Skip to content
    Back to Security Operations (SecOps)
    Security Operations (SecOps)StartupEmail Detection

    Sublime Security

    Open email security detection platform for phishing and BEC attacks

    Mkt Cap / ValPrivate
    RevenueEst. $10M ARR
    Growth+100% YoY
    Sublime Security reimagines email security as a programmable detection platform — security teams write detection rules in a human-readable domain-specific language (MQL) rather than waiting for vendor signature updates, giving in-house threat hunters the ability to detect novel phishing and BEC campaigns before vendor rules catch them.
    Analyst take · Competitive edge

    SWOT Analysis

    Strengths
    • Programmable detection: MQL rule language lets security teams write custom email detections in hours
    • Community-driven detection library: hundreds of shared MQL rules from the security community accelerate coverage
    • API-first architecture integrates with any SOC workflow, ticketing, or SOAR platform
    • Transparent detection logic — every block or flag includes the rule that triggered it, eliminating black-box frustration
    • Deployment flexibility: cloud, on-prem, and hybrid — including Microsoft 365 and Google Workspace
    Opportunities
    • Email security modernization: enterprises seeking alternatives to expensive Proofpoint/Mimecast contracts
    • Detection-as-code trend: security teams adopting code-first approaches to threat detection across all vectors
    • BEC and AI-generated phishing proliferation driving demand for programmable, adaptive email defenses
    • Microsoft 365 native integration as enterprises reduce third-party email gateway dependencies
    Weaknesses
    • Requires security engineering investment to maximize programmable detection value — not turnkey for non-technical teams
    • Smaller brand recognition versus Proofpoint and Mimecast in enterprise email security evaluations
    • Threat intelligence enrichment relies on community and third-party feeds — less proprietary than established vendors
    • Professional services and onboarding support still scaling with company growth
    Threats
    • Microsoft Defender for Office 365 Plan 2 bundled in M365 E5 eroding email security budget line
    • Proofpoint and Abnormal Security with massive threat intelligence databases and enterprise install bases
    • Abnormal Security's AI-native behavioral detection competing in the modern email security narrative
    • AI-generated phishing evolution outpacing community detection rules if update velocity slows

    User Sentiment

    Synthesized from G2, Gartner Peer Insights, and analyst review data.

    What users love
    • Writing custom detection rules in MQL that block novel threats within hours — not waiting for vendor signature updates
    • Every detection decision is explainable — transparent rules eliminate black-box compliance friction
    • Community rule library accelerates coverage dramatically — not starting from zero on custom detections
    • API-first design integrates cleanly with existing SOAR and ticketing workflows
    Common complaints
    • MQL learning curve requires security engineering investment — not plug-and-play for lean security teams
    • Threat intelligence data depth less comprehensive than established vendors' proprietary feeds
    • Enterprise professional services capacity still scaling — implementation support can lag for large deployments

    Pricing & TCO

    Analyst-synthesized pricing signals — directional only, contact vendor for current terms.

    Per SeatMedium TCOContact Sales Free Trial / Tier

    Starting Price

    Free (up to 25 mailboxes, Community)

    Typical ACV (Mid-Enterprise)

    $20K–$200K

    Market Segments

    Mid-MarketEnterprise

    Deployment

    SaaSOn-Prem

    Key Cost Drivers

    • Number of protected mailboxes
    • Deployment model: Sublime Cloud vs self-hosted on-prem
    • Enterprise features: multi-tenant, SOAR integrations, advanced reporting

    Competitive email security pricing — free community tier drives adoption; per-mailbox scaling is predictable.

    Full comparison

    Customer Profile

    Who buys this

    Typical segments

    Security-Mature EnterprisesDetection Engineering TeamsOrganizations with Custom Threat Models

    Typical buyer

    Detection Engineer, Security Architect, or CISO at organizations with in-house security engineering capability

    Top use cases
    1. 1Custom phishing and BEC detection: writing programmable rules targeting the organization's specific threat model
    2. 2Email security modernization: replacing expensive legacy email gateways with transparent, API-integrated detection
    3. 3Security community collaboration: contributing and consuming community MQL rules for faster coverage expansion

    Future Focus Areas

    1

    AI-assisted rule generation: Gemini/GPT-assisted MQL creation from natural-language threat description

    2

    Expanded detection surface: programmable detection beyond email to messaging apps and collaboration tools

    3

    Threat intelligence fabric: enriching MQL detections with structured threat intel from MISP and TAXII sources

    4

    Autonomous response: direct Microsoft 365 remediation actions triggered by MQL rule matches