Email Security

    August ESRA Report: Incumbent Email Security Systems Missed 200,000 Malicious URLs

    Learn more in Mimecast’s latest Email Security Risk Assessment Report.

    by Matthew Gardiner

    I am happy to report that Mimecast’s Email Security Risk Assessment (ESRA) testing and reporting continues to chug along, now in its 6th quarterly iteration! For those of you who are new to ESRAs let me first explain what they are. 

    What is an ESRA Report?

    In an ESRA test the Mimecast service reinspects a participating organization’s emails deemed safe by their incumbent email security system. We do this over a period of time, usually between a week and a month of testing. An ESRA test passively inspects emails that have been inspected and delivered to their employees.

    In security terms, an ESRA is really a false negative hunting test, where the Mimecast email security service inspects delivered emails for missed spam, malicious files, impersonation emails, and now – new with this testing cycle – emails containing malicious URLs.

    4 Key Points from the New ESRA Report

    • We’ve mashed through 100 million emails inspected! We’ve now inspected almost 143 million emails that were deemed safe by the test subject’s incumbent email security system.
    • Broke 250,000 cumulative email users and 1,200 days of cumulative testing!
    • The primary incumbent email security vendors continued to be Microsoft Office 365™ and Proofpoint which in aggregate represented 83% of all inspected emails.
    • For every 50 emails inspected one had at least a single malicious URL that was not caught by the “on-duty” email security system.

    As was discussed above, during this quarter of testing we added a new feature, the ability to check inspected emails for malicious links. Of course, the production Mimecast email security system with Targeted Threat Protection – URL Protect has been protecting organizations from malicious links for a long time. But we needed to do some development work to bring the URL Protect inspection logic over to the testing service that we use to conduct ESRAs. Suffice it to say we will be including URL inspections in as many ESRA tests as we can going forward.

    For this just completed quarter of testing, the results do not look good for the incumbents. We found more than 200,000 malicious links in 10 million supposed safe emails or roughly one malicious link for every 50 “safe” emails.

    Stay tuned for the 7th quarterly ESRA release, with planned availability before the end of 2018!



    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Haut de la page