Learn more in Mimecast’s latest Email Security Risk Assessment Report

ESRA 2018.png

Is a false negative rate of 12% a large number or a small one? I suppose it depends on your perspective. If your email security system lets in 12 unwanted emails—whether spam, phishing, impersonations, emails containing malicious links or attachments—for every 100 unwanted emails that arrived at your organization’s doorstep, would you be okay with that?

I will leave it to you to decide based on what you consider reasonable and acceptable. But this is what our extensive Email Security Risk Assessment (ESRA) data collection and analysis has found.

I am happy to report that Mimecast’s Email Security Risk Assessment (ESRA) testing and reporting continues to chug along, now in its 7th quarterly iteration! For those of you who are new to ESRAs let me first explain what they are. 

In an ESRA test the Mimecast service reinspects a participating organization’s emails that were deemed safe by their incumbent email security system. This is based on actual inbound email traffic, not on test email. We run this test over a period of time, usually between a week and a month at each organization. An ESRA test passively inspects and records the results of real emails that have been delivered to their employees.

In security terms an ESRA test is a false negative hunting program, where the Mimecast email security service inspects delivered emails for missed spam, phishing, malicious files and URLs and impersonation emails. Summary data is then generated for each test.

What we found in December's ESRA

Here are the key findings from our December ESRA:

  • Dangerous File Types showed up and got though at an increased rate. Showing a 25% increase from the last ESRA quarterly test. Dangerous file types are rarely sent via email for legitimate purposes, such as: .jsp, .exe, .dll and .src files, but that can be used to facilitate multiple types of malware led attacks.
  • In aggregate Mimecast has inspected more than 180 million emails and detected more than 21 million unwanted emails (12% of the total) as part of this ESRA program. Representing a large test of the most common email security systems in use by organizations.
  • Other than spam, the largest category of unwanted emails that have been detected are impersonation attacks, which to date have tallied 42,350 misses. Impersonations can be particularly difficult to detect since they often don’t include malicious files or URLs, they often use only sophisticated social engineering to get the target to do what they shouldn’t.

If you are interested in some vendor specific breakdowns of this data, specifically with Microsoft and Proofpoint as the incumbent, please check out page 2 of funnel infographic.

Stay tuned for the 8th quarterly ESRA release, anticipated in March 2019!

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

Understanding the Latest Malware Techniques

Here's the lowdown on how attackers may …

Here's the lowdown on how attackers may be going after you. … Read More >

Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted Dec 07, 2018

Why Look-Alike Domain Attacks Are Rising

Here’s what to know about look-ali…

Here’s what to know about look-alike domain attacks. … Read More >

Matthew Gardiner

by Matthew Gardiner

Principal Security Strategist

Posted Oct 11, 2018