SlashNext sees a major void in the Microsoft 365 anti-phishing market, as neither Microsoft nor general purpose email-protection solution are current with the state of today’s phishing threats.
Pleasanton CA-based anti-phishing vendor SlashNext has launched a new integrated cloud email service, SlashNext Email Protection for Microsoft 365. SlashNext was originally formed to deal with the majority of phishing attacks outside of core email, like SMS, social media, and advertising. Now, they shift focus somewhat towards Microsoft.
“It was a combination of things that eventually led us down this path,” said Patrick Harr, SlashNext’s CEO. “Building and perfecting the detection engine is extremely hard, and we have spent five years finding these threats out there in the wild. We have now developed a well-formed AI and ML detection engine. We introduced a browser extender. We also developed a Mobile app for Android and IoS, and we added an SMS component. Then we got asked to proactively pull these things out for Microsoft 365.”
Harr said that while there are plenty of Microsoft 365 security solutions, they are less effective against phishing, particularly its most modern uses.
“There are part-time phishing solutions that do not do an effective job against phishing, including spearphishing BEC [Business email compromise] and supply chain,” Harr stated. “What makes this a more significant problem today is that more bad actors are using Legitimate Service Compromise. It used to be easy to detect bad domains with security tools that focused on domain scoring. However, these new attacks are hosted inside of sites like Microsoft, Google, DropBox, and Adobe – to create these trust relationships – 99% of tools will miss these attacks with domain reputation scoring. In our labs, we are seeing well these attacks becoming very sophisticated, and very inexpensive with the kits available.”
Nor does Microsoft itself handle phishing well, Harr stressed.
“The Microsoft 365 base security s great – against things like spam,” he said. It is not great against phishing and certainly not against legitimate service compromise. We use the latest machine learning classifiers to look for attacks and pre-emptively remove those out. 65% of these attacks are missed in that environment.”
The SlashNext integration with Microsoft 365 Security and delivers simple cloud email protection, which can be installed in as little as five minutes using the Microsoft Graph API. Its security is ensured through authentication with OAuth, and data is never stored on disk to ensure zero loss of PII. Real-time scanning, detection, and removal of zero-hour threats before they reach users provides 99.9% accuracy, 1 in 1 million false-positive rates, and 48-hour time to detection advantage. All forms of human compromise attacks, including credential stealing, BEC, spear-phishing, legitimate service compromise, social engineering scams, ransomware, and malware links are covered. The advanced search and unified security analytics also enable security professionals to pinpoint threats by user and type across email, web, and mobile channels.
“We now have a complete platform for email web and mobile to provide that 360 degree protection,” Harr said.
The new focus on Microsoft has led SlashNext to cultivate more relationships with Microsoft partners, with a further increase in emphasis going forward.
“We started developing Microsoft-based partners and we had the relationship with Microsoft in the partnership,” Harr said. “Strategem and Longview in Canada are two of them. We expect to do more with other Microsoft partners now that this is out. We are adding more service provider components, and we will add additional things in the Microsoft ecosystem. We already support Edge.”
For now, the specific vendor focus will be on Microsoft
“We do have an email detection and response system for Google, but the focus now is on Microsoft 365 to get that done,” Harr noted.
SlashNext Email Protection is immediately available for $USD 36 per user email box annually.