It’s safe to say, with phishing appearing perennially at the top of the attack vector list and business email compromise (BEC) causing $1.8 billion in losses to US businesses in 2020 alone, that email security is going to have a “what’s old is new again” moment as we move into 2022.

While email security technology has been with us for a while, recent innovation in this space has created a new breed of providers to watch. As I stated in a recent blog post on this very topic, “Our emails are vulnerable. And there’s no security buzzword bingo acronym hero to come to the rescue.” No, there’s no hero swooping in to save us … so it might just be time for security pros to don our CAPES.

Forrester defined the term CAPES over a year ago to better segment vendors in the email security space. As a refresher, CAPES stands for cloud-native, API-enabled email security. They’re solutions that integrate with email infrastructure providers like Google and Microsoft to extend their native security capabilities and catch malicious and fraudulent emails those systems may have missed.

Many CAPES solutions specialize in phishing protection or integrate with collaboration tools, acting as an additional layer of inbound and outbound protection. CAPES solutions can also support incident response and investigation by enabling those critical activities and conducting postdelivery detection and removal. CAPES can be deployed via API either in-line, like a secure email gateway (SEG), or in a passive mode. In fact, many legacy SEGs now offer CAPES-like integrations and capabilities, and a few CAPES vendors were Contenders in our Forrester Wave™: Enterprise Email Security, Q2 2021.

Does this mean your traditional SEG is obsolete? No. CAPES capabilities and integrations are bringing about needed innovation across the board for email security technology, and protocols like DMARC and BIMI are gaining ground as both chief information security officers and CMOs move to protect the brand, bolster customer trust, and defend against phishing and BEC attacks.

So, as you look to your future state for email security, don’t be left on thin ice. Take a look at CAPES solutions, and ask your current email security providers what they’re doing to protect users from malicious missives infiltrating the inbox.

2022 is sure to bring with it more villains, so get in that phone booth and suit up.


(Written with Alexis Bouffard, senior research associate at Forrester)