Check Point Email Security | Blog

Avanan vs Microsoft ATP (Defender): What You Need to Know

Written by Jeremy Fuchs | December 21, 2021

If you use Microsoft 365 for your email, you've likely considered (or already have) Microsoft Advanced Threat Protection to secure your email. (It's now being referred to as Microsoft Defender). 

ATP provides anti-spam and anti-malware protection, and scans links and attachments.

However, despite the built-in nature, ATP is not a panacea. In fact, in a recent study of over 300 million emails, Microsoft's products let in far more emails than Avanan did into the inbox.

The difference, as you can see, is stark. Avanan allowed just 10 phishing emails per 100,000 into the inbox. Microsoft allowed 932. Since phishing is the number one threat leading to ransomware, the more phishing that lands in the inbox, the more chances there are for ransomware to propagate.

Beyond that, we've observed marked differences in malware detection and prevention between Check Point and Microsoft

Further, there are specific differences between Avanan and Defender, outlined here. 

Category ATP Avanan
Overall detection
  • Misses attacks targeting Microsoft's basic anti-spam phishing AI, such as BaseStriker and ZeroFont.
  • Uses only Microsoft's security intel.
  • Avanan sits inside the tenant and scans after Microsoft to catch what EOP and/or ATP miss. This API approach to security gives Avanan the highest catch rate in the industry and blocks threats before they reach inboxes.
  • Leverages Check Point's ThreatCloud, a repository of 150,000 connected networks, millions of endpoint devices, dozens of machine learning and AI engines, that detects and stops over 6,000 previously unknown malware daily. 

 

Ease of deployment and policy configuration
  • Multiple configurations required for anti-phishing with 6 different policy engines.
  • Anti-phishing policies cover a maximum of 60 users.
  • Avanan installs as an app and deploys in minutes.
  • Activate pre-configured anti-phishing, anti-malware, and DLP policies with one click.
  • Implement custom policies with workflows for threat detection, DLP, custom queries, and cloud access control.
End-user experience
  • End users only receive a 3-line .txt file about quarantined content that they can't understand.
  • End users can request for documents to be released from quarantine, pending admin approval. 
  • Fully customizable alert emails sent to end users are more detailed than those of ATP.
Threat management reporting
  • Reports only show data for the past 7 days. Admin must wait a few hours to receive reports for older data.
  • Reporting is surface level, with limited detail.
  • Real time reporting.
  • Threat emulation videos show admin the actions malware would take in their environment. 
  • Admin can quarantine and take other bulk actions within Avanan's detailed reporting.

Extension of security to OneDrive, SharePoint and Teams

  •  Every file is scanned.

Search and Destroy

  • Find emails by subject line only in eDiscovery, then destroy with PowerShell.

 

Beyond these critical differences, time and time again we've seen specific attacks that have bypassed ATP/Defender but were stopped by Avanan. There's the SLINKIFY attack, which takes advantage of how Defender processes malformed links. There was the attack that utilized HTML redirection; the assault on SafeLinks; and so many more. 

Time and time again, customers have switched from ATP to Avanan and are glad they did.