chat
expand_more

What is Security Posture Management and Why is it Essential?

Discover the story behind the new Security Posture Management add-on and how it protects cloud email users from advanced email attacks.
February 21, 2023

Back in November, we announced the initial release of our Security Posture Management add-on. Since then, we’ve worked with customers from a variety of industries to help them gain greater visibility into potentially high-impact changes to third-party app permissions, user privileges, and mail tenant conditional access policies that could open the door for threat actors if not properly managed.

However, we’ve also received a fair amount of questions asking, “what is an email security vendor doing in the posture management space?” or, similarly, “is this a new SaaS Security Posture Management (SSPM) or Cloud Security Posture Management (CSPM) solution on the block?” And we wanted to make sure you had the answers.

So, let’s dig into exactly what we mean when we say Security Posture Management—and why it’s a critical piece of the cloud email security puzzle.

Minor Misconfigurations, Major Consequences

To answer the question of why Abnormal, or more specifically, why a vendor primarily focused on email is worried about misconfiguration, it’s important to consider the scale of the typical cloud email platform.

On average, our customers have more than 300 third-party applications integrated into their Microsoft 365 environments, according to behavioral data aggregated and analyzed by our Knowledge Bases. Beyond that, those environments are often populated by hundreds or thousands of individual users and mailboxes. These combined applications and users are either stuffed into one sprawling tenant or sliced into groups across hundreds.

And while phishing is still a favorite tool in threat group toolboxes, one change to a tenant conditional access policy to allow legacy authentication can be an inviting open door for an attacker with stolen user credentials hoping to bypass MFA. Worse still, one application from an unknown publisher that suddenly gains write access to a VIP mailbox can be a sign of an attack in progress.

One thing we often heard from customers is that security teams didn’t have visibility into these changes—or if they did, it required time-consuming manual audits to surface this data. As a result, teams would spend significant amounts of time correlating activity across disparate or noisy tools or polling various stakeholders to determine if a change was risky …or if it was business as usual. And that says nothing about the times when a change was made without anyone in security being the wiser.

So, to address this problem, and ensure that Abnormal keeps its promise to protect cloud email platforms, we built the Security Posture Management add-on, which enhances posture visibility by:

  • Leveraging Abnormal Knowledge Base data and querying the cloud email platform to continually centralize and surface new, high-impact events to help minimize configuration gaps.

  • Delivering granular before-and-after views of configuration changes, along with links to entities involved and their activity patterns.

  • Providing links to relevant documentation, suggesting next steps, giving the option to schedule email notifications or SIEM event exports, and providing an acknowledgment workflow to indicate when changes are being addressed.

An Abnormal Approach to Posture Management

At the heart of Abnormal’s Security Posture Management is Inbound Email Security. The purpose of this add-on is to further enhance the Abnormal Platform. The goal is to offer complete cloud email security since, let’s face it, the attack surface extends far beyond the inbox. In fact, one breach caused by a misconfiguration carries an average price tag of $4.14M–and due to the aforementioned lack of visibility that security teams must endure, it can take 183 days to even discover that a breach occurred.

Beyond the conceptual conversation, from a product capability perspective, our Security Posture Management offering is a bit different than the traditional definition of 'posture management'. Security Posture Management is meant to action the data found within the Abnormal Knowledge Bases–accounting for the entities solely within the cloud email platform. As described earlier in this article, the Knowledge Bases are activity hubs in the Abnormal portal, which build dynamic behavioral profiles for each application, user, and tenant in a given mail environment.

Security Posture Management is then meant to report when potentially risky changes occur and support remediation, but layers on from behavioral profiling in the Knowledge Bases to go beyond simple identification and response–giving greater context to a change, helping Security teams understand the difference between whether something is a benign policy change or a potentially malicious over-permissioned app.

Stand a Little Taller with Security Posture Management

Maybe this article answered your questions. Maybe it left you with newer, stranger questions. Either way, we want to hear from you, and we invite you to reach out to your Abnormal representative today or visit the Security Posture Management page to request a demo. Cloud email security is only as strong as its weakest link, and we are finding in conversations with customers that many times a weak link can be fixed with effective cloud email security posture management. Let Abnormal be your email chiropractor.

Interested in learning more about the Abnormal platform?

Schedule a Demo
What is Security Posture Management and Why is it Essential?

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Proofpoint Customer Story F500 Insurance Provider
A Fortune 500 insurance provider blocked 6,454 missed attacks and saved 341 SOC hours per month by adding Abnormal to address gaps left by Proofpoint.
Read More
B Malicious AI Platforms Blog
What happened to WormGPT? Discover how AI tools like WormGPT changed cybercrime, why they vanished, and what cybercriminals are using now.
Read More
B MKT748 Open Graph Images for Cyber Savvy 7
Explore insights from Brian Markham, CISO at EAB, as he discusses cybersecurity challenges, building trust in education, adapting to AI threats, and his goals for the future. Learn how he and his team are working to make education smarter while prioritizing data security.
Read More
B Manufacturing Industry Attack Trends Blog
New data shows a surge in advanced email attacks on manufacturing organizations. Explore our research on this alarming trend.
Read More
B Dropbox Open Enrollment Attack Blog
Discover how Dropbox was exploited in a sophisticated phishing attack that leveraged AiTM tactics to steal credentials during the open enrollment period.
Read More
B AISOC
Discover how AI is transforming security operation centers by reducing noise, enhancing clarity, and empowering analysts with enriched data for faster threat detection and response.
Read More