Avanan Valuable Features
Chief Information Security Officer at a media company with 201-500 employees
The administration feature is amazing.
The detection component is really over the top. For example, in January of this year, we had five different partners who had compromised email accounts and they had no idea. We are not talking internally. We haven't had a compromised email, knock on wood, in over six years because our security architecture and the way it is set up really helps with that. All the compromises that I see are really from external collaborators or other companies. The intelligence of the detection is quick to pick up when there are anomalies associated with how somebody sends an email, where they are sending it from, the language in the email, and things like that. Then, it would flag us to say, "I know they just sent you an email five minutes ago, but this other email they sent you is from a totally different region. Not only that, it doesn't sound right."
It does a really great job of identifying different things inside the links that just blatantly get missed by Microsoft. In January, those five different companies that had their emails compromised were sending us stuff and Avanan would flag them. Then, our users were like, "No, I am exchanging things with this person. Why are you guys blocking this particular piece?" So, we dove into it and were like, "Oh, well this is really bad because this is actually a compromised account." We would pick up the phone and talk to them, "No, I didn't send that email." It actually was sent from that person's email box, but it was done from a different location. They were deleting and hiding their trail as they do with these correspondence to try to get information.
Avanan is just outstanding on how efficient and effective their learning modules are to pick up on these different pieces. We work with them quite a bit. There have been a couple of different things that they have missed, which were very old school attack vectors. We worked with them on these things and they are quick to pick up on how to remediate them.
The way the system works is emails come into Microsoft, Microsoft processes them, sees what it can drop at the door, and then it goes through Avanan. After it is done with Avanan, then it goes through a different path to Microsoft, which is like, "If I have you on my blocked list, if I have the word 'webinar' in my rules that says webinar it's automatically deleted or moved to the junk folder, and so forth."
There have been a couple different types of critical attacks that would take out an entire company. We're not talking about the phishing ones where you click on a link, then you type in your credentials and they steal your credentials. We are talking nasty stuff that is embedded. Most systems will look at attachments and links. On a link, they detonate it into a certain space and know that, "This has a dropper. We're not going to let it through." Or, people put different scripts inside emails because people send email in HTML format versus Rich Text Format, which then allows you to run Java scripts inside your phone and browser. Avanan reads all those different things, which is great. We have seen a couple of different attacks that were completely missed by Microsoft and a couple of other different associates outside of our company at other companies who got the same attacks, and they were just crippled by them. They will send an attachment, like a PDF or a Word document, then inside that Word document is the actual link that you click on that does the detonation. All the systems that we've seen out there didn't view the link inside the attachment, except for Avanan.
We had one that created a very small file that was attached to an email. This was just a standard HTM file, which you see a lot of folks do anyway when they want to load pictures or other different things related to the document or to the email to get certain features. Inside those HTM files or Java scripts, it would normally get picked up, executed, and say, "Oh, this is bad. We're not going to allow you to run a script that's going to encrypt your entire hard drive." We had a couple of those that have come in where the attacker converted the entire script into hexadecimal, then wrote a Java script to convert it to ANSI or Windows converted it automatically for you. The different email security tools out there see the hexadecimal as text, so it sees it as 1s, As, 7s, Bs, Cs. They just see it as that and don't do anything. It will say, "Oh, this is just a bunch of random letters and numbers. No big deal." However, Avanan was like, "Oh, wait a minute. This is hexadecimal. Let me convert it and see what it actually does. Holy cow. It's a Cryptolocker. Let's just kill it right there."
It has been very quick to pick on those types of different types of attacks that have come in. There have been a lot of interesting pieces that we have worked with them on to help identify. There have been a couple of different things that they have blocked and we didn't know why. As we reverse engineered it and said, "Oh, this is what was going on." It's like, "That is amazing that it was able to decipher that and pull that out."
In all these different examples with other tools that we tested, they all failed miserably on different pieces, not detecting them. That is one of the main reasons why we are very appreciative of the Avanan solution. It is also why we moved it over onto television and movies. We actually have a lot of our users and contractors who will forward things through the system just to validate to make sure that it is legit.