Check Point Email Security | Blog

Nothing to Hide: Avanan’s “Secret” Sauce, For All to See

Written by Jeremy Fuchs | August 18, 2020

We've heard this a lot from our customers, especially when it relates to Secure Email Gateways like Proofpoint and Mimecast. When they asked their previous email security vendor why an attack was missed, they would get a canned response. “We cannot tell you, it’s our ‘secret sauce’”. It's their way of saying: We don't know. Or worse—we don't want to tell you.

We have nothing to hide, so we decided to share some of our ‘Secret Sauce’, to help you understand how we catch what others miss.

The Key: Protecting From the Inside

Avanan’s patented, artificially intelligent (AI) software is embedded within your cloud email provider —Office 365 or Gmail, behind the default security, whether that’s EOP or if you upgraded to ATP or use another security solution. This position allows our AI engine to add security and to be trained specifically on the attacks missed by default security. 

  1. Adding a layer of security instead replacing it. Email security solutions that are deployed as gateways in front of cloud email (SEGs) require you to practically disable the built-in security layer. We have demonstrated in prior blogs how attacks that would have been blocked by the default Office 365 security end up getting through to your inbox if you put Proofpoint in front of it. That’s because Microsoft was disabled and Proofpoint missed the attack (Can 1+1=0?). With Avanan, we add another layer—the default security scans first and then Avanan scans the things the first layer might have missed. Layered security is the best practice because two independent layers are exponentially harder to bypass. 
  2. Trained specifically on what previous layers missed. In Machine Learning, the training set you select is the single most important component to what the AI would identify. Avanan’s unique deployment and visibility gives us a significant advantage over SEGs: our AI is specifically trained on real attacks that were missed by the default layer. 
  3. Indicators of Attack to detect malicious intent. As you might have seen from our attack briefs, Avanan is one of few vendors that consistently uncovers the hacking methods used by hackers to bypass Office 365 and Gmail built-in security. We know this because of how we deploy - after the default layer. By reverse engineering the reason the attack was missed by the default layer, we have consistently uncovered new sophisticated obfuscation methods that hackers use. For Avanan, we don’t just make sure we aren't vulnerable to these attacks—we use these methods as indicators of attack to determine and flag those emails or links.

This is why Avanan is a real 1+1=3: an additional layer designed specifically to catch the attacks that the first layer misses. 

Additional Advantages In Avanan’s Deployment

The above explained how we provide superior catch rates and detect the attacks others miss. There are several additional advantages to this approach:

  • Ease of deployment. Avanan does not require you to change the MX record or to apply any manual configurations to Office 365 or Gmail. All you have to do is approve our application with a global admin (in O365 or Gmail) and you are done. This one-time process literally takes one minute. Ease of use is at the center of what we do.
  • Avanan has more context for accurate anti-phishing and BEC protection: Through the API, Avanan knows a wealth of information that is not available in the legacy SEG model. For example: 
    1. End-user titles: We know the CFO, CEO, COO is—and these are the people most likely to be impersonated in a BEC attack. 
    2. Historical correspondence:  We analyze who communicates with who, at what frequency, and with what email subjects and content.
    3. Login history for specific users

This rich context allows Avanan’s AI to build a social graph for better detection and low false-positive rates of phishing attacks. It also allows Avanan to establish each end-users’ behavioral baselines to flag suspicious activities by compromised accounts or insider threats.

  • All email protection, not just inbound: Unlike Secure Email Gateways, Avanan is able to protect against phishing and other attacks from internal emails, utilizing a specialized AI model for scanning internal traffic, with relevant indicators for internally-originated attacks. This is in addition to securing inbound and outbound emails.
  • Protection for the entire suite, not just email: Business doesn’t just happen in email and so full-suite security needs to extend to all platforms where work is done. Our security solution extends to the collaboration suite, identifying potentially compromised accounts to protect OneDrive, SharePoint and Teams in Office 365, Google Drive in G-Suite, as well as to Slack, Box and Dropbox. All SaaS apps get unified security scanning, similar policy language and centralized workflows.  

Inline via API

Avanan’s patent is in the ability to deploy an API solution that is fully inline - the email never reaches the end-user until Avanan clears it. This unique capability is what allows Avanan to enjoy all the above, while also being able to completely replace the SEG as your email solution. Unlike the other API solutions, Avanan is not a supplement. It's the new email security alternative for the legacy SEG architecture.