I bet you would never have guessed you’d hear those words out of my mouth. But the truth really is competition makes us all better. With competition we are incented to build better products. But what really surprised me this week was a competitor outing itself as being behind the curve in innovation. And that is what it happened this week when one of our competitors announced these three new features:
First, I’m at glad they acknowledge they are aligned with us these features are worthy of R&D investment.
Second, bravo for going bold this late in the game. (Side note: We did these years ago. 😉) It’s even bolder considering we hold the patent for Unified Quarantine Microsoft’s quarantine (US20220070180A1). Note the file date of the patent: August 25, 2021. Today is April 30, 2025. They are only 1,344 days late. So appreciate them giving our four year old, now-patented, idea a plug
Third, this all demonstrates something very important. Something so subtle you might miss it. In a roundabout way, they acknowledge that being a supplement isn't enough and that to become one takes more than marketing; it takes a lot of time and R&D investment. I speak from experience having been on this front line since the beginning. That is since 2015, not the beginning of time as my colleagues or kids would quip.
I’m guessing they see the same writing on the wall as I do: There is no long-term market for an email security supplement. Today, a supplement strategy is a short-term fix. It’s a bandage to stop the bleeding. Large organizations may be deploying supplements today, in part, because it will serve as a stopgap until they get a project in place to address the entire security architecture. Perhaps waiting until their Secure Email Gateway (SEG) contract is up for renewal. During this project, someone sitting at the table is going to ask, “Why do we need a supplement and a SEG? We need two solutions?”
The writing on the wall can be demonstrated by the consolidation in the email security space. For the sake of this blog, I'll refer to the SEGs as the legacy approach–sorry folks–and the API enabled providers as the Next Generation Email Security (NGES) providers. There have been twelve acquisitions of NGES providers in the past few years. Check Point's acquisition of Avanan, now Harmony Email & Collaboration (HEC), was one of them.
Out of the 12 NGES acquisitions, the Avanan to HEC acquisition was the most successful by far, in terms of exit value and strength of today’s offering. The other 11 vendors were essentially acquired for scrap or a little above. I do not take pride in this fact, as I have tremendous admiration for those that have the courage to step out on that ledge to start a company. But I must use it to make a point. Avanan was the only NGES vendor that offered a complete email security solution.
If we assume the idea plausible that supplements could go the way of fax machines, what do these supplement vendors do now? My best bet is they either pivot or double down on the supplement strategy. Either way, they will need to rely on marketing to paint a picture that they offer a complete product, or overwhelm the market with hype in an effort to drive FOMO.
I’ll speculate what the tradeoffs could be for a moment. If they elect to pivot towards being a complete email security solution, it is going to require a sizable R&D investment and a lot of time with many bumps in the road along the way. Is it possible for startups to fund this investment? For sure, but at what sacrifice? Using hype to drive a message works, but the marketing and sales spend is significant. There is no crime in having great marketing. We would love to spend much more money on marketing, but not to spite achieving our vision and building a complete solution.
Another constraint is the clock. Turning a supplement into a complete email security solution will take time that many startups just do not have. Especially since we have several years head start with a world of experience behind us. Of course, there are minor details like our patent protections and solving throttling issues–just Google “Microsoft 429 error”–which we addressed years ago with an API architecture that uses ¼ of the API calls as others. But in the spirit of giving, I’ll provide them with a hint. Making a pre-delivery scanning solution available is much different than having one that’s battle tested and evolved over many years.
At the end of the day, I’d say our biggest flaw is being guilty of prioritizing completeness over boldness. Boldness–we can change.
The truth is, this is all just noise that does not impact our vision and what we do. Day one, we set out to innovate the email security market, and we achieved that. Then we set out to provide a complete email security platform, that also secures the suite–and we achieved that. Our lengthy and impressive list of features and capabilities from last year and since the acquisition demonstrates that. Personally, success for me isn’t about crossing the finish line. To me, it’s about building a flywheel to solve real-world problems. And it requires doing the best you can with what you have every day (Credit: "Good to Great" by Jim Collins; highly recommend).
Going forward, we have our sights set on providing a complete level of protection beyond the inbox and cloud suite through complete workforce security–on the endpoint, on the mobile device, as you browse, and of course the inbox. Protecting the places where today’s workforce is subject to message-based attacks.
We are going to keep chugging along because to be quite honest, HEC is not going anywhere. And much to the chagrin of our competitors, we have all day, week, year, decade to keep building better and better. Perhaps someday we will change the name from Harmony Email & Collaboration, but that is the least of our concerns. Name changes do not make a product better. Vision, investment, and people do.