However, the problem is this requires a Symantec customer, for example, to add technology that should already be in the vendor's product. "Instead of having one solution that's able to address this problem, I now have to buy another point product to cover up what my existing technology has been failing at," Holland said.
The email security vendors are starting to play catchup, due to the success of FireEye and Damballa, Holland said. For example, Proofpoint released last spring analytics aimed at catching advanced malware used in spear phishing attacks.
Not everyone is sold on the need for expensive analytics. Many companies could improve security dramatically by strictly limiting, or removing, applications known to contain many vulnerabilities exploited by hackers, such as Java and Adobe Flash, said Al Pascual, an analyst at Javelin Strategy & Research.
In addition, companies could use less expensive email authentication technology that looks at the sending mail servers and the IP addresses of the sender to determine whether the email is legitimate, Pascual said.
Such technology uses the Sender Policy Framework (SPF) and the complementary DomainKeys Identified Mail (DKIM). Another anti-phishing technology released last year was the Domain-based Message Authentication, Reporting and Conformance (DMARC) framework.
"Unfortunately, it's been around for awhile, but not a lot of businesses are using it," Pascual said of the various technologies. "It's very underutilized."
Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.