Overview
Sublime's agentic platform stops more email attacks with less work. It's team of AI agents work like a digital SOC team in your environment, triaging and blocking advanced threats while adapting protections at adversary speed. It provides full transparency and automation by default, with control on demand for advanced teams, eliminating vendor bottlenecks or one-size-fits-all limits.
Get an AWS Private Offer and speak with the team at sales@sublimesecurity.com
Highlights
- By stopping more attacks and reducing false positives, Sublime delivers a superior autonomous AI experience that requires less work. For advanced teams, the platform is fully extensible, allowing you to author your own detections and hunt for threats with a level of precision that one-size-fits-all solutions can't.
- Block sophisticated threats (BEC, novel phishing, QR-based phishing) and reduce the false positives that waste time and disrupt workflows. Sublime's tailored protections deliver a demonstrably higher catch rate, validated by the world's most demanding security teams.
- Protect Microsoft 365 and Google Workspace accounts with no MX changes. Deploy in Sublime Cloud or self-host on AWS.
Details
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Trust Center
Buyer guide

Financing for AWS Marketplace purchases
Pricing
Dimension | Description | Cost/12 months |
|---|---|---|
Price per Mailbox | Annual price per mailbox starting at | $76.20 |
Vendor refund policy
We do not currently support refunds.
How can we make this page better?
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Sublime Security Support Policy can be found at
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Customer reviews
Advanced email defenses have reduced phishing false positives and improved SOC investigations
What is our primary use case?
My main use case for Sublime Security is email security, as it provides an AI-powered email security platform designed to manage all the emails coming to the organization, which is comparable to other email security tools available, allowing us to detect phishing attacks using different rules.
Regarding my main use case for Sublime Security , we mainly use it as an email security tool, which is customizable with detection logics and automation capabilities that help us understand why emails are flagged, enabling organization-specific detections.
What is most valuable?
The best features of Sublime Security include its seamless integration with Microsoft 365, which can be set up easily within three to four hours, the built-in detection rules that are effective against phishing, and its ability to reduce false positives compared to Microsoft Defender.
The customization and threat hunting features of Sublime Security have helped my team by allowing us to create specific detection rules for quarantined emails and alerting SOC analysts automatically, and one notable instance involved identifying a compromised user through flagged suspicious alerts.
Sublime Security positively impacts my organization with AI-driven detection that reduces false positives and improves alert severity, providing timely notifications to the SOC analyst if any interaction occurs after clicking a potentially malicious link.
What needs improvement?
To improve Sublime Security, I would appreciate better reporting capabilities, as the current reports are too high-level for regular SOC operations.
Apart from reporting, everything else about Sublime Security is impressive.
For how long have I used the solution?
I have been using Sublime Security for more than around 1.5 years.
What do I think about the stability of the solution?
Sublime Security is stable, with minimal maintenance times and high reliability, experiencing very few downtimes.
What do I think about the scalability of the solution?
Sublime Security's scalability is impressive, accommodating organizations of various sizes and capable of handling growth effortlessly.
How are customer service and support?
I raised multiple support cases regarding report availability, and they have been very responsive, showing a commitment to resolving issues.
I would rate the customer support a 9.5.
Which solution did I use previously and why did I switch?
I have exclusively used Sublime Security for this customer, but I have used Avanan and Microsoft Defender for others, and I find Sublime Security to be one of the best tools for email security.
How was the initial setup?
The best features of Sublime Security include its seamless integration with Microsoft 365, which can be set up easily within three to four hours.
What about the implementation team?
We are customers of Sublime Security, without any other business relationship.
What was our ROI?
While quantifying return on investment is challenging, Sublime Security has helped my team by avoiding multiple false positives and facilitating better investigations.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing is limited, but I noticed that Sublime Security was slightly more expensive than Avanan or Defender, as Defender comes included with other Microsoft products, but I believe Sublime Security is value for money.
Which other solutions did I evaluate?
Before choosing Sublime Security, we evaluated Avanan and Defender 365, but clients opted for Sublime Security due to its superior detection rules and customer support.
What other advice do I have?
If pricing is not an issue, I advise others to go for Sublime Security.
Reduced vendor dependency in deploying new protections with Sublime Security matters to us as it enhances email classification and security alerts, aiding in the detection of subtle threats.
The impact of Autonomous Detection Engineer (ADA) on our detection coverage has been significant, blocking over 1,500 to 1,800 emails classified mostly as spear-phishing targeting VIP users.
As for the AI agents, we have not fully utilized their capabilities yet, relying more on improving detection rules and email classification.
I rate this product a 9 overall.
Advanced email rules have improved spam detection and made daily reviews more efficient
What is our primary use case?
My main use case for Sublime Security is to test how this product works, so I am using this for that purpose.
For a quick specific example of what I tested with Sublime Security, it detects the emails of the person on this side to check that feature, and there is a feature in Sublime Security that is detection as code, which is an excellent feature that I have noticed in this product. I am talking about eleven hundred, and that detection feature is something where I can explicitly customize mentions of power spam or non-structured email. With our custom permissions, we have it, and getting that notice by word blocking is something very important. It is a great feature that I have been using.
Regarding my main use case for testing Sublime Security, it is very good, and I fully specify that detection; it is something very extensive with maximum features.
What is most valuable?
The best features Sublime Security offers include detection as code, which gives a very powerful feature for users to write rules, custom objects, and the language provides some syntax that is definitely a good feature. The second one is why it detects spam emails or justifies why this is considered spam, which is the second most valuable feature.
I use the detection as code feature in my day-to-day life, which usually identifies junk emails and spam emails by default with the conditions and the vast dataset it has. Even if some emails may not get into that machine learning dataset, I can describe if it is from an external source and has rewards; I can remove it since it is considered spam. This feature changes the usual segregation and categorization, helping users not fall for known types of emails that the system may not detect. The explanation of justification, instead of just flagging something as spam, gives the user understanding such as, this is not a Google email; we really cannot click on it. It enhances user security, and even if another user sees this type of content based on gesture events for another email, they think not to use the image correctly.
Sublime Security has positively impacted my organization.
What needs improvement?
I would say there are very minimal changes needed regarding Sublime Security; for first-time users, it can be difficult knowing how to write the tool. Having some templates available would improve the experience.
My advice for others looking into using Sublime Security is that each edition would be helpful for initial users, and users should set templates in, which can be added; right now, I am not trying anything new, as this is cool.
For how long have I used the solution?
I have been using Sublime Security for three months.
What do I think about the stability of the solution?
Sublime Security is stable; I confirm this.
Which solution did I use previously and why did I switch?
I did switch to Sublime Security; it is part of my style of working.
Which other solutions did I evaluate?
Before choosing Sublime Security, I evaluated alternatives such as MyCast and Proofpoint, which I refused before finalizing on Sublime Security.
What other advice do I have?
Phishing versus phishing detection is also something I find good, and I have mentioned these things already.
Since I have been using Sublime Security personally, I have noticed specific improvements like fewer spam emails and improved detection, which saves me time. It helps me segregate emails instead of reviewing all things manually, as it detects spam emails. I do not have to go through every email, which makes me very efficient for other tasks. It also shows if some emails are current, and if I am about to register or receive registration links, it tells me why those emails are separated. I understand better instead of reading all the emails, and it summarizes the words or thumbnails of the emails. If an email is considered good, I continue, making my time more efficient.
Regarding the AI capabilities of Sublime Security, I think for detection, using ML to analyze content is already a feature present in Sublime Security, which also identifies phishing attempts.
I think Sublime Security shows false positives. I give this review a rating of nine.
Advanced email defenses have reduced phishing incidents and improve response to targeted attacks
What is our primary use case?
Sublime Security serves as our primary solution for advanced mail threat detection and response. We use it to identify phishing attempts, business email compromise, malicious attachments, credential harvesting campaigns, and other email-based threats before they reach our end users.
One recent example involved a phishing campaign targeting our finance team members with fake invoices. Using Sublime Security , we detected suspicious indicators such as domain impersonations, link behavior, and email content patterns, which flagged and isolated the messages before users interacted with them, preventing a potential credential compromise.
We use Sublime Security daily for monitoring inbound email threats and also for investigating suspicious emails, tuning detection rules, and improving our overall email security posture.
What is most valuable?
Sublime Security's best features include advanced phishing detection, custom detection rules, real-time threat analysis, and email behavior analysis.
The detection engine has made the biggest difference because it catches sophisticated phishing attempts that traditional email security sometimes misses.
In terms of Sublime Security's impact, it has strengthened our email security posture, reduced the phishing risk, improved response time, and increased confidence in our security controls. It has reduced phishing-related incidents by approximately 60% and makes the investigation and response process faster by around 30 to 40%.
The Autonomous Detection Engineer has made a noticeable difference because it works far better than normal detection rules, thanks to its AI capabilities and the context it has regarding email threats.
I find the controllable and transparent AI in Sublime Security regarding its decision-making process and auditability to be excellent, allowing us to control all the security workflows effectively.
What needs improvement?
Sublime Security is a great tool, but improvements are needed in areas such as better executive-level summaries, a more advanced reporting dashboard, and more automated remediation workflows. Additionally, integration with security platforms could be more useful.
The product is already strong from a detection perspective, and most improvements should focus on reporting, automation, and broader integration.
For how long have I used the solution?
I have been using Sublime Security for about 11 months.
What do I think about the stability of the solution?
Sublime Security has proven to be stable and dependable in our daily operations.
What do I think about the scalability of the solution?
Sublime Security's scalability is very good, and it scales well with growing email volume and evolving threat patterns.
How are customer service and support?
Our customer support has been responsive and technically knowledgeable, leading to a great experience with their team.
Which solution did I use previously and why did I switch?
We previously relied on default email security controls and a combination of security monitoring tools because we needed stronger protection against increasingly sophisticated phishing attacks and better visibility into email threats.
How was the initial setup?
The setup is relatively straightforward, and the pricing feels reasonable considering the value it provides in preventing phishing and email-based threats.
What about the implementation team?
We directly purchased Sublime Security from the vendors.
What was our ROI?
The ROI comes from reduced phishing risk, faster incident response, and lower operational overhead, making it a very good investment.
What's my experience with pricing, setup cost, and licensing?
On average, Sublime Security has prevented about 200 to 300 malicious emails daily for all users, which equals around 6,000 to 7,000 per month, totaling approximately 60 to 70,000 over the 10 to 11 months we have used it.
Which other solutions did I evaluate?
We evaluated Abnormal Security and Microsoft Defender before choosing Sublime Security.
What other advice do I have?
Sublime Security is performing well with its SaaS platform, but for enterprise levels, they might need to consider adjustments such as license pricing and setup for on-premises clients.
My advice to others looking into using Sublime Security is to integrate it fully with your email environment and security workflows and to spend time tuning detection policies early to maximize value and reduce noise, as it is a great tool that provides enterprise-level security.
I find that the threat detection is accurate and very reliable, with strong detection performance and relatively low false positives, which is vital for operational efficiency.
I would rate this review a 9 out of 10.
Which deployment model are you using for this solution?
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Advanced email protection has enabled us to safeguard partners and reduce costly phishing risks
What is our primary use case?
Our main use case is two-fold. Primarily, as a channel partner, our core focus is channel enablement. We actively pitch, demonstrate, and distribute Sublime Security to our partner network, who then deploy it for end-user organizations. Secondarily, we 'drink our own champagne' by running it internally to protect our own business communications.
When we position it to our partners, we frame it as an advanced email security platform. It goes far beyond traditional junk filtering by actively hunting the sophisticated threats that bypass native defenses—specifically Business Email Compromise (BEC), CEO fraud, invoice scams, fake login pages, and malware attachments.
How has it helped my organization?
As a distributor, the positive impact for us is measured by how well the product performs for our partners and their end-users. Sublime Security has been a major positive because it perfectly fits our criteria for 'best-in-breed' solutions. Specifically, it delivers strong ROI, saves employee time, and significantly reduces risk exposure by preventing expensive breaches. Because it checks all these boxes, we've been able to successfully enable our partners across all our regions to confidently take it to market.
Another major positive is its deployment model. In today's cybersecurity landscape, 'rip-and-replace' is a massive hurdle for buyers. Sublime works flawlessly with existing tools, enhancing a customer's current stack rather than forcing them to rebuild it.
What is most valuable?
The standout features of Sublime Security revolve around its ability to catch advanced threats that bypass native defenses. Specifically, it excels at blocking malware attachments and stopping Business Email Compromise (BEC), such as CEO fraud and invoice scams.
A major advantage is its fast time-to-value because it isn't a rip-and-replace solution. Instead, it acts as a 'smarter layer' that enhances existing protections like Microsoft 365 or Google Workspace. While native security catches the obvious junk, Sublime uses flexible, customizable detection logic to catch the highly sophisticated attacks that easily slip through standard filters.
Finally, the platform gives you deep visibility and fast search capabilities across all email activity. Without a tool like this, investigations take far too long, and teams lack visibility into what actually breached the inbox. Sublime solves this by offering rapid detection, automated response actions, and the ability to quickly remove malicious emails in bulk.
What needs improvement?
Based on the feedback we receive from our partners and their end-users, there are two main areas for improvement: the learning curve and pricing for smaller organizations. First, while the platform is incredibly powerful, it isn't simply 'plug-and-play.' Security teams need to invest time into learning the product to extract its full value.
Second, the cost can feel a bit steep for small-to-medium-sized businesses (SMBs). However, we always caveat this by looking at the ROI: a single breach could put a small company completely out of business. While the upfront cost might seem high to them, preventing just one catastrophic breach means the tool instantly pays for itself.
For how long have I used the solution?
I have been using the solution for eighteen months.
What other advice do I have?
On a scale of one to ten, I rate Sublime Security a nine out of ten because I believe there are a couple of negatives regarding scalability for catering to enterprise and small to medium enterprises. Additionally, the product requires a learning phase, and it is not readily usable right away.
Sublime Security merits this rating because of a couple of changes that need to be addressed. If it catered to both small and enterprise businesses on a pricing scale, it would receive a ten, but it is not far away.