<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2923012&amp;fmt=gif">

Experience and Capabilities Makes Avanan the Top API-Based Email Security Solution

When we redefined email security in 2015 with an API-based approach, it was just us. Today, while there are probably a dozen API-based email security vendors in the market, Avanan still continues to dominate with over 5000+ customers worldwide and top rankings from Gartner Peer Insights (#1 ranked), G2 (#1 ranked), and Aite Group (best in class) among others.

Many of the other API vendors have a similar sounding story at the surface, sometimes making it hard to distinguish one from another… Easy to deploy, AI-enabled, APIs, etc. Some of them use hype as a means to impress. But at the end of the day, it comes down to capabilities.

While some of these stories seem to blend together, it's probably worth a few minutes to look a layer deeper to better understand how Avanan compares. Specifically, how does our leadership in this area translate to more experience, a better product with more capabilities and global reach?


Today, the number of customers we serve is more than all the other API-based vendors combined with 60% of our business coming from large enterprises (>5000 seats). It is quite an easy argument to make that a company that has been doing this for six years and 5000+ customers certainly has more experience than a two-year-old company with 70 customers. So why does more experience matter? It matters because experience is critical in providing security for a mission-critical application for the enterprise. As Albert Einstein once said, “The only source of knowledge is experience”. Or John Keats who said, “Nothing ever becomes real till experienced”.

Our experience has given us the best product in this space with capabilities far beyond the other much less experienced API-based vendors. For example, we give our customers the option to block malicious emails before they reach the user’s inbox. The other API-based vendors only offer what we call “Detect and Remediate”. This means they remove the email from the inbox after it has been deemed phishing, or after the end-user has had a chance to see, open and interact with the email. This is how Avanan started in 2015 and felt like this wasn’t good enough.

The problem with “Detect and Remediate” as the only option is the email sits in the inbox for an average of 183 seconds and creates a race condition. Will the end-user open up the email and engage with the malicious message before the solution has removed it? Our answer to this question is yes. On average, it’s 82 seconds before someone clicks on a malicious link in an email meaning the user beats the API-based solution. Avanan gives you the option to secure email inline so this race condition doesn’t exist. In fact, this is the deployment option 90% of our customers choose.

While securing email isn’t easy to begin with, securing email inline is infinitely more difficult. And getting it right requires tremendous experience. This is why not a SINGLE API-based vendor can offer this as an option. Some talk about one day being able to do this. But thinking about it and actually doing it for some of the largest enterprises are two totally different things.

Getting to this point took a lot of work, and unfortunately, some errors. Some of our customers during our “early inline days” felt these growing pains and it required work to perfect. This road is long and winding but we are thankful to be on the other side. And it’s not a road the other API-based vendors have even begun to venture down and you should think if you want to venture down that road with them. Today with these other vendors, you are left with a single option, “Detect and Remediate”. This is not good enough which is why we moved to add an inline option in 2016.


Experience has not only allowed us to offer inline as an option, it gives us a much greater set of capabilities that other API-based vendors don’t offer. Having been doing this longer than the others with way more customers give us plenty of good customer feedback to only improve the product. This is why we offer DLP, ransomware/malware scanning, open API, internal inline scanning, support for Teams/Slack, search and destroy, Incident Response as a Service (IRaaS)— the list goes on and on. With each customer, we learn and improve just a little more. Here are just a few key capabilities we possess compared to the other API-based vendors.

  Description Avanan Other API Vendor
Inline protection as an option. Both external to internal and internal to internal message

Does the solution offer the ability to block Inline before the inbox?

API-Based Security: We Prevent. They Respond.

Yes No - They are limited to Detect and Remediate. While they may say “milliseconds” it’s more like many seconds. To be exact, it's 182 seconds.
Search and Destroy The ability to search through clean and malicious messages quickly based on multiple criteria and remove them from inboxes after the fact. Yes No - Hard to believe but it’s true that most/all of the API-based solutions don’t offer this.
Performance is independent of Microsoft or Google throttle limits The Scalability Problems of Email Security Via API Yes No - Microsoft and Google have throttle limits that can impact these providers
Ransomware and malware scanning? 93% of phishing emails are now ransomware Yes No - No independent sandboxing scanning solution for all attachments or files
Open API Does the solution have an open API to integrate with 3rd party SIEM/SOAR solutions? Yes No - They are dependent on their dashboard for reviewing events. Avanan understand the enterprise leverages existing tools and requires email security to be integrated with those tools
Data Loss Protection Scanning Can solution provide DLP scanning on emails, attachments, drive files, and other collaboration apps? Yes No
Email Incident Response Security Service Incident Response-as-a-Service: Let Our Team Respond to Email Tickets Yes No. All reported phishing events from end-users will need to be reviewed by your SOC. Unfortunately in a “detect in remediate” deployment, you’ll first need to determine if the email was removed by the API vendor before they reported it.


Read More

Why Customers Switch From Secure Email Gateways to Avanan

Many of our customers come to Avanan from Secure Email Gateways. For example, in the last quarter, 30.9% of our new customers switched from Mimecast.

When they get to Avanan, our customers find the solution to be leaps and bounds better than SEGs, including Mimecast.

One of the most critical things is the difference in architecture.

Introducing a Secure Email Gateway will blind Microsoft and Google's default security to incoming threats.

To install an SEG, you must first disable Microsoft and Google's spam filters — which play a key role in anti-phishing. This is why upon deployment, you will often be advised by Proofpoint or Mimecast to disable your default spam filtering and rely solely on the gateway.

Read More

Azure Cost Savings for Microsoft Centric Environments

Historically Microsoft has had common cost advantages for customers looking to onboard to the cloud such as reservations and Hybrid benefits (a reduction in cost leveraging on-premises Software Assurance-enabled Windows Server and SQL Server licenses on Azure). But as time has progressed Microsoft has started introducing features which can be only found on Azure exclusively leading to Azure cost savings.

Read More

How to Guide: Manually Installing the Crowdstrike Falcon Sensor on a Mac

Installing the CrowdStrike Falcon Sensor has sometimes been a challenge on Macs, especially without using a mobile device management (MDM), and recent re-releases from Apple have only amplified that.

Read More

Desktop Analytics: Modernizing Windows 10 Updates

What is Desktop Analytics?

Read More

Azure Cost Management: Orchestration Actions within Azure Budgets

Microsoft introduced Azure Budgets as a means to help companies plan for and drive organizational accountability. While many companies view budget enforcement from a traditional perspective such as alerts, currently Azure did not give you more direct options such as shutting down virtual machines (VMs). Using Budgets makes Azure cost management easy.

While these features are not out of the box, Azure Budgets does offer integration with Azure Action Groups. Action Groups provide a means to trigger an orchestrated set of actions resulting from a budget event. Such actions can be turning off machines when a threshold takes place (in this case when the budget is exceeded by a certain amount), for example. The action groups in term can then execute a PowerShell script (within an automation account) to perform the cost savings action.

It should be noted: this course of action does not need to be applied to all VMs. For example, the
shutdown sequence of VMs to keep within budget can be directed to machines:

Read More

Windows Autopilot: Modern Device Management for the Hybrid Workplace

What happened?

How did we get here? A littl e more than a year ago, and as a result of the COVID-19 pandemic, millions of people in the workforce were asked to start working from their home offices. Some went home with an assigned corporate laptop, but a lot went with whatever system could be found – lab machines, hastily repaired systems, and tech closet castoffs. Now, a lot of those users are continuing to work from home, even as companies start to reopen. This is part of a trend towards the hybrid workplace which was already under way pre-COVID but was accelerated by the pandemic. Windows Autopilot addresses this trend to make the process easier.

Read More

Storage Considerations for Windows Virtual Desktop FSLogix Profile Containers

One of the pillars of Windows Virtual Desktop (WVD) is the technology behind profile container technology, referred to as FSLogix. Upon login, the FSLogix profile container is connected to the computing environment so the profile is readily available.

This then raises the question on the ideal locations to host the repository of profiles generated FSLogix usage. Aspects to consider:

  • Space usage: FSLogix Profile Containers and Office Containers are dynamic files that will grow to a maximum default size of 30 GB.
  • IOPS operation per user session: The table below illustrates the projected IO footprint per user session.
Read More

Steve Baker Talks Managed Network Security Solutions

Steve Baker, a Senior Security Solutions Architect here at Rutter, recently had the opportunity to speak with Executive Marketing and Business Advisory Services (EMBAS) about managed network security solutions. There are many issues surrounding network security that are top of mind for companies of all sizes including fraud, hacking, data breaches, etc. Steve talks about these threats and what can be done about them and to create managed network security solutions.

Read More