Smaller organizations are more prone to appoint IT admins with global admin rights as a “catch all” privilege, especially where the company might have started their cloud journey with Office 365. This might be compounded where in small companies, an admin will be expected to support a wider breath of technology. However, this goes against least privilege guidelines for companies looking to a “zero trust” model.
Microsoft Active Directory has been commercially available for more than 20 years. As noted in Image 1 below, the core appeal of the product is being an effective platform for authentication and providing policies at enterprise scale. However, the core premise of Microsoft Active Directory in providing effective services, is for end users to be onsite. During the time of Covid-19 with more companies shifting to a hybrid work model, Microsoft Active Directory is becoming problematic to end users.
The cornerstone of this issue is the companies relying on VPN access. Most company VPNs operate on the following assumptions:
When we redefined email security in 2015 with an API-based approach, it was just us. Today, while there are probably a dozen API-based email security vendors in the market, Avanan still continues to dominate with over 5000+ customers worldwide and top rankings from Gartner Peer Insights (#1 ranked), G2 (#1 ranked), and Aite Group (best in class) among others.
Many of the other API vendors have a similar sounding story at the surface, sometimes making it hard to distinguish one from another… Easy to deploy, AI-enabled, APIs, etc. Some of them use hype as a means to impress. But at the end of the day, it comes down to capabilities.
While some of these stories seem to blend together, it's probably worth a few minutes to look a layer deeper to better understand how Avanan compares. Specifically, how does our leadership in this area translate to more experience, a better product with more capabilities and global reach?
Today, the number of customers we serve is more than all the other API-based vendors combined with 60% of our business coming from large enterprises (>5000 seats). It is quite an easy argument to make that a company that has been doing this for six years and 5000+ customers certainly has more experience than a two-year-old company with 70 customers. So why does more experience matter? It matters because experience is critical in providing security for a mission-critical application for the enterprise. As Albert Einstein once said, “The only source of knowledge is experience”. Or John Keats who said, “Nothing ever becomes real till experienced”.
Our experience has given us the best product in this space with capabilities far beyond the other much less experienced API-based vendors. For example, we give our customers the option to block malicious emails before they reach the user’s inbox. The other API-based vendors only offer what we call “Detect and Remediate”. This means they remove the email from the inbox after it has been deemed phishing, or after the end-user has had a chance to see, open and interact with the email. This is how Avanan started in 2015 and felt like this wasn’t good enough.
The problem with “Detect and Remediate” as the only option is the email sits in the inbox for an average of 183 seconds and creates a race condition. Will the end-user open up the email and engage with the malicious message before the solution has removed it? Our answer to this question is yes. On average, it’s 82 seconds before someone clicks on a malicious link in an email meaning the user beats the API-based solution. Avanan gives you the option to secure email inline so this race condition doesn’t exist. In fact, this is the deployment option 90% of our customers choose.
While securing email isn’t easy to begin with, securing email inline is infinitely more difficult. And getting it right requires tremendous experience. This is why not a SINGLE API-based vendor can offer this as an option. Some talk about one day being able to do this. But thinking about it and actually doing it for some of the largest enterprises are two totally different things.
Getting to this point took a lot of work, and unfortunately, some errors. Some of our customers during our “early inline days” felt these growing pains and it required work to perfect. This road is long and winding but we are thankful to be on the other side. And it’s not a road the other API-based vendors have even begun to venture down and you should think if you want to venture down that road with them. Today with these other vendors, you are left with a single option, “Detect and Remediate”. This is not good enough which is why we moved to add an inline option in 2016.
Experience has not only allowed us to offer inline as an option, it gives us a much greater set of capabilities that other API-based vendors don’t offer. Having been doing this longer than the others with way more customers give us plenty of good customer feedback to only improve the product. This is why we offer DLP, ransomware/malware scanning, open API, internal inline scanning, support for Teams/Slack, search and destroy, Incident Response as a Service (IRaaS)— the list goes on and on. With each customer, we learn and improve just a little more. Here are just a few key capabilities we possess compared to the other API-based vendors.
| Description | Avanan | Other API Vendor | |
| Inline protection as an option. Both external to internal and internal to internal message | Does the solution offer the ability to block Inline before the inbox? |
Yes | No - They are limited to Detect and Remediate. While they may say “milliseconds” it’s more like many seconds. To be exact, it's 182 seconds. |
| Search and Destroy | The ability to search through clean and malicious messages quickly based on multiple criteria and remove them from inboxes after the fact. | Yes | No - Hard to believe but it’s true that most/all of the API-based solutions don’t offer this. |
| Performance is independent of Microsoft or Google throttle limits | The Scalability Problems of Email Security Via API | Yes | No - Microsoft and Google have throttle limits that can impact these providers |
| Ransomware and malware scanning? | 93% of phishing emails are now ransomware | Yes | No - No independent sandboxing scanning solution for all attachments or files |
| Open API | Does the solution have an open API to integrate with 3rd party SIEM/SOAR solutions? | Yes | No - They are dependent on their dashboard for reviewing events. Avanan understand the enterprise leverages existing tools and requires email security to be integrated with those tools |
| Data Loss Protection Scanning | Can solution provide DLP scanning on emails, attachments, drive files, and other collaboration apps? | Yes | No |
| Email Incident Response Security Service | Incident Response-as-a-Service: Let Our Team Respond to Email Tickets | Yes | No. All reported phishing events from end-users will need to be reviewed by your SOC. Unfortunately in a “detect in remediate” deployment, you’ll first need to determine if the email was removed by the API vendor before they reported it. |
Many of our customers come to Avanan from Secure Email Gateways. For example, in the last quarter, 30.9% of our new customers switched from Mimecast.
When they get to Avanan, our customers find the solution to be leaps and bounds better than SEGs, including Mimecast.
One of the most critical things is the difference in architecture.
Introducing a Secure Email Gateway will blind Microsoft and Google's default security to incoming threats.
To install an SEG, you must first disable Microsoft and Google's spam filters — which play a key role in anti-phishing. This is why upon deployment, you will often be advised by Proofpoint or Mimecast to disable your default spam filtering and rely solely on the gateway.
Historically Microsoft has had common cost advantages for customers looking to onboard to the cloud such as reservations and Hybrid benefits (a reduction in cost leveraging on-premises Software Assurance-enabled Windows Server and SQL Server licenses on Azure). But as time has progressed Microsoft has started introducing features which can be only found on Azure exclusively leading to Azure cost savings.
Installing the CrowdStrike Falcon Sensor has sometimes been a challenge on Macs, especially without using a mobile device management (MDM), and recent re-releases from Apple have only amplified that.
Microsoft introduced Azure Budgets as a means to help companies plan for and drive organizational accountability. While many companies view budget enforcement from a traditional perspective such as alerts, currently Azure did not give you more direct options such as shutting down virtual machines (VMs). Using Budgets makes Azure cost management easy.
While these features are not out of the box, Azure Budgets does offer integration with Azure Action Groups. Action Groups provide a means to trigger an orchestrated set of actions resulting from a budget event. Such actions can be turning off machines when a threshold takes place (in this case when the budget is exceeded by a certain amount), for example. The action groups in term can then execute a PowerShell script (within an automation account) to perform the cost savings action.
It should be noted: this course of action does not need to be applied to all VMs. For example, the
shutdown sequence of VMs to keep within budget can be directed to machines:
How did we get here? A littl e more than a year ago, and as a result of the COVID-19 pandemic, millions of people in the workforce were asked to start working from their home offices. Some went home with an assigned corporate laptop, but a lot went with whatever system could be found – lab machines, hastily repaired systems, and tech closet castoffs. Now, a lot of those users are continuing to work from home, even as companies start to reopen. This is part of a trend towards the hybrid workplace which was already under way pre-COVID but was accelerated by the pandemic. Windows Autopilot addresses this trend to make the process easier.
