Email Security. PHOTO: Cybercrime Magazine.

Email Security Reinvented With API Based Technologies

The future is still being written, but disruption is underway

Gil Friedrich

New York City, N.Y. – Feb. 5, 2021

Back in 2016, securing Microsoft 365 and Gmail with API was a novel approach. Only a few vendors were doing it. Most customers needed to be educated about how it worked and Secure Email Gateways were the standard.

Fast forward to 2021. Thousands of companies switched to securing their cloud email with API-based products, solutions are available from multiple vendors and even the legacy email security vendors are adding API-based options.

The API solution works well for a number of reasons. First, API allows for one-click installation of security. In the cloud era, customers expect a cloud-to-cloud API connection that is installed and activated instantaneously. Email is no different and API allows for that.

Secondly, API solutions protect Microsoft 365 and G-Suite from the inside, giving the app visibility that goes far beyond what a legacy email gateway has. It allows internal information like the end-users titles and social graph which help to accurately detect impersonation attacks and Business Email Compromise. BEC attacks have skyrocketed, increasing by nearly 100 percent in 2019 and, according to one analysis, will continue to double each year through 2023. This incredibly troubling attack form can only be detected with API-based solutions that have internal context and have the ability to take action and stop these attacks.


Cybercrime TV: Gil Friedrich, Founder & CEO at Avanan

Protecting Office 365 inboxes from phishing attacks


Additionally, API allows for the true adoption of a “zero-trust” security model. Email security should be built on the assumption that an internal account could be compromised. Zero Trust for email means you scan and block internal and outbound email. This is practically impossible with legacy email gateways that focus on incoming email. For API-based solutions this is almost a non-issue.

An API-based solution is also deployed as the last layer of security. This means that the default security built into the service by Microsoft or Google performs its scan and only the attacks it misses are caught by the API solution. This layered approach provides a significantly superior catch rate to legacy email gateways that scan as a single line of defense because they require disabling the built-in security. This single-line approach contradicts the fundamental security best practice of a layered approach. In many cases attacks that would have been blocked by Microsoft’s or Google’s security go through and reach the end-user’s inbox.

Finally, API-based solutions offer complete suite security. Because of the way it connects, an API solution can secure more than just email — including Teams, OneDrive, Sharepoint, Google-Drive, Slack and more. That’s important given the explosive growth of those additional lines of communication in the enterprise environment. Since business communication happens in more platforms than just email, having the ability to secure all lines of communications is essential. Otherwise, your company is not fully protected.

One thing that some API solutions lack is the ability to block malicious content before it reaches the end-user — in other words, blocking inline. For API to work best, it must have the ability to scan and block email inline. Otherwise, admins can never be sure that the users did not click on a malicious link before it’s retracted. A common misperception is that API solutions cannot do this and thus cannot implement their security inline. For Avanan, this is not the case, and more than 90 percent of Avanan’s customers use its API-based security with full inline protection — the email never reaches the inbox until it’s cleared.

The future of email security is still being written but a few things are already clear:

  • The disruption is already underway with widespread usage and adoption
  • Leading analysts and customers acknowledge that cloud email is best secured via API
  • Best catch rate is achieved with machine-learning algorithms that complete the default security by Microsoft or Google and not by disabling them as legacy gateways require
  • Securing the entire suite and all lines of communication is a necessity
  • API doesn’t mean post-delivery enforcement — API-based email security can and must have an inline enforcement option

Gartner’s 2020 Market Guide gushed about the efficacy of API solutions, but maybe the clearest sign that API-based solutions are the new mainstream was in the 2021 Gartner Peer Insights for Email Security, where Avanan, the leader in API-based solutions, received more reviews and a significantly higher score than all the legacy email gateways.

Start a Demo to Experience the Power and Simplicity of Avanan

Avanan Archives

Gil Friedrich is co-founder and CEO at Avanan.


About Avanan 

Avanan is a cloud email security platform that pioneered and patented a new approach to prevent sophisticated attacks. We use APIs to scan for phishing, malware, and data leakage in the line of communications traffic. This means we catch threats missed by Microsoft while adding a transparent layer of security for the entire suite and other collaboration tools like Slack.

Avanan catches the advanced attacks that evade default and advanced security tools. Its invisible, multi-layer security enables full-suite protection for cloud collaboration solutions such as Office 365™, G-Suite™, and Slack™.  The platform deploys in one click via API to prevent Business Email Compromise and block phishing, malware, data leakage, account takeover, and shadow IT across the enterprise. Avanan replaces the need for multiple tools to secure the entire cloud collaboration suite, with a patented solution that goes far beyond any other Cloud Email Security Supplement.



Send this to a friend