Email is still the most reliable way for an attacker to get inside your organization. Not because perimeter defences are weak — but because email is designed to be opened. The real question for any security team is not whether threats arrive in the inbox, but whether they get stopped before anyone can act on them.

Cisco Secure Email Threat Defense (ETD) is built around that premise: intercept threats at the point of delivery, decisively, without disrupting the flow of legitimate communication. That promise was recently independently validated. ETD earned the AAA award — the highest possible rating — in the May 2026 SE Labs Advanced Email Security Evaluation, achieving a 94% Total Accuracy Rating across all tested threat categories.

The Threat Landscape ETD Is Designed For

Modern email attacks do not arrive in one flavor. The organizations we protect face a constant mix of commodity phishing, evolving malware delivery, and the far harder problem of Business Email Compromise — attacks that carry no payload, no malicious link, just a convincing request from someone who looks exactly like a trusted contact.

The independent evaluation tested ETD against all four of these categories simultaneously, using real attack techniques modeled on active threat groups — from APT29’s ransomware-laden PDF campaigns targeting research institutions, to FIN7’s backdoor malware targeting retail and finance, to North Korea’s AppleJeus group running drive-by download attacks against the cryptocurrency sector. These are not theoretical scenarios. They are the actual techniques used against real organizations today.

Performance Across Every Threat Category

ETD detected 478 of 486 threats — a 98% detection rate. More importantly, every single threat ETD detected was also stopped or blocked before it could reach the user. Detection without action is not protection. ETD does both.

Phishing & Social Engineering — Zero Inbox Compromise

Phishing and social engineering together represent the highest volume of attacks most organizations face. Against 300 phishing attempts — including QR code-based quishing and evasion techniques using Google Translation links — ETD achieved 100% protection. Every email was quarantined under admin control or stopped outright. Not one reached an inbox.

The same outcome held across 100 social engineering samples: FBI impersonation scams, fake payment urgency requests, lottery fraud, fund beneficiary scams. Every one quarantined. None accessible to end users.

This is where ETD delivers the most immediate, measurable value for security teams. The highest-volume attack categories are completely neutralised — reducing alert fatigue, eliminating user risk exposure, and removing the need for subject-line warnings that employees learn to ignore.

Malware — 97% Stopped Against Nation-State Techniques

Malware delivery via email is a different challenge: evasive, polymorphic, and increasingly tied to sophisticated threat actors. Against 60 malware samples — spanning ransomware delivery from APT29 and APT-C-36, C2 backdoors from Gamaredon and Higaisa, and the FIN7 shellcode campaigns — ETD stopped 58. 22 were stopped silently, 8 were rejected with sender notification, and 28 were quarantined for admin review.

2 emails did reach the inbox. We are transparent about that. In both cases these were advanced, evasive samples. The 97% protection rate against nation-state-grade malware delivery techniques is a strong result — and the accuracy rating reflects the 2 misses with appropriate penalty points.

For organizations in energy, financial services, government, and retail — the primary targets of the threat groups tested here — a 97% block rate against techniques specifically designed to evade detection represents a significant reduction in breach risk.

Business Email Compromise — The Hardest Problem in Email Security

BEC deserves a frank conversation. It is the hardest attack category in email security — for any vendor, any product, any architecture. These attacks carry no malware. No phishing link. No attachment. A BEC email is, technically, a clean message. The threat is entirely in the intent: impersonating a CEO to authorise a wire transfer, or a supplier to redirect a payment.

Against 26 BEC samples — constructed using look-alike domains and simulated supplier relationships to mimic real-world attacks — ETD caught 20. That is a 77% detection rate: 3 stopped, 13 quarantined, 1 rejected, 2 neutralised through content editing, and 1 correctly routed to junk. 6 reached the inbox.

77% is an honest number, and it is meaningfully ahead of what unprotected Microsoft 365 or Google Workspace will catch on their own. But no email security product eliminates BEC entirely. We recommend pairing ETD’s detection capabilities with executive verification workflows for high-value financial requests — a layered approach that addresses the gap that technology alone cannot close.

Security That Doesn’t Get in the Way

A protection score only tells part of the story. A system aggressive enough to block everything would score perfectly on threats — and destroy productivity in the process. The balance between security and usability is where many products fall short.

Of 110 legitimate messages sent through ETD during the evaluation, 99 arrived directly in the inbox without any modification. 11 were routed to junk — accessible to users, not lost. Zero legitimate emails were blocked outright.

0 legitimate emails blocked. Every message remained accessible. The 11 routed to junk were reachable — a minor inconvenience, not a lost communication.

This balance — 98% threat detection alongside zero hard false positives — is what the 94% Total Accuracy Rating reflects. It is not a single metric optimised in isolation. It is the combined score of catching threats decisively and keeping the inbox functional.

What Independent Validation Means for Your Security Strategy

Every email security vendor publishes detection rates. What independent testing provides is something a datasheet cannot: validation under adversarial conditions, with real threat intelligence, by an organization with no stake in the outcome.

The evaluation used documented attack techniques from threat groups actively targeting governments, financial institutions, and critical infrastructure. ETD’s performance in that context — not in a lab, not with sanitised samples — is the most reliable indicator of how it will perform in your environment.

The AAA rating reflects well-rounded performance across the full threat spectrum: decisive on high-volume threats, strong against sophisticated malware, honest about the limits of technology against BEC, and careful not to over-block legitimate communication. That is the standard we hold ourselves to — and the standard that independent evaluation confirms we are meeting.

Read the full report for more insight into ETD’s comprehensive email security capabilities.

 

 

All performance data sourced from the SE Labs Advanced Security Test Report — Email (Protection), Cisco Secure Email Threat Defense, May 2026 (v1.0). Test conducted 1–7 April 2026. SE Labs Ltd, ISO/IEC 27001:2022 Certified.