Skip to main content

Malicious files evading email security products

Email warning
(Image credit: Shutterstock)

Enterprises could be even more vulnerable to email-based attacks according to a new study from BitDam which shows that malicious files regularly bypass all of today's top email security solutions.

The firm's study titled “The Blind Spots of Email Security” measured the ability of email security products to detect unknown threats at first encounter. 

By using fresh samples of malicious files from a number of sources and qualifying them as unknown threats, BitDam was able to calculate the miss rate at first encounter as well as the Time To Detect (TTD) of today's top email security products.

Detecting unknown threats

According to the study's findings, the miss rate over seven weeks at the end of 2019 was about 23 percent for Office ATP while the TTD average was about 48 hours. However, close to 20 percent of missed unknown threats took four or more days to be detected and Office 365 ATP was 'blind' to selected unknown threats it did not detect at first encounter. For G-Suite, the miss rate was 35.5 percent and the TTD average was bout 26 hours with around 10 percent of missed unknown threats taking three days or more to be detected.

These large detection gaps provide proof of how enterprises are often unprotected against unknown threats and this can lead to successful email-based attacks such as ransomware, phishing and malware.

Former founder and CTO of Bromium, Simon Crosby praised BitDam's study for pinpointing the unacceptable gap in detection time by many email security products, saying:

“Mind the gap! is as relevant to CISOs as it is to riders on the London Underground. The time gap between malware delivery and subsequent detection by the industry’s most widely used endpoint protection suites solutions is shockingly long - in practice long enough to be useless. BitDam’s recent study pinpoints this unacceptable gap in detection time, showing that organizations are exposed to cyberthreats for many hours, or even days, before their email security identifies these as malware.”