As promised in my last ESRA update blog, we are now ready to drop our third quarterly release on you.
But before I get into the details of this ESRA report let me explain what the Mimecast Email Security Risk Assessment program is all about. In an ESRA, Mimecast uses its cloud-based Advanced Security service to assess the effectiveness of other email security systems in use by real organizations with their real daily email. An ESRA test passively inspects emails that have already been inspected by the organization’s incumbent email security system and delivered to their email management system for delivery to its users.
In an ESRA, the Mimecast service re-inspects the emails deemed safe by the incumbent email security system and thus looks for false negatives, such as missed spam, malicious files, and impersonation emails that were passed through for delivery.
Getting back to the specifics of this release, it is interesting to note that the clear majority of inspected emails – greater than 80% of them - resulted from tests which were run with Microsoft Office 365 or Google G Suite as the incumbent email security systems for their organizations.
In aggregate for all the ESRAs we have completed to date, there were:
- 62,323 emails users
- For a cumulative 428 days
- And 45,095,991 total emails were inspected
In aggregate, we found:
- 10,871,789 spam type false negatives or 24% of delivered mail would have been blocked or quarantined as spam by Mimecast. By our estimates, this would waste as much as 45K hours of user time to sort through and delete these emails!
- 8682 dangerous file types as attachments could pass through to the inboxes of users. Dangerous file types are the approximately 1900 file types that are rarely sent via email for legitimate purposes, such as: .jsp, .exe, .src.
- 2281 malware attachments in total snuck through the incumbent security systems’ defenses. 1778 we characterized as “known” malware samples as they were caught with Mimecast’s Anti-virus engines. 503 malware attachments were considered “unknown” malicious files as they required sandboxing to catch. Both, of course, can put your users at risk if they get through.
- 9677 emails were false negatives that the Mimecast inspection policies characterized as impersonations – potentially malicious emails that contained no malware, but were spoofing another sender and often encouraging the recipient to do something they shouldn’t, like initiate a wire transfer!
Overall the entire test found that nearly 11 million of the more than 45 million emails that were inspected by Mimecast was incorrectly passed by their respective incumbent email security systems.
What is my conclusion? There is a lot of work to do to truly make email safer for business.