About Email Security Posture Management

Cloud Email platforms have become the new standard for any organization, but the open nature of Cloud Email makes it easy to onboard third-party applications with access to sensitive information. It increases the likelihood of misconfigurations such as conflicting authentication policies and over-privileged users. Security teams often don't directly manage these platforms or make lack the visibility and tools to properly monitor and secure them. Attacks that exploit these new entry-exit points are called Email Platform Attacks, which are a new attack surface area in cloud email beyond just inbound email attacks. To provide better visibility into potential risks associated with these new entry and exit points, Abnormal is expanding its knowledge bases, which consolidates core insights for people, applications, and cloud email tenants.

With PeopleBase, security teams have a searchable database of every identity in their environment that summarizes behavior and identity patterns, providing a timeline of posture events for each individual. AppBase builds an inventory of all third-party applications that integrate directly into your Microsoft 365 environment and surfaces a collection of attributes like access level, permissions, and risk analysis with key posture events providing an in-depth understanding of each individual application. And look at this, an employee just delegated, read and write permissions to both calendar and email for this application across the tenant.

I'll follow up with this user later to understand the requirements behind this. Similar to PeopleBase and AppBase, TenantBase organizes information about the email tenants protected by Abnormal Security, and consolidates monitor events into a single location. Abnormal's New Email Security Posture Management add-on module proactively improves the posture of Cloud Email environments by helping security teams increase their risk visibility and take actions on configuration gaps. The solution will constantly monitor for configuration drifts that could open up new entry points to your email platform. This is the posture change that I identified in AppBase, but now with one click, security teams can see the context of the change, make a side-by-side comparison of old versus new, and provide insights on the associated risks.

Security teams are no longer required to manually track each individual posture. A built-in workflow helps analysts track what changes are still pending review and which ones are complete. This simplifies the review process and creates an auto record of all monitor changes. To increase visibility and facilitate the discovery of the current posture state, security teams can quickly verify all configurations, when they were last updated, and see the raw posture data. Abnormal Email Security Posture Management complements our inbound email protection, giving security teams the visibility and context they need to protect against other potential entry and exit points associated with misconfigurations, inadequate legacy certification controls, and permission escalation.