Avanan: Securing cloud-based email and collaboration platforms.



As the world is quickly moving towards digitization, the risk of being exposed to cyber threats is also increasing dramatically. From email, file-sharing, chat and collaboration suites, there is a certain amount of risk involved in every component along the communication channels. However, just as hackers are constantly looking for new ways to fulfill their criminal aspirations through newfound technologies, IT Security Companies are constantly tracking those hackers and working on building security layers to protect their customers from these cyber-attacks.  

One such Company is Avanan, a team of talented and markedly devoted professionals who dedicate their energy to identify new threats and reverse engineer hackers’ activity. They’ve designed A.I-based solutions that catch the most sophisticated attacks that most will miss and continuously strives to provide unprecedented service while keeping in mind their customer’s feedback. Their prime goal is to secure their client’s email and collaboration suites so that they can depend on their communication channels without any fear of being compromised. Their services include protection from malware, impersonation, account compromise, and other phishing attacks. Besides, they make sure no sensitive data ever find its way outside the company due to insider threat or even by mistake.   

Beginning in 2015, Avanan spent almost five years perfecting their product and expending its capabilities to go deeper and wider with the platforms they protect. But it was in year 2019, where they started to experience an exhilarating growth and market adoption that has increased their customer base 10 times, getting to several thousand paying customers in just less than two years. Avanan is headquartered in New York with its primary research and development located in Tel-Aviv. 

To learn more about the level and impact of cyber risks that exist today for any business and how Avanan’s technology protects from that risk, we sat down with Gil Friedrich, the CEO of Avanan, and here’s what he says their key strategies are to deal with the increasing risk. 

“One thing is sure - every business faces constant attacks and every business that will not deploy some level of security will get hacked and pretty quickly.”

Underlying risks of technical and digital advancement 

Gil Friedrich: “Cyber threats have been an integral part of the life of every business. At the core of it, the total digitization of all business activities has increased the attack surface dramatically. All those services are cloud-based, each with its own configuration, numerous employees from different departments use them— in this jungle, some hackers are at least as sophisticated and as smart as the developers of both the platforms and their security. However, not all businesses face the same level of risk, both the risk and the sophistication of attacks depends on many factors like the company size, type of data they handle, the company’s brand profile, etc. but one thing is sure- every business faces constant attacks and every business that will not deploy some level of security will get hacked and pretty quickly.” 

Covid-19 aftermath 

Gil Friedrich: “The devices people use, from PC, phones, etc., to the lines of communications, like network, email, and servers—although they moved to the cloud, the question of access to the service and hacking the service itself has remained. What we’re seeing is that once the delivery of the service has changed, hackers often come next and security is the last to catch up. This is why, quite often, the majority of the attacks follow a shift or a technology change. For example, when organizations moved their email to O365, the amount of hacking skyrocketed. As the usage of Teams proliferated since the beginning of the COVID crisis and the work from the home era, we’re starting to see hacking activity in that platform as well.” 

Forming a plan of action  

Gil Friedrich: “Planning and forming strategies are obviously beyond the scope of a simple Q&A, but at the business CEO level, I would ask myself what is the risk of a cyber-attack to my business, does my organization have the expertise to first analyse the attack surface and then implement a strategy to protect the organization, what needs to be implemented in-house and what should be outsourced, and finally what the budget should be. Although there’s not a one-size-fits-all, there are a lot of best practices, accumulated knowledge, and in some industries regulatory requirements, to provide the framework for both process and solutions, that a company would need to implement. Another part of the problem we have today is that there is almost no way for enterprises or consumers to verify the security of the device they use or the service they consume. I believe, maybe hope, that the technology will evolve in a direction that will include a trust scheme that will be able to insure limited access to data to the service provider.” 

Gil Friedrich, CEO, Avanan.
Gil Friedrich, CEO, Avanan.

“What is unique to Avanan is that we have found a way to implement inline security via API, without any secret or unsupported APIs, but through a unique technology that leverages existing cloud-to-cloud connectivity to scan the content before it is delivered to the inbox.”

A unique solution for wall-to-wall security  

Gil Friedrich: “In some ways, the current bad state of cybersecurity at the moment is that so many new technologies have been adopted in a very short period of time. Outside of Avanan, the customer has to choose between two types of solutions—the legacy gateways that protect the email service from the outside, and with their limited visibility miss a lot of the targeted attacks, or API-based solutions like Avanan but without the ability to block attacks before they reach the end-user, therefore serving more as a supplement and not a full security solution.”  

“What is unique to Avanan is that we have found a way to implement inline security via API, without any secret or unsupported APIs, but through a unique technology that leverages existing cloud-to-cloud connectivity to scan the content before it is delivered to the inbox. Eventually, we have been granted a patent for this technology, and it is what allows us to replace the legacy gateways with a modern architecture that fully protects cloud-based email and collaboration suites via API. Avanan is the only API-based solution with all the advantages of visibility and functionality that come from protecting the SaaS from the inside, and that can also secure inline before the email ever reaches the end-user. That combination means better security with true protection.”   

Fighting advanced threats like zero-day exploits and the latest risks   

Gil Friedrich: “As we look in our field, zero-day are normally obfuscation attacks that leverage an unknown vulnerability in Microsoft 365 to bypass the default security. For us, they often represent a new threat but also an opportunity to catch hackers. When we see attacks that bypass Microsoft 365, we reverse engineer the attack to understand what in the attack allowed it to bypass the default security. Then, we obviously make sure our code is not vulnerable to the same attack methods, and in some cases, we found that it was and had to quickly fix it, but we also add the attack as in IoA (Indication of Attack), basically using the hacker’s attack method as an incriminating indicator of the attack.” 

Towards innovation, creation, and customer satisfaction  

Gil Friedrich: “One thing we discovered is the notion of feedback to the end-user. For example, in our case, when end-users report suspicious emails, one of our Security Analysts will review and determine if the end-user was correct, and will always reply with a thank-you and a verdict. With this simple feature, we have seen a dramatic increase in the number of end-users reports and a significant increase in their accuracy.”  

“Every project we do tries to follow our NURD rule. NURD = New, Unique, Relevant, and Doable. For example, when we do a webinar for our customers those rules mean that it needs to be a subject interesting enough for me to join. The one letter that doesn’t make it into NURD, is the F-word: Fun, or funny. For example, every one of our newsletters starts with a comic, and at this point, we have collected quite a library. Humor is a great way to convey even a boring subject as IT security. Additionally, our service thrives to go above and beyond, everything we know we learned from customers, and although we’re at thousands of customers at this point, we constantly look for ways to connect and interact with them. It’s part of investing not just in our future customers but even more so in our existing ones. A quick recent example is a Thanksgiving video we did for our existing customers.”   

“Obviously, part of the motivation is our competitiveness and our desire to be successful, but so often we come across a customer that finally was able to solve a problem they thought was not solvable, specifically the phishing problem. Many of them tried multiple vendors and too many of them eventually gave up on actually putting the endless hassle and the security risk involved in email-borne attacks. There’s nothing more energizing than a happy customer. And there’s no bigger blow than to disappoint a customer, no matter how big or how small they might be.”  

Organizational ethics  

Gil Friedrich: “The nice thing about company culture is that it sometimes evolves from the “sum of all employees” and not necessarily centrally or deliberately driven by the CEO but by the talented people you are fortunate to have joined your company. One thing that is extremely true about the Avanan culture is the idea of joint goal and extreme teamwork. A nice story I learned about after the fact, was when one of our VPs joined, he had to prepare slides for the board. The director that was overseeing his area of responsibility before he joined, offered to prepare the slides for him because he knew the subject better, did those for him and took no credit. Several months later, the new VP shared with me the story and said he learned this was very representative of the Avanan culture – we are fortunate to have a team that is extremely devoted and works together for the same joint goal.”  

“Another part of the culture is the extreme attention to detail. We are trying to do things right on the first time, whether it’s R&D, QA, Marketing, or Sales, we have our glitches obviously and nothing is perfect, but everyone, at all levels, pays extreme attention to the smallest details of their work and is inspired to reach the optimal result.”    

Future aspirations  

Gil Friedrich: “After almost 20 years, we have reinvented how email security is delivered and consumed by customers. When we first introduced our solution two to three years ago, we had to explain to customers how our architecture worked and why it was better, and I guess we did a lousy job because, in the end, many of them still expected some sort of a gateway, which was how the legacy solutions operated, versus the correct method to secure a SaaS service, through a cloud-to-cloud API. Fast forward, with thousands of customers, the Avanan approach is gradually becoming the de-facto new mainstream for email security, and we are reinventing this market. So, our aspiration? We want to complete the disruption of this huge security market and become the leading vendor in this market. Our mission will always be to continue spreading the word on what the future of email security should be and help our customers secure not just their email but all their lines of communications.”

Cybersecurity Leaders, 2020.