ServiziApri Ticket
Knowledge BaseTeamViewer
AziendaPartner
+39 0350666547info@agoratech.eu

Notizie per Categorie

Articoli Recenti

cybersecurity
10 Dicembre 2025
by

Clarity in complexity: New insights for transparent email security

As email threats grow more sophisticated and layered security architectures become more common, organizations need clear, data-driven insights to evaluate how their security solutions perform together. Benchmarking plays a critical role in helping security leaders understand not just individual product efficacy, but how integrated solutions contribute to overall protection.

Safeguard your email and collaboration tools with Microsoft Defender for Office 365

Microsoft’s commitment to transparency continues with the release of our second email security benchmarking report, informed by valuable customer and partner feedback. Continuing our prior benchmarking analysis, this testing relies on real-world email threats observed across the Microsoft ecosystem, rather than synthetic data or artificial testing environments. The study compares environments protected exclusively by Microsoft Defender with those using a Secure Email Gateway (SEG) positioned in front of Defender, as well as environments where Integrated Cloud Email Security (ICES) solutions add a secondary layer of detection after Defender. In addition, the benchmarking analysis for ICES vendors now includes malicious catch by Defender’s zero-hour-auto purge, which is a post-delivery capability that removes additional malicious emails after filtering is completed by any ICES solution in place, as shown in Figure 1. Throughout this process, we maintain the highest standards of security and privacy, to help ensure all data is aggregated and anonymized, consistent with practices used in the Microsoft Digital Defense Report 2025.

Diagram showing the integration of Secure Email Gateway (SEG) and Integrated Cloud Email Security (ICES) vendors with Microsoft Defender, highlighting layered email protection architecture.
Figure 1. Secure Email Gateway and Integrated Cloud Email Security vendor landscape.

Updated methodology for ICES vendors

In this second report, we updated our testing methodology based on discussions with partners and gaining a deeper understanding of their architectures, to provide a more accurate and transparent view of layered email protection. First, we addressed integration patterns such as journaling and connector-based reinjection, which previously could cause the same cyberthreat to appear as detected by both Microsoft Defender and an ICES vendor even when Defender ultimately blocked it. These scenarios risked inflating or misattributing performance metrics, so our revised approach corrects this. Second, we now include Microsoft Defender zero-hour auto purge post-delivery detections alongside ICES vendor actions. This addition highlights cyberthreats that ICES vendors missed but were later remediated by Microsoft Defender, to help ensure customers see the full picture of real-world protection. Together, these changes make the benchmarking results more representative of how layered defenses operate in practice.

ICES vendors, benchmarking

Microsoft’s quarterly analysis shows that layering ICES solutions with Microsoft Defender continues to provide a benefit in reducing marketing and bulk email, with an average improvement of 9.4% across specific vendors. This helps minimize inbox clutter and improves user productivity in environments where promotional noise is a concern. For filtering of spam and malicious messages, the incremental gains remain modest, averaging 1.65% and 0.5% respectively.

Read more on the full vendor-level details on the benchmarking site
Bar graph presenting benchmark data for Integrated Cloud Email Security (ICES) vendors. The image displays comparative performance metrics, such as the percentage of marketing, bulk, spam, and malicious emails filtered by ICES solutions when layered with Microsoft Defender, emphasizing incremental improvements and vendor-level details
Figure 2. Integrated Cloud Email Security vendor benchmark data.

When looking only at the subset of malicious messages that reached the inbox, Microsoft Defender’s zero-hour auto purge on average removed 45% of malicious mail post-delivery, while ICES vendors on average contributed 55% in post-delivery filtering of malicious mail. Per vendor details can be found in Figure 3. This highlights why post-delivery remediation is essential, even in a layered approach, for real-world protection.

Graph or chart showing the effectiveness of Microsoft Defender’s zero-hour auto purge in removing malicious emails post-delivery. The image compares the percentage of threats remediated by Defender versus ICES vendors, highlighting the importance of post-delivery remediation in layered email security.
Figure 3. Post-delivery malicious catch by Microsoft Defender.

SEG vendors, benchmarking

For the SEG vendors benchmarking metrics a cyberthreat was considered “missed” if it was not detected pre-delivery, or if it was not removed shortly after delivery (post-delivery).

Defender missed fewer threats in this study compared to other solutions, consistent with trends observed in our prior report.

Benchmark chart comparing quarterly performance of Secure Email Gateway (SEG) vendors. The image illustrates the number of threats missed by each SEG vendor versus Microsoft Defender, based on data collected from June–August 2025, emphasizing Defender’s superior threat detection.
Figure 4. Secure Email Gateway (SEG) vendors quarterly benchmark data.

Empowering security through transparency and data

In the face of increasingly complex email threats, clarity and transparency remain essential for informed decision-making. Our goal is to provide customers with actionable insights based on real-world data, so security leaders can confidently evaluate how layered solutions perform together.

We’ve listened to feedback from customers and partners and refined our methodology to better reflect real-world deployment patterns. These updates help ensure that vendors are more accurately represented than before, and that benchmarking results are fair, comprehensive, and useful for planning.

Read the previous blog post: Transparency on Microsoft Defender for Office 365 email security effectiveness.

We will continue publishing quarterly benchmarking updates and evolving our approach in collaboration with our customers and partners, so benchmarking remains a trusted resource for optimizing email security strategies. Access the benchmarking site for more information.

Learn more about Microsoft Defender for Office 365

Learn more with Microsoft Security

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Clarity in complexity: New insights for transparent email security appeared first on Microsoft Security Blog.


Source: Microsoft Security

Share:

Agora Tech è una società di consulenza informatica. Ci occupiamo di Cybersecurity, Digital Transformation e Digital Marketing.
Partner Microsoft Certificato: Cloud Platform; Small and Midmarket Solutions; Azure Administrator.

Link Utili

Newsletter

AGORA TECH SRL UNIPERSONALE | Via Borfuro 7, 24122 Bergamo (BG)
AGORA TECH ® marchio registrato | p.iva IT-04202550168