The Forrester Wave™: Email, Messaging, And Collaboration Security Solutions, Q2 2025, is live — and it looks a bit different from its predecessor in 2023.

Why The Name Change?

Yes, it’s a mouthful, but the holistic approach of email, messaging, and collaboration security (EM&CS) is a reflection not only of the way people work but of the threats facing those workers as they communicate and collaborate with customers, partners, and each other. Attackers are shifting their focus to other entry points — leveraging targeted multistep campaigns to include voice and text and exploiting SaaS platforms, internal messaging apps and collaboration tools, and file-sharing environments. These avenues are vital for modern workflows, but they’re also vulnerable to malicious activities. As a result, organizations must adopt a more holistic approach to securing the human element, ensuring that these tools and environments receive the same level of protection as the email inbox. EM&CS solutions must protect employees from harmful messages and deliver timely awareness and training prompts to encourage vigilance and safe data practices.

This research used 27 different criteria to evaluate 10 vendors: Abnormal AI, Barracuda, Check Point Software Technologies, Cloudflare, Darktrace, Google, Microsoft, Mimecast, Proofpoint, and Trend Micro.

What Stood Out?

After a decade of stagnation, what I call the “golden age of email security” remained in full swing through 2023 and 2024. The market thrived with continued M&A activity, private equity moves, additional rounds of VC funding, and generative AI-driven innovation propelling vendors forward.

The threat and AI landscape will likely prevent another prolonged period of stagnation in this space, but for many vendors, we’re in a period of digestion. Acquisitions and new capabilities are being integrated with improved user and analyst experience in mind. Additional use cases for generative and agentic AI are being developed and tested. With that said, this round of evaluations produced a couple items of note:

  • The layered approach is now de facto. In Forrester’s Security Survey, 2024, 63% of director-level security leaders said their firm currently uses two or more vendors in its content security environment — a category that includes email, messaging, and collaboration security. Customer reference interviews in the 2023 and 2025 evaluations confirm this. A layered approach — typically, native capabilities from productivity suite providers and an additional solution (or two) — is the norm.
  • AI has the spotlight but shouldn’t stand alone just yet. EM&CS solutions have used machine learning for years to detect malicious content by recognizing malicious activity patterns. Now, AI advancements such as natural language understanding and large language models enhance detection, helping identify suspicious requests, urgent tones, fake replies, and brand impersonation. These are often generated by AI for the purposes of advanced phishing and business email compromise.

For the near term, employ a holistic approach to content analysis, image and file inspection, malicious URL detection, message authentication, and outbound message protection for more complete protection.

Context is key. Using AI to fight AI is a big benefit to using an EM&CS solution, but understanding which models “hit” and why, for each alert, is necessary to help security analysts make more informed decisions, fine-tune security policies, and better communicate with users. Customer references noted when the use of AI in a solution was a “black box” or “secret sauce” compared to when it meaningfully contributed to the speedy detection of malicious activity or the increased vigilance of end users.

What Should You Look For?

Forrester clients can visit this page when logged in and select “Help me find a vendor.” Then select what you and your team care about most in an EM&CS solution. The site will return a ranked list that aligns to your selected priorities. Forrester’s transparent methodology, where we detail the process behind the full criteria, scale explanations, and scores, allows us to offer an interactive experience to help inform the choices that our clients make about their providers. Additionally, as you compile a shortlist or consider a renewal:

  • Focus on yourself. Focus on your outcomes by using efficacy data from your own environment (not generic third-party lab claims) and running proof-of-concept tests to assess usability, AI explainability, critical integrations, and customer support in addition to efficacy.
  • Dismiss deployment option distractions. Don’t get caught up in the SEG vs. CAPES marketing arguments, and prioritize how well the solution performs within and fits your infrastructure, security tech stack, and workflows.
  • Prioritize analyst experience. Ensure that members of your team test the solution’s interface for usability and alignment with their processes. Look for easy, bidirectional integrations with human risk management solutions and with SOC tools such as XDR, SOAR, and security analytics platforms to speed triage, investigation, and remediation.

Forrester clients can check out the full report here for more detail: The Forrester Wave™: Email, Messaging, And Collaboration Security Solutions, Q2 2025. And clients seeking their next primary — or secondary — EM&CS provider can schedule an inquiry or guidance session with me for additional insights.