Cloud Email Security (Area 1)
What is it?
Cloudflare's Cloud Email Security (acquired as Area 1 Security in 2022) stops phishing and business email compromise (BEC) attacks before they reach employee inboxes. Unlike traditional email security that relies on signature-based detection (matching known bad emails), Area 1 uses preemptive crawling — it actively discovers and identifies phishing infrastructure before attacks are launched.
What problem does it solve?
Email is the #1 attack vector for organizations. Over 90% of successful cyberattacks start with a phishing email.
- Phishing: Emails that trick users into clicking malicious links or entering credentials on fake sites.
- Business Email Compromise (BEC): Attackers impersonate executives or vendors to trick employees into transferring money or sharing sensitive data. BEC attacks caused over $2.7 billion in losses in recent years.
- Malware delivery: Emails with malicious attachments that install ransomware, keyloggers, or other malware.
- Traditional gateways miss too much: Legacy Secure Email Gateways (SEGs like Proofpoint, Mimecast) rely heavily on known threat signatures, which means they miss new and sophisticated attacks.
How does it work?
Area 1's approach is fundamentally different from traditional email security:
Preemptive Crawling: Cloudflare continuously scans the internet, proactively discovering phishing sites, domains, and infrastructure days or weeks before they're used in attacks. When an email arrives containing a link to one of these pre-identified threats, it's blocked immediately.
AI/ML Analysis: Analyzes email content, headers, sender reputation, link behavior, and attachment characteristics to detect sophisticated phishing and BEC attempts that signature-based systems miss.
Inline Deployment: Sits in front of (or alongside) existing email infrastructure (Microsoft 365, Google Workspace) as an additional security layer. It doesn't replace the existing email system — it augments it.
Link Isolation: Suspicious links in emails can be rewritten to open in Cloudflare's Remote Browser Isolation, so even if a user clicks a risky link, the threat is contained.
Post-delivery protection: Can retract emails that are later identified as malicious, even after delivery.
Why it matters strategically
Email security fills a critical gap in Cloudflare's SASE story. Previously, Cloudflare could protect web traffic (Gateway), application access (Access), and network traffic (WAN/Transit) — but email was unaddressed. The Area 1 acquisition gave Cloudflare a best-in-class email security solution, making the platform more competitive against Palo Alto, Zscaler, and Microsoft's native security tools for comprehensive SASE deals.