Trustifi Internal Study Shows Microsoft Security Misses 38% to 93% of Threats Across Different Categories

Published June 7, 2023

When used as an overlaying email security solution on top of Microsoft's offering, Trustifi's software has identified & stopped a high percentage of additional threats

LAS VEGAS, NV / ACCESSWIRE / June 7, 2023 / Premier software-as-a-service (SaaS) email security provider Trustifi announced today the results of an ongoing study of the performance of its comprehensive suite of email cyber security solutions when used in conjunction with Microsoft's security package. In these instances, Trustifi's analytics show that its software catches a great percentage of compromised email data that the Microsoft offering has let pass. For example, Trustifi's figures showed that as much of 93% of all BEC (business email compromise) attacks were able to get past Microsoft's security filters, to then be caught by Trustifi's AI-based scanning. These perilous BEC emails are purely contextual and don't involve any questionable links or attachments; they are typically generated by a hack of a high-level business account that is commandeered to request quick wire transfers or other compromising tasks from internal colleagues. Only AI-powered scanning can detect these socially-engineered email attacks, making them particularly effective.

Industry sources agree that a multi-vendor approach to security is necessary to attain superior protection in this challenging landscape. According to a 2021 security report from Gartner, "In the absence of an additional layer of protection, legacy email systems or secure email gateways often cannot prevent sophisticated social engineering attacks and malicious emails." However, too many businesses are still unaware that popular security packages offered through mammoth industry providers like Microsoft (e.g., the Microsoft E3 and E5 offerings) and Google are not sufficient in catching a full range of threats on their own. As risk factors in the market continue to accumulate, such as language engines like ChatGPT that give hackers powerful tools to create new and more imperceptible malware, these tier-one security products are proving to be less and less effective in preventing next generation attacks on their own.

"We can validate the great volume of email-based attacks that Microsoft's software has been missing, yet are then caught by Trustifi's solution. This is based on the amount of threats our solution filters after the Microsoft security products have already screened data heading for the exchange server. Examples are numerous as to be frightening," said Maor Dahan, chief technology officer at Trustifi. "Here's how the architecture works: When Trustifi is deployed as an additional layer on top of Microsoft security, Microsoft's module scans emails before they are deployed to Trustifi. By definition, the emails Trustifi receives have not been stopped by Microsoft's security filters. Yet Trustifi's software will go on to identify a significant amount of compromised email messages among those that Microsoft's filters already let pass."

In Trustifi's study, the resulting statistics are sobering:

Spam - Microsoft's security let 76% of spam emails pass through their scans that were later identified as compromising by Trustifi's cyber security tools.

Malicious Files - Microsoft's filters missed 38% of malicious files that were then detected by Trustifi's solution.

BEC/VEC Emails - These emails typically consist solely of text or voice messages without any links or attached files. They often are the result of a cybercriminal hacking into a valid high-level personnel account and requesting that colleagues do things like transfer money via wire or reveal sensitive credentials. Due to a lack of sufficient AI-based tools to address these context-based emails, Microsoft's security missed 93% of these attempts.

Malicious Links (primarily phishing attacks): Microsoft missed 65% of this content, which was passed along to Trustifi's filters.

Gray Mail: Microsoft does not offer "gray mail" classification, pertaining to solicited bulk email that is not treated as spam since its source is legitimate. Yet this data could still contain malicious elements.

Trustifi provides a holistic portfolio of inbound and outbound email cyber security solutions that employ sophisticated artificial intelligence tools. The solutions proactively scan full email environments, learning through intelligent algorithms the variable behavior patterns and keywords that identify threats and compromises. Administrators get real-time feedback on user behavior to detect anomalies and automatically disable compromised accounts and neutralize threats. The solutions can effectively address large-scale phishing, ransomware attempts, brand imposter attacks and more, offering data protection, antivirus, and antimalware. The company recently implemented a groundbreaking tokenization feature that enables encrypted emails to be read faster and easier, encoding only the sensitive portions of the email. This allows users to send, search, and retrieve protected messages as easily as they would any other email-making it far simpler for users to take advantage of the benefits of encryption. To learn more about Trustifi's solutions or sign up for a demo, click here.

Trustifi was recognized in the 2023 Gartner Market Guide for Email Security* for its Outbound Shield, Inbound Shield, and Account Compromise Detection solution. Trustifi's solutions have been acknowledged by awards and media features from prestigious sources such as Expert Insights, CRN magazine, Source Forge, the American Business Association, the Golden Bridge Awards, and Channel Visions magazine.

*Gartner, "Market Guide for Email Security", Ravisha Chugh, Peter Firstbrook, Franz Hinner, 13 February 2023. GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About Trustifi

Trustifi is a cybersecurity firm featuring solutions delivered on a software-as-a-service platform. Trustifi leads the market with the easiest-to-use and deploy email security products providing both inbound and outbound email security from a single vendor. The most valuable asset to any organization, other than its employees, is the data contained in its email, and Trustifi's key objective is keeping clients' data, reputations, and brands safe from all threats related to email. With Trustifi's Inbound Shield, Data Loss Prevention, and Email Encryption, clients are always one step ahead of attackers.

Follow Trustifi: Twitter, LinkedIn, and Facebook.

# # #


Suzanne Mattaboni
CommCentric Solutions
610 737-2140

SOURCE: Trustifi

View source version on


News network reaching more than 1,500 media outlets in 98 countries. The newest, fastest-growing and most disruptive newswire available today.