There are two types of API-based email security solutions. One method remediates malicious emails only after it reaches the inbox. The Avanan method is different, preventing malicious emails from ever reaching the inbox in the first place. This distinction is important. On average, it takes other API solutions three minutes and three seconds to remediate and remove a malicious email from the inbox. However, users click on phishing emails in just 82 seconds. That means that the malicious email is in the inbox longer than it takes a user to click on it. In this blog, we highlight a conversation we had with an IT admin that had used another API-based solution. While using it, the "worst case" scenario occurred: an end-user opened an email and clicked on a malicious attachment, before the engine had a chance to remediate. With Avanan, that worst case scenario won't occur, because the malicious email will never reach the inbox in the first place.
In 2018, Avanan researchers discovered the ZeroFont phishing technique, whereby hackers insert hidden words, all with the font size of zero, that are invisible to the recipient but fool Natural Language Processing. Now, we've observed a similar attack that uses OneFont, along with other obfuscation methods, to get a credential harvesting attack into the inbox. To get into the inbox, hackers hide links with the CSS. They also put the links within the font tag, and brought the font size down to one. Finally, they used invalid parameters, such as setting the "Padding Left" to ";". These methods, when combined, lead many scanners to treat the email as a marketing email, not a phishing one.
In a new report, Omdia praised Check Point's acquisition of Avanan. They noted that the addition of Avanan "into Harmony should position Check Point as a stronger WFH security contender." Additionally, they noted that Harmony now secures "remote workers, their devices, and their data, with protection from malicious files, URLs, and phishing across email, collaboration suites, web, network, and endpoint." The full report, which can be accessedhere, further highlights the benefits of the deal.