“We can validate the great volume of email-based attacks that Microsoft’s software has been missing, yet are then caught by Trustifi’s solution. This is based on the amount of threats our solution filtersafterthe Microsoft security products have already screened data heading for the exchange server. Examples are numerous as to be frightening,” said Maor Dahan, chief technology officer at Trustifi. “Here’s how the architecture works: When Trustifi is deployed as an additional layer on top of Microsoft security, Microsoft’s module scans emails before they are deployed to Trustifi. By definition, the emails Trustifi receiveshave not been stoppedby Microsoft’s security filters. Yet Trustifi’s software will go on to identify a significant amount of compromised email messages among those that Microsoft’s filters already let pass.”
In Trustifi’s study, the resulting statistics are sobering:
Spam– Microsoft’s security let 76% of spam emails pass through their scans that were later identified as compromising by Trustifi’s cyber security tools.
Malicious Files– Microsoft’s filters missed 38% of malicious files that were then detected by Trustifi’s solution.
BEC/VEC Emails– These emails typically consist solely of text or voice messages without any links or attached files. They often are the result of a cybercriminal hacking into a valid high-level personnel account and requesting that colleagues do things like transfer money via wire or reveal sensitive credentials. Due to a lack of sufficient AI-based tools to address these context-based emails, Microsoft’s security missed 93% of these attempts.
Malicious Links (primarily phishing attacks):Microsoft missed 65% of this content, which was passed along to Trustifi’s filters.
Gray Mail:Microsoft does not offer “gray mail” classification, pertaining to solicited bulk email that is not treated as spam since its source is legitimate. Yet this data could still contain malicious elements.