All over the world, companies depend on… Microsoft and Google To manage employee email accounts. However, keeping all those mailboxes secure is a business opportunity.
Proofpoint went public in 2012, and as organizations moved to the cloud, many adopted the company's secure email gateway software as a precaution. But private equity firm Thoma Bravo bought Proofpoint in 2021, and another provider, Mimecast, went private in 2022.
Then generative AI took off. The trending technology has given hackers more ammunition, as well as new tools for security companies that promise to defend customers against attacks.
Now, a new group of companies is gaining traction in a mature market.
Investors valued the startup Material Security at $1.1 billion in a 2022 funding round. In August, Abnormal Security, which calls itself “AI Native,” said it was valued at $5.1 billion after a funding round that included… Crowd Strike Wellington administration. On Thursday, Sublime Security, co-founded by Pentagon cybersecurity veteran Josh Kamdjo, said it had raised a round totaling $60 million.
Kamdjo, who also serves as CEO of Sublime, spent his previous career showing companies how he could break into their networks and avoid being compromised by email security products. Then he decided to work on a solution.
“I decided to build something that would stop me as a striker,” he said.
Business credit card issuer Brex was using the material with Google Inbox, but after testing Sublime, Brex pivoted, Mark Helic, the startup's chief information security officer, told CNBC in an interview. Helic said there were many problematic emails that Material allowed but Sublime did not.
“All they need is for one person to click on it, and then they go from there,” he said, referring to the hackers. “That's why false negatives are so dangerous.”
Abnormal Security is much larger than Material and Sublime, with annual revenues of more than $200 million. It is rapidly gaining market share, according to Peter Firstbrook, vice president and distinguished analyst at industry research firm Gartner.
Some companies use Abnormal Security as an add-on to Mimecast or Proofpoint, he said. For years, companies have asked Proofpoint to filter messages before sending them to Microsoft-based inboxes, he said, adding that Proofpoint's year-over-year revenue growth rate is now in the teens after being in the 30s through 2018.
Brix briefly considered an abnormal order but decided not to implement it, Helek said.
“I don't believe in the black box as a philosophy,” he said. “It reduces visibility, so I can't see how the Brix will be attacked. I can't see what tactics or techniques are being used. With Sublime, I can do that.”
In his experience, Sublime provides better coverage for new threats, Helic said. Abnormal's website says its software “detects highly personalized, never-before-seen attacks, with no traditional indicators of compromise.”
Sublime's Kamdjo said attacks still penetrate the defenses of major email providers like Google and Microsoft, even when companies pay extra for higher levels of service.
“That's basically why we're seeing so much success,” Kamdjo said. “We're here to catch everything they don't do.”
Representatives for Abnormal, Material, Microsoft, Mimecast and Proofpoint did not immediately respond to requests for comment.
The challenge facing established companies like Mimecast and Proofpoint is less about losing customers and more about losing new business from startups using a next-generation tool like Abnormal, according to Mark Alley, an email security consultant in Alabama. But Kamdjo said some companies have switched to Sublime from Mimecast and from Proofpoint.
Proofpoint appears to be aware of this challenge, having acquired AI startup Tessian last year. Proofpoint CEO Sumit Dhawan said in October that the company was 12 to 18 months away from going public again. He said he saw interesting potential takeover targets but prices remained high.
Sublime lacks a billion dollar valuation. Unlike many high-value startups, it hasn't resorted to aggressive marketing, and it's not big on making cold calls either.
Kamdjo said the startup had already reached out to Donald Trump's 2024 presidential campaign but got nowhere. In August, the campaign said a foreign adversary obtained documents after its email system was hacked.
“We are very lucky, because the majority of people only heard about us through word of mouth,” Kamdjo said.
They can then learn about Sublime's capabilities by uploading emails to a free service called EML Analyzer, which will use artificial intelligence to predict whether messages are benign, suspicious or malicious. It can capture phrases that often appear in business email compromise attempts.
The sales-light approach won't change now that Sublime has more capital to work with.
“Our mentality is that we're going to go out and spend a lot of money on research and development,” said co-founder Ian Thiel.
WATCH: Trump campaign says emails were hacked: Here's what to know