Email security miss rates are definitely a huge issue. Malicious files regularly bypass all of today’s leading email security products, leaving enterprises vulnerable to email-based attacks including ransomware, phishing and data breaches, according to BitDam.
BitDam conducted an empirical study to measure leading email security products’ ability to detect unknown threats at first encounter. Unknown threats are produced in the wild, sometimes hundreds in a day.
The study employs the retrieval of fresh samples of malicious files from various feeds and sources, qualifying them as unknown threats, and sending them to mailboxes protected by leading email security products. The miss rate at first encounter was then measured, as well as the Time To Detect (TTD).
According to the study’s findings, for Office ATP, the miss rate over seven weeks in late 2019 was about 23% and the TTD average was about 48 hours. About 20% of missed unknown threats took four or more days to be detected. Office 365 ATP was ‘blind’ to selected unknown threats it did not detect at first encounter. For G Suite, the miss rate was 35.5% over four weeks in late 2019. The TTD average was about 26 hours with about 10% of missed unknown threats taking three days or more to be detected.
These massive detection gaps provide proof of how enterprises are often unprotected against unknown threats, which leads to successful email-based attacks such as ransomware, phishing, and malware.
“Mind the gap! is as relevant to CISOs as it is to riders on the London Underground. The time gap between malware delivery and subsequent detection by the industry’s most widely used endpoint protection suites solutions is shockingly long – in practice long enough to be useless. The study pinpoints this unacceptable gap in detection time, showing that organizations are exposed to cyberthreats for many hours, or even days, before their email security identifies these as malware,” said Simon Crosby, CTO, SWIM.AI.
Most threat detection technologies fail to provide protection against unknown threats. Due to their dependency on previous knowledge about threats, these technologies must be augmented by advanced solutions in order to provide better email security.
“We feel that even though the email threat landscape is constantly evolving, it is BitDam’s responsibility to do all that it can to identify the weakest security points that exist today and offer a solution for the everyday unknowns,” said Liron Barak, CEO of BitDam.
“It was this thought process that was behind our study to find the most common shortcomings of email security products on the market today, so we could respond with meaningful industry knowledge and of course, provide a solution. The detection miss rate levels were higher and more alarming than we had anticipated. Our study is a call to action for solution providers to do more, and for enterprises to enrich their arsenal with solutions like BitDam’s to detect the malware that slip through their current email security,” Barak concluded.