Technical Review by
Craig MacAlpine
Email security should be a top priority for your organization. Email is the number one target used by hackers to get access to your company’s private data, using attacks like phishing. Your first line of defense should be a Secure Email Gateway. This is a platform which guards your emails against hackers, spam and viruses.
There are many email security solutions available. Some are targeted toward enterprise users looking for granular admin controls and advanced functionality. Some are better suited for smaller businesses looking for an easy-to-use platform with a good price point.
To help you find the right solution, Expert Insights has put together a list of some of the top email security platforms. We’ll take you through their features, how easy they are to use, and how well they work. We reviewed the leading platforms and found TitanHQ Email Security, powered by CyberSentriq, IRONSCALES, and Proofpoint Essentials to be the strongest options for most environments.
Email security is the set of tools and controls that protect your inbox from the threats that arrive by email, including spam, phishing, malware, ransomware, and business email compromise. Email is still the most common way attackers get into an organization, so an email security platform sits between the internet and your users and filters out malicious messages before they can do any harm. The native filtering in Microsoft 365 and Google Workspace blocks bulk spam, but most organizations handling sensitive data layer a dedicated platform on top to catch the targeted attacks that slip through.
Email security platforms fall into two broad camps. A Secure Email Gateway (SEG) sits in front of the mail server and scans every message before it reaches the inbox, which means changing your MX records so mail routes through the gateway first. SEGs are strong on policy enforcement, data loss prevention, and known threats. An Integrated Cloud Email Security (ICES) platform connects to Microsoft 365 or Google Workspace via API and analyzes mail at the mailbox level after delivery, which makes it better at catching social engineering, impersonation, and account takeover. The two approaches are converging, with gateway vendors adding API detection and API-first vendors adding gateway features, but the choice still shapes deployment, cost, and the kinds of attack you will catch. Most platforms combine techniques like attachment sandboxing, time-of-click URL scanning, domain reputation, and machine learning.
Here's how the platforms we reviewed compare at a glance.
| Product | Best For | Type | Phishing | BEC | DLP | M365 |
|---|---|---|---|---|---|---|
|
TitanHQ, powered by CyberSentriq
|
SMBs, MSPs, education
|
SEG
|
Yes
|
No
|
Yes
|
Yes
|
|
IRONSCALES
|
Phishing and BEC focused
|
ICES
|
Yes
|
Yes
|
No
|
Yes
|
|
Proofpoint Essentials
|
SMBs wanting enterprise grade
|
SEG
|
Yes
|
Yes
|
Yes
|
Yes
|
|
Material Security
|
Post-delivery inbox protection
|
ICES
|
Yes
|
Yes
|
Yes
|
Yes
|
|
Abnormal AI
|
AI-driven BEC detection
|
ICES
|
Yes
|
Yes
|
No
|
Yes
|
|
Mimecast
|
Full-suite enterprise security
|
SEG
|
Yes
|
Yes
|
Yes
|
Yes
|
|
Barracuda
|
SMBs and MSPs on M365
|
SEG + ICES
|
Yes
|
Yes
|
Yes
|
Yes
|
|
Cisco Secure Email
|
Cisco ecosystem orgs
|
SEG
|
Yes
|
Yes
|
Yes
|
Yes
|
|
Libraesva
|
EU based, data sovereignty
|
SEG
|
Yes
|
Yes
|
Yes
|
Yes
|
|
Microsoft Defender for Office 365
|
All-Microsoft environments
|
Native
|
Yes
|
Yes
|
No
|
Yes
|
We tested leading email security solutions across real-world deployment scenarios, evaluating detection accuracy against phishing, BEC, and malware, alongside deployment complexity and customer feedback from production environments. This guide was written by Joel Witts and technically reviewed by Craig MacAlpine. Read our full methodology
SpamTitan by CyberSentriq is a cloud-based secure email gateway that provides protection against spam, malware, ransomware, and phishing attacks. The platform is built on a spam filtering engine with a catch rate of 99.99% and a false positive rate of 0.003%. We think SpamTitan provides strong threat protection against both inbound and outbound email threats, making it a strong solution for SMBs, enterprises, MSPs, and resellers.
We think SpamTitan is an easy-to-manage email security solution for SMBs, enterprises, MSPs, and resellers that need comprehensive inbound threat protection without a complex deployment. The 99.99% catch rate and included sandboxing are strong value, and the outbound DLP capabilities add a layer of protection that many competing gateways lack. SpamTitan is also a strong option for education environments, where its cost-effective pricing keeps it accessible.
IRONSCALES is an API-based email security platform that sits at the mailbox level inside Microsoft 365 or Google Workspace. It’s designed to catch inbound email threats, like phishing, BEC, and impersonation attacks, missed by traditional email gateways. It uses adaptive AI systems alongside end-user threat intelligence to learn what malicious emails look like, and block them everywhere at once. We think it stands out for the way it turns employee reporting into a real-time detection advantage across its network of over 17,000 customers.
We are impressed by IRONSCALES. The platform is constantly adding new features, like email spam filtering, encryption, and deepfake protection. The core of the product is the crowdsourced threat intelligence built on end-user email reporting, which is an effective way of blocking phishing, alongside powerful threat protection engines. If you are looking for an effective email security platform that goes beyond traditional gateway filtering with built-in phishing awareness training, IRONSCALES delivers. The free Starter tier offers phishing simulation and testing for up to 500 mailboxes, though full email protection requires a paid plan.
Proofpoint Essentials brings Proofpoint’s enterprise-grade detection technology to SMBs. Proofpoint secures more than 85% of the Fortune 100, and Essentials uses the same AI-powered engine scaled for smaller organizations. We think it’s a strong option for Microsoft 365 users looking for effective spam, phishing, and BEC protection with bundled encryption, archiving, and DLP in one platform.
We found Proofpoint Essentials highly effective at identifying and blocking spam, and it performs checks relatively quickly; it generally takes no more than 15 minutes to scan, sandbox, and deliver an unknown email with an attachment. The interface is simple and intuitive, especially compared to Microsoft’s own email security console. Something to be aware of is that Proofpoint Essentials was designed for organizations up to 500 users, and while it can work for larger businesses, enterprises will be limited by the lack of group-based policy configuration. We’d recommend organizations over 1,500 users look at Proofpoint Core Email Protection instead.
Material Security protects the entire M365 and Google Workspace productivity suite, covering inbox data, account takeover, sensitive document exposure, and configuration drift. We think the approach to protecting stored inbox data is what separates Material from typical email security tools. Instead of just blocking threats at the perimeter, Material secures the data that’s already sitting in every mailbox.
Customers say Material treats Google Workspace as a true first-class environment, not an afterthought. Support consistently gets top marks, with teams praising fast response times and a willingness to iterate on product feedback. Some customer reviews note that the ticketing dashboard lacks interactive features for deeper investigations.
We think Material is well worth considering if you’re running M365 or Google Workspace and want one platform covering email, data, and identity risks. The inbox-level MFA protection covers ground most email security tools do not. If you need protection beyond cloud productivity suites, you’ll need additional tooling.
Best for Behavioral AI detection on M365 and Google Workspace
Abnormal AI is a cloud-native email security platform that uses behavioral AI to detect phishing, BEC, and account takeover in Microsoft 365 and Google Workspace environments. We think the behavioral approach is the standout here. The platform analyzes over 45,000 signals per message to baseline normal communication patterns and flag deviations.
Customers consistently praise detection accuracy. Teams report spending far less time managing email queues and chasing false positives compared to traditional gateways. Setup is straightforward via API integration. Some customer reviews note that the interface could be more responsive, and outbound email monitoring is not currently available.
We think Abnormal AI is well worth considering if you’re running M365 or Google Workspace and want to move past a noisy legacy gateway. The behavioral AI catches attacks that signature-based tools miss entirely, and the low false positive rates reduce alert fatigue across your security team. The extension into connected SaaS apps is a real differentiator. M365 and Google Workspace are the only supported platforms, so organizations on other email providers will need to look elsewhere.
Best for Enterprise security teams needing full email protection
Mimecast Secure Email Gateway is one of the most fully featured email security platforms on the market, targeted primarily at enterprise users. We think the detection accuracy and integration depth are the key strengths here. The platform protects over 40,000 organizations and uses AI and machine learning to guard against phishing, impersonation, BEC, and malware.
Customers consistently praise the protection quality, with low false positive rates meaning legitimate emails reach inboxes without manual intervention. Small security teams praise the out-of-the-box effectiveness. Customers also highlight the reports and analytics, noting they are easy to understand. Some customer reviews note that the admin interface has deeply nested settings that make troubleshooting slow.
We think Mimecast makes sense for enterprise security teams who need full email protection and can invest time in initial configuration. The March 2026 update addressing API deployment and 350+ vendor integrations strengthens its position in modern security stacks. Mimecast boasts a low rate of legitimate emails being falsely marked as spam and a high rate of spam and virus blocking. If you’re a smaller team wanting something lighter, there are simpler options on this list.
Best for SMBs and MSPs running Microsoft 365
Barracuda Email Protection (formerly Barracuda Essentials) bundles email gateway, inbox defense, and web security into one cloud platform built for SMBs and MSPs running Microsoft 365. We think the all-in-one approach is the draw here. It gives you a feature-rich email security platform without breaking the bank.
Customers consistently praise reliability; uptime is a recurring theme. Support gets high marks for responsiveness and resolving issues without escalation hassles. The impersonation protection draws particular praise for catching threats other tools miss. Some customer reviews note that the interface feels dated and sluggish in quarantine navigation.
We think Barracuda is a good option to consider if you’re an SMB or MSP wanting full M365 protection without managing multiple point solutions. The all-in-one pricing makes budgeting predictable, and features like archiving, encryption, and backup are bundled alongside email security. It’s easy to deploy with Office 365, making it a strong option for smaller companies moving their email to the cloud. If you need enterprise-grade customization or complex policy requirements, you’ll bump into limitations.
Best for Organizations invested in the Cisco security stack
Cisco Secure Email (formerly Cisco Cloud Email Security) is a cloud-based email gateway backed by Talos, one of the largest commercial threat intelligence teams in the industry. We think the integration with the broader Cisco security stack is the key advantage here. For organizations already invested in Cisco security tools, the cross-product telemetry sharing justifies the investment.
Customers say the interface works well once configured, and support gets high marks for responsiveness. The SecureX integration gets consistent praise for unified visibility across Cisco security tools. Some customer reviews note that feature density means valuable capabilities often go undiscovered.
We think Cisco Secure Email is well worth considering if you’re already running Cisco security tools. As a Cisco product, it integrates with their range of other security services, giving your organization strong multi-layered protection. The cross-product telemetry sharing and SecureX integration create real operational advantages. Standalone deployments lose the integration benefits that make it compelling. We’d recommend this service to larger organizations who can take advantage of the wider Cisco stack.
Best for Mid-to-large EU organizations needing data sovereignty
Libraesva Email Security is a multi-layered email protection platform from Italian vendor Libraesva, founded in 2013. It integrates with Microsoft 365, Google Workspace, and on-premises Exchange using both gateway and API-based filtering. We think Libraesva is a strong option for mid-to-large organizations, particularly in education, government, and finance, that want AI-driven threat detection with flexible deployment options.
We were impressed by Libraesva’s AI approach, particularly the Semantic AI engine processing email content locally rather than sending data to external cloud AI services. That’s a meaningful differentiator for organizations with strict data sovereignty requirements. The Social Graph feature, which visualizes relationships between internal and external domains, is a useful tool for threat investigation. Libraesva supports on-premises, cloud, or hybrid deployment, and includes Email Continuity for platform outages, which is good to see. With that said, the initial setup is manual; admins need to configure API permissions and connectors themselves, though Libraesva provides onboarding support for this.
Best for Organizations already invested in the Microsoft stack
Microsoft Defender for Office 365 (formerly Microsoft Advanced Threat Protection) is the native email and collaboration security layer built directly into the M365 stack. We think the deep integration with the Microsoft environment is the structural advantage here. Protection applies across Exchange Online, SharePoint, OneDrive, and Teams without additional deployment steps.
Customers say deployment and management are straightforward, and threat analysis reports help teams understand what’s hitting their environment. Real-time detection catches most of what you’d expect. Microsoft Defender is a popular choice as a low-cost solution that works directly with Office 365. Some customer reviews note that false positives can quarantine legitimate emails while some phishing gets through.
We think Defender makes sense as a baseline for organizations already invested in the Microsoft stack. The native integration is hard to beat, and the pricing is competitive, especially on E5 licensing. With that said, the spam filtering, admin features, and phishing protection are not as developed as the dedicated third-party solutions on this list. If you need granular policy control or face sophisticated targeted attacks, a dedicated third-party solution layered on top will give you stronger coverage.
We've looked at almost 50 email security solutions to create this list. Here are some other vendors we rate highly, with strong solutions worth considering depending on your environment.
Email security solution with spam filtering and threat intelligence, popular with MSPs.
An ICES tool that protects inbound and outbound emails against phishing, BEC, and account takeover.
A cloud-based platform protecting email from phishing with API-first security and Zero Trust integration.
An AI-driven platform securing email with real-time detection and autonomous response, focused on enterprise.
An AI-driven platform with encryption, real-time detection, and adaptive controls, now part of KnowBe4.
An integrated email security platform with real-time threat intelligence and advanced filtering.
A cloud-native platform with AI-driven detection, user training, and automated remediation.
A cloud-based tool protecting inbound and outbound email from spam, malware, and phishing, designed for MSPs.
A zero-trust platform securing inbound and outbound email against phishing, malware, and spam.
An AI-powered platform with real-time scanning and managed incident response.
An AI-powered cloud platform securing email, mobile, and browser apps against phishing.
A programmable cloud security platform that hunts for email threats and auto-triages end-user reports.
Broadcom's enterprise secure email gateway, designed to secure cloud-based and on-premises email.
A cloud-native solution safeguarding inbound and outbound email against phishing, malware, and spam.
Pricing in the email security market varies widely depending on deployment model, feature set, and organization size. Many enterprise and API-based platforms require a custom quote. The figures below reflect publicly available starting points where available; actual costs depend on mailbox count, contract length, and selected feature tiers.
| Product | Starting Price | Billing | Link |
|---|---|---|---|
|
TitanHQ, powered by CyberSentriq
|
From $1.95/user/mo
|
Annual
|
|
|
IRONSCALES
|
Free plan available; paid from ~$3.49/mailbox/mo
|
Annual
|
|
|
Proofpoint Essentials
|
From $1.65/user/mo
|
Annual
|
|
|
Material Security
|
From $3.00/user/mo
|
Annual
|
|
|
Abnormal AI
|
Contact for quote
|
Annual
|
|
|
Mimecast
|
Contact for quote
|
Annual
|
|
|
Barracuda Email Protection
|
Contact for quote
|
Annual
|
|
|
Cisco Secure Email
|
Contact for quote
|
Annual
|
|
|
Libraesva Email Security
|
Contact for quote
|
Annual
|
|
|
Microsoft Defender for Office 365
|
From $2.00/user/mo (Plan 1)
|
Monthly/Annual
|
|
Deploying an email security platform is one part of the equation. These are the configuration and operational steps we recommend to get the most out of your investment.
These authentication records let receiving servers verify your mail is genuine, which blocks spoofing of your domain and improves deliverability.
Most account takeover starts with a stolen password, and MFA stops attackers from logging in even when credentials leak.
Sandboxing detonates suspicious attachments in an isolated environment before delivery, catching malware that signature scanning misses.
Rewriting links lets the platform re-check them at the moment a user clicks, catching pages that turn malicious after the email is delivered.
Outbound rules flag or block messages containing regulated data, which stops both accidental and malicious data loss through email.
When a threat is identified after delivery, the platform can pull the message from every inbox automatically rather than relying on manual cleanup.
Simulations show you which users are most at risk and keep phishing awareness current as attacker tactics change.
Regular review catches false positives before they frustrate users and lets you tighten policies against new threats.
Native filtering blocks bulk spam but misses targeted phishing and BEC, and a dedicated layer closes that gap.
A clear process means your team responds consistently and quickly when a user reports a suspicious email or a compromised account.
Your email security decision depends on three factors: your email platform, your threat priorities, and your team’s operational capacity. SMBs and MSPs managing cost-conscious deployments will find TitanHQ efficient. Organizations running Microsoft 365 or Google Workspace benefit from native and API-based solutions like Abnormal AI, Material Security, or Microsoft Defender for Office 365, which avoid the complexity of legacy gateway deployments. Enterprises managing large threat surfaces should evaluate Proofpoint Essentials or Mimecast for their thorough intelligence and scaling capabilities. If phishing remediation and dwell time are your primary pain points, IRONSCALES complements your existing email security effectively.
The wrong choice costs you in false positives that frustrate users, missed detections that create breach risk, or operational overhead that stretches your team too thin. The right choice stays invisible, catches real threats, and lets your team focus on more complex security work. Start with your infrastructure constraints, match that to the products that fit your environment, then evaluate detection accuracy and integration depth. We recommend requesting demos from your top two or three choices before committing.
Secure Email Gateway (SEG): A SEG filters incoming and outgoing emails to block spam, phishing, and malware before they reach the recipient’s inbox. It typically works by routing all email traffic through a centralized gateway, where it applies policies, scans for threats, and quarantines suspicious messages.
API-Based Email Security: API-based tools (also called “integrated cloud email security” or “ICES” tools) integrate directly with cloud email platforms like Microsoft 365 or Google Workspace to detect and remediate threats inside users’ mailboxes. These tools continuously monitor email activity using APIs, which allows them to analyze and remove threats post-delivery without rerouting emails. The best modern API-based/ICES tools use machine learning models to analyze email content, metadata, and user behavior to detect sophisticated phishing attacks, BEC (Business Email Compromise), and zero-day threats.
Email Authentication Protocols (SPF, DKIM, DMARC): These protocols prevent email spoofing and phishing by verifying sender identity and email integrity. SPF specifies authorized mail servers, DKIM signs messages with cryptographic signatures, and DMARC enforces policies based on SPF and DKIM results.
Email Data Loss Prevention (DLP): DLP solutions go a step beyond email encryption solutions. They prevent sensitive data from being sent outside an organization by monitoring and controlling email content. They apply predefined policies to scan for keywords, patterns, or attachments that may contain confidential information, blocking or encrypting emails as needed.
Email Archiving And Backup: Archiving solutions securely store emails for compliance, legal, and recovery purposes, ensuring organizations can retrieve old messages when needed. They work by automatically capturing and storing copies of emails in a secure, searchable repository, often with retention policies and audit capabilities.
Email continues to be the top threat vector for cyber criminals looking to access your organization’s data. 81% of organizations around the world have seen an increase in phishing since 2020, and in 2021 almost 40% of data breaches involved a phishing attack.
Originally, spam was the biggest nuisance that companies faced when it came to unwanted content in their users’ inboxes, ranging from the farcical (far-off Royals promising riches) to the malicious (adult and harmful content sent to mailboxes). Spam was a major headache for IT admins in the early days of the internet and continues to be a problem even now, with estimates suggesting that 49% of all emails are spam.
SEGs can deal with spam content very effectively – it’s typically sent using new or low-reputation domains, which can be quickly blocked by the email filter. But modern email threats are much more targeted and advanced. Spear phishing is one of the most common causes of data breaches today. In a spear phishing attack, a threat actor attempts to trick users into clicking harmful web links, making fraudulent payments, or sharing their login credentials. Advanced malware and ransomware are also commonly spread via phishing messages or via compromised email accounts.
Modern email security tools, such as SEGs and ICES solutions, protect against these threats by combining a range of techniques to filter out harmful content, including attachment sandboxing, URL filtering, domain reputation assessment, and machine learning.
Before cloud email hosting, the most common form of email security was the “secure email gateway (SEG)”, a physical appliance that would sit in front of the email network and monitor incoming and outbound email traffic to remove spam and malware. Today, email security services are more commonly cloud-based, with organizations redirecting their mail exchange (MX records) to point their email toward a cloud-based SEG.
Modern SEGs use a mixture of email content scanning, domain reputation, URL scanning, and attachment sandboxing to make a deterministic assessment of an incoming email message. If the message is deemed malicious, it is blocked, quarantined, or deleted; if it is deemed safe, it is delivered.
These tools work using a variety of techniques including greylisting, real-time blacklists (RBL’s), constantly updated spam definitions, pre-defined DLP rules, anti-malware, and sandboxing engines to detect and remediate malicious messages.
Here are the top features you should look for when comparing SEGs:
In the era of cloud-based email platforms, a new category of SaaS email security services has emerged. These services, named “integrated cloud email security” (ICES) solutions by Gartner, address SEG gaps by scanning the inbox environment directly. This means they can remove significant threats directly from users’ inboxes after they’ve been delivered, and they can also ensure your users’ accounts aren’t being used to send malicious or harmful content.
ICES solutions typically use large language models and machine learning to scan internal email conversations and identify sophisticated email threats such as spear-phishing, and indicators that an account has been compromised and is sending out malicious messages. When the ICES tool finds something suspicious, it can automatically remove that content from users’ inboxes, add a warning banner to it, and/or alert your security team to any compromised accounts.
For the most effective, enhanced protection against all types of email threats, we recommend that you implement multi-layered email protection, pairing a gateway with some form of cloud-native, inbox-based solution.
Here are some other guides and shortlists we have put together to help you learn more about email security:
Email security solutions, including Secure Email Gateways (SEGs) and Integrated Cloud Email Security (ICES), provide critical protection against a wide range of cyber threats. They safeguard organizations from phishing, malware, spam, and advanced attacks like Business Email Compromise (BEC) by filtering malicious content in real-time. These tools help prevent data breaches, protecting sensitive information and maintaining customer trust.
Beyond threat prevention, email security solutions ensure compliance with regulations such as GDPR, HIPAA, and CCPA, reducing the risk of costly penalties. They also enhance productivity by minimizing spam and false positives, allowing employees to focus on legitimate communications. With features like AI-driven threat detection and seamless integration with platforms like Microsoft 365, these solutions offer robust, scalable defense tailored to modern business needs.
Many solutions provide detailed analytics and reporting, empowering IT teams to monitor threats and respond proactively. By reducing the likelihood of successful cyberattacks, email security tools save organizations from financial losses and reputational damage, making them essential for secure digital communication in 2026.
Pricing for email security solutions varies based on factors like the number of users, deployment type (cloud or on-premises), and feature set. Most providers offer subscription-based models, typically charged per user per month or annually, with discounts often available for longer commitments. SEGs may involve setup costs, especially for on-premises deployments requiring MX record changes, while ICES solutions, being cloud-native, often have lower initial costs.
Basic plans usually include core features like spam filtering and malware protection, while premium tiers add advanced capabilities such as AI-based threat detection, email encryption, and compliance tools. Some vendors offer tiered pricing, allowing businesses to scale as needed, while others provide custom quotes for enterprises with complex requirements. Free trials or demos are common, enabling organizations to test solutions before committing.
Pricing transparency can differ, with some providers publishing clear rate cards online and others requiring direct inquiries. Businesses should evaluate total costs, including integration and support, to ensure alignment with their budget and security goals for 2026.
Pinpointing the cheapest and most expensive email security solutions depends on specific features and organizational needs, as pricing isn’t always publicly disclosed. Based on market trends for 2026, plans can start as low as $1–$3 per user per month, offering basic spam filtering and phishing protection ideal for small businesses. These tools balance cost and functionality but may lack advanced enterprise-grade features.
On the higher end, enterprise-focused solutions like Proofpoint Email Protection and Mimecast Email Security typically command premium prices, often ranging from $5–$15 per user per month or more, depending on customization. These platforms provide comprehensive features like advanced threat intelligence, extensive archiving, and seamless integration with Microsoft 365, justifying their cost for large organizations with complex security needs.
Pricing can fluctuate based on user count and add-ons, so businesses should request quotes to compare options. Testing via free trials can also clarify which solutions deliver the best value for your specific requirements in 2026.
Free email security tools are limited in 2026, as robust protection often requires paid subscriptions to address sophisticated threats. However, some providers offer free tiers or tools with basic functionality suitable for individuals or very small businesses. For example, Zoho Mail includes a free plan with basic email security features like spam filtering, though it’s capped at a low user limit and lacks advanced threat detection. Similarly, tools like Clean Email provide free privacy monitoring to detect data breaches, but they focus on inbox management rather than comprehensive security.
Open-source options, such as SpamAssassin, offer free spam filtering for tech-savvy users comfortable with manual setup and maintenance. However, these lack the AI-driven capabilities and support of commercial solutions, making them less practical for most organizations. Many paid solutions, like Sophos or Trustifi, offer 30-day free trials, allowing businesses to test full-featured SEGs or ICES platforms without upfront costs.
For robust protection against phishing, malware, and BEC, free tools often fall short, and investing in a paid solution is recommended for reliable security. Always evaluate trial periods to explore premium features before deciding.
Further reading on email security from Expert Insights — buyers' guides, comparison articles, and platform-specific shortlists.
Joel is the Director of Content and a co-founder at Expert Insights; a rapidly growing media company focussed on covering cybersecurity solutions.
He’s an experienced journalist and editor with 8 years’ experience covering the cybersecurity space. He’s reviewed hundreds of cybersecurity solutions, interviewed hundreds of industry experts and produced dozens of industry reports read by thousands of CISOs and security professionals in topics like IAM, MFA, zero trust, email security, DevSecOps and more.
He also hosts the Expert Insights Podcast and co-writes the weekly newsletter, Decrypted. Joel is driven to share his team’s expertise with cybersecurity leaders to help them create more secure business foundations.
Craig MacAlpine is CEO and Founder of Expert Insights. Before founding Expert Insights in August 2018, Craig spent 10 years as CEO of EPA Cloud, an email security provider that rebranded as VIPRE Email Security following its acquisition by Ziff Davis, formerly J2Global (NASDAQ: ZD) in 2013.
Craig is a passionate security innovator with over 20 years of experience helping organizations to stay secure with cutting-edge information security and cybersecurity solutions.
Using his extensive experience in the email security industry, he founded Expert Insights with the singular goal of helping IT professionals and CISOs to cut through the noise and find the right cybersecurity solutions they need to protect their organizations.