There are scores of API-based vendors who try to do what we do. Since none of them can prevent before the inbox, they are operating at a disadvantage. To make up that gap, competitors have resulted to throwing out lies about Avanan.
Here, we dispel some of those myths.
Myth 1: The Definition of API
What they say: API-based protection for Avanan means they use an API to set up SMTP mail flow rules (aka mail transport rules, aka journaling rules) to route mail outside the client tenant and back. For API-based protection with IRONSCALES, we communicate with Google Service Management, Service Usage, and Admin SDK APIs with HTTP traffic, the mail itself is not routed externally via SMTP.
The Avanan Truth
Ironscales is making a couple of incorrect assumptions. First, they are assuming that the customer isn’t interested in scanning the emails prior to delivery. They are assuming the customer isn’t concerned about preventing emails from reaching their end-users. To rely only on APIs makes it impossible to prevent inbox incursions and subjects the technology to Google and Microsoft throttles, something that impacts scalability with larger environments
The second assumption Ironscales is making is that they have some secret sauce when it comes to remediation. Their only form of remediation is what we call “Detect and Remediate”. This means the email is removed from the inbox after delivery giving users ample opportunity to open the email and click on the links (They’ll say milliseconds. This is not the case and you should challenge this to see it in action). “Detect and Remediate” is one of two options we offer. The second is the “Prevent” mode. That provides a prevention layer in simple words, above and beyond the “Detect and Remediate; This means we scan emails pre-delivery and prevent delivery of malicious emails. Something they CANNOT do. We don’t charge extra for our “Prevent” policy because it’s the best form of email security. This is the much-preferred email security policy by our customers.
Myth 2: Message Inconsistency
What they say: Avanan continually changes the messaging in an effort to confuse the market about what they actually do and how.
The Avanan Truth
We feel we’re pretty transparent and we are proud of this. Avanan’s message has been clear and consistent, and has not changed. We firmly believe that prevention is a key security method, and any other method (reacting and remediating after something happens) is not the optimal method. Between all our blogs, cartoons, white papers, webinars, press, there’s not a bunch of smoke and mirrors.
Myth 3: Where the Messages Go
What they say: Every single message sent to the customer domain with Avanan will leave their environment and go to the Avanan cloud.
The Avanan Truth
Messages do indeed flow to Avanan to be scanned for spam/phishing/malware; this is exactly how we sit inline and prevent inbox incursions. What IronScales and others are leaving out is that they scan in their environment as well. Most likely, they are using the API to download and scan the email–all while the email remains in the inbox. Though they claim it takes milliseconds to remove the email after the download and scan, that’s impossible, as the connection between their servers and Google or Microsoft takes more than a millisecond, let alone the time needed for analysts. That’s why the average time the email remains in the inbox is actually three minutes and three seconds.
Myth 4: What Happens When Something Goes Down
What they say: If their cloud goes down or their technology malfunctions, mailflow will be impacted. We know this because former Avanan customers tell us it goes down and you can see the visibility on their status page. Further, the standard operating mode for Avanan is to introduce delays to do their scanning like a traditional SEG these delays can range from seconds to minutes. We've seen these in competitive bakeoffs in the headers of the mail.
The Avanan Truth
Messages do indeed flow to Avanan to be scanned for spam/phishing/malware; this is exactly how we sit inline and prevent inbox incursions. “If their cloud goes down or their technology malfunctions, mailflow will be impacted” – this is not true. If there is a failure of some sort that impacts mail flow (inline capability), we default to a “fail open” architecture – resorting to Detect & Prevent mode (the API method that Ironscales uses) until everything is back to normal.
Any technology that is placed inline, will introduce some latency. For typical email messages, this is the realm of 1-2 seconds. For messages that have larger attachments, this can take upwards of a couple of minutes – this is due to Sandboxing technology that takes place pre-delivery, making sure messages are clean prior to being presented to the end user. We also offer CDR/Threat Extraction capability to reduce this time, providing recipients with a sanitized version prior to receiving the full sandboxed/clean version.
Myth 5: Account Takeover Protection
What they say: Their ATO protection is just a marketing phraseology showing the equivalent of our Impersonation Protection which we provide either with banners or direct remediation. It is not looking at logins, inbox rules, impossible travel, etc.
The Avanan Truth
Avanan has 300+ indicators for spam and phishing detection, by default. This includes all aspects of account takeover, business email compromise, user impersonation, etc. All of this is done automatically inside of the AI/ML engine. Adding to this, is the Check Point ThreatCloud engine, providing cross-platform and worldwide systems intelligence – building on much more than just email data.
Protection based on email banners or direct remediation (meaning detecting and removing messages after they have been delivered) does not prevent anything. This is reacting to threats and hoping it is fixed “fast enough” before end users see it.
Avanan 100% looks at other data: the Anomalies engine looks for user account indicators of compromise- items such as impossible travel, first time logins from foreign locations, massive sending, mail forwarding rules enabled, etc. We also have ShadowIT to detect potentially unwanted programs in addition to the Anomalies engine.
To put the magnitude of Check Point's ThreatCloud intelligence into perspective:
100,000+ customers - Number of global customers leveraging ThreatCloud
150,000 connected networks - Number of connected networks reporting into Check Point's ThreatCloud with millions of endpoints worldwide
12 Device Types - Number of device types reporting into ThreatCloud including endpoint, mobile, network device, cloud, and email
86 billion - Number of transactions processed by ThreatCloud per day
7,000 detections of zero day threats detected each day
650K suspicious websites detected per day
6.8 Billion malicious website connections blocked last year
185 Million malware downloads blocked last year
778 Million vulnerability exploit attempts last year
200+ of the world’s renowned threat research team - full time threat researchers discovering some of the most significant unknown software vulnerabilities
30+ AI Technologies under one single product
We use all of this to stop threats before they enter the mailbox. This will significantly reduce the number of attacks that reach users and need corrective actions. If a user does get compromised we will detect and help remediate