical-support and product-management resources Mimecast has allocated. It also approves of the partner program, the level of discounts on multi-year contracts, and, more generally, the visibility of the offering in this market.
Since last year, licensing has grown more complex. It adds a lag in customer-relations maturity compared with the other “leaders.” Gartner also notes a disconnect between a focus on human risk and the cybersecurity challenges of e-mail.
Prix en nette hausse chez Proofpoint
Proofpoint offers a broader toolkit than its peers and continues to expand its portfolio—for instance into collaborative security. It is also notable for the diversity of its customer base and, more broadly, for the overall viability of its business.
Yet there is less geographic diversification than among the other “leaders.” And its marketing strategy is not the most differentiated in the market. Prices have also risen markedly over the past year.
