Sublime Security – The EDR of Email We Needed!

You know there are certain tools you just can’t ignore anymore — not because of hype, but because they actually deliver. One of those tools, for me, is Sublime Security.

Now let me be real with you — I was never super excited about email security tools. Yeah, we’ve got the old-school secure email gateways (SEGs), filters, allowlists, blocklists, SPF/DKIM/DMARC setups... we’ve all been there. But when I came across Sublime, something clicked.

Because trust me, this tool? It’s a game-changer — especially when we’re talking about Business Email Compromise (BEC), phishing, QR code scams, and all the sneaky stuff attackers use to target our inboxes.

🛡️ Why I Call Sublime Security the “EDR for Email”

Okay so hear me out — even Sublime itself calls it that. And honestly, they’re not wrong.

You get:

• Full visibility into behavior

• Custom detection logic

• Historical hunting

• Rapid response and remediation

• Transparency, not just a black box

Now imagine if you could do that, but for email. Not just after something gets delivered. But even after it was missed by your secure gateway or native Microsoft/Google controls. That’s what Sublime does.

🤖 What Exactly Is Sublime Security?

At its core, Sublime Security is an open, programmable email security platform designed to run detection logic and visibility across your cloud inboxes (M365 and Google Workspace). It combines:

✅ AI-powered detection

✅ Behavioral analysis

✅ Open detection rules written in MQL (more on that in a sec)

✅ Community-driven content

✅ Retro hunting — you can go back and look for past threats

✅ Self-hosted or SaaS options — and yes, the first 100 inboxes are FREE!

🧠 What’s MQL? And Why Should You Care?

Message Query Language (MQL) is one of the coolest parts of Sublime.

• Find if an email has a suspicious HTML attachment

• Flag any sender impersonating your CEO

• Catch QR code phishing attempts (you'd be surprised how common these are now!)

• Detect reply chain hijacking

The community contributes hundreds of rules — and they’re available on GitHub. So it’s not just Sublime doing the work; we’re all doing it together.

🌐 The Main Components of Sublime

Here’s what makes this platform tick:

🔍 Sublime Defend

Their detection engine — runs all those AI + custom rules to flag suspicious emails.

📥 Sublime Triage

Automates analysis of user-reported emails. It basically reduces the noise and helps you focus on real threats.

🕵️ Sublime Hunt

Now this is 🔥 — retroactively hunt down threats that slipped past your defenses. Like going back in time to catch that attacker before they cause real damage.

🎯 Why This Matters — Especially for BEC

In my career investigating incidents, I can confidently say: 50–60% of compromises start with email.

They’re sneaky. Sometimes it’s a fake invoice, a reply-chain hijack, or someone pretending to be your vendor.

Traditional tools miss these. Because they’re not weird enough to trigger AV. They don’t have links. They just look real.

That’s where Sublime shines. It understands email context. It lets you build rules based on behaviors, headers, timing, content patterns — real security logic, not just signatures.

🚀 Why I’m Hyped About Sublime

I’m just honestly excited to finally have a tool that treats email security the way we treat endpoint security — seriously.

-------------------------------------------------------------------------------------------------------

🔜 What’s Next?

In this series, I’ll walk you through Sublime Security.

If you’re tired of black-box tools and want full control over email security — this might just be your new favorite toy.

-------------------------------------------------Dean-----------------------------------------------

https://www.cyberengage.org/post/sublime-security-dashboard-walkthrough-overview-user-reports

--------------------------------------------------------------------------------------------------