Do you know how to measure how well your email security solution is performing? It can seem like a tall task. However, with our brand new calculator, we can figure out just how good—or bad—your existing solution is at catching phishing emails.
Depending on your solution, the number could be disheartening. For example, did you know that if you use Google, it's missing nearly 1,300 phishing emails a day? And if you use Microsoft, that number is actually close to 2,000 phishing emails a day!
To calculate these numbers, Avanan researchers analyzed 300 million emails over the course of six months in the middle of 2021. The purpose of this study was to determine the efficacy of vendors at keeping phishing emails out of the end-user’s inbox.
For most solutions, trying to gauge yourself against the competition is nearly impossible. That all has to do with the position in the mail flow.
Depending on the solution the target has, malicious emails will face different obstacles. If a Secure Email Gateway (SEG) is in place, the email will run into that first. If the email gets past the gateway, it goes right into the inbox. will run up against that first. You’re clever, so you can bypass their defenses. The same thing applies to native, default security like Google or Microsoft.
These solutions would have no idea if another competitor would stop that malicious email or miss it altogether.
Only Avanan knows. How? Avanan has an embedded approach that sits behind SEGs or default security. The only time we see an attack is if they miss one beforehand. That’s because we see–and stop–the attacks that they miss. If an attack is stopped by a gateway or default security, we don’t see it. If we see a phishing email, that means the gateway or native security absolutely missed it. That way, we can see which phishing emails would’ve reached the inbox if Avanan was not in place. Since the gateways used are public knowledge via MX records, doing such analysis is simple.
In this study, we measured the number of phishing emails hitting the inbox per 100,000 messages. According to our findings, we found that the legacy and native approaches constantly allow far more phishing emails into the inbox. Avanan allows just ten phishing emails into the inbox per 100,000. The worst offenders allow as many 12220% more. That’s not a typo.
We detailed the full results in our study, which you can view here. Then we went a step further.
To customize it, we built a threat miss calculator. Using data from our research, and based on the number of employees in your organization, you can see how many phishing emails your vendor is missing.
Take the following example–an organization of 20,000 employees. Assuming an average of 20 emails per user (which is generally what we see), per day, with an SEG in place, that organization will have nearly 150,000 missed attacks.
That’s far too many attacks. With phishing being the number one cause of ransomware, just one missed attack can do tremendous damage. Now imagine the damage of 150,000.
Using our calculator, plug in your data and see the results.