As the world's largest manufacturer and distributor of sewing thread and the second-largest manufacturer of zippers, there's a good chance Coats supplied the materials for at least one item in your closet.
For more than 250 years, the organization has made technological innovation a priority—both in terms of how it meets the needs of its customers and how it supports its workforce.
In a recent webinar, I sat down with Benjamin Corll, VP of Cyber Security and Data Protection at Coats, to discuss the email security challenges the organization was experiencing. During the hour we spent together, we talked about how the global manufacturer’s use of the Abnormal Integrated Cloud Email Security (ICES) platform blocked advanced attacks in a way legacy tools never could.
Coats’ Email Security Challenges
Like many enterprises, Coats experienced a considerable year-over-year increase in advanced email attacks during 2020, largely due to the shift to remote work caused by the pandemic. Coats had previously invested in Microsoft Defender for Office 365, which was effective in blocking common email attacks and messages with known indicators of compromise.
However, despite continuous tuning of their system, malicious messages were still being delivered to employee inboxes. Because these attacks were often text-based and contained no known bad indicators like a malicious attachment, they were allowed to bypass basic safeguards and land in employee inboxes.
To help reduce the likelihood of employees engaging with email-based threats, Benjamin and his team provided ongoing security awareness training. Still, he recognized that as long as email attacks were entering employee inboxes, there was no way to eliminate the risk entirely. “Yes, my end users are trained, but somebody’s going to make a mistake,” said Benjamin. “All they have to do is inadvertently click on a link, and all of a sudden, bad things are going to happen.”
For Benjamin, it came down to answering one question: how can Coats properly detect and prevent attacks before end users have the opportunity to interact with them?
Initial Steps to Improve Protection
The security team started by making the filtering rules more strict. Unfortunately, this led to legitimate messages being quarantined. Soon the service desk was fielding a growing number of calls from employees wondering where their important emails were.
Benjamin’s team then spent significant time fine-tuning their safelist and manually creating “if this, then that” transport rules based on email content and context. The result was attention and resources being diverted from innovation and other security priorities.
Benjamin knew the answer was not to replace the technology the organization currently had in place, but instead to find a solution that enhanced Microsoft’s native security capabilities. The objective was to maximize the ROI on the technology investment that had already been made, while also preventing these advanced attacks from being delivered.
On the Hunt for Defense in Depth
Coats first looked into adding a traditional secure email gateway (SEG). But after conversations with multiple SEG providers, Benjamin concluded that the protections a SEG offered were too similar to what Microsoft was already providing. This overlap in features meant that instead of helping the organization achieve defense-in-depth protection, implementing a SEG would likely require Coats to turn off the functionality of their existing solution and hope the SEG was more effective.
From Benjamin’s perspective, the ideal scenario would be to find technology that could offer behavioral analysis-based protection that complemented Microsoft’s threat intelligence-based defense. This would provide Coats with high-accuracy attack detection and prevention against every type of threat in the attack landscape. It would also free the Coats security team to focus on mitigating and remediating other threats.
Once the decision to look for a more innovative technology had been made, Benjamin faced a common challenge for security leaders: assessing the strategic and tactical aspects of a proposed investment and then finding a balance between the two. Thankfully, with more than two decades of experience in information security, Benjamin had a clear idea of what Coats specifically needed from a cloud email security solution.
Must-Haves for an Email Security Solution
Benjamin identified four key attributes that the right security solution would have:
Behavior- and context-based detection with the highest efficacy
First and foremost, Benjamin needed a solution that enabled Coats to achieve defense-in-depth protection. The technology should enhance Microsoft's protection with machine learning and behavioral AI to block the full breadth of email attacks with minimal false positives.
Seamless integration with Microsoft and no disruption to mail flow
Benjamin didn’t want his team to have to worry about changing mail exchange (MX) records or redirecting mail flow. He wanted a platform that integrated directly with Microsoft via APIs to simplify Coats’ security architecture and give the security team complete visibility into email traffic.
Simple implementation with no configuration required
With a security team that was already stretched thin, Benjamin wanted a platform that could be integrated and running as quickly as possible. He didn’t have the ability to accommodate an implementation process that took weeks or required extensive configuration before the solution would be effective.
Automated triage and remediation
One of Benjamin’s biggest challenges was that his analysts were spending too much time writing transport rules to block malicious attacks and researching why legitimate emails were blocked. He needed a solution that leveraged automation, giving time back to his security analysts so they could focus on other threats.
In the course of his research, Benjamin learned that Abnormal Integrated Cloud Email Security (ICES) is the only email security platform that offers precise detection against advanced email attacks, streamlines email security architecture, and reduces security team overhead—all while working seamlessly with Microsoft 365’s native security features.
Following an email security risk assessment, Coats knew partnering with Abnormal was the obvious choice.
Abnormal ICES Optimizes Security Across a Complex Supply Chain
Prior to implementing Abnormal ICES, Coats recorded 1,800 incidents of employees engaging with unsafe messages per year. Since adding Abnormal ICES to its security environment, Coats has seen a 97% decrease in daily unsafe user engagements, saving the security team an average of 30 hours per week on inbox investigations and errant message retrieval. Coats has also had zero accounts compromised in the past year.
In addition, Abnormal’s VendorBase assessed Coats’ 7,099 vendors and evaluated their messages for potential compromise. Based on each vendor’s legitimacy, history of compromise, and history of impersonation attempts both at Coats and across all Abnormal customers, 50 high-risk and medium-risk vendor email accounts were identified. Once identified, messages from these vendors were more closely scrutinized to ensure that all communications were legitimate and that no attacks bypassed the Abnormal platform.
Together, Abnormal and Microsoft provide Coats with a reliable, layered defense that protects its 11,000 employee inboxes from both common and more sophisticated email attacks.
Protecting Coats from Modern Email Threats
With more than 7,000 vendors in its network and a workforce of more than 17,000, Coats is at high risk for socially-engineered attacks—especially financial supply chain compromise. But with Abnormal ICES, Benjamin and the security team at Coats can be confident they have best-in-class protection against all advanced email attacks.
Now, instead of spending hours investigating email-based threats, they can focus on continuing the company’s centuries-long tradition of innovation.