Compare/Check Point Harmony / Avanan

Cambrient vs.
Check Point Harmony (Avanan).

Harmony/Avanan is API-based like Cambrient — a genuine step forward from SEG architecture. But it has a critical architectural flaw that creates a protection blind spot, and its detection is still signature-based, not agentic.

Emails between Harmony customers bypass BOTH Harmony AND Microsoft Defender
The Architectural Flaw

The safelisting problem that creates a blind spot.

To prevent mail loops, Harmony must safelist its own server IP addresses in Microsoft's mail flow. This means emails sent from one Harmony customer to another bypass both Microsoft's Exchange Online Protection AND Harmony's own filtering. An attacker who also subscribes to Harmony can send phishing emails to any other Harmony customer completely unfiltered.

The Harmony Safelisting Blind Spot
Attacker (Harmony customer)
Microsoft EOP
Harmony (BYPASSED)
Microsoft Defender (BYPASSED)
Victim INBOX
1
Email sent from Check Point customer A to Check Point customer B
2
Microsoft receives email. Tries to route to Harmony for filtering.
3
Harmony recognizes its own server as sender. To avoid mail loop — safelists it.
4
Email bypasses Harmony filtering entirely.
5
Email bypasses Microsoft Defender filtering entirely (safelisted).
6
Malicious email delivered directly to inbox — zero filtering.
Why Cambrient doesn't have this problem

Cambrient connects via read/analyze API permissions — not as a mail transport. We never insert ourselves into the mail flow, never require safelisting of any IP addresses, and never create conditions for a mail loop. Every email is analyzed regardless of sender, including emails from other Cambrient customers. There is no blind spot.

Beyond the Flaw

Even without the blind spot, Harmony falls short.

Still signature-based detection
Harmony connects via API but its classification engine is still signature and reputation-based. It doesn't crawl link destinations in real time, doesn't render pages, and doesn't reason about behavioral intent.
No plain-English user explanation
Like most enterprise security tools, Harmony quarantines silently. End users don't understand what was blocked or why, leading to IT tickets and the dangerous habit of marking quarantine emails as safe.
Not built for MSPs at scale
Harmony is an enterprise product with enterprise pricing and complexity. Its multi-tenant capabilities are limited compared to Cambrient's purpose-built MSP dashboard with global rules, cross-tenant remediation, and per-seat pricing.
No self-service false positive release
False positives in Harmony require analyst or IT admin action to release. Cambrient lets end users release false positives themselves from the banner in their inbox — no ticket, no wait.
Feature Comparison

Everything, side by side.

Harmony / Avanan
Cambrient
Architectural model
API-based — but requires Microsoft safelisting
API-based — no safelisting required, no blind spots
Customer-to-customer emails
Bypass ALL filtering (Harmony + Defender)
Fully analyzed — no exceptions, no blind spots
Detection method
Signature + threat intelligence, API-delivered
Agentic AI behavioral investigation
Redirect chain analysis
Limited — not full real-time chain crawl
Full hop-by-hop crawl on every email
User explanation
None — silent quarantine
Plain-English banner in inbox
False positive release
IT admin action required
Self-service by end user
MSP multi-tenant
Limited MSP tooling — enterprise focused
Built for MSPs — unified dashboard, per-seat pricing
PSA integration
Limited — no native MSP PSA connectors
HaloPSA, ConnectWise, Odoo + custom 48h builds
Deployment
API-based — days of setup
5 minutes — OAuth connection

No blind spots. No safelisting. No exceptions.

Book a demo and we'll show you exactly how Cambrient's architecture eliminates the safelisting problem entirely.

Product

For MSPs and MSSPs

For Organizations

How It Works

Resources

Blog

Attack Library

Case Study

Company

About

Contact

Careers