If your contract with your email security provider is up for renewal, it might be a good time to take a step back and consider how that provider is performing. As work becomes more disparate in terms of platforms and more connected with external partners, it's imperative to analyze your provider as to how it interacts with all facets of internet security.

When you do that review, you will realize that your email security provider is likely operating with flaws that you might not even know about and that a change is overdue.

Why Proofpoint and Mimecast Can’t Protect Everything

Take some of the most popular email security providers, like Proofpoint or Mimecast. Both work similarly. They redirect traffic through their cloud-based proxy before it reaches your email server.

But because of that construction, there’s a fundamental flaw—they cannot scan for internal threats. Corporate accounts are now accessible from anywhere, and so attackers will try to use stolen credentials for attacks. An attacker can impersonate an internal employee using stolen credentials and Proofpoint or Mimecast will miss it.

More than that, it actually disables Microsoft and Google’s default security settings, which are particularly powerful for anti-phishing. You end up relying on one system, instead of two, and you will be more liable for an attack, internal or external.

Plus, hackers will know that you are using Proofpoint or Mimecast. These MTA-based solutions make you change your DNS MX record. Hackers can reverse engineer that and use malware they know can bypass your settings.

Not only is your email not as secure as you think, but these services only protect email. More and more of business is moving off of email and into file-sharing, collaboration and messaging. Office 365 and G-Suite are powerful business tools that allow you to create documents, have multiple people work on that same document from multiple places and allow for instant messaging. Decisions are increasingly made in these apparatuses, not on email.

But Proofpoint and Mimecast do nothing to protect these services, which are all vulnerable to impersonation, malicious files and data and phishing. Even G-Suite and Office 365 spend most of their energy on protecting email. The more your company moves away from email, the more you need to ensure everything your company touches is protected.

How Avanan Works To Protect The Emails Proofpoint and Mimecast Miss


Avanan doesn’t have the same holes that Proofpoint and Mimecast do. Avanan uses API to add security. It lives after the default filters but before the message reaches your inbox. Anything that Microsoft or Google miss? Avanan will catch it.

Plus, Avanan doesn’t have the same architectural flaws that Proofpoint and Mimecast have. Avanan connects directly to your API, with no proxy. Avanan can better monitor inbound, outbound and internal emails that these other services would miss. We can also look into the company’s inbox for previous attacks to help identify compromised accounts.

Unlike secure email gateways, Avanan lives as an API, which means that hackers don’t know what security you are using. Avanan provides the same protection for the entire G-Suite and Office 365, as well as applications like Slack, Dropbox, Box or SharePoint. Every tool that you choose to add via the Avaanan platform is completely untraceable to hackers.

If you’re up for renewal, you owe it to your company’s security to critically analyze how your current provider is performing. And given some of the inherent flaws to the more popular programs, you owe it to yourself to strongly consider Avanan.