Microsoft has gained 9% market share in the email security among the Fortune 500 since I last checked in August 2023.

ProofPoint declined for the first time in 5 years, shrinking their market share by -3%. This shows that when the largest organizations are moving, they are now moving to Microsoft for their primary email security solution. Many organizations have found that Microsoft is doing as good of job as ProofPoint (or better) and therefore looking at opportunities to reduce costs. My organization, Patriot, migrates between dozens of companies from ProofPoint, MimeCast, Cisco, Barracuda and others to Microsoft each year.

The other trend that is not directly observable by querying public DNS records is the number of organizations augmenting their primary email security solution with a secondary API-based solution such as Abnormal OR Check Point Harmony Email & Collaboration (Check Point acquired Avanan in 2021).

Gartner’s latest research indicates that the number of organizations selecting API-based systems to augment their primary email security solution will grow from 5% to 20% in the next few years.

API-based solutions are reactive by definition and therefore allow malicious payloads to be accessible by the recipient for a short period of time. While not perfect, they can address some of the biggest pain points including Business Email Compromise, Graymail, and Unsolicited Business Emails, which have a big impact on employee productivity.

On the positive front, 67% of the Fortune 500 have configured Domain-based Message Authentication, Reporting & Conformance (DMARC) for Reject or Quarantine. Hackers have already pivoted to compromising valid accounts at organizations using MFA bypass techniques such as EvilGinx, leveraging valid accounts with positive reputation to compromise supply chains.

To combat MFA bypass, Microsoft has recently rolled out mobile-friendly Passkeys which make compromising identities significantly harder for attackers, without the requirement to purchase physical FIDO2 security keys.

Identity and Email Security will remain tightly coupled, as the goal of a phishing email is often to compromise the user identity to gain initial access to an organization. Deploying DMARC, Passkeys, and API-based email security solutions remain high on the agenda at most organizations today.