Webinar Recap: Replacing Your SEG With Microsoft + Abnormal

Learn how Microsoft 365 and Abnormal work together to provide comprehensive defense-in-depth protection in part two of our webinar recap.
April 28, 2022

For more than a decade, secure email gateways (SEGs) offered sufficient protection against traditional attacks like spam and emails that contained suspicious links or malicious attachments. But today, when threat actors are launching more sophisticated attacks without traditional indicators of compromise, SEGs are woefully inadequate.

In a recent blog post, we shared a few key takeaways from a webinar I co-hosted with Hunter Hogan from Microsoft. Together, we discussed the evolution of the email threat landscape and how SEGs lack the flexibility and functionality to neutralize the full spectrum of modern attacks.

In the second part of the webinar, we talked about how Microsoft 365 and Abnormal Inbound Email Security work together to provide comprehensive defense-in-depth protection against all attacks. This blog post contains a recap of the second part of our conversation.

Microsoft 365 Has Exclusive Access to a Wealth of Data

Because of its global scale and sheer number of enterprise technologies, Microsoft sees more cyberattacks than most other companies. The benefit of this is it allows them to collect a considerable volume of valuable data which they can leverage to increase the efficacy of the platform.

The centerpiece of Microsoft’s $1 billion annual investment in cybersecurity is the intelligence within the Microsoft Intelligent Security Graph. The graph uses AI to glean insights from the trillions of signals received across their consumer and commercial services, efficiently and effectively synthesizing a vast amount of data and converting it into actionable intelligence.

Microsoft Intelligent Security Graph

By connecting the individual insights, the graph prevents the signals from being siloed and instead enables Microsoft to detect patterns and identify trends. Additionally, what the graph learns from one point of data can influence how it interprets other data across customers. Aggregating this data also allows Microsoft to gain the necessary visibility into normal and abnormal behavior, particularly with regard to sign-ins and authentications.

Microsoft 365 vs. Traditional Secure Email Gateways

With the Intelligent Security Graph behind it, Microsoft 365 can take advantage of continuously updated data to stay one step ahead of cybercriminals, effectively eliminating the need for a secure email gateway. In fact, Microsoft 365 has the same functionality, without the changes to mailflow required by the SEG. The diagram below showcases the features provided by Microsoft 365, and those outlined in red are the ones most commonly offered by secure email gateway vendors.

Displacing the SEG

Some organizations feel the right approach is just to use both a secure email gateway and Microsoft. The understandable assumption here is that by having two technologies in place, the organization will have defense-in-depth protection. In reality, it’s a duplication of defenses. In addition, many of the features provided by Microsoft are not used due to the way the infrastructure is configured. It’s not out of the ordinary for a secure email gateway vendor to ask an organization to turn off certain features within the Microsoft platform.

When an organization uses both a SEG and Microsoft’s native security functionality, they aren’t increasing their protection—they’re only increasing the amount they pay. The bottom line: in addition to lacking the functionality required to stop advanced attacks, most SEGs don’t even have the full suite of features necessary to consistently prevent basic attacks. And if you use a SEG in tandem with Microsoft with the goal of enhancing your protection, you’re not actually improving your security posture.

Combining the Power of Microsoft 365 With Abnormal

Microsoft’s threat intelligence approach and Abnormal’s behavioral AI approach ensure the highest efficacy against traditional attacks like spam and malware. Abnormal’s platform was also designed to stop modern, socially-engineered attacks (like business email compromise, supply chain compromise, and account takeover) by modeling known good and detecting anomalous behavior. The efficacy of our platform is the result of three key differentiators.

1. Modern Architecture

Abnormal’s cloud-native architecture and API integration with Microsoft 365 allows the platform full end-to-end visibility into both north-south external email flow as well as east-west internal email flow. This insight provides valuable internal email context for better detection and remediation of attacks. SEGs, on the other hand, are designed to be deployed at the perimeter. As a result, they have little to no visibility into internal (east-west) email communications to identify and prevent account takeovers, lateral phishing attempts, or unwanted email content.

2. Behavioral AI Approach

Rather than using a rules- and policies-based system that is triggered only by known indicators of compromise, Abnormal’s approach involves establishing baselines for known good behavior and then recognizing anomalies. Our machine learning engine continuously combines a broad variety of signals to build models that focus on identity, relationships, and context. These behavioral models are learning from every email, every second, to build better known good baselines. In turn, our platform is able to identify unusual behavior faster and reach higher efficacy in blocking modern attacks.

3. Deep Cloud Email Integration

Abnormal is purpose-built to leverage the full power of the cloud. Our platform connects directly with Microsoft 365 via one-click API integration, giving the Abnormal platform access to cloud-based insights through more than 45,000 signals. Abnormal takes the information from Microsoft and correlates it with our behavioral models to achieve the highest-precision protection against email attacks. For example, insight into sign-in events such as the sign-in location and number of failed attempts enables us to provide high accuracy anomaly detection with fewer false positives.

The combined capabilities of Abnormal’s Inbound Email Security and the native security of Microsoft 365 provide protection against the full spectrum of email attacks—a claim no SEG can make.

Achieving Defense-in-Depth with Abnormal + Microsoft

Email attacks are only going to increase in complexity, and without the right security solutions, it’s just a matter of time before your organization becomes a target. That said, you can be confident that your email security will stop these attacks before they reach employee inboxes by partnering with Abnormal and Microsoft.

To learn more about modern email threats and the ways Abnormal and Microsoft can protect your organization, watch the full webinar recording here.

Webinar Recap: Replacing Your SEG With Microsoft + Abnormal

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

Integrates Insights Reporting 09 08 22

Related Posts

B Complex Case of Account Compromise Blog
Discover how Abnormal helped one organization detect the sophisticated tactics an attacker used to compromise an employee's email account.
Read More
B Cross Platform Account Takeover
Discover the dangers of cross-platform account takeover, the challenges of detecting this attack, and how to implement proactive protection against ATO.
Read More
B 5 17 24 Legal
Learn how cybercriminals use superficial disclaimers to deceive others while facilitating illegal activity on cybercrime forums.
Read More
B Cybersecurity Influencers Blog 2024
Stay up to date on the latest cybersecurity trends, industry news, and best practices by following these 15 innovative and influential thought leaders on social media.
Read More
B 5 13 24 Docusign
Cybercriminals are abusing Docusign by selling customizable phishing templates on cybercrime forums, allowing attackers to steal credentials for phishing and business email compromise (BEC) scams.
Read More
Abnormal employees honored as CRN 2024 Women of the Channel for their influential leadership in the tech industry.
Read More