SOC 2 Type II ISO 27001 FedRAMP Moderate HIPAA GDPR PCI-DSS
Trust Center · Status · All systems operational
Forrester Wave™ Leader · Enterprise Email Security · Q1 2026

Email security for the AI era.

Perimeter stops the targeted attacks your Secure Email Gateway can't see — BEC, account takeover, payload-less impersonation. API-native deployment, post-delivery remediation, built for the Fortune 500.

Request a demo See the platform
Enterprises protected
1,400+
Threats blocked / month
64M+
Deploy time
≈ 20 min
Perimeter · Live threat feed
— — —
Blocked · 24h
24,812
▲ 12.4% vs avg
Mean dwell
00:11s
↓ from 8.4h · SEG
Confidence
99.97%
Detection fidelity
BEC Invoice-rerouting from cfo@vendor-finance[.]co CRIT · 0.98 Blocked
Impersonation Display-name spoof of CFO Westshire Re HIGH · 0.94 Blocked
Link Newly-seen domain in delivery note parcel-track[.]link MED · 0.71 Review
ATO Anomalous OAuth grant · sally.m · 3rd-party app CRIT · 0.96 Contain
VEC Supplier compromise · payment-update request HIGH · 0.91 Blocked
Inline · 4 of 4 detectors healthy
v7.14.2 · region: us-east-1
Trusted by security teams at Fortune 500 enterprises and Five Eyes agencies
Northwater Capital
Briarmount Mutual
Vancourt Health
Stonebridge & Co.
Harbour Financial
Westshire Re
Argus Hennessey
Saint Hollan Health
Landrey & Fane LLP
Orcusa Energy
Fairmont Exchange
Cascadia Medical
The problem is shaped differently now

The last decade of email security wasn't built for the next decade of attacks.

Secure Email Gateways were designed for a world of spam, commodity malware and attachment payloads. Today's adversaries don't need any of that — they need a credible sender, a plausible context, and sixty seconds of your CFO's attention.

91%
of breaches begin in the inbox
Email is still the single highest-yield initial-access vector for ransomware, credential theft and third-party fraud.
Source · Verizon DBIR 2026
$2.9B
Losses from BEC & VEC, 2025
Business email compromise losses surpassed ransomware for the fourth consecutive year, with invoice-rerouting the top variant.
Source · FBI IC3 Annual Report
8.4h
Median dwell time · legacy SEGs
Gateways stop most commodity threats at the border, then watch as targeted attacks sit unread in inboxes for a workday.
Source · Perimeter Threat Report 2026
Platform · How Perimeter deploys

Behind your email, not in front of it.

Perimeter integrates via the Microsoft 365 Graph and Google Workspace APIs — no MX record change, no mail-flow re-route, no gateway to drain into. Inline, post-delivery, and invisible to the sender.

External · Sender
The internet
Customers, partners, adversaries, bots
SMTP
Perimeter · Core
AI-native detection fabric
Runs inline across all four modules · API-native, agent-less
Graph
Tenant · M365 / GWS
Your inbox
Microsoft 365, Google Workspace, hybrid
20-minute deployOAuth & Graph scoped consent. No MX record change. No mail-flow re-route.
Post-deliveryContinuous scanning of messages already in the inbox. Retract when a verdict flips.
Agent-lessNothing installed on endpoints. Full visibility via tenant APIs.
Sovereign regionsUS, EU, UK and AU data residency. FedRAMP Moderate for the public sector.
The platform, four modules

One fabric, four detections.

Each module is a full product. Deploy one, deploy four — same tenant, same console, one dashboard for your SOC.

Module 01 · Inbound Defense

Stop the attacks a gateway can't see.

Language-model detection of Business Email Compromise, Vendor Email Compromise, and payload-less impersonation — the attacks that arrive with no attachment, no malicious link, and a perfectly plausible tone.

  • CFO / executive impersonation
  • Invoice & payroll re-routing
  • Newly-registered sender domains
  • Display-name & reply-to spoofing
  • Supplier compromise chains
  • Conversation-thread hijack
See Inbound Defense
BEC · Caught in the act #IRT-28451
Fromchief.finance@northwater-capital[.]co
Toaccounts-payable@northwater.com
SubjUrgent · updated wire instructions for Q1 vendor settle
Hey team — I'm in back-to-backs with the board. Can you update the routing on the Harbour & Co. Q1 invoice to the attached account before 3pm? I'll approve as soon as I'm out. Thanks —
J. Halvorsen, CFO
Detection signals Risk 0.98 · CRIT
Domain registered 4 days ago
CFO display-name spoof
Urgency cue detected
Never-before-seen sender
Out-of-band payment request
SPF fail · DKIM fail
Verdict · auto-actioned Quarantined · sender banner pushed to tenant
Module 02 · Account Takeover Protection

Catch the session before the message.

Continuous behavioural baselining on every mailbox. Anomalous OAuth grants, new-device sign-ins from improbable geographies, mail-forwarding rules silently created in the night — all surfaced, all containable.

  • Impossible-travel sign-in detection
  • Suspicious OAuth & 3rd-party app grants
  • Silent mail-forward rule creation
  • MFA-bypass & token-replay patterns
  • One-click session-termination
  • Auto-notify user & SOC simultaneously
See ATO Protection

Session anomaly · Sally Mendez

14:22:07 UTC
Denver · regular
Istanbul · +1h ago
Tashkent · now
OAuth grant to "Mail-Backup-Plus" · never-seen app 14:22:01
Forward rule created · all → external .onion mailbox 14:21:48
Session terminated · all tokens revoked 14:22:10
Module 03 · DMARC Command

Nobody else ships mail from your brand.

Move from DMARC monitoring to DMARC enforcement without breaking outbound mail flow. Continuous discovery of authorised senders, BIMI & VMC onboarding, and takedown of lookalike domains — run from one console.

  • Guided p=reject migration
  • Authorised-sender discovery
  • BIMI / VMC onboarding
  • Lookalike domain monitoring
  • Automated takedown submissions
  • Subsidiary & acquisition DMARC roll-up
See DMARC Command
@ northwater.com p = reject · enforced
91.7%
Last 7 days
Aligned8.4M
Misaligned762k
Unauthorised1,284
Takedowns filed7
✓ Enforcement healthy · Next roll-up: 3 acquired subsidiaries migrate to p=reject in 72h.
Module 04 · Response & Remediation

From verdict to retracted in seconds.

Perimeter doesn't stop at detection. When a verdict flips — a post-delivery sandbox detonation, a lookalike takedown, a supplier compromise signal — messages are retracted from the inbox, affected users coached, and your SOAR/SIEM notified automatically.

  • Post-delivery message retraction
  • Just-in-time phish-training nudges
  • SOAR / SIEM webhook events
  • STIX/TAXII threat-intel sharing
  • Splunk, Sentinel, Chronicle connectors
  • Runbook automations · custom logic
See Response & Remediation
Message delivered · recipients: 8Subject · "updated wire instructions for Q1"
+00:00
Verdict flip · sandbox detonationPost-delivery domain reputation signal · now CRIT
+02:14
Message retracted from all 8 inboxesRemoved before any recipient opened · banner replaces original
+02:17
Splunk SIEM event dispatchedIncident opened in SOC queue · auto-tagged BEC · CRIT
+02:18
JIT coaching pushed to 8 recipients90-second micro-lesson · opt-out respected
queued
Scale · Network telemetry

What the network sees, your tenant inherits.

Perimeter's detection fabric learns across every customer, every tenant, every hour. When one bank sees a new BEC pattern at 09:14 UTC, the other 1,399 tenants on the platform are protected against it by 09:15.

Perimeter Network · 24h LIVE

Rolling · updated every 15s
Threats blocked
0
▲ 4.2% vs 7-day avg
BEC attempts
0
▲ 11.9% · continued rise
ATO events contained
0
▲ 6.1% · est. $14M loss averted
Brand impersonations blocked
0
↓ 3.4% after takedown sweep
Analyst recognition
Perimeter's AI-native, API-first architecture places it firmly in the upper-right of the email-security quadrant, with standout scores for BEC detection and post-delivery remediation.
Forrester Wave™ · Enterprise Email Security · Q1 2026
Forrester
Leader · Wave Q1 2026
Highest score for BEC detection & remediation.
Gartner
Visionary · Magic Quadrant 2025
For Integrated Cloud Email Security (ICES).
IDC
Innovator · Worldwide 2026
AI-native inbound email threat detection.
G2
Enterprise Leader · Winter '26
4.8 / 5 across 312 verified reviews.

Built for regulated environments.

Certified, audited, and deployed across US federal civilian agencies, EU banks, and UK NHS trusts.

Trust Center →
SOC 2 Type II
Audited · Q4 2025
ISO 27001
Information security
FedRAMP Mod.
Authorised · 2025
HIPAA
BAA on request
GDPR / DPA
EU data residency
PCI-DSS
Cardholder-grade
Ecosystem

Plugs into the stack you already have.

Perimeter integrates with every SIEM, SOAR, IdP, and collaboration tool a modern SOC runs on — out of the box, with pre-built content and a first-class API.

M
Microsoft 365
Graph API · tenant-wide
G
Google Workspace
OAuth · service accounts
O
Okta
SSO · SCIM provisioning
E
Entra ID
SSO · conditional access
S
Splunk ES
Native app · CIM-mapped
S
Microsoft Sentinel
Data connector · workbook
C
CrowdStrike
Falcon XDR · bidirectional
Z
Zscaler
URL-rewrite · isolation
N
ServiceNow SecOps
Incident sync · SIR
C
Chronicle SecOps
UDM · parsers
T
Tines
Playbook templates
J
Jira Service
Ticket auto-create
Customer story · Northwater Capital
We cut mean-time-to-remediate from eight hours to twelve minutes across 41,000 inboxes. Perimeter is the first email-security product I've deployed that my SOC actually asks to keep.
EM
Elena Marsh
Chief Information Security Officer · Northwater Capital
94%
MTTR reduction
41k
Mailboxes
7,300+
BEC attempts blocked / mo
0
Wire-fraud incidents, 2025
Request access

See what your SEG has been missing.

Book a 30-minute live demo against your actual tenant (read-only, scoped OAuth, no mail-flow change). We'll show you the targeted attacks in your last 30 days of mail — and how quickly Perimeter would have caught them.

No mail-flow change. Read-only OAuth. Live demo against your own tenant.