Email Security

    December ESRA Report: Aggregate False Negative Rate of Incumbent Email Security Systems is 12%

    Learn more in Mimecast’s latest Email Security Risk Assessment Report

    by Matthew Gardiner
    esra-2018.png

    Is a false negative rate of 12% a large number or a small one? I suppose it depends on your perspective. If your email security system lets in 12 unwanted emails—whether spam, phishing, impersonations, emails containing malicious links or attachments—for every 100 unwanted emails that arrived at your organization’s doorstep, would you be okay with that?

    I will leave it to you to decide based on what you consider reasonable and acceptable. But this is what our extensive Email Security Risk Assessment (ESRA) data collection and analysis has found.

    I am happy to report that Mimecast’s Email Security Risk Assessment (ESRA) testing and reporting continues to chug along, now in its 7th quarterly iteration! For those of you who are new to ESRAs let me first explain what they are. 

    In an ESRA test the Mimecast service reinspects a participating organization’s emails that were deemed safe by their incumbent email security system. This is based on actual inbound email traffic, not on test email. We run this test over a period of time, usually between a week and a month at each organization. An ESRA test passively inspects and records the results of real emails that have been delivered to their employees.

    In security terms an ESRA test is a false negative hunting program, where the Mimecast email security service inspects delivered emails for missed spam, phishing, malicious files and URLs and impersonation emails. Summary data is then generated for each test.

    What we found in December's ESRA

    Here are the key findings from our December ESRA:

    • Dangerous File Types showed up and got though at an increased rate. Showing a 25% increase from the last ESRA quarterly test. Dangerous file types are rarely sent via email for legitimate purposes, such as: .jsp, .exe, .dll and .src files, but that can be used to facilitate multiple types of malware led attacks.
    • In aggregate Mimecast has inspected more than 180 million emails and detected more than 21 million unwanted emails (12% of the total) as part of this ESRA program. Representing a large test of the most common email security systems in use by organizations.
    • Other than spam, the largest category of unwanted emails that have been detected are impersonation attacks, which to date have tallied 42,350 misses. Impersonations can be particularly difficult to detect since they often don’t include malicious files or URLs, they often use only sophisticated social engineering to get the target to do what they shouldn’t.

    If you are interested in some vendor specific breakdowns of this data, specifically with Microsoft and Proofpoint as the incumbent, please check out page 2 of funnel infographic.

    Stay tuned for the 8th quarterly ESRA release, anticipated in March 2019!

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top