

























Check Point Email Security is built to stop threats before they reach the mailbox. It works inline and pre-delivery: it hooks into Microsoft 365 mail flow through transport rules and the API, holds and analyzes each message in real time, and quarantines malicious mail before it is delivered. The malicious message never lands. By design, Check Point Email Security calls the Microsoft Graph API sparingly. Because the goal of email protection should happen before delivery, ideally leaving little left to act on post delivery. Check Point Email Security deploys without an MX record change, so the MX records stays pointed at the native gateway.
Understanding and respecting the architecture of Check Point Email Security is the key to reading Microsoft’s Defender for Office 365 performance-benchmarking page. The context of API benchmarking is very important when interpreting this graph:

Check Point’s limited API activity should be understood in the context of its architecture: the lack of activity here complements Check Point Email Security, proving our design that does not holistically rely on API calls for protection.
The contributors of this Microsoft article likely meant well, and they are doing their best to showcase the value of ICES platforms integrating into the Defender platform. However, the lack of attention to detail for the second year in a row is disappointing. Where the value of this graph concerning Check Point is lost, is they obviously did not check the Check Point Quarantine for the cumulative Pre and Post Delivery catches; it is apparent that they only derived data points based on Graph API activity which Check Point is specifically designed to minimize.
On the page’s ICES track, a “catch” is a Microsoft Graph API action. In Microsoft’s own words, “ICES vendors use the Microsoft Graph API to move emails to folders such as junk, promotional, or deleted items,” and “a message moved by an ICES vendor is counted as a catch.” A message can only be moved once it has already been delivered, so the metric counts post-delivery cleanup, and it does not factor in pre-delivery protection at all.
Check Point Email Security sits in an unusual place. It behaves like a secure email gateway, inline and stopping mail before delivery, while integrating through the API like an ICES platform. The page filed it on the ICES track and scored it on post-delivery moves alone. Pre-delivery prevention was not counted at all. Had it been, the seemingly low score would look very different, because the threats Check Point stops upstream never become a post-delivery “catch” to tally.
Independent analysis bears that out. In Gartner’s Critical Capabilities for Email Security (1 December 2025, data as of 3 October 2025), Check Point ranked #1 of 14 vendors for Core Email Protection, Gartner’s measure of inbound email security, with a score of 3.49. The tools Microsoft’s page highlights ranked below it: Darktrace 2nd (3.34), Abnormal 5th (3.19), Microsoft Defender tied 8th (3.15), and KnowBe4 11th (2.99) [5]. Check Point is also named a Leader in Gartner’s December 2025 Magic Quadrant for Email Security.
The category label, ICES or SEG, describes how a tool connects, not where it stops a threat. What an organization invests in a platform for is a security outcome: accurate filtering, ideally before the inbox. A post-delivery metric tells you who cleaned up after mail arrived. Check Point Email Security is built as a Pre-Delivery Email Security platform that also provides post-delivery accountability.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。