Managers in charge of ensuring security at enterprises face constantly changing, ever evolving email-based attacks. Conventional safeguarding mechanisms and rigid data sources soon come up against their limits. Companies need solutions which continuously adapt to meet new threats without requiring enterprises to continually restructure their own infrastructures or change providers. This is where Retarus comes in.
Multi-engine approach trumps single-powered solutions
At Retarus, we have decided to pursue a different path to many conventional, proprietary security providers. Rather than relying on a single vendor when it comes to filtering and sourcing data, Retarus Email Security makes use of multiple independent scan engines, components, mechanisms and data sources. Continuously monitoring and evaluating these tools in terms of quality, speed and efficiency allows them to be combined and optimized to achieve the most effective outcomes. As a consequence, new threats can be detected immediately, the respective sources can be assessed dynamically, and a final rating can be derived using proprietary rules. And most importantly, all of this happens under the hood without the customer having to get actively involved in the optimization process.
Retarus’ analyses confirm: More engines, more security
Research conducted at Retarus shows that in conventional anti-virus protection, at times just one of the independently operating scan engines sounds the alarm for 18.8 percent of threats. In other words, a single engine is often alone in detecting threats all others simply overlook. This underscores just how important a multi-vendor approach is – even when it comes to conventional antivirus protection. What’s more, when an email is filtered out at an early stage, it no longer needs to be subjected to time and cost intensive AI phishing engines and sandbox checks later on. This allows Retarus not only to achieve extremely short processing times, but also ensures cost-efficient protection at all times.
Negligible false positive rates across all attack types
Of course, the quality has to meet expecations. One of the core quality indicators for any email security solution is the false positive rate, in other words the percentage of legitimate emails that are incorrectly blocked. For administrators, this remains one of the most consequential pain points – after all, each erroneously blocked email entails avoidable support tickets, user frustration and additional helpdesk workload.
Our data reveals false positive rates across all email attack types of between 0.0013 and 0.0056 percent depending on the customer profile. Employing a combination of various engines also plays a significant role in achieving these negligible values. Erroneous classification by a single data source is balanced out by other sources. With more than 30 years of experience in the email business, this is where Retarus truly stands out.
Phishing detection with a dual net to prevent false negatives
Estimating false negatives, on the other hand, is considerably more complex. Research on the reporting behavior of users has shown that the reporting of emails is often inconsistent and generally provides low quality data. Users tend to report emails they perceive to be suspect or bothersome, irrespective of how dangerous they really are.
That’s why Retarus additionally compares its results with external benchmarks to ensure a realistic assessment of our filter quality. The analysis of suspected phishing cases proves just how sound our approach is. Fewer than 0.3 percent of all phishing emails reported by users could be traced back to a filter error. This is achieved by means of a dual net approach – two anti-phishing engines operate independently of each other, employing various AI techniques, to each reach their own verdict. However, the final decision is still based on the valuable experience of Retarus’ developers.
Ongoing adaptation and fine-tuning at no extra cost to our customers
To maintain this high level of protection and quality for our customers, our teams are constantly monitoring all scan engines and data sources. Success rates are evaluated, customer feedback is systematically analyzed, and the combination of algorithms and data sources is adjusted dynamically to optimize outcomes. If necessary, less effective sources are replaced and those performing well are given more prominent weighting. This all transpires without any disruption to our operations and is fully transparent for our users at all times.
