Sublime has launched open email security platform and raised $9.8 million in funding. The platform has been in private beta testing for more than a year and is already in use at dozens of organizations, including Fortune 500s, Global 2000s, and FTSE 250s, with a 2,500-organization waitlist.
The company was created by former Department of Defense offensive security professional Joshua Kamdjou with co-founder and former Optimizely and Alto growth head Ian Thiel.
Kamdjou started at the DoD while in high school, and worked on and led numerous offensive security efforts for over eight years. While also working as a red teamer in the private sector breaking into Fortune 500 companies, Kamdjou found that phishing was always his easiest entry point.
According to the FBI, phishing emails are the most popular attack method for cybercrimes, with the financial fallout increasing significantly from $1.8 billion in 2020 to $2.4 billion in 2021.
Verizon’s 2022 Data Breach Investigations Report found that email continues to be the number one delivery method for malicious payloads, including ransomware.
Kamdjou wanted to build a product that could stop someone like him, and realized the key was empowering email security professionals everywhere to collaborate and have more control, from large security teams at well-resourced enterprises to independent researchers and solo defenders.
“Security professionals are used to having control and being able to collaborate in every area of security BUT email: YARA for binaries, Sigma/EQL for logs, Snort/Suricata for networks, osquery/EDR for endpoint, Semgrep for static analysis,” said Sublime’s CEO Joshua Kamdjou.
“It’s time for that to change. We want to make it easy for anyone to secure their organization from email-based threats, whether you’re a large enterprise, nonprofit, or small business. There are so many more bad actors than good guys trying to keep people safe. If we open it up and let everyone contribute we actually stand a fighting chance,” Kamdjou added.
Sublime is changing the way the security community approaches email defense with:
- The open, free, and self-hostable email security platform. With one line of code and a Docker instance, anyone can immediately set up Sublime for free in their own environments and start running behavioral rules to block phishing attacks and other email-borne threats. Unlike other email security products which are controlled by the vendor as a black box, Sublime is fully configurable and transparent, with no vendor detection bottleneck.
- The domain-specific language (DSL) purpose-built for email. Sublime’s Message Query Language (MQL) works across Microsoft 365 and Google Workspace, allowing cross-platform collaboration using detection-as-code for detection engineering, threat hunting, and triage. Think Snort signatures/YARA/Sigma rules for email security.
- The community-powered email security platform. One third of the detection rules in the open source Sublime Core Feed are community-contributed and have already been used to block tens of thousands of phishing attacks across the community. Sharing is peer-to-peer via Git.
- The platform to integrate Machine Learning with customizable Rules in email. Anyone can combine their local domain knowledge with Sublime’s Machine Learning models including Natural Language Understanding (NLU), Computer Vision (CV), and more.
- The free, public, no-auth tool for phishing investigation: EML Analyzer.
Decibel led Sublime’s funding round, with participation from Slow Ventures and others. Many notable cybersecurity professionals and founders invested as angels, including the creator of the Cyber Defense Matrix and DIE Triad Sounil Yu, creator of Snort and Sourcefire founder Martin Roesch, former New York Stock Exchange CISO Jerry Perullo, Lookout founder Kevin Patrick Mahaffey, former Zscaler CISO Michael Sutton, Demisto founders Rishi Bhargava and Slavik Markovich, and Phantom Cyber and Pangea founder Oliver Friedrichs.
“Email security has always been a passive wait, see, and catch game with black box software you have no control over. Even if your own security team finds a phishing attack, you’re typically at the mercy of your vendor acting on it,” said Dan Nguyen-Huu, a partner at Decibel.
“Josh and Ian are turning this paradigm on its head with a fully transparent, self-serve platform that enlists the wisdom of the entire community to tackle email threats proactively. Sublime lets security leads across organizations collaborate for mutual defense,” Nguyen-Huu concluded.