BitDam Blog

Unknown Threats are The Achilles Heel of Email Security
Liron Barak
Liron Barak
2 minutes & 55 seconds read · April 7, 2020

Unknown Threats are The Achilles Heel of Email Security

How secure is your organization’s email? Unfortunately, a lot less secure than many people think. For example, did you know that up to 45% of emerging threats bypass at least one of the leading email security products?

In a must-read study entitled “Unknown Threats: The Achilles Heel of Email Security”, BitDam researchers follow up on a previous study to provide even more updated, in-depth and actionable information around the email security threat.


A Quick Primer

It’s no secret that most cyber attacks start with an email bearing a malicious file or link. While organizations rely on email security products to protect their email, malicious files and links regularly bypass the leading email security products – leaving them vulnerable to attacks including Ransomware, Phishing and malware leading to Data Breaches.

Two factors compound this threat:

        • Many “mainstream” email security products struggle to detect threats they encounter for the first time (“Unknown Threats at First Encounter”)
        • Attackers are leveraging automation to mutate common threat variants, resulting in a massive increase in Unknown Threats


  • This creates the perfect storm for attackers and can potentially inundate security products. All this, and more, is in the latest study.
  • The Study – What’s New

    The study now covers five months of empirical data, and includes a strengthened conclusion from the original study thanks to more data from Office 365 ATP and G Suite Enterprise.

    In a major step forward, the study now includes data from Proofpoint TAP, one of the market leaders in the U.S. (Spoiler alert: it too has a Miss Rate over the study period of over 20%).

    The study showcases updated metrics such as Miss Rate at First Encounter and Time To Detect (TTD) for the leading email security solutions.


    Key Findings

    What’s distressing is that the email security systems in the study – Microsoft’s Office 365 ATP, G-Suite Enterprise and ProofPoint TAP – have high miss rates of 20% to 40% for Unknown Threats at First Encounter.

    45% of threats bypass at least one of these leading products and it takes them between 10 and 53 hours (yes, that’s over 2 days) to start protecting against the threats they first missed.

    Study Graph

    Who Stopped It Best?

    We’ll let you go over the data in-depth in the study, but a quick summary shows how these solutions compare over the period analyzed:

    • Office 365 ATP: Miss Rate of 25%. Average TTD is 53 hours.
    • G Suite Enterprise: Miss rate of 35%. Average TTD is 32 hours.
    • Proofpoint TAP: Miss rate of 23%. Average TTD is 10 hours.


    Does Having A Combination of These Protect Me?

    Unfortunately, the answer is no.

    In an example where a combination of Proofpoint TAP and Microsoft Office 365 ATP are used, the data shows that Office ATP only picks up around a third of what Proofpoint misses. Even if your security stack includes more than one of these solutions – such as this particular common combination – you are still exposed to 15% of threats.

    Proofpoint data


    Staying Protected

    As the study shows in detail, the security products many organizations rely on to protect their email fail to provide protection against unknown threats – much like a vaccine that protects against the previous mutation of a virus, and not the next one.

    In case you were wondering, BitDam was able to correctly identify all the unknown threats missed by the email security products covered in the study. Making BitDam ATP the natural choice for augmenting current email security products, and effectively addressing the risk customers face today from their incoming email.

    Download the updated study and see the real-time data here.

Schedule a Demo

Enter your email to get a free trial invitation