When we redefined email security in 2015 with an API-based approach, it was just us. Today, while there are probably a dozen API-based email security vendors in the market, Avanan still continues to dominate with over 5000+ customers worldwide and top rankings from Gartner Peer Insights (#1 ranked), G2 (#1 ranked), and Aite Group (best in class) among others.
Many of the other API vendors have a similar sounding story at the surface, sometimes making it hard to distinguish one from another… Easy to deploy, AI-enabled, APIs, etc. Some of them use hype as a means to impress. But at the end of the day, it comes down to capabilities.
While some of these stories seem to blend together, it's probably worth a few minutes to look a layer deeper to better understand how Avanan compares. Specifically, how does our leadership in this area translate to more experience, a better product with more capabilities and global reach?
Experience
Today, the number of customers we serve is more than all the other API-based vendors combined with 60% of our business coming from large enterprises (>5000 seats). It is quite an easy argument to make that a company that has been doing this for six years and 5000+ customers certainly has more experience than a two-year-old company with 70 customers. So why does more experience matter? It matters because experience is critical in providing security for a mission-critical application for the enterprise. As Albert Einstein once said, “The only source of knowledge is experience”. Or John Keats who said, “Nothing ever becomes real till experienced”.
Our experience has given us the best product in this space with capabilities far beyond the other much less experienced API-based vendors. For example, we give our customers the option to block malicious emails before they reach the user’s inbox. The other API-based vendors only offer what we call “Detect and Remediate”. This means they remove the email from the inbox after it has been deemed phishing, or after the end-user has had a chance to see, open and interact with the email. This is how Avanan started in 2015 and felt like this wasn’t good enough.
The problem with “Detect and Remediate” as the only option is the email sits in the inbox for an average of 183 seconds and creates a race condition. Will the end-user open up the email and engage with the malicious message before the solution has removed it? Our answer to this question is yes. On average, it’s 82 seconds before someone clicks on a malicious link in an email meaning the user beats the API-based solution. Avanan gives you the option to secure email inline so this race condition doesn’t exist. In fact, this is the deployment option 90% of our customers choose.
While securing email isn’t easy to begin with, securing email inline is infinitely more difficult. And getting it right requires tremendous experience. This is why not a SINGLE API-based vendor can offer this as an option. Some talk about one day being able to do this. But thinking about it and actually doing it for some of the largest enterprises are two totally different things.
Getting to this point took a lot of work, and unfortunately, some errors. Some of our customers during our “early inline days” felt these growing pains and it required work to perfect. This road is long and winding but we are thankful to be on the other side. And it’s not a road the other API-based vendors have even begun to venture down and you should think if you want to venture down that road with them. Today with these other vendors, you are left with a single option, “Detect and Remediate”. This is not good enough which is why we moved to add an inline option in 2016.
Capabilities
Experience has not only allowed us to offer inline as an option, it gives us a much greater set of capabilities that other API-based vendors don’t offer. Having been doing this longer than the others with way more customers give us plenty of good customer feedback to only improve the product. This is why we offer DLP, ransomware/malware scanning, open API, internal inline scanning, support for Teams/Slack, search and destroy, Incident Response as a Service (IRaaS)— the list goes on and on. With each customer, we learn and improve just a little more. Here are just a few key capabilities we possess compared to the other API-based vendors.
|
Description |
Avanan |
Other API Vendor |
Inline protection as an option. Both external to internal and internal to internal message |
Does the solution offer the ability to block Inline before the inbox? API-Based Security: We Prevent. They Respond. |
Yes |
No - They are limited to Detect and Remediate. While they may say “milliseconds” it’s more like many seconds. To be exact, it's 182 seconds. |
Search and Destroy |
The ability to search through clean and malicious messages quickly based on multiple criteria and remove them from inboxes after the fact. |
Yes |
No - Hard to believe but it’s true that most/all of the API-based solutions don’t offer this. |
Performance is independent of Microsoft or Google throttle limits |
The Scalability Problems of Email Security Via API |
Yes |
No - Microsoft and Google have throttle limits that can impact these providers |
Ransomware and malware scanning? |
93% of phishing emails are now ransomware |
Yes |
No - No independent sandboxing scanning solution for all attachments or files |
Open API |
Does the solution have an open API to integrate with 3rd party SIEM/SOAR solutions? |
Yes |
No - They are dependent on their dashboard for reviewing events. Avanan understand the enterprise leverages existing tools and requires email security to be integrated with those tools |
Data Loss Protection Scanning |
Can solution provide DLP scanning on emails, attachments, drive files, and other collaboration apps? |
Yes |
No |
Email Incident Response Security Service |
Incident Response-as-a-Service: Let Our Team Respond to Email Tickets |
Yes |
No. All reported phishing events from end-users will need to be reviewed by your SOC. Unfortunately in a “detect in remediate” deployment, you’ll first need to determine if the email was removed by the API vendor before they reported it. |