BitDam Study Exposes Unacceptable Threat Detection Miss Rates by Leading Email Security Products

Study shows that email security industry miss rates when encountering threats for the first time are higher than 20%, with Time to Detect of 24-48 hours

BitDam, a leading provider of cybersecurity solutions that protect enterprise communications from unknown threats hidden in files and links, today announced the findings of a study that shows malicious files regularly bypass all of today’s leading email security products, leaving enterprises vulnerable to email-based attacks including ransomware, phishing and data breaches.

BitDam, a pioneer in securing enterprise email, conducted an empirical study to measure leading email security products’ ability to detect unknown threats at first encounter. Unknown threats are produced in the wild, sometimes hundreds in a day. The study employs the retrieval of fresh samples of malicious files from various feeds and sources, qualifying them as unknown threats, and sending them to mailboxes protected by leading email security products. The miss rate at first encounter was then measured, as well as the Time To Detect (TTD).

According to the study’s findings, for Office ATP, the miss rate over seven weeks in late 2019 was about 23% and the TTD average was about 48 hours. About 20% of missed unknown threats took four or more days to be detected. O365 ATP was ‘blind’ to selected unknown threats it did not detect at first encounter. For G-Suite, the miss rate was 35.5% over four weeks in late 2019. The TTD average was about 26 hours with about 10% of missed unknown threats taking three days or more to be detected.

These massive detection gaps provide proof of how enterprises are often unprotected against unknown threats, which leads to successful email-based attacks such as ransomware, phishing, and malware.

Link to BitDam Empirical Study on Malware Detection Rates:

Commenting on BitDam’s study, Simon Crosby, former Founder & CTO of Bromium, said “Mind the gap! is as relevant to CISOs as it is to riders on the London Underground. The time gap between malware delivery and subsequent detection by the industry’s most widely used endpoint protection suites solutions is shockingly long – in practice long enough to be useless. BitDam’s recent study pinpoints this unacceptable gap in detection time, showing that organizations are exposed to cyberthreats for many hours, or even days, before their email security identifies these as malware.”

Most threat detection technologies fail to provide protection against unknown threats. Due to their dependency on previous knowledge about threats, these technologies must be augmented by advanced solutions in order to provide better email security. BitDam’s threat-agnostic Advanced Threat Protection (ATP) solution, utilizes a model of ‘clean’ execution flows and reaches unprecedented detection rates for unknown threats at first encounter. It’s TTD is zero, providing full protection at all times. BitDam is able to correctly identify all the unknown threats missed by other email security products, successfully augmenting current email security products and reducing the risk customers face today from their incoming email.


“We feel that even though the email threat landscape is constantly evolving, it is BitDam’s responsibility to do all that it can to identify the weakest security points that exist today and offer a solution for the everyday unknowns,” said Liron Barak, Co-Founder and CEO of BitDam. “It was this thought process that was behind our study to find the most common shortcomings of email security products on the market today, so we could respond with meaningful industry knowledge and of course, provide a solution. The detection miss rate levels were higher and more alarming than we had anticipated. Our study is a call to action for solution providers to do more and for enterprises to enrich their arsenal with solutions like BitDam’s to detect the malware that slip through their current email security.”

About BitDam

BitDam is a pioneer in cyber defense, securing enterprise email (Office 365, G-Suite, MS Exchange), cloud drives (OneDrive, G-Drive, Dropbox, Box etc.) and other collaboration tools from ransomware, malware, and phishing. 
Unlike the alternatives that give a “grace period” to unknown cyberthreats, BitDam’s patented attack-agnostic technology stops malicious files and links at first encounter with unprecedented detection rates. Independent of feeds, reputation and intelligence services, BitDam’s cloud-based Advanced Threat Protection (ATP) detects never-seen-before attacks of any type, providing a remarkably higher detection rate and empowering organizations to collaborate safely. 
Recognized by Frost & Sullivan for its technology leadership, BitDam’s award-winning ATP solution is utilized by hundreds of thousands of end-users and deployed by leading organizations in Europe and the US, with a proven record of detecting threats that other security solutions fail to uncover.

News Image

Our study is a call to action for solution providers to do more and for enterprises to enrich their arsenal with solutions like BitDam’s to detect the malware that slip through their current email security,” said Liron Barak, Co-Founder and CEO of BitDam.