chat
expand_more

What is Security Posture Management and Why is it Essential?

Discover the story behind the new Security Posture Management add-on and how it protects cloud email users from advanced email attacks.
February 21, 2023

Back in November, we announced the initial release of our Security Posture Management add-on. Since then, we’ve worked with customers from a variety of industries to help them gain greater visibility into potentially high-impact changes to third-party app permissions, user privileges, and mail tenant conditional access policies that could open the door for threat actors if not properly managed.

However, we’ve also received a fair amount of questions asking, “what is an email security vendor doing in the posture management space?” or, similarly, “is this a new SaaS Security Posture Management (SSPM) or Cloud Security Posture Management (CSPM) solution on the block?” And we wanted to make sure you had the answers.

So, let’s dig into exactly what we mean when we say Security Posture Management—and why it’s a critical piece of the cloud email security puzzle.

Minor Misconfigurations, Major Consequences

To answer the question of why Abnormal, or more specifically, why a vendor primarily focused on email is worried about misconfiguration, it’s important to consider the scale of the typical cloud email platform.

On average, our customers have more than 300 third-party applications integrated into their Microsoft 365 environments, according to behavioral data aggregated and analyzed by our Knowledge Bases. Beyond that, those environments are often populated by hundreds or thousands of individual users and mailboxes. These combined applications and users are either stuffed into one sprawling tenant or sliced into groups across hundreds.

And while phishing is still a favorite tool in threat group toolboxes, one change to a tenant conditional access policy to allow legacy authentication can be an inviting open door for an attacker with stolen user credentials hoping to bypass MFA. Worse still, one application from an unknown publisher that suddenly gains write access to a VIP mailbox can be a sign of an attack in progress.

One thing we often heard from customers is that security teams didn’t have visibility into these changes—or if they did, it required time-consuming manual audits to surface this data. As a result, teams would spend significant amounts of time correlating activity across disparate or noisy tools or polling various stakeholders to determine if a change was risky …or if it was business as usual. And that says nothing about the times when a change was made without anyone in security being the wiser.

So, to address this problem, and ensure that Abnormal keeps its promise to protect cloud email platforms, we built the Security Posture Management add-on, which enhances posture visibility by:

  • Leveraging Abnormal Knowledge Base data and querying the cloud email platform to continually centralize and surface new, high-impact events to help minimize configuration gaps.

  • Delivering granular before-and-after views of configuration changes, along with links to entities involved and their activity patterns.

  • Providing links to relevant documentation, suggesting next steps, giving the option to schedule email notifications or SIEM event exports, and providing an acknowledgment workflow to indicate when changes are being addressed.

An Abnormal Approach to Posture Management

At the heart of Abnormal’s Security Posture Management is Inbound Email Security. The purpose of this add-on is to further enhance the Abnormal Platform. The goal is to offer complete cloud email security since, let’s face it, the attack surface extends far beyond the inbox. In fact, one breach caused by a misconfiguration carries an average price tag of $4.14M–and due to the aforementioned lack of visibility that security teams must endure, it can take 183 days to even discover that a breach occurred.

Beyond the conceptual conversation, from a product capability perspective, our Security Posture Management offering is a bit different than the traditional definition of 'posture management'. Security Posture Management is meant to action the data found within the Abnormal Knowledge Bases–accounting for the entities solely within the cloud email platform. As described earlier in this article, the Knowledge Bases are activity hubs in the Abnormal portal, which build dynamic behavioral profiles for each application, user, and tenant in a given mail environment.

Security Posture Management is then meant to report when potentially risky changes occur and support remediation, but layers on from behavioral profiling in the Knowledge Bases to go beyond simple identification and response–giving greater context to a change, helping Security teams understand the difference between whether something is a benign policy change or a potentially malicious over-permissioned app.

Stand a Little Taller with Security Posture Management

Maybe this article answered your questions. Maybe it left you with newer, stranger questions. Either way, we want to hear from you, and we invite you to reach out to your Abnormal representative today or visit the Security Posture Management page to request a demo. Cloud email security is only as strong as its weakest link, and we are finding in conversations with customers that many times a weak link can be fixed with effective cloud email security posture management. Let Abnormal be your email chiropractor.

Interested in learning more about the Abnormal platform?

Schedule a Demo
What is Security Posture Management and Why is it Essential?

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

 

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

 
Integrates Insights Reporting 09 08 22

Related Posts

B Most Interesting Attacks Q1 2024
Take a look at five of the most unique and sophisticated email attacks recently detected and stopped by Abnormal.
Read More
B MKT499 Images for Customer Blog Series
Discover key industry trends and insights from cybersecurity leader Michael Marassa, CTO of New Trier Township High School District 203.
Read More
B Construction Professional Services QR Code Attacks
Abnormal data shows construction firms and professional service providers are up to 19.2 times and 18.5 times, respectively, more likely to receive QR code attacks than organizations in other industries.
Read More
B 1500x1500 Evolving Abnormal R2
From the beginning, we created Abnormal Security to be a generational company that protects people from cybercrime. Here’s how we’re doing it.
Read More
Blog Cover 1500x1500 Images for SOC Time Blog
Discover the critical tasks that occupy SOC analysts’ schedules beyond mere inbox management, and discover insights into optimizing efficiency in cybersecurity operations.
Read More
B 1500x1500 MKT494 Top Women in Cybersecurity
In honor of Women's History Month, we're spotlighting 10 women leaders who are making invaluable contributions to cybersecurity.
Read More