Cloud email providers (Microsoft 365, Google Workspace) offer a robust set of APIs to provide additional services, and many email security vendors have leveraged these APIs for their solutions. API-based email security makes sense when offered as part of a comprehensive service that includes real-time protection. However, API-only approaches from vendors like Abnormal, Tessian and Armorblox have inherent shortcomings.
Here’s how relying on API-only email security vendors can increase phishing risks against your organization:
- Although they claim to offer “risk-free” deployment without touching mail flow, integration via API, by definition, means protection is not in real-time.
- By acting “after-the-attack,” when the threat has already reached inboxes, API-only solutions increase dwell time, the time between when a threat has already penetrated the environment and its discovery.