As a security vendor deeply embedded in the Microsoft space, we often get asked by clients and prospects to provide performance metrics against Microsoft’s own security products. While this is easy when it comes to quite-literally-every-other-security-vendor-out-there, it’s not possible with Microsoft.
Email and Network Security is an industry that is built to battle on performance. In an era of rampant cyber criminality, it’s shocking to me that Microsoft continues to refuse to submit its security products to peer review. Their reasons may be very good from a business perspective, but are all but unethical from a security perspective. If you are interested in a detailed analysis, you can find it here in our most recent whitepaper.
Each month, the Virus Bulletin (VBSpam) independently tests anti-spam and anti-malware effectiveness for the leading email filter vendors that volunteer to participate. VBSpam recently found that modusGate by Vircom captured 99.96% of all spam, phishing, malware, and forbidden attachments. VBSpam also tests whether a filter mistakenly blocks any legitimate email and whether filters effectively block email that contains links to malicious websites. Vircom’s modusGate is top rated in all areas.
Some industry estimates informally place the Office 365 catch rate at about 99%. For a user who receives an average of 50 spams per day, a Vircom user would receive about one email a month while an off-the-shelf O-365 user, according to the informal catch rate, would receive 20 per month. Allowing only 0.05% of malware through versus 1% of malware through is actually a 20x difference!
One reason Office 365’s catch rate is difficult even for industry insiders to calculate is that security is not implemented uniformly across all O365 subscriptions. Office 365 key security mechanism are Exchange Online Protection (EOP), the email security service, and Advanced Threat Protection (ATP), a premium feature that moves never-seen-before malicious attachments into isolation and blocks user access to website links that are known to be malicious. The cost of EOP and ATP are included in a higher-cost subscription or are purchased separately on a per-user basis for lower-cost subscription levels. Thus, companies that rely on O-365 are usually confused about whether they already have EOP and ATP or must purchase it. Microsoft encourages this confusion and is well-known for having overly complex pricing structures in their products, a strategy that results in customers buying things they don’t need or over-paying for things that they do need.
Blocked Emails Avoid Costs
Who cares if a worker has a few less unwanted emails per year with a better email filter?
Anyone who understands the potential cost of a breach; that’s who.
You’ve likely already read the studies like the 2015 Cost of Data Breach Study: Global Analysis, produced by the Ponemon Institute. That study found that each record that identified an individual that was compromised in malicious or criminal attacks cost $170. The average total cost of a data breach was $3.8 million for the organizations studied. That $3.8 million number is large, no doubt, and applies to larger enterprise-size companies. Yet even for SMBs, such an attack can run from a few tens of thousands to several hundred thousand dollars.
Many of the most expensive breaches are caused by Advanced Persistent Threats, slow moving attacks that can hide inside of networks for years. Some studies show that as many as 90 percent of APTs begin with a malicious email that appears to come from a trusted party. The recipient clicks a link or opens an attachment, and accidentally downloads a small piece of software that allows an attacker to enter the network and expand the attack from there.
How many extra phishing and spam emails will stay out of user Inboxes if you add Vircom to your Office 365 deployment? That would be easier if Microsoft subjected itself to formal third-party independent testing, like Vircom does.
In addition, companies with email security as an add-on do not necessarily receive the same security features as premium subscribers. Functionality sometimes varies based on how the service is purchased, making it even more difficult for companies to understand the purchased level of protection.
Analysts have noticed the O365 security weakness. “Microsoft is accelerating feature improvements at an impressive pace; however, reference customer satisfaction with spam detection rates remains low, and Gartner customers continue to report Microsoft’s spam detection rates lag other leaders and visionaries,” according to Gartner’s Magic Quadrant for Secure Email Gateways.
What makes Vircom so effective is our proactive approach to security: by being at the cutting edge of technological advances, we’re one step-ahead of understanding IT threats and challenges and living up to our credo of proactive security and preventing future problems before they occur.
With Vircom, you know what you get: our award-winning products delivered by a team of security experts obsessed with serving customers well. We work hard, so you can have peace of mind and focus on your own priorities. You’ll also be protected in the event of an Office 365 outage.
You can review Vircom’s Office 365 Email Security offering here.
For a more thorough discussion of the security limitations of Office 365’s off-the-shelf email, check out our white paper.