[
  {
    "critere": "Modele de deploiement",
    "cloudflare": "SEG+ICES hybride (Inline MX ou API post-delivery ou BCC)",
    "proofpoint": "SEG (Inline MX obligatoire)",
    "mimecast": "SEG (Inline MX obligatoire)",
    "abnormal": "100 % API ICES (post-delivery, zero MX)",
    "ms_defender_p2": "Natif M365 (EOP + Safe Links/Attachments)",
    "sublime": "API ICES (post-delivery)"
  },
  {
    "critere": "Anti-BEC / VEC",
    "cloudflare": "Fort (Area 1, pre-attack time, EDF fingerprinting)",
    "proofpoint": "Tres fort (Nexus AI, relationship graph, macros SPF)",
    "mimecast": "Bon (detection comportementale, impersonation protection)",
    "abnormal": "Leader ML (detection anomalies comportementales pure)",
    "ms_defender_p2": "Bon (protection identite, Safe Links)",
    "sublime": "Tres bon (regles explicables, detection semantique)"
  },
  {
    "critere": "Anti-phishing link",
    "cloudflare": "RBI/NVR (Network Vector Rendering, Inline uniquement)",
    "proofpoint": "Tres fort (TAP, URL defense, sandboxing predictif)",
    "mimecast": "Fort (URL rewriting, sandbox)",
    "abnormal": "Anomaly-based (detection via signaux comportementaux)",
    "ms_defender_p2": "Safe Links (réécriture URL, detonation time-of-click)",
    "sublime": "Detection explicable par regles"
  },
  {
    "critere": "Sandbox attachments",
    "cloudflare": "Oui (Forrester 5/5 antimalware)",
    "proofpoint": "Fort (TAP Attachment Defense, sandboxing predictif)",
    "mimecast": "Fort (Targeted Attack Protection)",
    "abnormal": "Limite (focus comportemental, pas sandbox deep)",
    "ms_defender_p2": "Safe Attachments (detonation Azure)",
    "sublime": "Oui (sandbox integre)"
  },
  {
    "critere": "DLP",
    "cloudflare": "DLP Assist M365 gratuit pour clients Email Security (compose-time)",
    "proofpoint": "Fort (Illusive DLP, classification contenu sortant)",
    "mimecast": "Fort (DLP sortant, chiffrement, politiques contenu)",
    "abnormal": "Moyen (focus detection entrants, DLP limite)",
    "ms_defender_p2": "Fort (Purview DLP, classification unifiee M365)",
    "sublime": "Moyen"
  },
  {
    "critere": "Archivage / Continuity",
    "cloudflare": "Non (aucun equivalent)",
    "proofpoint": "Oui (archivage via Enterprise Archive, continuity optionnel)",
    "mimecast": "Fort (Cloud Archive retention 99 ans, Email Continuity)",
    "abnormal": "Non",
    "ms_defender_p2": "Via E3+ (Exchange Online Archiving, compliance center)",
    "sublime": "Non"
  },
  {
    "critere": "BIMI / MTA-STS hosting",
    "cloudflare": "Non (demande communauté sans reponse depuis 2022)",
    "proofpoint": "Non (Agari pour DMARC avance)",
    "mimecast": "Oui (DMARC Analyzer integre, BIMI et MTA-STS)",
    "abnormal": "Non",
    "ms_defender_p2": "Non",
    "sublime": "Non"
  },
  {
    "critere": "Envoi transactionnel",
    "cloudflare": "Oui (Email Service Workers, 3000/mois inclus Workers Paid puis 0,35 $/1k)",
    "proofpoint": "Non",
    "mimecast": "Non",
    "abnormal": "Non",
    "ms_defender_p2": "Non",
    "sublime": "Non"
  },
  {
    "critere": "Complexite de setup",
    "cloudflare": "API-first rapide (mode API : 4 clics OAuth), Inline plus complexe",
    "proofpoint": "Complexe (MX obligatoire, policies, Hosted SPF, DKIM 2048)",
    "mimecast": "Complexe (MX obligatoire, onboarding long, policies)",
    "abnormal": "Tres rapide (API uniquement, autorisation OAuth)",
    "ms_defender_p2": "Natif (aucun changement MX, gere par M365 admin center)",
    "sublime": "Rapide (API, decouverte automatique des flux)"
  },
  {
    "critere": "Prix indicatif / utilisateur / mois",
    "cloudflare": "Sur devis, ~7 USD+ base (indicatif marche Spendhound 2025)",
    "proofpoint": "Essentials 1,80-5 USD / P1-P2 5-12 USD",
    "mimecast": "M2/M3 4-8 USD",
    "abnormal": "Premium, non public",
    "ms_defender_p2": "5 USD (ou inclus E5)",
    "sublime": "Moyen, non public"
  }
]