Site icon Check Point Blog

Calculate How Many Phishing Emails Your Existing Security Solution Misses

December 2023’s Most Wanted Malware

Do you know how effective your email security solution is? With our brand new calculator, we can figure out just how good—or bad—your existing solution is at catching phishing emails. Depending on your solution, the number could be disheartening. For example, did you know that if you use Google, its missing nearly 1,300 phishing emails a day? And if you use Microsoft, that number is actually close to 2,000 phishing emails a day!

To calculate these numbers, Avanan researchers analyzed 300 million emails over the course of six months in the middle of 2021. The purpose of this study was to determine the efficacy of vendors at keeping phishing emails out of the end-user’s inbox.

For most solutions, trying to gauge yourself against the competition is nearly impossible. That all has to do with the position in the mail flow.

Pretend you’re a malicious email and you’re trying to reach the inbox. Depending on the solution the target has, you will face different obstacles. If a Secure Email Gateway (SEG) is in place, you will run up against that first. You’re clever, so you can bypass their defenses. Due to their architecture, that means you will sail right through to the inbox. The same thing applies to native, default security like Google or Microsoft.

These solutions would have no idea if another competitor would stop that malicious email or miss it altogether. If they block an email, they won’t know if another solution would do the same thing. If they miss an email, they can’t know if another solution would miss that as well.

Only Avanan, the engine behind the Harmony Email & Collaboration offering, knows. How? Avanan has an embedded approach that sits behind SEGs or default security. The only time we see an attack is if they miss one beforehand. That’s because we see–and stop–the attacks that they miss. If an attack is stopped by a gateway or default security, we don’t see it. If we see a phishing email, that means the gateway or native security absolutely missed it. That way, we can see which phishing emails would’ve reached the inbox if Avanan was not in place. Since the gateways used are public knowledge via MX records, doing such analysis is simple.

In this study, we measured the number of phishing emails hitting the inbox per 100,000 messages. According to our findings, we found that the legacy and native approaches constantly allow far more phishing emails into the inbox. Avanan allows just ten phishing emails into the inbox per 100,000. The worst offenders allow as many 12220% more. That’s not a typo.

We detailed the full results in our study, which you can view here. Then we went a step further.

To customize it, we built a threat miss calculator. Using data from our research, and based on the number of employees in your organization, you can see how many phishing emails your vendor is missing.

Take the following example–an organization of 20,000 employees. Assuming an average of 20 emails per user (which is generally what we see), per day, with an SEG in place, that organization will have nearly 150,000 missed attacks.

That’s far too many attacks. With phishing being the number one cause of ransomware, just one missed attack can do tremendous damage. Now imagine the damage of 150,000.

Using our calculator, plug in your data and see the results.

And after seeing the results, check out the Avanan product in action by scheduling a trial below.

https://www.avanan.com/trial

Exit mobile version