Stairs yellow 5 FINAL

Webinar Recap: Blocking the Advanced Attacks Your SEG Never Could

April 21, 2022

High-impact email attacks are on the rise. Your organization has a 25% chance of receiving a supply chain compromise each week. And 75% of companies have already experienced an account takeover.

Here’s the worst part: if you’re relying on a secure email gateway (SEG) to protect your organization, you’re likely experiencing a false sense of security. SEGs were built to block traditional email attacks that contain known indicators of compromise (IOCs) within on-premises environments. But modern cybercriminals are launching attacks that don’t have those IOCs, and more organizations adopt cloud-based email every day.

I recently co-hosted a webinar with Hunter Hogan, Digital Technical Specialist at Microsoft, about the new generation of advanced attacks and the inability of legacy solutions to mitigate them. Here are a few key takeaways.

The Evolution of the Email Threat Landscape

Malicious emails have been around for more than three decades, nearly as long as email itself. The first iteration of email attacks used primarily low to mid-value and low to mid-impact tactics like spam. Threat actors would target a large number of people and then receive payment for each click of the spam email. Unfortunately for the cybercriminals, email security solutions providers recognized these patterns and developed technology that could effectively detect and block spam.

In response, cybercriminals transitioned to sending emails with malicious links and/or malicious attachments, which allowed them to infect the recipient’s network and steal valuable data. But, starting in the early 2000s, organizations could rely on their SEGs to block most of these attacks, reducing the ROI for attackers to the point it was no longer lucrative.

Now, threat actors have shifted their strategies once more, using never-before-seen URLs and malware and executing text-based social engineering attacks that focus on compromising people, rather than networks. Free of traditional IOCs, these high-value, high-impact campaigns are nearly impossible for traditional email security solutions to detect and yield a substantial ROI for cybercriminals.

While spam, graymail, and generic phishing emails still exist, advanced email attacks such as business email compromise, supply chain compromise, ransomware, and account takeover are becoming increasingly ubiquitous. For example, between 2020 and 2021, Abnormal observed a 300% year-over-year surge in ransomware payments.

Plus, not only are these modern attacks becoming more pervasive, the ensuing losses are growing. The 2021 Internet Crime Report from the FBI Internet Crime Complaint Center (IC3) revealed that cybercrime loss from business email compromise amounted to $2.4 billion last year.

Common Email Security Challenges

In addition to cybercriminals executing more sophisticated attacks, Hogan explained a few other reasons organizations are struggling to defend themselves.

First, the volume of threat signals being consumed by security teams is overwhelming, and in order to derive actionable insights, it requires extensive correlation, which is time-consuming and expensive.

Second, many organizations don’t have a unified cybersecurity tech stack, which causes inefficiencies and inconsistencies. “Stitching together expensive siloed tools can lead to gaps in coverage, limited visibility, and fragmented experiences,” said Hogan.

Finally, attack services have become considerably more accessible and affordable over the past decade. “Essentially, if you have access to a computer with an internet connection and the ability to convert Fiat currency to cryptocurrency to make a purchase from a bad actor, the average person could launch their own cyberattack,” said Hogan.

Why Modern Email Attacks Evade Secure Email Gateways

For years, secure email gateways were effective in filtering malicious emails because the vast majority of organizations used on-premises email environments and cybercriminals followed the same recognizable attack formula. But now, when 70% of organizations have adopted cloud email solutions and threat actors are constantly introducing new tactics, SEGs fall short for three main reasons.

Legacy Architecture

SEGs have a legacy architecture that is neither cloud-native nor features native API integrations with Microsoft 365. As a result, SEGs can only observe and block attacks that are in the ingress-egress external mail flow, also called the north-south traffic.

Without the ability to see east-west traffic, a secure email gateway has no visibility into internal email patterns or the contextual signals that are essential to stopping modern attacks that often originate from the inside.

Outdated Approach

SEGs rely on the concept of known bad, which refers to the idea that if an organization can identify patterns of past suspicious emails such as ones sent from a bad IP address or untrusted domain, it can flag future attacks that match these criteria. The problem is there’s a fundamental flaw in using a rules- and policies-based system that is triggered only by known threats. In today’s evolving threat landscape, there is no “known bad” to latch onto.

For example, what happens when the attack originates from a newly-created account on a trusted domain like Because SEGs only look for known IOCs, they can’t defend against never-before-seen attacks.

Limited Cloud Email Integration

Within the Microsoft 365 platform, there are thousands of context-rich signals such as sign-in events and compromised accounts that can be used to detect suspicious behavior. However, due to the shortcomings of its architecture and approach, a secure email gateway is unable to leverage these signals.

Say an employee who usually signs in from San Francisco is trying to sign in from the Netherlands. After multiple failed login attempts, suddenly the employee is trying to sign in from New York and then successfully logs in. This is a critical signal of a potential attack that a SEG would miss because it’s unable to ingest and correlate these insights.

Clearly, enterprises need to consider a new approach to email security that includes native cloud email protection and integrated cloud email security. Gartner reports that by 2023, at least 40% of all organizations will use built-in protection capabilities from cloud email providers rather than a SEG.

Stopping the Full Spectrum of Email Attacks

Ultimately, the goal for organizations of any size is to achieve a security posture that ensures the company is protected from all types of email attacks—from the simplest spam to the most sophisticated account takeover. That just isn’t possible with a secure email gateway.

In fact, if you’re currently using a SEG with Microsoft Office 365, there’s a good chance you’re not reaping the full benefits of Microsoft’s built-in email security capabilities. We’ve often had customers tell us the SEG vendor has requested they disable certain features within the Microsoft platform, marginalizing the efficacy of a solution they’ve already paid for.

Further, during our risk assessments, we’ve found that SEGs only block about 17% of the attacks that Abnormal does. Without the right technology, more than 80% of malicious emails are safely delivered to your employees, putting you at risk of costly cybercrime.

But with Microsoft Defender for Office 365 and Abnormal, you receive comprehensive, defense-in-depth protection. Microsoft Defender for Office 365 identifies known bad as well as similar to known bad, while Abnormal models known good to identify anomalies. Together, the two solutions keep malicious emails from ever making it to employee inboxes.

Learn Even More About Microsoft and Abnormal

Hunter and I discussed so many great topics in the webinar that a single blog post isn’t enough to cover them all. If you’d like to learn about:

  • The four-phase approach Microsoft takes to threat protection

  • The three key elements of Abnormal’s integrated cloud email security solution

  • How Microsoft and Abnormal work together to keep your organization safe

Then we invite you to watch the recording here!


Prevent the Attacks That Matter Most

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Demo 2x 1

See the Abnormal Solution to the Email Security Problem

Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security.

Related Posts

B 05 11 22 Scaling Out Redis
As we’ve scaled our customer base, the size of our datasets has also grown. With our rapid expansion, we were on track to hit the data storage limit of our Redis server in two months, so we needed to figure out a way to scale beyond this—and fast!
Read More
B 05 17 22 Impersonation Attack
See how threat actors used a single mailbox compromise and spoofed domains to subtly impersonate individuals and businesses to coerce victims to pay fraudulent vendor invoices.
Read More
B 05 14 22 Best Workplace
We are over the moon to announce Abnormal has been named one of Inc. Magazine's Best Workplaces of 2022! Learn more about our commitment to our workforce.
Read More
B 05 13 22 Spring Product Release
This quarter, the team at Abnormal launched new features to improve lateral attack detection, role-based access control (RBAC), and explainable AI. Take a deep dive into all of the latest product enhancements.
Read More
B 05 11 22 Champion Finalist
Abnormal has been selected as a Security Customer Champion finalist in the Microsoft Security Excellence Awards! Here’s a look at why.
Read More
Blog series c cover
When we raised our Series B funding 18 months ago, I promised our customers greater value, more capabilities, and better customer support. We’ve delivered on each of those promises and as we receive an even larger investment, I’m excited about how we can continue to further deliver on each of them.
Read More
B 05 09 22 Partner Community
It’s an honor to be named one of CRN’s 2022 Women of the Channel. Here’s why I appreciate the award and what I love about being a Channel Account Manager at Abnormal.
Read More
B 05 05 22 Fast Facts
Watch this short video to learn current trends and key issues in cloud email security, including how to protect your organization against modern threats.
Read More
B 05 03 22
Like all threats in the cyber threat landscape, ransomware will continue to evolve over time. This post builds on our prior research and looks at the changes we observed in the ransomware threat landscape in the first quarter of 2022.
Read More
B 04 28 22 8 Key Differences
At Abnormal, we pride ourselves on our excellent machine learning engineering team. Here are some patterns we use to distinguish between effective and ineffective ML engineers.
Read More
B 04 26 22 Webinar Re Replacing Your SEG
Learn how Microsoft 365 and Abnormal work together to provide comprehensive defense-in-depth protection in part two of our webinar recap.
Read More
Blog mitigate threats cover
Learn about the most common socially-engineered attacks and why these tactics are still so successful—despite a growing awareness from employees.
Read More