2020 Microsoft ATP Report
In the most thorough analysis of its kind, Avanan security analysts classified over 500,000 malicious emails, sent to real end-user mailboxes protected by Microsoft's Advanced Threat Protection (ATP). This research identified the types of attacks that were blocked by ATP or EOP, and the types of attacks that were missed by both.
When looking over all malicious emails, the analysis concluded that;
- EOP catches widespread, previously-known methods: about 41% of all attacks.
- ATP catches many zero-day attacks that bypass EOP: 48% of malicious emails.
- 11% of malicious emails reach the inbox, bypassing both EOP and ATP.
When measuring ATP as an independent layer of security, it misses 18% of the malicious emails that bypass EOP. In some environments, the miss rate can be much higher.