chat
expand_more

What is Security Posture Management and Why is it Essential?

Discover the story behind the new Security Posture Management add-on and how it protects cloud email users from advanced email attacks.
February 21, 2023

Back in November, we announced the initial release of our Security Posture Management add-on. Since then, we’ve worked with customers from a variety of industries to help them gain greater visibility into potentially high-impact changes to third-party app permissions, user privileges, and mail tenant conditional access policies that could open the door for threat actors if not properly managed.

However, we’ve also received a fair amount of questions asking, “what is an email security vendor doing in the posture management space?” or, similarly, “is this a new SaaS Security Posture Management (SSPM) or Cloud Security Posture Management (CSPM) solution on the block?” And we wanted to make sure you had the answers.

So, let’s dig into exactly what we mean when we say Security Posture Management—and why it’s a critical piece of the cloud email security puzzle.

Minor Misconfigurations, Major Consequences

To answer the question of why Abnormal, or more specifically, why a vendor primarily focused on email is worried about misconfiguration, it’s important to consider the scale of the typical cloud email platform.

On average, our customers have more than 300 third-party applications integrated into their Microsoft 365 environments, according to behavioral data aggregated and analyzed by our Knowledge Bases. Beyond that, those environments are often populated by hundreds or thousands of individual users and mailboxes. These combined applications and users are either stuffed into one sprawling tenant or sliced into groups across hundreds.

And while phishing is still a favorite tool in threat group toolboxes, one change to a tenant conditional access policy to allow legacy authentication can be an inviting open door for an attacker with stolen user credentials hoping to bypass MFA. Worse still, one application from an unknown publisher that suddenly gains write access to a VIP mailbox can be a sign of an attack in progress.

One thing we often heard from customers is that security teams didn’t have visibility into these changes—or if they did, it required time-consuming manual audits to surface this data. As a result, teams would spend significant amounts of time correlating activity across disparate or noisy tools or polling various stakeholders to determine if a change was risky …or if it was business as usual. And that says nothing about the times when a change was made without anyone in security being the wiser.

So, to address this problem, and ensure that Abnormal keeps its promise to protect cloud email platforms, we built the Security Posture Management add-on, which enhances posture visibility by:

  • Leveraging Abnormal Knowledge Base data and querying the cloud email platform to continually centralize and surface new, high-impact events to help minimize configuration gaps.

  • Delivering granular before-and-after views of configuration changes, along with links to entities involved and their activity patterns.

  • Providing links to relevant documentation, suggesting next steps, giving the option to schedule email notifications or SIEM event exports, and providing an acknowledgment workflow to indicate when changes are being addressed.

An Abnormal Approach to Posture Management

At the heart of Abnormal’s Security Posture Management is Inbound Email Security. The purpose of this add-on is to further enhance the Abnormal Platform. The goal is to offer complete cloud email security since, let’s face it, the attack surface extends far beyond the inbox. In fact, one breach caused by a misconfiguration carries an average price tag of $4.14M–and due to the aforementioned lack of visibility that security teams must endure, it can take 183 days to even discover that a breach occurred.

Beyond the conceptual conversation, from a product capability perspective, our Security Posture Management offering is a bit different than the traditional definition of 'posture management'. Security Posture Management is meant to action the data found within the Abnormal Knowledge Bases–accounting for the entities solely within the cloud email platform. As described earlier in this article, the Knowledge Bases are activity hubs in the Abnormal portal, which build dynamic behavioral profiles for each application, user, and tenant in a given mail environment.

Security Posture Management is then meant to report when potentially risky changes occur and support remediation, but layers on from behavioral profiling in the Knowledge Bases to go beyond simple identification and response–giving greater context to a change, helping Security teams understand the difference between whether something is a benign policy change or a potentially malicious over-permissioned app.

Stand a Little Taller with Security Posture Management

Maybe this article answered your questions. Maybe it left you with newer, stranger questions. Either way, we want to hear from you, and we invite you to reach out to your Abnormal representative today or visit the Security Posture Management page to request a demo. Cloud email security is only as strong as its weakest link, and we are finding in conversations with customers that many times a weak link can be fixed with effective cloud email security posture management. Let Abnormal be your email chiropractor.

Interested in learning more about the Abnormal platform?

Schedule a Demo
What is Security Posture Management and Why is it Essential?

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Proofpoint Customer Story Blog 8
A Fortune 500 transportation and logistics leader blocked more than 6,700 attacks missed by Proofpoint and reclaimed 350 SOC hours per month by adding Abnormal to its security stack.
Read More
B Gartner MQ 2024 Announcement Blog
Abnormal Security was named a Leader in the 2024 Gartner Magic Quadrant for Email Security Platforms and positioned furthest for Completeness of Vision.
Read More
B Gift Card Scams Tricker to Spot Blog
Learn why gift card scams are becoming more difficult to identify, how cybercriminals evolve their tactics, and strategies to protect your organization.
Read More
B Offensive AI 12 16 24
Learn how AI is used in cybersecurity, what defensive AI vs. offensive AI means, and how to use defensive AI to combat offensive AI.
Read More
B Proofpoint Customer Story Blog 7
See how Abnormal's AI helped a Fortune 500 insurance provider detect 27,847 threats missed by Proofpoint and save 6,600+ hours in employee productivity.
Read More
B Cyberattack Forecast Emerging Threats Blog
Uncover the latest email threats and strategies to strengthen your cybersecurity and prepare for 2025.
Read More