Abstract White Joint

Webinar Recap: Replacing Your SEG With Microsoft + Abnormal

April 28, 2022

For more than a decade, secure email gateways (SEGs) offered sufficient protection against traditional attacks like spam and emails that contained suspicious links or malicious attachments. But today, when threat actors are launching more sophisticated attacks without traditional indicators of compromise, SEGs are woefully inadequate.

In a recent blog post, we shared a few key takeaways from a webinar I co-hosted with Hunter Hogan from Microsoft. Together, we discussed the evolution of the email threat landscape and how SEGs lack the flexibility and functionality to neutralize the full spectrum of modern attacks.

In the second part of the webinar, we talked about how Microsoft 365 and Abnormal Integrated Cloud Email Security (ICES) work together to provide comprehensive defense-in-depth protection against all attacks. This blog post contains a recap of the second part of our conversation.

Microsoft 365 Has Exclusive Access to a Wealth of Data

Because of its global scale and sheer number of enterprise technologies, Microsoft sees more cyberattacks than most other companies. The benefit of this is it allows them to collect a considerable volume of valuable data which they can leverage to increase the efficacy of the platform.

The centerpiece of Microsoft’s $1 billion annual investment in cybersecurity is the intelligence within the Microsoft Intelligent Security Graph. The graph uses AI to glean insights from the trillions of signals received across their consumer and commercial services, efficiently and effectively synthesizing a vast amount of data and converting it into actionable intelligence.

Microsoft Intelligent Security Graph

By connecting the individual insights, the graph prevents the signals from being siloed and instead enables Microsoft to detect patterns and identify trends. Additionally, what the graph learns from one point of data can influence how it interprets other data across customers. Aggregating this data also allows Microsoft to gain the necessary visibility into normal and abnormal behavior, particularly with regard to sign-ins and authentications.

Microsoft 365 vs. Traditional Secure Email Gateways

With the Intelligent Security Graph behind it, Microsoft 365 can take advantage of continuously updated data to stay one step ahead of cybercriminals, effectively eliminating the need for a secure email gateway. In fact, Microsoft 365 has the same functionality, without the changes to mailflow required by the SEG. The diagram below showcases the features provided by Microsoft 365, and those outlined in red are the ones most commonly offered by secure email gateway vendors.

Displacing the SEG

Some organizations feel the right approach is just to use both a secure email gateway and Microsoft. The understandable assumption here is that by having two technologies in place, the organization will have defense-in-depth protection. In reality, it’s a duplication of defenses. In addition, many of the features provided by Microsoft are not used due to the way the infrastructure is configured. It’s not out of the ordinary for a secure email gateway vendor to ask an organization to turn off certain features within the Microsoft platform.

When an organization uses both a SEG and Microsoft’s native security functionality, they aren’t increasing their protection—they’re only increasing the amount they pay. The bottom line: in addition to lacking the functionality required to stop advanced attacks, most SEGs don’t even have the full suite of features necessary to consistently prevent basic attacks. And if you use a SEG in tandem with Microsoft with the goal of enhancing your protection, you’re not actually improving your security posture.

Combining the Power of Microsoft 365 With Abnormal

Microsoft’s threat intelligence approach and Abnormal’s behavioral AI approach ensure the highest efficacy against traditional attacks like spam and malware. Abnormal’s platform was also designed to stop modern, socially-engineered attacks (like business email compromise, supply chain compromise, and account takeover) by modeling known good and detecting anomalous behavior. The efficacy of our platform is the result of three key differentiators.

1. Modern Architecture

Abnormal’s cloud-native architecture and API integration with Microsoft 365 allows the platform full end-to-end visibility into both north-south external email flow as well as east-west internal email flow. This insight provides valuable internal email context for better detection and remediation of attacks. SEGs, on the other hand, are designed to be deployed at the perimeter. As a result, they have little to no visibility into internal (east-west) email communications to identify and prevent account takeovers, lateral phishing attempts, or unwanted email content.

2. Behavioral AI Approach

Rather than using a rules- and policies-based system that is triggered only by known indicators of compromise, Abnormal’s approach involves establishing baselines for known good behavior and then recognizing anomalies. Our machine learning engine continuously combines a broad variety of signals to build models that focus on identity, relationships, and context. These behavioral models are learning from every email, every second, to build better known good baselines. In turn, our platform is able to identify unusual behavior faster and reach higher efficacy in blocking modern attacks.

3. Deep Cloud Email Integration

Abnormal is purpose-built to leverage the full power of the cloud. Our platform connects directly with Microsoft 365 via one-click API integration, giving the Abnormal platform access to cloud-based insights through more than 45,000 signals. Abnormal takes the information from Microsoft and correlates it with our behavioral models to achieve the highest-precision protection against email attacks. For example, insight into sign-in events such as the sign-in location and number of failed attempts enables us to provide high accuracy anomaly detection with fewer false positives.

The combined capabilities of Abnormal’s Integrated Cloud Email Security and the native security of Microsoft 365 provide protection against the full spectrum of email attacks—a claim no SEG can make.

Achieving Defense-in-Depth with Abnormal + Microsoft

Email attacks are only going to increase in complexity, and without the right security solutions, it’s just a matter of time before your organization becomes a target. That said, you can be confident that your email security will stop these attacks before they reach employee inboxes by partnering with Abnormal and Microsoft.

To learn more about modern email threats and the ways Abnormal and Microsoft can protect your organization, watch the full webinar recording here.


Prevent the Attacks That Matter Most

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Demo 2x 1

See the Abnormal Solution to the Email Security Problem

Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security.

Related Posts

B 05 11 22 Scaling Out Redis
As we’ve scaled our customer base, the size of our datasets has also grown. With our rapid expansion, we were on track to hit the data storage limit of our Redis server in two months, so we needed to figure out a way to scale beyond this—and fast!
Read More
B 05 17 22 Impersonation Attack
See how threat actors used a single mailbox compromise and spoofed domains to subtly impersonate individuals and businesses to coerce victims to pay fraudulent vendor invoices.
Read More
B 05 14 22 Best Workplace
We are over the moon to announce Abnormal has been named one of Inc. Magazine's Best Workplaces of 2022! Learn more about our commitment to our workforce.
Read More
B 05 13 22 Spring Product Release
This quarter, the team at Abnormal launched new features to improve lateral attack detection, role-based access control (RBAC), and explainable AI. Take a deep dive into all of the latest product enhancements.
Read More
B 05 11 22 Champion Finalist
Abnormal has been selected as a Security Customer Champion finalist in the Microsoft Security Excellence Awards! Here’s a look at why.
Read More
Blog series c cover
When we raised our Series B funding 18 months ago, I promised our customers greater value, more capabilities, and better customer support. We’ve delivered on each of those promises and as we receive an even larger investment, I’m excited about how we can continue to further deliver on each of them.
Read More
B 05 09 22 Partner Community
It’s an honor to be named one of CRN’s 2022 Women of the Channel. Here’s why I appreciate the award and what I love about being a Channel Account Manager at Abnormal.
Read More
B 05 05 22 Fast Facts
Watch this short video to learn current trends and key issues in cloud email security, including how to protect your organization against modern threats.
Read More
B 05 03 22
Like all threats in the cyber threat landscape, ransomware will continue to evolve over time. This post builds on our prior research and looks at the changes we observed in the ransomware threat landscape in the first quarter of 2022.
Read More
B 04 28 22 8 Key Differences
At Abnormal, we pride ourselves on our excellent machine learning engineering team. Here are some patterns we use to distinguish between effective and ineffective ML engineers.
Read More
B 04 26 22 Webinar Re Replacing Your SEG
Learn how Microsoft 365 and Abnormal work together to provide comprehensive defense-in-depth protection in part two of our webinar recap.
Read More
Blog mitigate threats cover
Learn about the most common socially-engineered attacks and why these tactics are still so successful—despite a growing awareness from employees.
Read More