Check Point Email Security | Blog

Microsoft ATP: Millions of Emails Reveal ATP and EOP Offer Similar Protection

Written by Jeremy Fuchs | December 8, 2020

After analyzing over 360 million emails, Avanan researchers have classified the number of malicious emails missed by Microsoft Advanced Threat Protection (ATP) and Exchange Online Protection (EOP).

EOP is Microsoft 365's default anti-virus security. ATP is an add-on service available for an additional cost, or included with higher-priced enterprise options, such as the E5 license package.

Though many companies use one of these protections, Gartner has noted that its clients "have routinely reported dissatisfaction with EOP and ATP and have enlisted the aid of one or more third-party email security products."

Our research lays out one of the reasons why. Our analysis, focused solely on malicious email delivered to the inbox, found that ATP only offers slightly more protection than EOP. 

 

This analysis finds that ATP doesn't provide that much more protection than EOP. This jives with our 2020 ATP Report, which found a 40.7% catch rate for EOP and a 48.4% catch rate by ATP.

We've also extended that analysis to the junk folder. We found that, in a typical O365 junk folder, 4.5% of emails are actually phishing. With ATP, that number is only marginally better, at 2.8%.

This is a problem because users have been trained to "Dumpster Dive" in the junk folder. Microsoft's Office 365 ATP policies flag an unusually high percentage of legitimate emails as phishing. Because of this, companies and organizations use the junk folder as a way to help protect end users from phishing attacks.

Sending ATP detections to quarantine, however, introduces a great risk of blocking legitimate emails to your users. And so users are accustomed to dumpster diving in the Junk folder for legitimate messages.

But there’s a lot of trash to root through when looking for that one piece of treasure. And it increases the likelihood that a phishing email is acted upon by a harried employee, especially when there's a significant amount of phishing emails in the junk folder. 

The more phishing emails in the junk folder, the higher risk of infecting the organization there is.

Avanan researchers have also done a similar analysis against Secure Email Gateways, which can be seen here.

Avanan, using its patented, inline approach, consistently allows far fewer bad emails into the inbox.