Check Point Email Security | Blog

The Issue with Letting Malicious Emails into the Inbox

Written by Jeremy Fuchs | August 25, 2021

Avanan is an API-based email security company. We pioneered this field back in 2015. Since then a number of companies have sprung up aiming to do the same thing. So many have entered the market that it can be hard to tell one from the other.

Avanan, though, has a core differentiator. Avanan is the only vendor in this space that gives customers the option of blocking malicious emails before they reach the inbox. In fact, this is our patent, and 90% of our customers choose this inline option.

The other API vendors can only do what’s called “Detect and Remediate.” API vendors remove the email after it has been deemed phishing—or after the end-user has had a chance to see, open and interact with the email. They cannot do inline, meaning they can’t scan the email before it reaches the inbox.

Given Avanan’s efficacy, the difference is stark:

 

 

We analyzed over 360 million emails to compare efficacy rates, we found that Avanan allows 5.1 malicious emails into the inbox per 100,000 emails. Other API-based companies allow 100,000 malicious emails into the inbox per 100,000 emails—because, by their very nature, they can't prevent emails from reaching the inbox.

In other words, API-based email security providers let in 100% of malicious emails. This is an inherent architectural problem. The reason is that they are not inline. They can only retract a malicious email after it reaches the inbox. They cannot prevent it from reaching the inbox in the first place. This is how the system works:

 

Because of their non-inline architecture, other API-based solutions must allow the message to reach the inbox. Only then can they do their analysis and remove if necessary.

No email security provider is perfect, and occasionally, even with inline providers like Avanan, malicious emails will reach the inbox. That’s why we have a complete set of post-delivery capabilities, including Email Recheck, which allows end-users or admins to report emails that might be malicious to be inspected again by Avanan’s AI and/or human analysts; and Incident Response as Service (IRaaS), which allows Avanan analysts to inspect end-user requests to release from quarantine. All of this saves the customer time. Consider the story of a Fortune 500 company. After implementing both Avanan Email Protection and IRaaS, the number of reviews by their SOC dropped from nearly 17,000 to just 350 a month—a 97.8% reduction.

For the other API solutions, however, the problem is even more significant. On average, it takes these solutions 183 seconds to remove the email from the inbox; it takes 82 seconds for the average user to click on a malicious link. That becomes a race to what happens first: A user clicking or the solution removing the malicious email from the inbox. More often than not, a user is going to click first.

Letting in 100% of malicious emails and hoping your users won’t click on it before it’s retracted is not a solution. And since the majority of ransomware starts with phishing, allowing that many malicious emails into the inbox is a recipe for disaster.

Don’t leave it up to chance. Reduce the number of phishing emails reaching the inbox by 99.2% with Avanan.