Ditch Your SEG: Protect More With Behavioral Email Security

A secure email gateway (SEG) simply cannot defend your cloud email platform. Stop advanced threats with Abnormal Security. Here's what our customers have to say about ditching their SEGs.
August 10, 2023

A secure email gateway (SEG) is designed to protect mailboxes from basic email attacks with traditional indicators of compromise. And it does that pretty well. Unfortunately, when cybercriminals use modern, sophisticated attacks to target your employees, a SEG simply cannot provide full protection for your organization.

That’s why organizations are migrating to modern cybersecurity solutions to prevent business email compromise (BEC), vendor fraud, phishing, and other advanced attacks that would otherwise slip past your SEG.

Here, three Abnormal customers: Dexko Global, Florida Crystals, and NFP, share their experiences moving away from SEGs in favor of our behavioral AI-based email security to protect their organizations.

"What Were Your Biggest Email Security Challenges When Relying on a Secure Email Gateway (SEG)?"

DexKo Global:

Thiago de Angelo, Enterprise Cybersecurity Architect at DexKo Global, describes their SEG solution as very reactive, which was problematic given the volume of targeted phishing attacks he saw. Attacks were slipping through the SEG and when employees clicked on a malicious link or attachment, the security team needed to conduct additional mitigation efforts.

“It was very alarming,” says de Angelo.

Florida Crystals:

Ben Field, Chief Information Security Officer at Florida Crystals, describes two SEGs used in their deployment. The first was a traditional SEG, while the second was specifically used to protect their Microsoft 365 environment.

Despite the SEG’s effectiveness in blocking some phishing and business email compromise attempts, newer and more complex attacks began to slip through. These included fake invoices, requests to change W2 information, and malicious ACH transfer requests. Even when employees followed their training to reach out to the real party via another channel, it was onerous for the business and security teams to investigate the fraudulent requests.

“One of the things that we wanted to look at was reducing the workload associated with those types of attacks,” says Field.


James Fritz, Chief Information Security Officer at NFP, explains that their old email setup was too slow and reactive.

“We were asking how to shave hours down to 30 minutes,” says Fritz. ”We have massive amounts of email that all look dramatically different from each other given our various business lines, making it difficult to establish a clean baseline.”

Clearly, NFP needed a new solution.

"How Did You Evaluate New Email Security Solutions?"

DexKo Global:

Like a lot of organizations, DexKo was frustrated by the persistence of targeted BEC and phishing attacks. De Angelo says he tried pretty much everything he could with the SEG solution DexKo had.

“It was very time-consuming,” says de Angelo. “It wasn’t working because the threat landscape has changed and attackers are doing their homework.”

De Angelo explains that DexKo’s current SEG solution simply couldn’t block modern attacks, like highly targeted emails, fake links, fake websites, and more. With the AI boom, things were only getting worse as threat actors began to manipulate public tools to produce higher-quality scams. De Angelo knew DexKo needed a proactive security solution to detect suspicious emails before they reached recipients.

“The AI machine learning technology that Abnormal uses is smarter than static policies where you have to do all the fine-tuning and tweaking.”

Florida Crystals:

By leveraging behavioral analytics, Abnormal can detect and remediate threats even in this dynamic threat environment.

Florida Crystals' main threats were phishing email attacks and invoice fraud in the form of requests to change ACH payments for internal employees. Field describes how threat actors would scour LinkedIn for public information about employees to make their socially-engineered attacks more effective. During a proof of concept with Abnormal, Florida Crystals identified these attacks in real-time and alerted customers that their email account was being used maliciously to instigate payment of fake invoices.

“That really showed us the value, speed, and accuracy of Abnormal,” says Field. “It’s real. It works. And it provided value right out of the gate.”

Florida Crystals knew they didn’t want another SEG. Instead, they wanted a full-fledged replacement that worked with Microsoft. What sold Field on Abnormal was the speed of integration.

“Within 10 minutes we were connected,” says Field. “Abnormal was learning our environment. Just the ease of integration was big for us. We wanted to make sure that the implementation was seamless and delivering value from day one.”


NFP needed a solution that could be stood up from day one with minimal impact on users and maximum effect on security.

“We needed something that did not require a lot of attention,” says Fritz. “Something that once it was up and running, we could leverage machine learning and allow the system to really handle our emails.”

Additionally, Fritz appreciated that he could go beyond the enterprise level to investigate individual emails. Simplifying the architecture benefited both the security administrators and end users. This was also helpful for the acquisition of new companies. Even with a growing number of mailboxes, Abnormal was able to preemptively stop attacks and keep non-malicious emails coming through.

“As we've integrated those new firms, we don’t hear anything from them, which is always a great thing to hear in a cybersecurity post,” says Fritz. “It's either people are upset and so they're reaching out to you or they never talk to you and they're doing good.”

"What Recommendations Do You Have for Other Organizations Looking to Move Beyond Their SEG?"

DexKo Global:

De Angelo says the proof of concept helped him sell the Abnormal solution to DexKo stakeholders and make a case for moving away from a SEG.

“The three magical letters: ‘POC’ tested. It’s a painless process,” says de Angelo.

Being able to use the SEG side by side with Abnormal provided shocking results for what the old solution was letting through and what Abnormal identified as suspicious.

Florida Crystals:

Field recommends that security leaders do their research, and ask their peers, customers, and vendors about what’s working for them—especially if they have a two-tier system.

“Gartner made some commentary about this in their market guide for email security and recommended supplementing if not replacing gateways,” says Field. “I think about 70% of our customer base is not currently using a SEG. That’s where the market is headed.”


Fritz says it's important to recognize the effort and resources that go into stopping compromised emails and spam.

“Those two metrics alone are going to be huge,” says Fritz.

During the proof of concept, the team at NFP saw attacks and spam get through that Abnormal would recognize.

“It was repetitive to the point of absurdity. At that point where everything we were seeing that was getting through on the email side, Abnormal would've stopped,” says Fritz. “If we would've had Abnormal six months ago, three months ago, one month ago, these are the cost savings we would've seen.”

Replace Your SEG with a Modern Email Security Solution

If you have a cloud email platform like Microsoft 365 or Google Workspace, it’s time to go beyond the SEG. Organizations protect more, spend less, and better defend against the most sophisticated threats with advanced, behavioral email security from Abnormal.

Learn more in our series, Peer Insights: Modern Email Security for Modern Threats, as customers discuss the ease, effectiveness, and value of the Abnormal platform for cloud email security. Or schedule a demo today!

Schedule a Demo
Ditch Your SEG: Protect More With Behavioral Email Security

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B 07 22 24 MKT624 Images for Paris Olympics Blog
Threat actors are targeting French businesses ahead of the Paris 2024 Olympics. Learn how they're capitalizing on the event and how to protect your organization.
Read More
B Cross Platform ATO
Cross-platform account takeover is an attack where one compromised account is used to access other accounts. Learn about four real-world examples: compromised email passwords, hijacked GitHub accounts, stolen AWS credentials, and leaked Slack logins.
Read More
B Why MFA Alone Will No Longer Suffice
Explore why account takeover attacks pose a major threat to enterprises and why multi-factor authentication (MFA) alone isn't enough to prevent them.
Read More
Learn how Abnormal uses natural language processing or NLP to protect organizations from phishing, account takeovers, and more.
Read More
B DK Compromise 7 11 24
Discover the top five ways hackers compromise accounts, from exploiting leaked API credentials to SIM swapping partnerships, and more. Learn how these techniques enable account takeover (ATO) and pose risks to enterprises.
Read More
B Sans Recap 7 11 24
Discover trends among modern SOC teams, including misaligned budgets, increased automation, unsatisfactory AI tools, staffing issues, and more.
Read More