Advanced phishing defense has reduced payment fraud risk and improves analyst investigations
What is our primary use case?
My main use case for Sublime Security is for one of our ONGC clients, where I use it for detecting advanced phishing emails, business email compromise attempts, and suspicious inbound mail activity. Because the ONGC client has most end users with sensitive data over emails, my primary use case is email security beyond the traditional secure email gateway, especially for modern phishing campaigns that bypass signature-based detections.
I primarily use it for advanced phishing detection, business email compromise detection, suspicious attachment and URL analysis, VIP user email monitoring, threat hunting across the mailboxes, analyst investigation and tuning, and improving the email detection coverage.
A specific example of how Sublime Security helped me with one of these use cases is when a vendor payment came from a look-alike domain, which appeared conversational, but traditional checks did not flag it immediately because there was no malware attachment.
Using Sublime Security detection and header analysis, I identified domain impersonation indicators and suspicious sender behavior quickly. The email was removed before any finance action was taken, demonstrating the value of behavior content-focused detection instead of only malware scanning.
How has it helped my organization?
Sublime Security has positively impacted my organization in many ways. First, it has improved our phishing catch rates, and the faster trials of suspicious emails reduce the risk of payment fraud attempts, which enhances confidence for finance and executives and lowers manual investigation efforts.
The faster identification of targeted campaigns is one of the best outcomes for my current organization, with email triage time reduced by around 25 to 35 percent, and phishing detection coverage has improved noticeably. These are the realistic outcomes based on my experience with my current client.
What is most valuable?
The best features that Sublime Security offers include strong phishing detection and business email compromise detection. It is useful for threats that do not have any malware attachments, which is one of its best features, along with analyst-friendly visibility and flexible detection logic.
It quickly adapts to changing phishing techniques, allows for fast search and hunting, and complements existing email security. My most valuable feature is the ability to detect sophisticated phishing that appears legitimate because many damaging email attacks today rely on social engineering.
The flexible detection logic in Sublime Security is one of its most significant strengths because phishing techniques change consistently, and attackers do not use the same templates or techniques forever.
Static signature-based tools often miss newer campaigns. In a real example, I received a fake invoice email where the subject was something to the effect of 'please process the attached urgent invoice.' The attachment appeared clean initially, but the flexible detection quickly checked the sender domain, similarity to vendor standards, the urgent payment language, and the fact that it was a new sender communicating for the first time. It also assessed attachment behavior indicators and reply-to address mismatches, which showcases how it helped in this situation.
What needs improvement?
Improvements needed for Sublime Security include the requirement for tuning to involve a mature team, as its best value comes with active analyst analysis. Additionally, reporting for executives could be enhanced with higher-level dashboards. The pricing could potentially be more attractive for mid-sized or enterprise teams.
Providing more documentation would be beneficial for newcomers to study and utilize the product effectively.
For how long have I used the solution?
I have more than three years of experience working in my current field.
How are customer service and support?
Customer support is very good; they are accessible and helpful.
Which solution did I use previously and why did I switch?
Previously, in other security environments, I mainly relied on traditional email gateways or manual phishing reviews.
What was our ROI?
I have indeed seen a return on investment, as it has prevented fraud incidents, significantly reduced analyst effort, sped up email investigations, and improved user trust in security responses.
Which other solutions did I evaluate?
Before choosing Sublime Security, I evaluated other options including Mimecast, Cofense, Microsoft Defender for Office 365, and Proofpoint for other clients.
What other advice do I have?
My advice for others looking to use Sublime Security is that if phishing emails are still reaching end users despite having a gateway, they should consider a layered email detection solution that focuses on business email compromise and impersonation; using Sublime Security is a very good choice. I would rate this product an eight out of ten.
Advanced email protection has enabled us to safeguard partners and reduce costly phishing risks
What is our primary use case?
Our main use case is two-fold. Primarily, as a channel partner, our core focus is channel enablement. We actively pitch, demonstrate, and distribute Sublime Security to our partner network, who then deploy it for end-user organizations. Secondarily, we 'drink our own champagne' by running it internally to protect our own business communications.
When we position it to our partners, we frame it as an advanced email security platform. It goes far beyond traditional junk filtering by actively hunting the sophisticated threats that bypass native defenses—specifically Business Email Compromise (BEC), CEO fraud, invoice scams, fake login pages, and malware attachments.
How has it helped my organization?
As a distributor, the positive impact for us is measured by how well the product performs for our partners and their end-users. Sublime Security has been a major positive because it perfectly fits our criteria for 'best-in-breed' solutions. Specifically, it delivers strong ROI, saves employee time, and significantly reduces risk exposure by preventing expensive breaches. Because it checks all these boxes, we've been able to successfully enable our partners across all our regions to confidently take it to market.
Another major positive is its deployment model. In today's cybersecurity landscape, 'rip-and-replace' is a massive hurdle for buyers. Sublime works flawlessly with existing tools, enhancing a customer's current stack rather than forcing them to rebuild it.
What is most valuable?
The standout features of Sublime Security revolve around its ability to catch advanced threats that bypass native defenses. Specifically, it excels at blocking malware attachments and stopping Business Email Compromise (BEC), such as CEO fraud and invoice scams.
A major advantage is its fast time-to-value because it isn't a rip-and-replace solution. Instead, it acts as a 'smarter layer' that enhances existing protections like Microsoft 365 or Google Workspace. While native security catches the obvious junk, Sublime uses flexible, customizable detection logic to catch the highly sophisticated attacks that easily slip through standard filters.
Finally, the platform gives you deep visibility and fast search capabilities across all email activity. Without a tool like this, investigations take far too long, and teams lack visibility into what actually breached the inbox. Sublime solves this by offering rapid detection, automated response actions, and the ability to quickly remove malicious emails in bulk.
What needs improvement?
Based on the feedback we receive from our partners and their end-users, there are two main areas for improvement: the learning curve and pricing for smaller organizations. First, while the platform is incredibly powerful, it isn't simply 'plug-and-play.' Security teams need to invest time into learning the product to extract its full value.
Second, the cost can feel a bit steep for small-to-medium-sized businesses (SMBs). However, we always caveat this by looking at the ROI: a single breach could put a small company completely out of business. While the upfront cost might seem high to them, preventing just one catastrophic breach means the tool instantly pays for itself.
For how long have I used the solution?
I have been using the solution for eighteen months.
What other advice do I have?
On a scale of one to ten, I rate Sublime Security a nine out of ten because I believe there are a couple of negatives regarding scalability for catering to enterprise and small to medium enterprises. Additionally, the product requires a learning phase, and it is not readily usable right away.
Sublime Security merits this rating because of a couple of changes that need to be addressed. If it catered to both small and enterprise businesses on a pricing scale, it would receive a ten, but it is not far away.
Effortlessly Blocks Malicious Emails, Saves Time
What do you like best about the product?
I like that the Sublime Email Security Platform is highly automated, which saves us time. We've significantly cut down the hours we used to spend reviewing emails and reported emails, reducing our annual effort by 400 hours. The initial setup was extremely easy.
What do you dislike about the product?
I have no complaints at this time.
What problems is the product solving and how is that benefiting you?
I use Sublime Email Security Platform to prevent malicious emails, solving the problem of phishing emails reaching users. It's highly automated, saving us time and reducing our email review effort by 400 hours annually.
Robust Malware Protection with Seamless Setup
What do you like best about the product?
I appreciate the Sublime Email Security Platform for its detection and automation features, especially behavior and content-based detection. The initial setup was great and seamless, making the transition from Minecast very smooth.
What do you dislike about the product?
Na
What problems is the product solving and how is that benefiting you?
I use Sublime Email Security Platform for malware protection, benefiting from its detection and automation features like behavior and content-based detection.
Flexible Detection Rules with Sublime Email Security
What do you like best about the product?
I appreciate how user-friendly both the UI and API of the Sublime Email Security Platform are, which allows me to create in-depth detections and automations easily. I like that Sublime MQL facilitates deep customization when creating detection rules, capturing specific scenarios with various email attributes. The platform provides complex detection rule creation that would be challenging with other solutions, and it's impressive how the functions in MQL allow for intricate rule construction, down to prevalence within the configured tenant. The powerful language of Sublime provides extensive coverage with its rules, which is another aspect I find valuable.
What do you dislike about the product?
Availability of ASA via the Sentinel integration? Allowing the summary to be forwarded to Sentinel.
What problems is the product solving and how is that benefiting you?
I use Sublime Email Security Platform for creating complex detection rules efficiently with MQL. The user-friendly UI and API enable seamless detection and automation, and the platform's powerful customization allows specific email scenarios to be captured.
Powerful and Intuitive Email Security Solution
What do you like best about the product?
I like how the Sublime Email Security Platform is really intuitive and offers a lot of functionality. The API backend is robust, letting us expand capabilities and add automation. The reporting, hunting, and rule creation journey are great. I also appreciate that the initial setup is really easy.
What do you dislike about the product?
Nothing.
What problems is the product solving and how is that benefiting you?
I use Sublime Email Security Platform to handle detections and manage coverage effectively. It fills gaps where other tools can't, with powerful MQL for custom rules tailored to our needs.
Accurate Out of the Box, Transparent Detections, and Powerful Automations
What do you like best about the product?
I like that Sublime has a high degree of accuracy out of the box negating a long tuning process. The regular updates to existing and creation of new core detections keeps us well protected. The ability to create custom detection, create bespoke automations is a massive plus point. I like that the detection logic is transparent, so you always know why something was flagged. The API features also make it simple to integrate into existing workflows and remove repetitive manual tasks.
What do you dislike about the product?
Sublime develops and releases new valuable features regularly that we would love to use. Unfortunately, inconsistencies in regional hosting outside of the direct control of Sublime can mean that sometimes these valuable new features don’t appear in our region right away.
What problems is the product solving and how is that benefiting you?
Sublime greatly strengthens our overall detection stack by adding defence in depth, its automated remediation of threats and it's automated analysis and remediation of user‑reported phishing significantly reduces manual investigation time whilst maintaining or improving response quality.
AI-Powered Email Security with Deep Detection Insights and Granular Control
What do you like best about the product?
AI powered email security with deep insight into detection logic and ability to get extremely granular with controls.
What do you dislike about the product?
Learning curve on rule language is steep and it takes some time to refine initial detection logic, get it tuned for your environment.
What problems is the product solving and how is that benefiting you?
Allows for hands-off handling of email security with high confidence. Great integrations with newer-gen security awareness training products, and great integration with Microsoft and Google built-in reporting tools
Advanced Threat Protection with Stellar Support
What do you like best about the product?
I really like that the Sublime Email Security Platform is simple to use and very customizable, which is important for our large and sometimes complex organization. We love that the engineers are also the support team and are always happy to help, whether by jumping on a call or messaging in Teams. It's easy and straightforward to manage, thanks to this hands-off approach where it basically does everything itself.
What do you dislike about the product?
The only thing I can think of is there's a feature that only processes data in the US (ADE and the ability to automatically share emails with Sublime), whereas we need everything to be processed in the UK. It's just very key for us that everything's in the UK.
What problems is the product solving and how is that benefiting you?
I use Sublime Email Security Platform as a post email proxy against advanced phishing threats. It's able to identify AI-generated threats that traditional gateways and detection services can't detect.
Easy Setup and Flexible Customisation, Though a Few Rough Edges
What do you like best about the product?
- Easy setup
- Helpful customer success & customer support team
- Good amount of flexibility and customisation options due to the inherent transparency of the platform
What do you dislike about the product?
- Some rough edges (e.g. audit logs are not quite there yet ; sometimes the UI doesn't link to the appropriate place ; encoding issues ; replies to user reports)
- Slightly more false positive than competitors
- Delay on planned features
What problems is the product solving and how is that benefiting you?
Reducing the amount of phishing email that we receive as an organization to decrease the risk of a successful phishing attempt.
