For more than a decade, secure email gateways (SEGs) offered sufficient protection against traditional attacks like spam and emails that contained suspicious links or malicious attachments. But today, when threat actors are launching more sophisticated attacks without traditional indicators of compromise, SEGs are woefully inadequate.
In a recent blog post, we shared a few key takeaways from a webinar I co-hosted with Hunter Hogan from Microsoft. Together, we discussed the evolution of the email threat landscape and how SEGs lack the flexibility and functionality to neutralize the full spectrum of modern attacks.
In the second part of the webinar, we talked about how Microsoft 365 and Abnormal Integrated Cloud Email Security (ICES) work together to provide comprehensive defense-in-depth protection against all attacks. This blog post contains a recap of the second part of our conversation.
Microsoft 365 Has Exclusive Access to a Wealth of Data
Because of its global scale and sheer number of enterprise technologies, Microsoft sees more cyberattacks than most other companies. The benefit of this is it allows them to collect a considerable volume of valuable data which they can leverage to increase the efficacy of the platform.
The centerpiece of Microsoft’s $1 billion annual investment in cybersecurity is the intelligence within the Microsoft Intelligent Security Graph. The graph uses AI to glean insights from the trillions of signals received across their consumer and commercial services, efficiently and effectively synthesizing a vast amount of data and converting it into actionable intelligence.
By connecting the individual insights, the graph prevents the signals from being siloed and instead enables Microsoft to detect patterns and identify trends. Additionally, what the graph learns from one point of data can influence how it interprets other data across customers. Aggregating this data also allows Microsoft to gain the necessary visibility into normal and abnormal behavior, particularly with regard to sign-ins and authentications.
Microsoft 365 vs. Traditional Secure Email Gateways
With the Intelligent Security Graph behind it, Microsoft 365 can take advantage of continuously updated data to stay one step ahead of cybercriminals, effectively eliminating the need for a secure email gateway. In fact, Microsoft 365 has the same functionality, without the changes to mailflow required by the SEG. The diagram below showcases the features provided by Microsoft 365, and those outlined in red are the ones most commonly offered by secure email gateway vendors.
Some organizations feel the right approach is just to use both a secure email gateway and Microsoft. The understandable assumption here is that by having two technologies in place, the organization will have defense-in-depth protection. In reality, it’s a duplication of defenses. In addition, many of the features provided by Microsoft are not used due to the way the infrastructure is configured. It’s not out of the ordinary for a secure email gateway vendor to ask an organization to turn off certain features within the Microsoft platform.
When an organization uses both a SEG and Microsoft’s native security functionality, they aren’t increasing their protection—they’re only increasing the amount they pay. The bottom line: in addition to lacking the functionality required to stop advanced attacks, most SEGs don’t even have the full suite of features necessary to consistently prevent basic attacks. And if you use a SEG in tandem with Microsoft with the goal of enhancing your protection, you’re not actually improving your security posture.
Combining the Power of Microsoft 365 With Abnormal
Microsoft’s threat intelligence approach and Abnormal’s behavioral AI approach ensure the highest efficacy against traditional attacks like spam and malware. Abnormal’s platform was also designed to stop modern, socially-engineered attacks (like business email compromise, supply chain compromise, and account takeover) by modeling known good and detecting anomalous behavior. The efficacy of our platform is the result of three key differentiators.
1. Modern Architecture
Abnormal’s cloud-native architecture and API integration with Microsoft 365 allows the platform full end-to-end visibility into both north-south external email flow as well as east-west internal email flow. This insight provides valuable internal email context for better detection and remediation of attacks. SEGs, on the other hand, are designed to be deployed at the perimeter. As a result, they have little to no visibility into internal (east-west) email communications to identify and prevent account takeovers, lateral phishing attempts, or unwanted email content.
2. Behavioral AI Approach
Rather than using a rules- and policies-based system that is triggered only by known indicators of compromise, Abnormal’s approach involves establishing baselines for known good behavior and then recognizing anomalies. Our machine learning engine continuously combines a broad variety of signals to build models that focus on identity, relationships, and context. These behavioral models are learning from every email, every second, to build better known good baselines. In turn, our platform is able to identify unusual behavior faster and reach higher efficacy in blocking modern attacks.
3. Deep Cloud Email Integration
Abnormal is purpose-built to leverage the full power of the cloud. Our platform connects directly with Microsoft 365 via one-click API integration, giving the Abnormal platform access to cloud-based insights through more than 45,000 signals. Abnormal takes the information from Microsoft and correlates it with our behavioral models to achieve the highest-precision protection against email attacks. For example, insight into sign-in events such as the sign-in location and number of failed attempts enables us to provide high accuracy anomaly detection with fewer false positives.
The combined capabilities of Abnormal’s Integrated Cloud Email Security and the native security of Microsoft 365 provide protection against the full spectrum of email attacks—a claim no SEG can make.
Achieving Defense-in-Depth with Abnormal + Microsoft
Email attacks are only going to increase in complexity, and without the right security solutions, it’s just a matter of time before your organization becomes a target. That said, you can be confident that your email security will stop these attacks before they reach employee inboxes by partnering with Abnormal and Microsoft.
To learn more about modern email threats and the ways Abnormal and Microsoft can protect your organization, watch the full webinar recording here.