chat
expand_more

Webinar Recap: Replacing Your SEG With Microsoft + Abnormal

Learn how Microsoft 365 and Abnormal work together to provide comprehensive defense-in-depth protection in part two of our webinar recap.
April 28, 2022

For more than a decade, secure email gateways (SEGs) offered sufficient protection against traditional attacks like spam and emails that contained suspicious links or malicious attachments. But today, when threat actors are launching more sophisticated attacks without traditional indicators of compromise, SEGs are woefully inadequate.

In a recent blog post, we shared a few key takeaways from a webinar I co-hosted with Hunter Hogan from Microsoft. Together, we discussed the evolution of the email threat landscape and how SEGs lack the flexibility and functionality to neutralize the full spectrum of modern attacks.

In the second part of the webinar, we talked about how Microsoft 365 and Abnormal Inbound Email Security work together to provide comprehensive defense-in-depth protection against all attacks. This blog post contains a recap of the second part of our conversation.

Microsoft 365 Has Exclusive Access to a Wealth of Data

Because of its global scale and sheer number of enterprise technologies, Microsoft sees more cyberattacks than most other companies. The benefit of this is it allows them to collect a considerable volume of valuable data which they can leverage to increase the efficacy of the platform.

The centerpiece of Microsoft’s $1 billion annual investment in cybersecurity is the intelligence within the Microsoft Intelligent Security Graph. The graph uses AI to glean insights from the trillions of signals received across their consumer and commercial services, efficiently and effectively synthesizing a vast amount of data and converting it into actionable intelligence.

Microsoft Intelligent Security Graph

By connecting the individual insights, the graph prevents the signals from being siloed and instead enables Microsoft to detect patterns and identify trends. Additionally, what the graph learns from one point of data can influence how it interprets other data across customers. Aggregating this data also allows Microsoft to gain the necessary visibility into normal and abnormal behavior, particularly with regard to sign-ins and authentications.

Microsoft 365 vs. Traditional Secure Email Gateways

With the Intelligent Security Graph behind it, Microsoft 365 can take advantage of continuously updated data to stay one step ahead of cybercriminals, effectively eliminating the need for a secure email gateway. In fact, Microsoft 365 has the same functionality, without the changes to mailflow required by the SEG. The diagram below showcases the features provided by Microsoft 365, and those outlined in red are the ones most commonly offered by secure email gateway vendors.

Displacing the SEG

Some organizations feel the right approach is just to use both a secure email gateway and Microsoft. The understandable assumption here is that by having two technologies in place, the organization will have defense-in-depth protection. In reality, it’s a duplication of defenses. In addition, many of the features provided by Microsoft are not used due to the way the infrastructure is configured. It’s not out of the ordinary for a secure email gateway vendor to ask an organization to turn off certain features within the Microsoft platform.

When an organization uses both a SEG and Microsoft’s native security functionality, they aren’t increasing their protection—they’re only increasing the amount they pay. The bottom line: in addition to lacking the functionality required to stop advanced attacks, most SEGs don’t even have the full suite of features necessary to consistently prevent basic attacks. And if you use a SEG in tandem with Microsoft with the goal of enhancing your protection, you’re not actually improving your security posture.

Combining the Power of Microsoft 365 With Abnormal

Microsoft’s threat intelligence approach and Abnormal’s behavioral AI approach ensure the highest efficacy against traditional attacks like spam and malware. Abnormal’s platform was also designed to stop modern, socially-engineered attacks (like business email compromise, supply chain compromise, and account takeover) by modeling known good and detecting anomalous behavior. The efficacy of our platform is the result of three key differentiators.

1. Modern Architecture

Abnormal’s cloud-native architecture and API integration with Microsoft 365 allows the platform full end-to-end visibility into both north-south external email flow as well as east-west internal email flow. This insight provides valuable internal email context for better detection and remediation of attacks. SEGs, on the other hand, are designed to be deployed at the perimeter. As a result, they have little to no visibility into internal (east-west) email communications to identify and prevent account takeovers, lateral phishing attempts, or unwanted email content.

2. Behavioral AI Approach

Rather than using a rules- and policies-based system that is triggered only by known indicators of compromise, Abnormal’s approach involves establishing baselines for known good behavior and then recognizing anomalies. Our machine learning engine continuously combines a broad variety of signals to build models that focus on identity, relationships, and context. These behavioral models are learning from every email, every second, to build better known good baselines. In turn, our platform is able to identify unusual behavior faster and reach higher efficacy in blocking modern attacks.

3. Deep Cloud Email Integration

Abnormal is purpose-built to leverage the full power of the cloud. Our platform connects directly with Microsoft 365 via one-click API integration, giving the Abnormal platform access to cloud-based insights through more than 45,000 signals. Abnormal takes the information from Microsoft and correlates it with our behavioral models to achieve the highest-precision protection against email attacks. For example, insight into sign-in events such as the sign-in location and number of failed attempts enables us to provide high accuracy anomaly detection with fewer false positives.

The combined capabilities of Abnormal’s Inbound Email Security and the native security of Microsoft 365 provide protection against the full spectrum of email attacks—a claim no SEG can make.

Achieving Defense-in-Depth with Abnormal + Microsoft

Email attacks are only going to increase in complexity, and without the right security solutions, it’s just a matter of time before your organization becomes a target. That said, you can be confident that your email security will stop these attacks before they reach employee inboxes by partnering with Abnormal and Microsoft.


To learn more about modern email threats and the ways Abnormal and Microsoft can protect your organization, watch the full webinar recording here.

Webinar Recap: Replacing Your SEG With Microsoft + Abnormal

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Manufacturing Industry Attack Trends Blog
New data shows a surge in advanced email attacks on manufacturing organizations. Explore our research on this alarming trend.
Read More
B Dropbox Open Enrollment Attack Blog
Discover how Dropbox was exploited in a sophisticated phishing attack that leveraged AiTM tactics to steal credentials during the open enrollment period.
Read More
B AISOC
Discover how AI is transforming security operation centers by reducing noise, enhancing clarity, and empowering analysts with enriched data for faster threat detection and response.
Read More
B Microsoft Blog
Explore the latest cybersecurity insights from Microsoft’s 2024 Digital Defense Report. Discover next-gen security strategies, AI-driven defenses, and critical approaches to counter evolving threats and safeguard your organization.
Read More
B Osterman Blog
Explore five key insights from Osterman Research on how AI-driven tools are revolutionizing defensive cybersecurity by enhancing threat detection, boosting security team efficiency, and countering sophisticated cyberattacks.
Read More
B AI Native Vendors
Explore how AI-native security like Abnormal fights back against AI-powered cyberattacks, protecting your organization from human-targeted threats.
Read More