>
Microsoft Defender, the built-in security service for Windows that also scans incoming email messages for malicious content, misses nearly a fifth (18.8%) of all phishing emails, a new report from Avanan says.
The company claims to have analyzed nearly three million emails scanned by Microsoft and Check Point security products in a week. For the purpose of the report, the analysts took samples from organizations with between 500 and 20,000 users. The companies analyzed were from a variety of industries, but all based in the United States.
But not only has Defender missed 18.8% of phishing messages, the analysts say the number of misses has increased by 74% in the past two years. In Avanan’s earlier analysis in 2020, only 10.8% of phishing emails reached victims’ inboxes.
Is Microsoft Defender Bad?
What’s important to note here, and what Avanan emphasizes in the introduction to the report itself, is that these numbers don’t necessarily mean that Defender is bad at defending against phishing. If anything, it’s as good or better than the competition:
“Overall, Microsoft 365 is a very secure service. That is the result of a huge and continuous investment from Microsoft. In fact, it is one of the most secure SaaS services on the market. This report does not indicate otherwise,” the report states.
So why does Defender let through such a large percentage of phishing emails, some of which contain malware? The researchers believe this is because Defender is the solution for most organizations, and as such, most threat actors test their strategies against this solution before launching attacks.
“It is important to note that this does not mean that Microsoft’s security has deteriorated. It means the hackers got better and faster and learned more methods to cover up and circumvent the default security,” the researchers added.
Targeted financial attacks are specifically made to evade Defender, they say, adding that they usually involve a lot of email scams (fake invoices, fake Bitcoin transactions, bogus business proposals, etc.). Still, Defender missed 42% of these attacks last year.
TechRadar Pro Microsoft has asked for a response to the findings of the Avanan report.