New Large Email Security Gap Analysis Shows a Massive 15% Failure Rate



Mimecast_ESRAWe thought it was bad when we saw Cyren's recent analysis that 10.5% of bad emails made it through the filters. 

It could even be worse than that.

"Mimecast's latest ESRA (email security risk assessment) report found more than 14,277,163 pieces of spam, 9,992 emails containing dangerous file types, and 849 unknown emails with malware attachments -- all missed by the incumbent providers and delivered to users' inboxes.

Overall, the Mimecast security service determined that more than 14 million of the more than 95 million emails, or 15%, were in fact “bad” or “likely bad.”

In other words, the overall false negative rate in aggregate for the incumbent security systems that were tested was 15% of all emails inspected by Mimecast.

The Mimecast security inspections occurred passively after the incumbent email security system executed all of its security filters. Most notably, 11,653 known emails with malicious attachments passed through these systems, an increase of 532 percent in comparison to last quarter's assessment.

“Mimecast's ESRA (PDF) is aiming to establish a standard of transparency that raises the bar for all security vendors helping organisations pinpoint weaknesses in their defenses,” said Matthew Gardiner, cyber-security strategist at Mimecast.

Gardiner continued: “Emails ranging from opportunistic spam, targeted impersonation attacks and unknown malware are getting through incumbent email security systems. The security system of one primary cloud email platform missed 76.6 percent of the aggregate impersonation attacks while another global security vendor missed the 83.4 percent of the “known” malware attachments.”

msa-screen2Do you know what's getting through your mail filters?
 

KnowBe4 is excited to announce that now you can use our brand new, innovative Mailserver Security Assessment (MSA), to help you assess your organization’s mailserver configuration settings and check the effectiveness of your email filtering rules.

With email still the #1 attack vector used by the bad guys, MSA helps you to see what types of messages may make it through your filters from the outside.

MSA gives you a quick insight at how your mailserver handles test messages that contain a variety of different message types including email with attachments that contain password-protected, macro zipped, and .exe files or have spoofed domains.

Here’s how MSA works:

  • 100% non-malicious packages sent
  • Select from 30+ automated email message types to test against
  • Saves you time! No more manual testing of individual email messages using MSA's automated send, test, and result status
  • Validate that your current filtering rules work as expected
  • Results in an hour or less!

Find out now if your mail server is configured correctly, many are not!

Test My Mailserver!

Don't like to click on redirected buttons? Copy & Paste this link in your browser.

https://info.knowbe4.com/mailserver-security-assessment-blog


Topics: Email Security

Subscribe To Our Blog


Domain Spoof Test Contest




Get the latest about social engineering

Subscribe to CyberheistNews