Sublime Security secures $20 million to strengthen cloud email security and visibility
Sublime Security has raised $20 million in Series A funding, led by Index Ventures with participation from previous investors Decibel Partners and Slow Ventures. Cybersecurity visionary and Crowdstrike Co-founder & former CTO Dmitri Alperovitch is also joining the investment round and Board of Directors.
The added funding will be used to further invest in the platform and improve the customer experience. In a rapidly evolving threat landscape, email remains a top security concern for businesses. Sublime gives security teams the ability to detect and prevent these attacks with out-of-the-box protection and unprecedented visibility into their cloud email environments, with additional controls for customized detections, attack surface reduction, threat hunting, and more.
According to the most recent 2023 FBI Internet Crime Report, Business Email Compromise (BEC) accounted for over $2.9 billion in losses, although the actual number is likely much higher due to underreporting. The volume and scope of attacks are escalating as bad actors deploy large language models (LLMs) to wage advanced and varied malicious attacks that include BEC, QR code phishing, extortion, malware/ransomware, fraud, spam, and more.
Email security has traditionally been driven by vendors that offer black box, one-size-fits-all solutions. However, security teams can no longer afford to wait weeks or months for vendors to address false positives or missed attacks, during which time legitimate emails continue to get blocked and the same attack campaigns continue to land successfully.
As the email threat landscape continues to evolve rapidly, defensive tools must be equally adaptable. Sublime’s AI-powered detection engine gives teams visibility, transparency, and ultimately control to protect their organizations against complex email-borne attacks, unlike the traditional black box approach.
“On the offense, Generative AI enables attackers to rapidly create diverse, sophisticated campaigns at scale, but on the defense, it’s a powerful tool for automated detection, triage, and explainability,” said Josh Kamdjou, CEO of Sublime Security. “The Sublime Platform is a modern take on email security that delivers immediate out-of-the-box protection, with the added ability for teams to tailor email security controls to fit organizational needs and benefit from community-driven protections as the threat landscape evolves.”
Historically, defenders have had difficulty exercising meaningful control or collaborating within the email domain due to a lack of tooling and common language for expressing complex attacker behavior. Sublime’s Core Detections are open source on GitHub where anyone can contribute to and benefit from new protections against the latest threats. Advanced teams that want granular control to tailor detections, create exclusions, or mitigate false positives for their organization also have access to Sublime’s detection engine with a purpose-built domain-specific language (DSL), Message Query Language (MQL), which works universally across Microsoft 365 and Google Workspace via API integrations.
Kamdjou spent 10 years at the Department of Defense engaged in various offensive cyber initiatives and also worked in the private sector as a red teamer. Email phishing was always the easiest way for him to gain initial access to a system, and he set out to build a product capable of stopping him.
COO Ian Thiel was an early team member at Optimizely and most recently led growth at Alto. The team publicly launched Sublime in February 2023 and the platform is already experiencing significant demand and impressive traction, with customers including some of the world’s top security teams at Spotify, Ramp, Vanta, Brex, Centrica, and others.
“Email security has become a high priority for businesses as they face GenAI-powered attacks, and we believe that Sublime’s impressive technology, the founders’ backgrounds, and their unique go-to-market strategy put them in a strong position to tackle this problem,” said Jahanvi Sardana, Partner at Index Ventures. “Sublime is pioneering a bottoms-up, security practitioner-led approach that promotes community-driven collaboration, and given the massive market opportunity for email security, we are excited to see Sublime continue its trajectory of hyper-growth.”
In addition to the funding, Sublime is also announcing the launch of Attack Score, its latest feature that uses transparent, explainable machine learning to prioritize email threats. Attack Score aids security analysts in quickly understanding and prioritizing detected threats based on the detailed context of observed attack indicators. Security teams have full control over Sublime’s Attack Score output, enabling them to combine it with other logic using detection-as-code.