InQuest Releases Data Demonstrating the Security Gap in the Major Cloud Email Providers
Originally posted on Business Wire here
AUSTIN, Texas-InQuest, a leading provider of email security and emerging threat prevention services and solutions, announced today the general availability of the ongoing test data leveraged by InQuest Labs to assess and evaluate the security efficacy of the leading cloud-based email providers, Google Workspace (GSuite) and Microsoft Office 365 (O365).
InQuest has published a living document containing further details, explorable graphs, and access to the data leveraged in this ongoing experiment to their Labs portal. Read more about it here: https://inquest.net/trystero
So, who fared the best? “Look, if you’re deciding between a GMail.com vs Outlook.com for a personal email address, there’s no doubt you’re better off with Google here from a security perspective,” said Pedram Amini, CTO at InQuest. “Drawing any conclusion beyond that becomes a little more complicated”. Here’s what the data shows:
- Typically, at least 5% to 10% of real-world threats are capable of reaching a user’s inbox.
- There’s an ebb and flow to malware campaigns that on any given day can increase this range from 1% to 40%.
- For personal mail, GMail.com is more secure than Outlook.com
- For corporate email, Microsoft O365 with ATP (a pay for enhancement) generally outperforms Google from a security perspective, but not every day!
- Microsoft is typically better at blocking Office-borne malware whereas Google is typically better at PDF and Java-borne malware.
- There are more third-party security providers available for the Microsoft platform than there are for Google.
InQuest leans on gap analysis endeavors to determine where best to focus their research and development efforts. “Our platform was born out of necessity in the basement of the Pentagon as the result of a gap analysis performed over a decade ago. When we looked at expanding our offerings from the public sector to the private sector, we went back to our roots and performed another gap analysis on the most commonly leveraged attack vector (email) targeting the private sector” said InQuest CEO and Founder Michael Arcamone. “You can’t build or sustain a successful startup by overlapping engineering and research efforts with the big names, so we focused our team’s efforts on specific problem sets that continue to pose a significant challenge across all verticals of the private sector. What we have uncovered with the Trystero project is that there is a false sense of security projected by the major cloud-based email providers and assumed by their customers. We have empirical data to support those findings and have now put that data on display for all to see.”
Email continues to be the preferred medium for attackers who target businesses today. The Internet Crime Complaint Center (IC3) stated that email “phishing” was the top crime type reported in 2020, with more than double the number of complaints seen in 2019. CSO Online stated in March of 2020 that “94% of malware is delivered by email” and “phishing attacks account for more than 80% of reported security incidents”. Most Ransomware attacks can be traced back to an email. It doesn’t matter who you ask, email has been the most leveraged vector for the vast majority of successful attacks.
InQuest is a cybersecurity solutions and services company founded by a well-versed team hailing from both the public and private sectors. InQuest delivers two key technologies, Deep File Inspection (DFI™) for real-time threat prevention and “RetroHunting™”, a novel approach that leverages the power of hindsight to apply today’s threat intelligence to yesterday’s data. Commercially available as a SaaS email security integration for Google Workspace (GSuite) and Microsoft Office 365 (O365), as a high-throughput on-premises network appliance, or via API. InQuest excels at malware analysis on a global scale, applying fanatical research to protect your users from the myriad of attacks of today and the evolving threats of tomorrow.