Nearly all of our customers--95%--use our patented inline mode for email security.
Some, although very few, choose to use one of our other modes, Detect & Remediate. Detect & Remediate is the only mode that other API can offer.
Our customers have the option to choose between our patented inline mode and Detect & Remediate mode, with the latter being the only mode available from other API vendors. While some opt for the Detect & Remediate mode, they often switch back to inline once they experience the difference. We offer flexible enforcement options that can be customized for each individual or group. Some can be inline while others can use the Detect & Remediate mode.
There is a crucial difference in how our inline operates. We utilize transport rules to connect and analyze the mail, not journaling.
In our Detect and Remediate mode, we utilize journaling to retrieve a copy of the email for analysis.
As other APIs fetch email copies through API calls, it can pose a problem when scaling up. These calls can result in Microsoft throttling, hindering the process.
Rather than a ping command, an API vendor interacts with the cloud email provider using numerous API calls per email. These calls include:
An API call to learn about the new email
An API call to retrieve a copy of the email & its content
An API call to download the attachment
Processing by the API vendor to determine if the email or its attachment is malicious
If it’s malicious, an API call to move or delete the email or remove it from the user’s inbox
Do this for large user bases and the problem becomes apparent. As Microsoft explains,
“When a throttling threshold is exceeded, Microsoft Graph limits any further requests from that client for a period of time. When throttling occurs, Microsoft Graph returns HTTP status code 429 (Too many requests), and the requests fail.”
Further, if you google “microsoft API throttling limits 429 error” you’ll see overwhelming evidence that throttling is real and does absolutely happen. The question for your API provider, is not “Are you throttled?” but “What happens when you are throttled?” In the article above, Microsoft lays out a whole series of best practices for vendors to implement when throttling does occur.
If the inline mode seems overwhelming, you can always switch to the detect and remediate mode, which is the only option available from other API vendors. While it may not be as comprehensive as inline, it's still a better alternative than relying solely on APIs. If Microsoft experiences any disruptions, those who rely solely on APIs will be left in a vulnerable position.
When a solution relies 100% on the Microsoft API, that means that they rely 100% on Microsoft. If Microsoft goes down, so do they.
Case in point: One status page for an API competitor said that email processing and remediation “may have experienced delays.” This occurred for a number of hours until Microsoft fixed the issue on their end.
Once the outage was fixed, the API solution had to rescan all the emails in that window.
If you solely rely on API-only solutions, you may have been left exposed during Microsoft's delays. With an average of 120 emails received by individual users and millions in large enterprises, a few hours of unprotected messages can pose a significant risk. Phishing emails, which can be acted upon in as little as 82 seconds, can remain in inboxes for hours, making them a ticking time bomb.
Simply put, Microsoft's Graph API was not intended for email security implementation. It lacks an inline mode, doesn't offer any SLA on delivery or update times, and will throttle the service to protect from load, potentially degrading performance if load does occur. Ultimately, if it can't guarantee performance during times of high demand or outages, it won't be able to meet the needs of services that require timely responses.
Our service offers the flexibility to customize your deployment to fit your company's unique needs. Whether you prefer inline mode or Detect & Remediate mode, you can mix and match to create the perfect solution. Plus, our service was specifically designed with the cloud in mind, ensuring seamless scalability for your business.