Abstract White Joint

Webinar Recap: Replacing Your SEG With Microsoft + Abnormal

April 28, 2022

For more than a decade, secure email gateways (SEGs) offered sufficient protection against traditional attacks like spam and emails that contained suspicious links or malicious attachments. But today, when threat actors are launching more sophisticated attacks without traditional indicators of compromise, SEGs are woefully inadequate.

In a recent blog post, we shared a few key takeaways from a webinar I co-hosted with Hunter Hogan from Microsoft. Together, we discussed the evolution of the email threat landscape and how SEGs lack the flexibility and functionality to neutralize the full spectrum of modern attacks.

In the second part of the webinar, we talked about how Microsoft 365 and Abnormal Integrated Cloud Email Security (ICES) work together to provide comprehensive defense-in-depth protection against all attacks. This blog post contains a recap of the second part of our conversation.

Microsoft 365 Has Exclusive Access to a Wealth of Data

Because of its global scale and sheer number of enterprise technologies, Microsoft sees more cyberattacks than most other companies. The benefit of this is it allows them to collect a considerable volume of valuable data which they can leverage to increase the efficacy of the platform.

The centerpiece of Microsoft’s $1 billion annual investment in cybersecurity is the intelligence within the Microsoft Intelligent Security Graph. The graph uses AI to glean insights from the trillions of signals received across their consumer and commercial services, efficiently and effectively synthesizing a vast amount of data and converting it into actionable intelligence.

Microsoft Intelligent Security Graph

By connecting the individual insights, the graph prevents the signals from being siloed and instead enables Microsoft to detect patterns and identify trends. Additionally, what the graph learns from one point of data can influence how it interprets other data across customers. Aggregating this data also allows Microsoft to gain the necessary visibility into normal and abnormal behavior, particularly with regard to sign-ins and authentications.

Microsoft 365 vs. Traditional Secure Email Gateways

With the Intelligent Security Graph behind it, Microsoft 365 can take advantage of continuously updated data to stay one step ahead of cybercriminals, effectively eliminating the need for a secure email gateway. In fact, Microsoft 365 has the same functionality, without the changes to mailflow required by the SEG. The diagram below showcases the features provided by Microsoft 365, and those outlined in red are the ones most commonly offered by secure email gateway vendors.

Displacing the SEG

Some organizations feel the right approach is just to use both a secure email gateway and Microsoft. The understandable assumption here is that by having two technologies in place, the organization will have defense-in-depth protection. In reality, it’s a duplication of defenses. In addition, many of the features provided by Microsoft are not used due to the way the infrastructure is configured. It’s not out of the ordinary for a secure email gateway vendor to ask an organization to turn off certain features within the Microsoft platform.

When an organization uses both a SEG and Microsoft’s native security functionality, they aren’t increasing their protection—they’re only increasing the amount they pay. The bottom line: in addition to lacking the functionality required to stop advanced attacks, most SEGs don’t even have the full suite of features necessary to consistently prevent basic attacks. And if you use a SEG in tandem with Microsoft with the goal of enhancing your protection, you’re not actually improving your security posture.

Combining the Power of Microsoft 365 With Abnormal

Microsoft’s threat intelligence approach and Abnormal’s behavioral AI approach ensure the highest efficacy against traditional attacks like spam and malware. Abnormal’s platform was also designed to stop modern, socially-engineered attacks (like business email compromise, supply chain compromise, and account takeover) by modeling known good and detecting anomalous behavior. The efficacy of our platform is the result of three key differentiators.

1. Modern Architecture

Abnormal’s cloud-native architecture and API integration with Microsoft 365 allows the platform full end-to-end visibility into both north-south external email flow as well as east-west internal email flow. This insight provides valuable internal email context for better detection and remediation of attacks. SEGs, on the other hand, are designed to be deployed at the perimeter. As a result, they have little to no visibility into internal (east-west) email communications to identify and prevent account takeovers, lateral phishing attempts, or unwanted email content.

2. Behavioral AI Approach

Rather than using a rules- and policies-based system that is triggered only by known indicators of compromise, Abnormal’s approach involves establishing baselines for known good behavior and then recognizing anomalies. Our machine learning engine continuously combines a broad variety of signals to build models that focus on identity, relationships, and context. These behavioral models are learning from every email, every second, to build better known good baselines. In turn, our platform is able to identify unusual behavior faster and reach higher efficacy in blocking modern attacks.

3. Deep Cloud Email Integration

Abnormal is purpose-built to leverage the full power of the cloud. Our platform connects directly with Microsoft 365 via one-click API integration, giving the Abnormal platform access to cloud-based insights through more than 45,000 signals. Abnormal takes the information from Microsoft and correlates it with our behavioral models to achieve the highest-precision protection against email attacks. For example, insight into sign-in events such as the sign-in location and number of failed attempts enables us to provide high accuracy anomaly detection with fewer false positives.

The combined capabilities of Abnormal’s Integrated Cloud Email Security and the native security of Microsoft 365 provide protection against the full spectrum of email attacks—a claim no SEG can make.

Achieving Defense-in-Depth with Abnormal + Microsoft

Email attacks are only going to increase in complexity, and without the right security solutions, it’s just a matter of time before your organization becomes a target. That said, you can be confident that your email security will stop these attacks before they reach employee inboxes by partnering with Abnormal and Microsoft.


To learn more about modern email threats and the ways Abnormal and Microsoft can protect your organization, watch the full webinar recording here.

Image

Prevent the Attacks That Matter Most

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

0
Demo 2x 1

See the Abnormal Solution to the Email Security Problem

Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security.

Related Posts

B 10 3 22 Cobalt Terrapin Blog
Threat group Cobalt Terrapin uses sophisticated impersonation techniques with multiple steps to commit invoice fraud.
Read More
B 09 29 22 CISO Cybersecurity Awareness Month
October is here, which means Cybersecurity Awareness Month is officially in full swing! These five tips can help security leaders take full advantage of the month.
Read More
B Email Security Challenges Blog 09 26 22
Understanding common email security challenges caused by your legacy technology will help you determine the best solution to improve your security posture.
Read More
B 5 Crucial Tips
Retailers are a popular target for threat actors due to their wealth of customer data and availability of funds. Here are 5 cybersecurity tips to help retailers reduce their risk of attack.
Read More
B 3 Essential Elements
Legacy approaches to managing unwanted mail are neither practical nor scalable. Learn the 3 essential elements of modern, effective graymail management.
Read More
B Back to School
Discover how threat group Chiffon Herring leverages impersonation and spoofed email addresses to divert paychecks to mule accounts.
Read More
B 09 06 22 Rearchitecting a System Blog
We recently shared a look at how the Abnormal engineering team overhauled our Unwanted Mail service architecture to accommodate our rapid growth. Today, we’re diving into how the team migrated traffic to the new architecture—with zero downtime.
Read More
B Industry Leading CIS Os
Stay up to date on the latest cybersecurity trends, industry news, and best practices by following these 12 innovative and influential thought leaders on social media.
Read More
B Podcast Engineering 11 08 24 22
In episode 11 of Abnormal Engineering Stories, David Hagar, Director of Engineering and Abnormal Head of UK Engineering, continues his conversation with Zehan Wang, co-founder of Magic Pony.
Read More