Proactive Posture Management in a Reactive Security Landscape

Discover how Email Security Posture Management provides holistic cloud email security that protects both the inbox and those entry points beyond it.
March 9, 2023

“At What Point Are We Going to Experience a Data Breach?”

No, we aren’t asking about ourselves. That title is a direct quote from an Abnormal Security customer while they discussed current and future security concerns. The context for the quote is more important than the content, in that this customer operated in a highly regulated industry–think finance, healthcare, government–but was concerned about the rising tide of breaches across all sectors.

In 2022 alone, high-profile breaches have been increasingly concentrated at non-traditional targets: from retail giants to social media platforms to digital fashion houses to online wineries. While most organizations have made the investment in multiple security tools, controls, and processes, many of these new members of the “breached club” typically become more disciplined after an incident–hiring external cybersecurity firms to investigate how the breach occurred, investing in new tools and a larger in-house security team, and all of the other checklist items that should’ve happened before the breach.

But if you’re reading this, chances are you know all of this, right? The problem isn’t that your organization lacks the strategy. The problem is that lobbying for a larger security investment to execute that strategy often comes up short. The most frustrating part is often that the same people within your organization who put the brakes on security spending are also acutely aware of how critical security is to the continued success of the business.

What can be done? Well, it isn’t all bad news. There is certainly a way to do more with less through proactive security, specifically proactive security posture management–and more specifically, proactive email security posture management for the cloud email platform. Posture management, in general, has historically been a distributed task–stretched across the teams responsible for identity, app integration and hygiene, and line of business owners needing access to new digital tools.

As Abnormal introduces the Email Security Posture Management add-on, there is a case for security teams to be in the driver’s seat. This is doubly crucial when considering the thousands of user and privilege changes, app integrations and permissions, and mail tenant security policies that make up those hubs of communication and collaboration–cloud email platforms, the front door and town square of most organizations.

A Misconfiguration is Worth a Thousand Breaches

The vast majority of attacks over the past year began with either a phishing email that led to a malicious link or application download or some form of social engineering (which would be used to either bypass employee-configured MFA or help attackers embedded inside the organization gain elevated account privileges).

You may be thinking: those have nothing to do with misconfigurations, so what’s the point? Put a pin in that for one second, and we’ll get back to it. But first, it’s worth noting that some of the most impactful breaches were the direct result of a misconfiguration: from sensitive databases holding information on 213 million users being accessible without a password to applications being configured by end users in a way that allowed internal data to be publicly available, exposing 30+ million records.

In an expansive cloud email environment where security teams note a lack of visibility into platform configurations and permissions, it’s not a stretch to imagine a mail tenant conditional access policy may not be as airtight as it should be. Beyond visibility into those generic misconfigurations, however, is visibility into the malicious configurations that follow a successful phishing or social engineering event. As mentioned above, a significant amount of attacks still begin with phishing or social engineering. While Abnormal Security helps ensure those phishing emails do not make it to the end user, there is always a chance that a personal email on a BYOD device, a phone call from a convincing scammer, or in some cases the right price, could lead to compromised account credentials.

Then what? That attacker will bide their time attempting to fly under the radar, piloting the account and gradually ramping up activity over time. Maybe that user suddenly becomes a global admin on a mail tenant they would otherwise have no need to access. Maybe the user downloads and integrates a new application into the organization’s cloud email environment, an application that somehow gains permission to read and write to executive mailboxes.

From there, the attack begins to take shape. If the security team did not have appropriate posture management visibility–and real-time insights into the impact of changes to the IT and security posture of the organization–that unexpected rights change and malicious app download could go entirely unnoticed.

An Abnormal Approach to Posture Management

At Abnormal Security, we've rethought how Email Security Posture Management should be done, connecting it directly to our Inbound Email Security platform to provide holistic cloud email security that protects both the inbox and those entry points beyond it.

Armed with the information in the Abnormal Security Knowledge Bases–real-time event streams detailing occurrences and changes across applications (AppBase), mail tenants (TenantBase), and corporate users (PeopleBase)–Email Security Posture Management distills this data into posture-specific configuration changes across App Posture, Tenant Posture, and People Posture.

In particular, security teams from a variety of organizations have detailed the pain that comes with knowing users are installing applications but not fully understanding what permissions those applications have and when those permissions change. This pain, coupled with the early detection of unexpected user privilege changes and identifying security policy changes across mail tenants, is the reason email Security Posture Management exists.

While Abnormal Security will find the threats that others can’t when it comes to email communications, staying proactive with dynamic posture monitoring, is the first step in ensuring that if a threat does make it through the perimeter, it doesn’t get far. So, if you ask yourself, “At what point are we going to experience a breach?” it may feel the answer is inevitably, “Soon,” but with appropriate steps towards security posture hygiene, that “soon” may eventually become "never".

Interested in learning more about Email Security Posture Management? Schedule a Demo today!

Schedule a Demo
Proactive Posture Management in a Reactive Security Landscape

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

Integrates Insights Reporting 09 08 22

Related Posts

B 1500x1500 MKT468a Open Graph Images for Phishing Subjects Blog
Discover the most engaging phishing email subjects, according to Abnormal data, and how to protect your organization from these scams.
Read More
B Threat Report BEC VEC Blog
Our H1 2024 Email Threat Report revealed significant year-over-year increases in both business email compromise and vendor email compromise. Learn more.
Read More
B 2 7 24 Product Update
Abnormal product enhancements improve detection efficacy, reporting on QR code attacks, productivity, and protection from account takeover.
Read More
B 1500x1500 Quishing Stats Blog 02 05 24
Today we released our H1 2024 Email Threat Report, which examines the threat landscape and dives into the latest evolution in phishing: QR code attacks.
Read More
B 1 30 23 Microsoft ATO
A recent nation-state actor attack by the Russian-backed threat group Midnight Blizzard infiltrated Microsoft. Discover how Abnormal can protect you from account takeovers in real time.
Read More
B Look alike Domain Tactics
Learn 6 common look-alike domain tactics, some of the ways attackers use look-alike domains, and steps you can take to reduce your risk.
Read More