A new chapter for email protection: unifying SEG and API security 

Key takeaways 

• Proofpoint is bringing together its two market-leading email security approaches—secure email gateway (SEG) and API-based protection—into a single, integrated architecture. 
• Proofpoint customers can now add protection for internal mail and direct send vulnerabilities with an integrated email security deployment across SEG and API. 
• For organizations new to Proofpoint, this new model provides protection before delivery through the gateway and after delivery through API visibility. 
• Security teams get a unified investigation and response across both SEG and API deployment models. They don't have to manage separate tools. 

Security architecture is at a crossroads. Today’s organizations have embraced cloud email and expanded their tools for employees to collaborate. They’ve also adopted layered defenses to keep pace with increasingly sophisticated threats. But as their defenses have grown stronger, they’ve also grown more complex. 

Many enterprises combine secure email gateways (SEGs) with API-based email security to protect their environments. This dual approach reflects the realities of modern email threats: stop what you can before delivery as well as detect and remediate anything that slips past or emerges later. In practice, however, hybrid deployment models have largely operated side by side. They don’t really work together. 

That separation introduces friction. There are separate consoles, separate workflows, and separate intelligence streams. At the same time, attackers continue to exploit the spaces between these layers, targeting internal mail flows, taking advantage of direct send vulnerabilities, and adapting quickly to evade isolated controls. 

Today, we are announcing a significant step forward toward resolving these issues.  

On June 30, 2026, Proofpoint will introduce a new integrated email security model that unifies SEG and API-based deployments. This is more than just a feature integration. It’s a fundamental evolution in how defense-in-depth should operate in a cloud-first world. 

Each SEG and API are complete, enterprise-grade solutions in their own right. Together, they create a coordinated protection model in which SEG secures north-south traffic at the perimeter, while API-based protection extends defense to east-west internal email activity. 

From layered defense to unified intelligence and response 

For years now, if you’ve wanted defense-in-depth, you’ve had to deploy multiple controls across different parts of the email lifecycle. While gateway protections have filtered inbound and outbound traffic. API-based solutions have extended visibility into the mailbox. 

Both approaches are powerful. But when threat intelligence doesn’t flow seamlessly between them, there’s unnecessary complexity. Investigations slow down. Policies require duplicate tuning. Analysts switch between dashboards to build context. 

The Proofpoint unified model changes that equation. Instead of operating as distinct silos, SEG and API protections now interoperate within the same administrative framework. They share intelligence, coordinate detection, and streamline the analyst experience. 

Here’s what you can expect: 

• Unified administrative control across deployment models 
• Shared detection intelligence between pre- and post-delivery layers 
• Coordinated visibility into threats across the email lifecycle 
• A streamlined investigative experience for security operations center (SOC) teams 

Reducing risk where it matters most 

Attackers are not constrained by the boundaries of your architecture. All it takes is for a user’s credentials to get compromised. Then, internal-to-internal phishing spreads rapidly and convincingly. Similarly, direct send techniques bypass traditional routing paths. 

When SEG enforcement is combined with API-level visibility, you get stronger protection across these high-exposure scenarios. These two models work better as a team. Threat intelligence that’s identified post-delivery can inform upstream filtering. And gateway detections can be enriched with mailbox-level insights. The result is broader coverage and fewer blind spots. 

Rather than layered systems that work independently, you get a coordinated whole that works better because intelligence is shared.  

Threat intelligence powered by the whole email lifecycle 

AI connects these two layers. As a result, there’s a continuous cycle of improvement: 

• Post-delivery discoveries strengthen future gateway filtering decisions. 
• Mailbox-level detections enhance upstream policy enforcement. 
• AI models refine themselves based on signals across the full email lifecycle. 

Instead of tuning systems independently, you benefit from coordinated intelligence that becomes more effective over time. 

Designed for how SOC teams actually work 

While it’s critical to detect threats accurately, operational efficiency is just as important. Security teams consistently say that switching between consoles, reconciling alerts, and dealing with fragmented workflows cause analyst fatigue. 

By unifying SEG and API deployments, Proofpoint will provide analysts with a single console to do their work. They will easily move from detection to remediation and spend less time on correlating threats manually. Those efficiency gains will translate into shorter response times and a lowered operational burden. 

This is the first step toward a more seamless, unified email security experience—one that’s designed around real-world SOC workflows rather than historical deployment boundaries. 

Building a foundation for what’s next 

Email threats will continue to evolve. And so will the environments that they target. A unified architecture that combines SEG and API protections will deliver:  

• More automated workflows for both detection and remediation  
• Deeper cross-layer analytics and correlation 
• Greater centralization of policy management 
• Enhanced resilience against emerging attack techniques 

When organizations align intelligence with operations, they position themselves for a more adaptive and resilient future. 

Executive perspective and availability 

Tom Corn, executive vice president and general manager of Proofpoint’s Threat Protection Group, commented: 

“Defense in depth should not mean operational fragmentation. Customers should not have to choose between deployment models—or manage them in isolation. By unifying SEG and API protections into a cohesive, intelligent experience, we’re redefining how layered email security works and setting the stage for a more unified future in Proofpoint’s Threat Protection Workbench.” 

This unified model is planned for global launch on June 30, 2026. It will be offered across all markets where Proofpoint email security solutions are available. At launch, we will provide more product details as well as supporting resources. 

A new chapter for email security 

Email remains the primary attack vector for cyberthreats. As collaboration expands and cloud adoption accelerates, security architecture must keep pace—not only in stopping more threats, but in reducing complexity for the teams defending against them. 

By bringing SEG and API protections together into a unified, interoperable model, Proofpoint is delivering stronger protection, smarter intelligence sharing, and a more efficient operational experience. This is more than integration. It’s a rethinking of how layered email security should function in a modern enterprise. 

Learn more about strengthening your collaboration security architecture with Proofpoint Prime Threat Protection.