Some cybersecurity vendors focus on increasingly transversal platforms, others prefer to focus on very specific areas. The divide between 'all-rounders' and 'verticals' is as old as computing history, but at this stage of the cybersecurity market, analysts seem to love the latter again. Probably because, with cyber threats and risks always increasing, playing on many tables requires skills and resources few vendors actually have.

Being a niche player does not mean, however, you cannot play on a global level. Just look at Libraesva, an all-Italian company that is successfully developing its international market. Following a path that first led to a wider European presence, also thanks to its official London subsidiary, and then to the (inevitable) North American market, with an office in Seattle.

"The challenge of the next three to five years is taking our brand to a global level," explains Paolo Frizzi, CEO of Libraesva: "Italy may not excel in cybersecurity innovation, or at least it is not known around the world for this, but we still want to bring our technology to compete with the big names in the international market".

Growing abroad has long been a natural progression for Libraesva: its customers are already global and therefore require a global presence of their tech suppliers: "we are present in the UK and in the US to be near our customers and to support them", Frizzi explains. Also, being an international player helps Libraesva to be firmly on the radar of market analysts, whose positive evaluations matter to customers.

Libraesva nevertheless remains a firmly Made in Italy software company. "We are still a strongly Italian company. Software development is entirely done on Lake Como and the head office remains in Lecco", Frizzi underlines. Libraesva also stays focused on its historical field: email protection. As the CEO explains: "We take great pride in doing just one thing: email security. I have been asked several times, if we ever intend to expand our business to other cybersecurity areas. The answer is 'no', I am still convinced that if you want to do something, and you want to do it well, you have to devote yourself completely to it".

Reports and cyber incidents prove, almost daily, how much email security is still a big issue. In most cyber incidents, email is still used as the main attack vector. And good old phishing is still the most convenient and effective way for cyber criminals to breach corporate networks.

An analysis recently conducted by Libraesva itself gives more details on this scenario: it's The Reality Gap report, whose title highlights how email is still underestimated as a risk factor. "88% of respondents experienced a successful email attack between January and March 2024. Despite this, most (55%) of them are not prioritising investment in email security" Frizzi says.

The Libraesva report clearly shows that many cyber risks associated to email are actually perceived as critical by CISOs, but they do not have much confidence in the platforms already in place to defend their IT infrastructures. Consider malware: 83% of CISOs obviously think it's important to defend against it, but only 42% feel they do it properly. The same applies to ransomware (percentages at 84% and 35% respectively), data leaks via email (85% and 42%), malicious URLs and attachments (83% and 38%), phishing (80% and 36%).

CISOs, and all those who manage enterprise cyber security at different levels, seem unable to keep up with all the threats now coming via email. Why? First, because email attacks are more and more massive and sophisticated. But also because CISOs today have less budget and skill than they need. Just 47% of them have seen their email security budget increase in the last 12 months, and 55% think they do not have enough staff with the right skills in email security.

Mail security platforms can help, of course, and that's why Libraesva keeps on improving its offering. Recently, Libraesva Email Security acquired an automatic threat remediation feature: email triage results are automatically passed on to the mailbox management module, in order to immediately recall any malicious spam/phishing campaign that may have 'escaped' the main filter.

Also, LetsDMARC - the Libraesva monitoring service looking for malicious domains used in 'branded' phishing campaigns - has been enhanced. It now identifies as malicious also domains registered with names trying to 'simulate' well-known brands via 'creative' textual tricks. Like assonances that can visually deceive who received a spam email and are difficult to identify using algorithms or rules.