magic quadrant for secure email gateways
TRANSCRIPT
7/16/2019 Magic Quadrant for Secure Email Gateways
http://slidepdf.com/reader/full/magic-quadrant-for-secure-email-gateways 1/15
07/06/13 Magic Quadrant for Secure Email Gateways
www.gartner.com/technology/reprints.do?id=1-1BQYI20&ct=120816&st=sg
Magic Quadrant for Secure Email Gateways
15 August 2012 ID:G00231775
Analyst(s): Peter Firstbrook, Eric Ouellet
VIEW SUMMARY
The secure email gateway market is mature. Buyers should focus on strateg ic vendors, da ta loss
prevention capab ility, encryption and better protection from targeted phishing attacks.
Market Definition/Description
The secure email gateway (SEG) market is defined by so lutions that provide enterprise message
transfer agent (MTA) capab ilities, offer protection against inbound and outbound email threats
(such as spam, phishing attacks and malware), and satisfy outbound corporate and regulatory
policy requirements. SEG solutions can be offered in the form of software or appliances that go on
customer premises , hosted solutions that reside in solution providers' data centers, multitenancy
softwa re as a service (SaaS) that exists in multiple data centers around the globe, or acombination of these — often referred to as a hybrid deployment. Unified threat management
(UTM) devices that combine firewalls with some spam filtering are not included in this market.
Based on our analysis for this report, the total market showed little growth (less than 2%) in
2011. We have adjusted our total market size dow n from our estimate las t year to $1.5 billion.
Last year, we anticipated a slight increase in 2011 because of a recovering economy. However,
the market growth rate is now at an effective plateau that accompanies a saturated and mature
market. Ancillary services, such as data loss prevention (DLP) and encryption, are the main drivers
of grow th, while traditional spam and virus-filtering services, and other license and subscription
revenue, are declining. The increase in suite bundling, especially with hosted mailboxes, will blur
the SEG market, making future growth and market s ize difficult to identify. As more business goes
to Microsoft and Google for cloud mailboxes, those vendors effectively increase SEG market share,
to the detriment of all other vendors , because hygiene services come bundled with the mailbox.
The solution providers in the Leaders quadrant encompass approximately 70% of the market by
revenue. Vendors in the Leaders and Challengers quadrants account for approximately 86% of
the market.
The increase in acceptance of the SaaS delivery form factor continues, although it, too, is
beginning to plateau. We estimate that the SaaS portion of the market grew at around 5% in
2011 and now represents approximately 41% of the market. We continue to be bullish on this
form factor and note that nearly all the vendors in this analysis now offer a SaaS-type de livery
option. Moreover, approximately 80% of client inquiries ask w hen it will be appropriate to migrate
to the SaaS or cloud-based delivery services. However, we notice that SaaS is more attractive to
smaller organizations and very large federated o rganizations. Midsize organizations (that is,
5,000 to 20,000 seats) don't see s ignificant advantages o r economies of scale, and remain
concerned about confidentiality.
Return to Top
Magic Quadrant
Figure 1. Magic Quadrant for Secure Email Gateways
STRATEGIC PLANNING ASSUMPTION
Cloud-based (software-as-a-service) deployments
of the secure ema il gateway will grow from 37% of
the market in 2011 to mo re than half of the
secure email ga teway market by revenue in 2016.
EVIDENCE
This research was ba sed o n:
A Magic Quadrant survey sent to vendors in
April 2012
An online survey of 111 vendor-supplied
reference customers conducted by Gartner inMay 2012
An online survey of 36 vendor-supplied
reference value-added rese llers conducted by
Gartner in May 2012
Inquiry calls and other client interactions with
Gartner clients
NOTE 1GARTNER SURVEY
An online survey of 111 vendor-supplied
reference customers was conducted by Gartner in
May 2012. Fifty-five percent of respondents ha d
more than 5,000 sea ts, and 20% had fewer than
1,000 seats. Sixty-nine percent of respondents
were self-identified as "responsible fo r daily
operation, po licy configuration and incident
response"; 27% were responsible for "selection of
the SWG solution"; and 4% said that they "get
reports and help s et policy."
EVALUATION CRITERIA DEFINITIONS
Ability to Execute
Product/Service: Core goods and services
offered by the vendo r that compe te in/serve the
defined market. This includes current
product/service capabilities, qua lity, fea ture sets,
skills and s o on, whether offered natively or
through OEM agreements/partnerships as defined
in the market definition and detailed in the
subcriteria.
Overall Viability (Business Unit, Financial,
Strategy, Organization): Viability includes an
assessment of the overall organization's financial
health, the financial a nd practical success o f the
business unit, and the like lihood that the
individual busines s unit will continue investing in
the product, will continue offering the product and
will advance the state of the art within the
organization's po rtfolio o f products.
Sales Execution/Pricing: The vendor's
capabilities in all presa les a ctivities and the
structure that supp orts them. This includes deal
management, pricing and negotiation, presales
support, and the o verall effectiveness of the
sales channel.
Market Responsiveness and Track Record: Ability
to respond, change direction, be flexible and
achieve competitive success a s opp ortunities
develop, comp etitors act, customer needs e volve
and ma rket dynamics change. This criterion also
considers the vendor's history of responsiveness.
Marketing Execution: The clarity, quality,
7/16/2019 Magic Quadrant for Secure Email Gateways
http://slidepdf.com/reader/full/magic-quadrant-for-secure-email-gateways 2/15
07/06/13 Magic Quadrant for Secure Email Gateways
www.gartner.com/technology/reprints.do?id=1-1BQYI20&ct=120816&st=sg 2
Source: Gartner (August 2012)
Return to Top
Vendor Strengths and CautionsBarracuda Networks
Barracuda Networks is a private California-based company that focuses on producing a range of
economical, easy-to-use appliances (hardware and virtual) and SaaS solutions aimed squarely at
cost-conscious small or midsize businesses (SMBs), as we ll as educational and government
institutions. Barracuda Spam & Virus Firewa ll appliances a re shortlist candidates for organizations
seeking "set and forget" functionality at a reasonable price.
Strengths
Barracuda leverages the open-source and white-hat community with its anti-spam
technology, along with its own grow ing security lab. It is one o f the few vendors that have a
false-positive, false-negative report to monitor spam detection quality. It also offers an
Outlook plug-in to report spam and false positives.
The management interface is des igned to be easy to configure — even for nontechnical
users — with numerous w izards, context-sensitive help, and clearly visible recommended
settings and explanations.
The SaaS offering provides e ight categories o f spam.
Barracuda offers an optional cloud-based prefilter, which filters out obvious spam before final
filtering is done on-premises .
Native basic pull-based encryption and DLP capability are free of charge.
Barracuda Control Center can manage multiple boxes and centralize configuration, logs and
reporting, and comes as a free cloud-based o ffering or an on-premises appliance.
Service prices are per box, rather than per user, making Barracuda a significant price leader.
Barracuda also offers an email archiving so lution that has an interface with a cons istent look
and feel that can also be managed from the same Barracuda Control Center.
Cautions
Barracuda Labs is still relatively small. It does not offer any o ther third-party anti-malware
engines.
Advanced features for large enterprise use rs are missing, such as dashboa rd customization
capacity, a hyperlinked drill-down, a reusable object-oriented policy, granular role-based
administration, group-level-only data access, directory synchronization and a group-level
policy. Reporting is still quite bas ic and lacks ad hoc capab ility to create completely new
reports.
DLP is limited to keyword and regular expression filtering. It is not very flexible. It only
includes four predefined DLP dictionaries, and each policy requires its own d ictionary.
Workflow for compliance officers is limited.
Return to Top
Cisco
Cisco continues to dominate the market for dedicated on-premises solutions for midsize-to-large
organizations . Cisco offers four email security solutions: hardware appliances, cloud delivery,
managed appliances, and a hybrid combination of appliance and cloud. Cisco also enjoys s trategic
vendor status w ith many of its customers and is well-respected in the core network buying
creativity and efficacy of programs d esigned to
deliver the organization's message to influence
the market, promote the brand and business,
increase awareness of the products, and establish
a positive identification with the product/brand
and organization in the minds of buyers. This
"mind share" can be driven by a combination of
publicity, promotiona l initiatives, thought
leade rship, word-of-mouth and sales activities.
Customer Experience: Relationships , products
and se rvices/programs that enable clients to be
successful with the products evaluated.
Specifically, this includes the ways customers
receive technical support or account support. This
can also include a ncillary tools, customer support
programs (and the q uality thereof), availability of user groups, service-level agreements and so on.
Operations: The ab ility of the organization to
mee t its goals and com mitments. Factors include
the quality of the organiza tional structure,
including skills, experiences, programs, systems
and other vehicles that enable the organiza tion to
operate effe ctively and efficiently on an o ngoing
basis.
Completeness of Vision
Market Understanding: Ability of the vendor to
understand buyers' wants and nee ds and to
translate those into p roducts a nd se rvices.
Vendors that show the highes t degree o f vision
listen and understand buyers' wants and ne eds,
and can shape or enhance those with their added
vision.
Marketing Strategy: A clear, differentiated set o f
messages consistently communicated throughoutthe organization and e xternalized through the
website, a dvertising, customer programs and
positioning statements.
Sales Strategy: The strategy for se lling products
that uses the appropriate network o f direct and
indirect sales, m arketing, service, and
communication affiliates that extend the scope
and depth of market reach, skills, expertise,
technologies, services and the customer base.
Offering (Product) Strategy: The vendor's
approach to product development and d elivery
that empha sizes differentiation, functionality,
methodology and feature sets as they map to
current and future requirements.
Business Model: The soundness and logic of the
vendor's underlying business proposition.
Vertical/Industry Strategy: The vendor's
strategy to d irect resources, s kills and offerings tomeet the specific needs of individual market
segm ents, including vertical markets.
Innovation: Direct, related, complem entary and
synergistic layouts of resources, exp ertise or
capital for investment, consolidation, de fensive or
pre-emptive purposes.
Geographic Strategy: The vendo r's strategy to
direct resources, sk ills and o fferings to mee t the
specific needs of geographies outside the "home"
or native ge ography, either directly or through
partners, channels and subsidiaries as
appropriate for that geography and ma rket.
7/16/2019 Magic Quadrant for Secure Email Gateways
http://slidepdf.com/reader/full/magic-quadrant-for-secure-email-gateways 3/15
07/06/13 Magic Quadrant for Secure Email Gateways
www.gartner.com/technology/reprints.do?id=1-1BQYI20&ct=120816&st=sg
centers. Cisco is a good candidate for midsize-to-large enterprise customers looking for best-of-
breed functionality.
Strengths
Cisco has excellent s calability/reliability, an easy-to-use management interface, deep policy
control and very granular MTA control capabilities.
Its Outbreak Filters option provides unique targeted a ttack protection by scanning
suspicious URLs in rea l time w ith ScanSafe. It has bulk/marketing email protection. Cisco has
made improvements on low-volume spam attacks and IPv6-based reputation and spam.
Cisco provides content-aware DLP capab ilities with numerous predefined policies,
dictionaries and identifiers, as we ll as a strong compliance officer interface. Integration w ith
RSA Enterprise Manage r for DLP integration exists between Cisco's so lutions and RSA, The
Security Division of EMC's enterprise DLP.It offers native policy-based email push encryption delivered on box or as a service with
message recall, read receipt and message expiration, proprietary desktop to desktop
encryption capabilities, support for BlackBerry, iOS and Android platforms, and large file
attachment handling.
Cisco Email Security benefits from Cisco's installed base of ne twork security appliances and
the Cisco Cloud Web Security (formerly ScanSafe) to collect a massive amount of Internet
traffic information to spot new malware and spam trends. Cisco's broad array of network
security components (firewalls, intrusion prevention systems [IPSs], secure Web ga teways
[SWGs] and routers) makes it a strategic vendor for organizations looking to consolidate
buying around fewer se curity vendors.
Cautions
Cisco's focus on the needs of large enterprises doesn't always scale dow n well for SMBs. The
user interface can be confusing and nonintuitive for less experienced operators.
Cisco's hosted email offering only has four data centers in the U.S. and Europe so far.
The Cisco Email Security management interface would bene fit from a more flexible custom
dashboard, although the reporting interface has dashboardlike functionality.
Cisco solutions carry a very high list price relative to the market. Buyers must negotiate
effectively to ga in competitive pricing. The hosted service is competitive for bas ic inbound
protection, but DLP and encryption come at premium costs.
Cisco is not likely to offer a vertically integrated email stack (for example, security, archive,
disaster recovery and hosted exchange).
The Hybrid solution requires separate management interfaces.
Cisco w ill no longe r sell the PostX encryption appliance, which eliminates pull functionality
and support for Pretty Good Privacy (PGP) and Secure Multipurpose Internet Messaging
Extensions (S/MIME); however, it continues to support on-box push encryption. The former
PostX functionality will continue to be available via Cisco partner Totemo.
Return to Top
Clearswift
Clearsw ift has an e stablished presence in the email protection market primarily in the U.K.,
Europe and Asia/Pacific. It has also branched out to the SWG market. In November 2011,
Clearsw ift was the subject of a management buyout backed by Lyceum Capital. Clearswift offers
a ba re metal softwa re or VMware/Hyper-V solution. The combination of SWG and SEG, and the
provision of basic DLP capabilities a cross both channels, make it a reasonable shortlist candidate
for buyers looking for both solutions from the same vendor.
Strengths
The Web-based management interface provides centralized management, dashboards, and
reporting for the Web and email products; a centralized reporting engine; and the content
scanning engine. It is easy to use for nontechnical users, and it has a lot o f context-sens itive
recommendations and he lp functions.
The proprietary Clearswift DLP engine provides fas t scanning of more than 150 file formats.
It contains features to protect aga inst denial-of-service attacks, and provides a selection of
prebuilt patterns for common data types (PCI/PII), as w ell as common Boolean and proximity
operators.
Users can manage the ir quarantine from any browser or via an iPhone /iPad interface.
Clearswift exploits Commtouch for a po rtion of its anti-spam capability and upgraded to the
most recent engine.
The solution includes a "bulk email" category, which is useful for reducing nuisance email.
The ImageLogic pornographic and registered image detection engine is an extra utility
service for organizations with this need.
On-box encryption w ith support for S/MIME, PGP and password-protected email encryption
with a built-in certificate store was recently improved w ith automatic certificate and key
extraction and lookup. The Echoworx partnership provides enhanced encryption capabilities
via a Web portal ("pull") or mailbox ("push").
Cautions
Clearswift is recovering its growth due to a focus on the core email and Web gateway
7/16/2019 Magic Quadrant for Secure Email Gateways
http://slidepdf.com/reader/full/magic-quadrant-for-secure-email-gateways 4/15
07/06/13 Magic Quadrant for Secure Email Gateways
www.gartner.com/technology/reprints.do?id=1-1BQYI20&ct=120816&st=sg 4
business and improving customer support; however, its market and mind share are very low
in a rap idly maturing market. It is late to deliver industry-leading features and functionality.
It does not directly offer a SaaS-based delivery model or vertical products, such as email
archiving. As buyers increasingly look for more s trategic integrated vendors, Clearswift may
have a difficult time standing out in a crowded market.
Although the interface is easy to use for nonte chnical users, it is limited in detail for more
technical enterprise users.
Advanced encryption provided by Echoworx is not integrated into the management interface.
It lacks any control or visibility of sent messages, and it lacks se lf-service configuration of the
encryption experience.
DLP enhancements are needed in the ability to describe sensitive content beyond regular
expressions , along with support for more advanced detection techniques, such as partial
document matching. Policy management, workflow reporting and event management arerudimentary.
Clearswift's list prices are high relative to close competitors and SaaS se rvices.
Return to Top
Dell
Dell acquired SonicWALL and now offers a broad suite of netw ork security solutions in the Dell
SonicWALL family, including firewa lls, virtual private networks, backup and a range of SEGs. It
offers several SEG form factors, including hardware appliances, software and VMware versions ,
and hosted vers ions. It also offers a subset o f SEG functionality delivered as SaaS prefilters for its
UTM customers. Dell is a candidate for shortlist inclusion primarily for existing Dell SonicWALL
firewa ll customers.
Strengths
Dell is one of the largest resellers of Microsoft Exchange solutions. The acquisition of
SonicWALL enables Dell to se ll a more integrated email solution stack.
Dell SonicWALL has its own malware research team developing new spam signatures and
detection techniques, which leverage da ta from its installed base of app liances. The so lution
leverages contact databases and communication partners to lower false positives.
The management interface is localized in a number of languages and is easy to use . It has
multitenancy support, and reporting is adequa te for most organizations' needs .
The solution includes some basic content-aware functionality for a DLP policy, with two
prebuilt dictionaries and a number of predefined number identifiers, including Social Security
number (SSN), credit card, phone and o thers.
Dell SonicWALL Hosted Email Security was recently launched.
Cautions
It is difficult for any company to compete in many markets and across company segments —
ranging from large enterprises to small offices — while providing market-leading features in
each market segment. Dell SonicWALL does not provide any market-leading SEG
functionality. Only a small percentage of its revenue is email-security-related. Its market andmind share are minimal and were not grow ing prior to the acquisition.
Dell SonicWALL still does not provide any native encryption, except for Transport Layer
Security (TLS), and does no t allow TLS rules per domain. It has no real integration w ith
dedicated third-party encryption solutions.
DLP functionality is basic and supports only regular expression matching. It does not include
any prede fined policy, and event management is rudimentary.
Return to Top
Fortinet
Fortinet is a public company with a broad geographical market presence that offers a broad array
of UTM and dedicated appliances for all organization sizes . It offers an a rray of anti-spam
technology in various forms from client to UTM. This analysis, however, focuses on the dedicated
SEG FortiMail appliances. FortiMail is a shortlist candidate for existing Fortinet customers or those
looking for a firewall and SEG solution from the same vendor.
Strengths
The management interface is similar to othe r Fortinet products. FortiManager can manage up
to 40 Fortinet devices, and FortiAnalyzer provides centralized log storage dashboards and
reporting.
FortiMail appliances benefit from high-availability and scalability features, such as native
clustering, load ba lancing and high-throughput appliances.
FortiMail includes some basic DLP capability with regular expression matching via
preconfigured and user-definable dictionary profiles.
Identity-based push and pull encryption is included free of charge in the standard feature
set.
Fortinet offers attractive price-to-performance value, with appliance-based, rather than user-
based, service pricing.
Fortinet provides on-box or off-box policy-based message archiving that is fully indexed and
available from the FortiMail management interface.
7/16/2019 Magic Quadrant for Secure Email Gateways
http://slidepdf.com/reader/full/magic-quadrant-for-secure-email-gateways 5/15
07/06/13 Magic Quadrant for Secure Email Gateways
www.gartner.com/technology/reprints.do?id=1-1BQYI20&ct=120816&st=sg
Cautions
It is difficult for any company to compete in many markets and across many company
segments, rang ing from carriers to the small office/home office market, and to provide
market lead ing features in each market segment. Fortinet is no exception. The company is
much bette r known for its firewa ll/UTM market presence, and only a small percentage o f its
revenue is related to email security. In addition, it is not growing its market share in a rapidly
maturing market.
The administration interface is not really user friendly and would bene fit from enhanced
search capability. The FortiAnalyzer component is required for in-depth, per-domain report
and log access across multiple logs in a single interface. However, this component costs
extra.
Fortinet uses its own antivirus technology, and it does not have a big research organization,especially when compared with the leaders in this report or their partners. The addition of an
optional third-party antivirus engine would be an improvement.
Fortinet does not offer a hosted or managed service, although some service providers use
Fortinet's infrastructure to deliver services to customers.
DLP functionality is relatively basic and lacks good compliance workflow, notifications, partial
document matching, de legated administration and hierarchical policies. DLP notifications
employ static messages but lack the ability to dynamically modify the content.
Return to Top
Google remains one o f the market and mind share leaders in the SaaS SEG market; however, its
growth has been low because of lackluster innovation and feature development, and meager
support. In August 2012, Google announced the gradual migration of all existing Postini
customers to the Google Apps infrastructure and management console. Essentially, this means
that existing Postini and future Google customers' email will be routed to a store-and-forward
Gmail inbox for message filtering and then to the corporate mailbox. All administration w ill now be
performed in the Google Apps management interface, making Google a particularly good choice for
organizations considering future enterprise Gmail and other Goog le SaaS offerings.
Strengths
Google Postini customers w ill have the same spam-filtering mechanism as Goog le's millions of
consumer and ente rprise Gmail customers. This system relies partly on email user feedback
about spam messages . Users will be able to eas ily submit false pos itives and false negatives
using "is-spam" or "is-not-spam" plug-ins to refine the accuracy of the filters. For virus
blocking, Gmail blocks all executables and has extensive malicious URL da ta from its primary
search business.
The Google Apps management interface and supporting infrastructure and services are
foundational to Google's enterprise aspirations and make up the central management
platform for enterprise Gmail and its ente rprise Apps suite. This platform has been ge tting
development attention tha t was lacking for Postini. For example, the admin console is in 27
languages versus a s ingle language for Postini, and the policy creation engine is moreflexible and modular and includes a richer set of optiona l rules and dispos ition actions.
Gmail offers MAPI integration enabling a local Outlook spam quarantine, in addition to
planned email quarantine diges t emails and the native Gmail inbox spam quarantine.
Because Google is sending inbound email to a Gmail inbox, it can become a backup email
infrastructure in outages for reading inbound messages and sending messages. This also
makes adopting an ente rprise Gmail solution very simple, no doubt a significant Google
motivator for this transition.
Gmail includes a rich set of purpose-built tools for objectionable content.
Gmail uses DomainKeys Identified Mail (DKIM) and Sende r Po licy Framework (SPF) to validate
senders.
Google licenses ZixCorp's service for encryption.
Google's price is typically very good compared with comparable services, especially for broad
bundles of related services.
Cautions
The migration to the Gmail infrastructure eliminates a few features that were available to
Postini customers. Most notably, email processing will move from in-memory-only processing
to a more proxylike, store-and-forward architecture; Google w ill not guarantee in-geography
processing, although it is making strides to comply with EU regulations; and Gmail does not
offer spam categories, and industry heuristics rules will be eliminated.
Gmail does not offer the same SLAs as Postini services or competitors. Gmail offers a 99.9%
uptime SLA; however, there are no spam-filtering or virus-specific SLAs.
At "launch," Google will not offer any synchronization capabilities that would keep the
primary mail system updated with email sent from the Gmail inbox during outages.
The Google/Postini service ranked very low in customer satisfaction in our customer
reference survey. The move to a more s trategic Google Apps platform may help alleviate
some customer frustration, but the migration w ill likely introduce some short-term issues.
Although Google offers regular expressions and dictionary policy constructs for bas ic DLP
functionality, it lacks any preconfigured policy dictionaries and number formats for common
7/16/2019 Magic Quadrant for Secure Email Gateways
http://slidepdf.com/reader/full/magic-quadrant-for-secure-email-gateways 6/15
07/06/13 Magic Quadrant for Secure Email Gateways
www.gartner.com/technology/reprints.do?id=1-1BQYI20&ct=120816&st=sg
use cases. The quarantine is not specific to the DLP task, and it offers no rea l features to
ease compliance management workflow.
Licensed encryption from ZixCorp does not provide any integrated management capability.
Google does not o ffer many security assurances that are commonly offered by other
providers, and it does not allow for site visits. It does, how ever, provide SSAE 16 audits and
ISO 27001 certification, which serve as third-party attestation and certification.
Return to Top
McAfee
McAfee, which is a subsidiary of Intel, has a broad range of endpoint and network security
products. McAfee has consolidated its two on-premises gateway solutions in its latest version 7.x,
which is a free version upgrade that is supported on hardware appliances that are less than
three years old. It also offers blade server appliances, virtual versions, and SaaS-based SEG,
archiving and d isaster recovery se rvices.
Strengths
McAfee's respected threat research team consolidates message, network, Web and file
reputation da ta into its Global Threat Intelligence (GTI) system for real-time analysis of
emerging threats.
The Web-based management interface has customization of dashboard elements for each
administrator, consolidated message queues and easy-to-understand disposition
information.
Its native DLP capability is strong and leverages the capab ilities of its stand-alone
enterprise-class, content-aware DLP offering. McAfee provides numerous predefined policies
and dictionaries as part of the base product, and it supports self-defined content for policy
creation. The so lution supports de legated administration for distinct event viewing, along
with the separation of duties.
Basic encryption methods (TLS, S/MIME and PGP gatew ay encryption) are supported, along
with push (secure envelope) encryption. It also supports the secure transfer of arbitrarily
large files via its encrypted email pull capability.
The SaaS offering provides a simple, clean, Web-based interface that is very easy to use for
managing Web and email traffic. It is hos ted in seven geographies (U.S., China/Hong Kong,
Japan, New Zealand, Australia, England and the Netherlands). The service can lock message
traffic to a specific geography to avoid processing traffic in foreign lega l environments. The
DLP capability is included in the base package, and po licy-based pull/push email encryption is
an optional add-on. McAfee customers can sw itch between so lutions w ithout any additional
charge.
Cautions
McAfee has not expanded its market share in the enterprise SEG market since the Secure
Computing acquisition, and it does not show up on Gartner client shortlists or competitive
large enterprise deals as o ften as we would expect, given McAfee's channel reach. We
believe that the McAfee netw ork security portfolio may be less well-aligned with Intel's
priorities.
The McAfee and IronMail platforms have been consolidated in v.7, which is the first major
new re lease in three years. The development focus of v.7 left some customers with
outstanding issues on the previous version. We anticipate a more rapid release schedule;
however, for former CipherTrust customers, it has been a long road.
DLP integration across products is not fully complete. The email products share the same DLP
engine, but content is not synchronized across products — meaning changes in one content
list w ill not be replicated.
Several Gartner clients and some reference customers have expressed concern about
McAfee support capab ilities. McAfee scored very low in customer satisfaction in our re ference
customer survey.
Return to Top
Microsoft
Microsoft o ffers two complementary email security solutions. Its flagship product is Forefront
Online Protection for Exchange (FOPE), which is a SaaS-based solution. Forefront Protection 2010
for Exchange Server (FPE) is a software so lution that is run on Exchange. FOPE is a good shortlist
inclusion, especially for Microsoft-centric customers that purchase premium licensing. It is a default
choice for organizations considering Microsoft's Exchange Online or the Office 365 suite.
Enterprise buyers should cons ider FPE primarily as an additional layer of antivirus protection for
the Exchange message store and for internal federated Exchange filtering, rather than as a
stand-alone SEG solution. Microsoft's dominance in the email market makes it a strategic provider
of SEG solutions.
Strengths
FOPE mirrors email across multiple data centers for redundancy. Mail-processing data cente rs
are located in the U.S. and Europe. Microsoft supports in-geography mail processing for its
U.S. customers.
Exchange, Outlook, and the FOPE and Exchange Hosted Encryption (EHE) network all
support TLS, S/MIME and PGP. FOPE also o ffers a Hosted Encryption solution that is based
7/16/2019 Magic Quadrant for Secure Email Gateways
http://slidepdf.com/reader/full/magic-quadrant-for-secure-email-gateways 7/15
07/06/13 Magic Quadrant for Secure Email Gateways
www.gartner.com/technology/reprints.do?id=1-1BQYI20&ct=120816&st=sg
on Voltage Security technology. FOPE supports large file a ttachment trans fer up to 150MB.
Forefront Protection Server Management Conso le 2010 (FPSMC) provides multiserver
management for FPE 2010 and integrates w ith the FOPE Administration Center.
The Junk E-Mail Outlook plug-in enables users to directly report junk email to Microsoft for
analysis.
FPE is use ful on an Exchange hub for internal virus filtering.
Microsoft's email security solutions are pa rt of the enterprise client access license (CAL), the
Exchange Enterprise CAL and the Forefront Protection Suite. Users should check their license
entitlements be fore they consider alternatives.
Microsoft is capable of tighter integration of SEG functions with Exchange/Outlook than
competitors. Gartner anticipates significant improvements in DLP and encryption capabilities
that are tightly integrated with the Outlook client, as well as integrated management of
FOPE/FPE and Exchange in Microsoft's next version of Exchange/Outlook (which Gartner
estimates w ill be available in ea rly 2013).
Cautions
Microsoft is not on the leading edge of functionality in this market and is very slow to offer
major new improvements.
Microsoft only has data centers in the U.S. and the EU, and in-geography-only routing is only
available in the U.S.
Buyers that have not s tandardized on Active Directory require Forefront Identity Manager to
consolidate directories in a single addressable entity for synchronization with the service.
The DLP capability is very limited in the current release. It does not provide extensive
workflow or predeveloped policies and notifications. The licensed encryption solution is not
integrated into the management console and lacks se lf-service configuration of the
encryption experience and s ignificant control or visibility of sent messages .
Policy changes take some time to propagate through the network, which lacks a feedback
loop to certify that the changes have been implemented.
The FOPE spam detection SLA at 98% is lower than the industry norm of 99%.
Return to Top
Mimecast
Mimecast is a U.K.-based dedicated email security vendor that is expanding into North America. It
offers a range of SaaS-based email security services, including SEG, archiving/e-discovery and
disaster recovery. Mimecast is a good fit for organizations looking for a full suite of services, and
those looking to provide end users w ith a set o f email security utilities.
Strengths
Mimecast provides a multitenant SaaS e mail infrastructure w ith simple administration across
the range of email security services. It is hosted in 10 data centers in the U.S., the U.K.,
South Africa and the Channel Islands.
It provides a set o f email utilities for end users via its Outlook plug-in, making it seamless forusers to manage their email without leaving Outlook. This integration allows users to specify
how messages are handled at the ga teway by using message actions that let users choose
encryption types, what stationary to apply, document conversion options , and large file
attachment handling. Archive, search and disaster recovery are a lso integrated into Outlook,
so the end user has only one interface for all tasks.
DLP and encryption capab ilities are available at an additional cost and are adequate for most
compliance tasks. DLP includes attached file content analysis and comes with numerous
dictionaries available for import. Encryption is Web pull-based, or TLS and can be invoked by
end users via the Outlook plug-in or policy.
Message tracing is enhanced by a rolling archive that enables administrators to search on
any part o f an email, including the body.
Cautions
Although it is growing faster than the market, Mimecast is one of the smallest vendors in this
analysis, and it has very low mind share and market share. As buyers increasingly look for
more-strategic integrated vendors, Mimecast will have a difficult time s tanding out in a
crowded market.
Mimecast only has a small malware/spam research team. It is dependent on partners for a
portion of its spam and malware detection capab ility.
List pricing for basic SEG services at lowe r volumes (less than 501 sea ts) is above average.
DLP, encryption and setup costs are extra.
DLP capability could be improved with embedded d ictionaries and policies that are updated
by Mimecast, rather than downloadable. It does not support partial hashes or referenced
data (database), and it can't import or export rules or events to enterprise DLP solutions.
Reference customers cited reporting, multiple account administration and simpler
administration as areas that could be improved.
Return to Top
Proofpoint
7/16/2019 Magic Quadrant for Secure Email Gateways
http://slidepdf.com/reader/full/magic-quadrant-for-secure-email-gateways 8/15
07/06/13 Magic Quadrant for Secure Email Gateways
www.gartner.com/technology/reprints.do?id=1-1BQYI20&ct=120816&st=sg
Proofpo int continues to lead the market with innovative features and a singular focus on email
security issues — resulting in one of the highest growth rates in this market. In addition to SEG
capabilities, the company offers archiving, document discovery/governance, large file transfer and
mailbox hos ting. Proofpoint's flagship email security solution (Proofpoint Enterprise) is available a s
a hosted service; as on-premises appliances, virtual (VMware) appliances and so ftware; or as a
hybrid combination of these versions. Proofpoint is a very good candidate for organizations
looking for a full range of best-of-breed SEG functionality in supported geographies .
Strengths
Spam and malware accuracy has always been a cons istent strength of Proofpoint, and the
company is one of the few that publicly reports its anti-spam effectiveness (see
www.proofpoint.com/products/livespamstats.php). Proofpoint provides spam classifiers
(adult, bulk mail, phish and suspected spam) to enab le more granular policy. The company
continues to invest in new techniques for spam and spear phishing detection, including anew Targeted Attack Protection service to detect and report on targeted a ttack activity.
Its recently updated Web-based management interface continues to be one of the best,
with numerous innovations and unique features. We particularly like the completely
customizable dashboa rds for each administrator.
Proofpoint offers integrated, push po licy-based encryption that incorporates the features
traditionally associated w ith pull offerings, and is optimized for mobile devices. The so lution
also supports TLS, S/MIME and PGP se cure email delivery.
DLP features a re very strong and include numerous prebuilt policies, dictionaries, number
identifiers and integrated policy-based encryption. Policy development is object-oriented and
similar across spam and DLP. The DLP quarantine is very sophisticated for a channel solution,
and it includes highlighted po licy violations and the ability to add comments to incidents. DLP
policy can be enforced on Web traffic via a dedicated netw ork sniffer or Internet Content
Adaptation Protocol (ICAP) integration w ith a proxy server.
SaaS data centers a re located in the U.S., Canada, Germany and the Netherlands.
Cautions
Proofpoint's ded icated focus on email is both a strength and a weakness. Although it
continues to define best-of-breed functionality, in a rap idly maturing market, best-of-breed
often becomes overkill to some customers. Concurrently, numerous enterprise buyers are
looking for opportunities to consolidate product purchases around fewer, more strategic
vendors.
Despite good growth rates, Proofpoint continues to have a smaller market and mind share,
especially outside North America.
Proofpoint is a poor fit for smaller organizations that do no t require advanced controls due to
corporate focus and high prices.
The archiving service does not yet have a sha red management interface with the hosted or
on-premises solutions, and customers commented tha t the hybrid experience should be
more seamless.
Despite improvements in reporting, it still lacks a completely ad hoc reporting capability.
Several customers commented on the complexity of the upgrade process.
Return to Top
Sophos
Sophos has been in the SEG market since 2003 and recently entered the UTM market with the
acquisition of Astaro. It has a relentless focus on s implifying the management of its so lutions. Its
current flagship so lution, the Sophos Email Appliance, is offered as hardware and virtual
appliances. The company also offers PureMessage softwa re versions for Unix, Exchange and
Lotus. Sophos is a shortlist candidate for SMBs and larger enterprises looking for low-
administration appliance-based solutions.
Strengths
The management interface is very easy to use for a nontechnical user. Dashboards a re very
graphical and allow for some level of linked drill-down into log or reporting data. We
particularly like the included appliance-monitoring service and authorized remote access ,
which allows Sophos to proactively monitor box hea lth and provide optiona l remote
assistance when needed. Software version updates and database updates are all pushed to
the appliances, which significantly reduces administration time and allows for more
incremental updates .
Spam and malware de tection technology includes bulk email detection.
DLP and encryption are included with the license. Sophos provides a very rich set o f DLP
dictionaries, lexicons and compliance policies, w hich are continuously updated by
SophosLabs.
Secure PDF Exchange (SPX) encryption functionality provides a very easy-to-use, push-based
model that captures email content and converts it to a password-protected PDF file attached
to the original email.
Sophos gets very high marks for customer service and support.
Cautions
Despite a long presence in the market, Sophos has minimal mind share or market share .
7/16/2019 Magic Quadrant for Secure Email Gateways
http://slidepdf.com/reader/full/magic-quadrant-for-secure-email-gateways 9/15
07/06/13 Magic Quadrant for Secure Email Gateways
www.gartner.com/technology/reprints.do?id=1-1BQYI20&ct=120816&st=sg
Sophos' focus on providing simple-to-manage appliances can be limiting for larger
organizations. Advanced enterprise-class features, such as dashboard customization, log
data visibility restrictions, and advanced reporting, are all missing or weak. It does no t allow
for per-user send ing limits. Sophos s till does not support DKIM or SPF, which are important
standards for detecting spoo fed messages.
DLP workflow is weak compared w ith the Leaders in this Magic Quadrant. There is no
compliance officer role or a specific quarantine to enable compliance-related workflow, such
as building cases, annota ting events or custom actions for email. Notifications for policy
compliance are created for each event, rather than created as objects and referenced in
policy.
Although Sophos includes its SEG product with several suites, it does not yet provide a
common interface to manage and monitor multiple products.
Sophos does not offer a SaaS-based delivery option.
Return to Top
Symantec
Symantec is one of the largest SEG vendors by market share and continues to grow faster than
the market. It has one of the broadest ranges of mature SEG offerings, including hardware
appliances, SaaS, virtual appliances (VMware), and software for Exchange and Domino. Symantec
also o ffers archiving and e -discovery solutions and disas ter recovery email services. Continuous
improvements in the Symantec Messaging Gateway (SMG) and the Symantec.cloud SaaS service
make Symantec a good candidate for most organizations.
Strengths
Symantec has a very large and sophisticated malware research team that has access to a
significant amount o f telemetry data from its very large consumer, Internet service provider,
SMB and ente rprise customer base.
The vendor has spam categories for marketing and newsletters to qua rantine nuisanceemail. Recently, it made improvements in non-English spam, including Chinese image spam.
The submission process for false pos itives/negatives is much improved. It now includes a full
cycle reporting capability that highlights resulting changes and enables the creation of
custom rule sets based on submitted samples.
Symantec offers complex content-filtering policy constructs, such as negative-filtering
conditions, multiple simultaneous content-filtering policies and early exit branches to stop
further processing.
SMG is offered as part of an endpoint and SWG package dea l that is very attractively priced.
Symantec is a leader in the enterprise DLP market, and leverages the same content
inspection engine and predefined content in its SEG solution. Recently, it improved the
synchronization of quarantine management, incident sta tus and the w orkflow w ith the
enterprise DLP solution.
Symantec.cloud offers very strong SLAs, and it is hos ted in 18 da ta centers .
Both solutions get high marks from customers for support and services, and ease o f use.
Symantec offers PGP encryption capability in addition to a partnership w ith ZixCorp or
Echoworx.
Cautions
Symantec management does not integrate across on-premises and service offerings for
hybrid deployments or offer pricing that allows users to swap between deployment types.
DLP integration is improving for workflow but not po licy and content synchronization. The
Symantec.cloud DLP so lution lacks granular po licy options.
The licensed encryption solutions are not integrated into the management console and lack
self-service configuration of the encryption experience and s ignificant control or visibility of
sent messages .
The SMG management console could be improved w ith better reporting, an email dispos ition
summary that provides clear indicators o f why email is qua rantined, per-user sending limits
and less -dense DLP policy configuration.
Return to Top
Trend Micro
Trend Micro is a major provider of anti-malware protection solutions and was an ea rly entrant in
the SEG market. Its current InterScan Messag ing Security Suite (IMSS) is offered on a broad range
of de livery form factors, including software (Windows, Linux, Solaris and Exchange), virtual
appliances (VMware), software app liance for installation on any bare metal hardware, and a SaaS
and hybrid offering. Recent initiatives demonstrate a renewed SEG focus. Trend Micro remains a
shortlist candidate for most organizations.
Strengths
Trend Micro has a large and we ll-respected malware and spam research team.
IMSSs can perform live queries aga inst the cloud-based da tabase (Smart Protection
Network) to reduce threat distribution lag time.
The new optional Dynamic Threat Analysis System (DTAS) inspects suspect files in a sandbox
7/16/2019 Magic Quadrant for Secure Email Gateways
http://slidepdf.com/reader/full/magic-quadrant-for-secure-email-gateways 10/15
07/06/13 Magic Quadrant for Secure Email Gateways
www.gartner.com/technology/reprints.do?id=1-1BQYI20&ct=120816&st=sg 1
to provide more de tailed inspection and forensic information.
Software and virtual versions come with an optional hybrid deployment option, which
provides reputation and course content filtering, with integrated on-premises quarantine,
management and reporting.
Trend Micro offers a widge t-based graphical management interface that each administrator
can customize with predefined widgets.
Native push-based encryption encapsulates email content in an encrypted password-
protected attachment that can be viewed by any JavaScript-enabled browser. Key
management is in the cloud data center operated by Trend Micro.
Trend Micro's DLP module was recently integrated w ith its Control Manager, enab ling DLP
management across its endpo int, Web and email solutions. Trend Micro also expanded the
number of predefined DLP content.
Cautions
Although Trend Micro had an early presence in this market, its market sha re has been
relatively flat, and it has failed to gain mind and market sha re — keeping it out of the
Leaders quadrant.
Reference customers requested more granular reporting and be tter centralized management
for multiple sites, s impler upda ting, and simpler and more intuitive configuration.
The SaaS offering is focused on SMBs. It does no t offer archiving, mailbox hosting or d isaster
recovery/continuity services. Although many of the component parts o f the service a re the
same as the on-premises solution, the management interface is different.
Corporate and user allow lists are not synchronized between the SaaS-based prefilter and
the enterprise so lution, although they can be imported and exported.
Native IMSS workflow capabilities a re weak without integration w ith Trend Micro's Control
Manager.
The offline sandbox DTAS is very new and costs extra.
Return to Top
Trustwave
In March 2012, Trustwave acquired M86 Security. Based in Illinois, Trustwave is a large and
rapidly growing service provider that focuses primarily on PCI compliance requirements. It has
accumulated a number of se curity products, including UTM firewa lls for app lication security and
compliance products. In add ition, Trustwave o ffers a large number of managed se rvices.
Trustwave also o ffers a cloud so lution that is branded and so ld by service providers and channel
partners.
Strengths
The Windows-based management interface is capable and offers some advanced features,
such as task shortcuts and support for batch file workflow commands. Role-based and
multitenant management capability is a core strength.
Its Blended Threats Module uses URL rewriting to ana lyze potentially malicious URLs at thetime of a ccess using the SWG service. By default, it uses an automatically updated whitelist
of communication recipients and connecting IP addresses to reduce false positives.
Antivirus is provided as an option by Kaspersky, Sophos, McAfee or Norman.
Existing DLP capabilities, which include bas ic regular expression matching and some
predeveloped policies, dictionaries and number formats, will be augmented by Trustwave's
enterprise DLP solutions.
Cautions
M86 was struggling to gain broad brand recognition and sales momentum in the SEG market.
The Trustwave acquisition is no t likely to increase the level of product investment or
momentum outside Trustwave's managed security service provider clients. Trustwave has
very little channel support outside the PCI and payment processing verticals.
The solution has three management interfaces w ith little integration. There are limited
dashboard elements and no hyperlinked drill-downs into reports. The policy interface is a
tired-looking Windows application with pop-up, Windows-style workflow.
DLP capabilities are limited to a keyword ana lysis and do not include many predefined
policies, dictionaries or lexicons, nor do they offer much workflow support for compliance
officers.
On-box encryption is limited to TLS, and advanced encryption provided by ZixCorp is not
integrated into the management interface. Thus, it lacks any control or visibility of sent
messages, and it lacks se lf-service configuration of the encryption experience.
The SaaS service is limited to the New Zealand and Australian markets, and list pricing is well
above global averages.
Return to Top
WatchGuard
WatchGuard, which is bette r known for its multifunction firewalls, also o ffers an app liance-based
combined email and Web gateway called Extensible Content Security (XCS). WatchGuard's
primary user base is SMBs. However, the XCS SEG solution has a good mix of midsize and large
7/16/2019 Magic Quadrant for Secure Email Gateways
http://slidepdf.com/reader/full/magic-quadrant-for-secure-email-gateways 11/15
07/06/13 Magic Quadrant for Secure Email Gateways
www.gartner.com/technology/reprints.do?id=1-1BQYI20&ct=120816&st=sg 1
North American enterprise customers. Wa tchGuard XCS is a good shortlist option for existing
WatchGuard customers.
Strengths
XCS provides SEG and SWG functionality in the same appliance (hardware or virtual version),
and relevant po licies can be set for both channe ls in the same management interface. The
management interface was improved w ith more w izards to simplify deployment and
management, a frequent task screen, and improved message tracking and reporting.
XCS provides native clustering that creates a virtual machine mail queue. The message
queue is mirrored across devices in clustered dep loyments for high availability.
The DLP policy is sha red across Web and email traffic, and includes financial and medical term
dictionaries, and predefined number formats for common data types, such as credit cards
and SSNs.
Cautions
WatchGuard's mind share and market share remain very small, and it is not growing. It is
difficult for any company to compete in many markets and across many company segments,
and to provide market-leading features in each market segment. The company is much
better known for its firewall/UTM market presence, and only a small percentage of its
revenue is related to email security. It is not growing its market sha re in a rap idly maturing
market.
The management dashboard could be improved with a customization capability, role-specific
views and more-hyperlinked drill-down capab ilities into relevant reports. Role-based
administration could be improved w ith reusable ro le definitions, more options for role policies
and the ability to limit an administrator's log da ta access to just the groups managed.
Its DLP policy could be improved w ith more predeveloped dictionaries and po licies for
common regulations, as well as better quarantine management options for compliance
officers and broader content support.
Advanced encryption provided by Voltage is not integrated into the management interface.
Thus, it lacks any control or visibility of sent messages and self-service configuration of the
encryption experience.
WatchGuard does not have SaaS offerings.
Return to Top
Websense
Websense offers a number of delivery options: Cloud Email Security (CES), which is a SaaS
offering; Websense Email Security (WES), which is an on-premises software so lution; and the
Websense Email Security Gateway Anywhere (ESGA) hybrid solution, which combines a pre filter
SaaS with an on-premises appliance-based solution. It also o ffers a similar set of se rvice with
SWG functionality. However, Websense's primary focus is on the flagship Triton so lution, which
combines email, Web and data security as part of a s ingle, unified content security solution.
Websense is an excellent candidate solution for buyers looking for integrated SWG and SEG
functionality, and advanced DLP capability.
Strengths
All the various Websense solutions are tied together w ith the Triton management interface
and reporting engine, which has numerous advanced features, including bulk email
detection, malicious URL analyses a t the time of access, sta tic code analysis of suspicious
documents and drip DLP protection to de tect data leaked in smaller chunks.
Websense has 15 data centers located in 11 countries.
Websense offers very strong DLP capabilities for this market. It includes numerous
predefined DLP content dictionaries in 12 languages , plus additional compliance templates
for items such as PCI DSS, state data privacy laws, HIPAA and the Gramm-Leach-Bliley Act.
Native encryption provides TLS, as w ell as basic push and pull functions.
Websense recently added an archival service (via an OEM partner) and a disaster
recovery/business continuity service that provides an Outlook Web Access-type view into
messages queued, with the service and outbound email functionality.
It is one of the few so lutions in this report that enables administrators to view a false-
negative and false-positive report in the dashboard.
Cautions
Websense has a long history in the Web security market, but its mind share and market
share in the SEG market are comparatively low. However, Websense is show ing good
growth in the enterprise market among customers looking for converged SEG, SWG and DLP.
The Triton management interface can be very complex and involve numerous s teps to create
policies. The dashboards have only limited customization, and there is no ad hoc reporting
capability. CES message search is not quite in real time and could experience as much as a
five-minute delay.
Advanced encryption provided by Voltage is not integrated into the Triton management
interface. Thus, it lacks any control or visibility of sent messages and self-service
configuration of the encryption experience.
Off-box SQL log storage is recommended for larger deployments of on-premises solutions.
Without the hybrid Triton solution, there are management and configuration differences
7/16/2019 Magic Quadrant for Secure Email Gateways
http://slidepdf.com/reader/full/magic-quadrant-for-secure-email-gateways 12/15
07/06/13 Magic Quadrant for Secure Email Gateways
www.gartner.com/technology/reprints.do?id=1-1BQYI20&ct=120816&st=sg 12
between the capability of the SaaS offering and the on-premises appliance solution. For
example, SaaS-based DLP and reporting capabilities are not as complete as the on-premises
offering.
Return to Top
Vendors Added or Dropped
We review and adjust our inclusion criteria for Magic Quadrants and MarketScopes as markets
change. As a result of these adjustments, the mix of vendors in any Magic Quadrant or
MarketScope may change over time. A vendor appearing in a Magic Quadrant or MarketScope one
year and not the next does not necessarily indicate that we have changed our opinion of that
vendor. This may be a reflection of a change in the market and, therefore, changed evaluation
criteria, or a change o f focus by a vendor.
Return to Top
Added
Mimecast reached our inclusion criteria minimum customer threshold and recently unbundled its
suite to allow customers to buy SEG-only services. Dell acquired SonicWALL, and Trustwave
acquired M86 Security. These solutions now appear under the new names.
Return to Top
Dropped
Webroot is refocusing the company on its endpo int protection solutions and has closed its SaaS
email services to any future business. It is in the process of helping customers migrate to othe r
providers. Dell acquired SonicWALL, and Trustwave acquired M86 Security. These solutions now
appear under the new names.
Return to Top
Other Vendors
This Magic Quadrant is no t intended to be an exhaustive analysis of every vendor in this market,
but rather a focused ana lysis of solutions that are most interesting to the majority of our clients.
Other vendors were not included in this analysis because they do not fit the technical inclusion
criteria. Sendmail is one tha t has a respectable large ente rprise presence but takes a unique
approach by offering a platform that enables enterprises to plug in various email security
applications from other vendors. This approach enables enterprises to build their own solutions
from component vendors, while offering an overall management framework and underlying
scalable messaging transfer agent. Vendors such as Spamina, Axway, eleven, and AppRiver focus
on a particular geographic or vertical market niche.
Return to Top
Inclusion and Exclusion CriteriaThe solution must have its own proprietary capabilities to block or filter unwanted email
traffic.
Supplementing the solution with third-party technology is acceptable.
The solution must provide email virus scanning via its ow n or a third-party antivirus engine.
The solution must provide bas ic intrusion prevention.
The solution must offer email encryption functionality beyond TLS on its own or via a third-
party relationship.
The solution must offer the ability to scan outbound email according to a set of bas ic vendor-
supplied d ictionaries and common identifiers (for example, SSN, credit card, bank account
and routing numbers).
Vendors must have at least 2,000 direct (not via OEM) enterprise customers in production for
their email security boundary products.
Multifunction firewalls (also known as UTM devices) are outside the scope of this analysis.
These devices are traditional network firewa lls that also combine numerous network security
technologies — such as anti-spam, antivirus, network IPS and URL filtering — into a s ingle
box. Multifunction firewa lls are compelling for the SMB and branch office markets. How ever, in
most circumstances, enterprise buyers do not cons ider multifunction firewalls as
replacements for SEGs.
Return to Top
Evaluation Criteria
Ability to Execute
Vertical pos itioning on the Ability to Execute axis was determined by evaluating the following
factors:
Overall viability was given a heavy weighting, because this is a mature and saturated
market. Overall viability was considered, not only in terms of the overall company revenue,
7/16/2019 Magic Quadrant for Secure Email Gateways
http://slidepdf.com/reader/full/magic-quadrant-for-secure-email-gateways 13/15
07/06/13 Magic Quadrant for Secure Email Gateways
www.gartner.com/technology/reprints.do?id=1-1BQYI20&ct=120816&st=sg 1
channel reach, management team and resources of the vendor, but also in terms of the
importance of the email security unit at each company.
Sales execution/pricing scores reflected a comparison of pricing relative to the market.
Market responsiveness and track record measured the speed in which the vendor has
spotted a market shift and produced a product that potential customers are looking for, as
well as the s ize of the vendor's installed base relative to the amount of time the product has
been on the market. This weighting takes into account a vendor's performance over time,
but performance during the past 18 months was evaluated most significantly.
Customer experience measured the qua lity of the customer experience based on reference
calls and Gartner client teleconferences. We incorporated research and reference call data
on support responsiveness and timeliness, quality of releases and patches, and general
experiences when installing and managing the product and service on a day-to-day bas is.
The operations score reflects the corporate resources (in other words, management,business facilities, threat research, and support and d istribution infrastructure) that the SEG
business unit can draw on to improve product functionality, marketing and sa les. We a lso
took into consideration the focus and transitions of the SEG teams in acquired companies.
Table 1. Ability to Execute Evaluation Criteria
Evaluation Criteria Weighting
Product/Service Standard
Overall Viability (Business Unit, Financial, Strategy, Organization) High
Sales Execution/Pricing Standard
Market Responsiveness and Track Record High
Marketing Execution Standard
Customer Experience High
Operations Standard
Source: Gartner (August 2012)
Completeness of Vision
The Completeness of Vision axis captures the technical quality and breadth of the product, and
the vendor's organizational characteristics that will lead to higher product satisfaction among
midsize to large enterprise customers, such as how we ll the vendor unders tands this market, its
history of innovation and its geographic presence. In market understand ing, we ranked vendors
on the strength o f their commitment to this market in the form of strong product management,
their vision for this market and the degree to which their road maps reflect a so lid commitment of
resources to achieve that vision.
We heavily weighted the product features of the vendors' flagship solutions in the Completeness
of Vision criteria. Product features that Gartner deemed the most important were:
Anti-spam/phishing effectiveness and investment in malware research, especially targeted
attack detection
Management and reporting functionality
DLP capabilities
Encryption capabilities
Delivery form factor options
Other functionality or solutions relevant to the buyer in the target market of the supp lier, such as
archiving, disaster recovery and file transfer, were also taken into account.
Table 2. Completeness of Vision
Evaluation C riteria
Evaluation Criteria Weighting
Market Understanding Standard
Marketing Strategy No Rating
Sales Strategy No Rating
Offering (Product) Strategy High
Business Model No Rating
Vertical/Industry Strategy No Rating
Innovation Standard
Geographic Strategy Standard
Source: Gartner (August 2012)
7/16/2019 Magic Quadrant for Secure Email Gateways
http://slidepdf.com/reader/full/magic-quadrant-for-secure-email-gateways 14/15
07/06/13 Magic Quadrant for Secure Email Gateways
www.gartner.com/technology/reprints.do?id=1-1BQYI20&ct=120816&st=sg 14
Quadrant Descriptions
Leaders
Leade rs are performing well, have a clear vision of market direction and are actively building
competencies to sustain their leadership pos itions in the market. Companies in this quadrant o ffer
a comprehensive and proficient range of email security functionality, and show evidence of
superior vision and execution for current and anticipated customer requirements. Leaders typically
have a relatively high market share and/or strong revenue grow th, own a good portion of their
threat or content-filtering capabilities, and demonstrate positive customer feedback for anti-spam
efficacy and related service and support.
Return to Top
Challengers
Challengers execute well, but they have a less defined view of market direction. Therefore, they
may not be aggress ive in preparing for the future. Companies in this quadrant typically have
strong execution capabilities, evidenced by financial resources, and a significant sa les and brand
presence garnered from the company as a whole or other factors. However, Challengers have not
demonstrated as rich a capability or track record for their email security product portfolios as
vendors in the Leaders quadrant.
Return to Top
Visionaries
Visionaries have a clear vision of market direction and are focused on preparing for that, but they
may be challenged to execute against that vision because of undercapitalization, market
presence, experience, size, scope and so forth.
Return to Top
Niche Players
Niche Players focus on a particular segment of the client base, as defined by characteristics such
as a specific geographic delivery capability or dedication to a more limited product set. Their ability
to outpe rform or be innovative may be affected by this narrow focus. Vendors in this quadrant
may have a small installed base or may be limited, according to Gartner's criteria, by a number of
factors. These factors may include limited investment or capability to provide email security threat
detection organically, a geographically limited footprint or other inhibitors to providing a broader
set o f capabilities to ente rprises now and during the 12-month planning horizon. Inclusion in this
quadrant does not reflect negatively on the vendors' value in the more narrowly focused market
they service.
Return to Top
Context
The total market revenue is peaking as it reaches sa turation and primary feature maturity.
Buyers should focus on more-strategic vendors that will continue to accumulate market
share.
Consider incumbent cloud-based email platforms that will typically offer good enough spam
and malware protection for most organizations.
SaaS solution are very attractive to smaller organiza tions (less than 2,000 sea ts) that tend
to have lower customization requirements, fewer resources to manage solutions and larger
organizations that favor outsourcing.
Pay careful attention to outbound email requirements such as DLP and encryption. These
features are very differentiated across products.
Organizations concerned about targeted attacks should consider this attack prevention
capability as a primary differentiator among Leaders.
Return to Top
Market Overview
The SEG market is a mature market. The penetration rate of commercial SEG solutions is close to
100% of enterprises. Buyers are becoming more price-sensitive; 80% of recently surveyed
reference customers (see Note 1) sa id that price was important or very important. The market
growth rate has leveled off, and there are no significant entrants into the market or acquisitions
— all classic symptoms of a mature market.
Despite market maturity, SEGs are not a solution companies can do without. Global spam volumes
declined in 2011, as spammers moved to other mediums such as social networks, but spam still
represents as much as 75% of email and email viruses . Phishing attacks continue to oscillate,
while more targeted phishing attacks increase. Better protection from targeted phishing attacks is
the most critical new inbound protection capability (72% of respondents indicated tha t this was a
very important capability), but only a few vendors have advanced the sta te of the art against
these attacks. Also, leading vendors continue to invest in anti-spam techniques to maintain high
detection and low false-positive rates.
7/16/2019 Magic Quadrant for Secure Email Gateways
http://slidepdf.com/reader/full/magic-quadrant-for-secure-email-gateways 15/15
07/06/13 Magic Quadrant for Secure Email Gateways
Interest in outbound email hygiene continues. Outbound capabilities such as DLP and encryption
capabilities remain the single biggest feature differentiators and are the primary reason w e have
not yet moved to a MarketScope format for this analysis. Of the respondents (see Note 1), 32%
indicated tha t they already use DLP, and 35% plan on adopting DLP in the next 24 months. Thirty-
two percent of respondents already use email encryption beyond TLS, while another 28% plan on
adopting it in the next 24 months.
Form factors are also differentiators, with interest and deployment of virtual solutions and SaaS
solutions continuing. Leading vendors in this market are expanding their offerings vertically into
adjacent markets (such as mailbox hosting, hos ted a rchiving, e-discovery and continuity services)
and horizontally into SWG (see "Magic Quadrant for Secure Web Gatew ay") solutions linked by
common DLP and management. However, buyer demand for these services from their same
vendor is mixed, and purchase decisions rarely coincide.
Return to Top
© 2012 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be
reproduced or distributed in any form without Gartner’s prior written permission. If you are authorized to access this publication, your use of it is subject to the
Usage Guidelines for Gartner Services posted on gartner.com. The information contained in this publication has been obtained from sources believed to be reliable.
Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies
in such information. This publication consists of the opinions of Gartner’s research organization and should not be construed as statements of fact. The opinions
expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal
advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that
have financial interests in entities covered in Gartner research. Gartner’s Board of Directors may include senior managers of these firms or funds. Gartner research
is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the
independence and integrity of Gartner research, see “Guiding Principles on Independence and Objectivity.”
About Gartner | Careers | Newsroom | Policies | Site Index | IT Glossary | Contact Gartner