Avanan, a prevention-focused SaaS product, works at the cloud level to protect against malicious intruders before they even get to a device, providing this visibility in a single pane of glass by leveraging APIs. This product does not sit in front of Gmail or Office 365 and does not change the MX record. Instead, it is embedded in mail flow, using Google and Microsoft as a first layer of defense. If an email gets through the first layer, Avanan will scan it while still at the cloud level. It has been designed to protect the entire collaboration suite and provides the same file share, URL, data leakage, malware scanning and phishing scanning for Slack as for Office 365.
This is a multivendor open platform that supports all plug-ins into the platform as an organization’s requirements grow. This versatility includes a sandbox add-on for any vendor that offers sandboxing, creating a platform-based means of adding security layers.
Setup is straightforward and takes only a few minutes. The product scans an environment and pulls communication information, including historical idata, for a foundational knowledge of basic, normal user behavior to reduce false positives. This machine learning phase takes approximately 48 hours to be fully running but will start to catch events immediately.
The prevention mechanism of this product is largely driven through a group-based policy engine that looks at various rules applied to different groups of users. This policy engine is embedded in Microsoft API, so group information is easily accessible from Office 365 and Active Directory. Auto-VIP lists and policies can be configured based on group lists.
We were impressed with the patented technology Avanan has in its arsenal, including inline post-delivery detection and pre-inbox protection. This inline protection scans every piece of communication. With the help of an API, Avanan delivers advanced threat and inline email protection and post-delivery forensics.
AI understanding of behavior at the user-level to determine if a user has been compromised provides post-delivery and anomaly protection. A compromise prompts automated action according to pre-determined configurations. Mail Explore, Event View and customizable sub-dashboards offer several ways of viewing and filtering through events, email content, files and raw data. Mail Explore offers visibility across the entire environment, Event View shows triggered events and fully customizable sub-dashboards drill into reports, information breakdowns and the like.
Full-suite protection provides prevention, continuous monitoring at the inbox-level, post-delivery detection and removal in an easily digestible, prevention-focused package.
Pricing starts at $4 per user, per month. Includes 24/7 global email support.