Malicious files and links regularly bypass all the leading email security products, leaving enterprises vulnerable to email-based attacks including Ransomware, Phishing and data breaches (and more specifically, Emotet, Dridex, Maze, Lokibot, Wannacry and more).
We see this first-hand working with customers. Installed as a last line of defense, BitDam ATP for email detects malicious attachments that slip through various SEGs. When customers use our Breach Attack Simulation (BAS) tool for email, their email security products score poorly, failing to block most of the samples included in our BAS test.
We also know that increased use of automation allows attackers to create many ‘mutations’ for each malware or malicious file, potentially inundating email security products with new unknown threats. Could this explain the shortcoming of email security products? To answer this question we conducted an empirical study to measure their ability to detect Unknown Threats at First Encounter.
The study entails retrieving very fresh samples of malicious files from various feeds and sources, qualifying them as Unknown Threats, and then sending them to mailboxes protected by Office365 ATP, G-Suite Enterprise or ProofPoint. We measure miss rate at first encounter and Time To Detect (TTD) for these Unknown Threats – see the adjacent charts.
Our findings show a miss rate of 20-40% and a Time To Detect of 24-48 hours (!). This Detection Gap keeps enterprises continually unprotected against unknown threats.
BitDam’s Advanced Threat Protection (ATP) solution is threat-agnostic, has a very low miss rate of unknown threats, thus significantly reducing the risk of successful email-based attacks.
Install BitDam’s feed app “Lucky Meter” to get in-the-wild samples to your account and see how exposed you are.