Abnormal Security Redefines Cloud Email Security with the Launch of Security Posture Management to Protect Against Email Platform Attacks

Abnormal Security, the leading behavioral AI-based security platform, announced its newest addition to the product portfolio as the company progresses toward delivering the most comprehensive cloud email security in the market. The latest innovation protects customers from emerging email platform attacks that are increasing in volume and severity as attackers find new ways to target organizations.

Also Read: Appy Pie Announces Free Domain and Email with Big Thanksgiving Discount

“As we’ve spoken to our customers, we’ve heard increasing concerns about this next generation of attacks. Since they have implemented Abnormal to secure the inbound channel against advanced attacks such as BEC, attackers are looking for new ways to access their inboxes and email platforms”

The open, interconnected nature of cloud email platforms creates new entry points for attackers to exploit and manipulate—increasing the need for security tools that protect organizations from attacks beyond those that are delivered through inbound email. While advanced inbound email attacks like business email compromise and credential phishing remain the primary cloud email attack vector, accounting for $43 billion in exposed losses since 2016, this addition to the Abnormal product portfolio expands the capabilities of cloud email security to protect against side-channel attacks that directly target the entire email platform. In recent headlines, cybercriminals have exploited unguarded entry and exit points to carry out sophisticated platform attacks, including:

• Compromising user and administrator accounts by bypassing MFA policies
• Exploiting global administrator privileges by setting up tenant-wide email forwarding rules that send company emails to attacker inboxes
• Tricking employees into installing malicious OAuth applications through consent phishing email links disguised as file-sharing links

These examples showcase the need for security tools that can detect changes to the cloud email environment and provide full visibility into the current posture. But because security teams often share responsibility for these platforms alongside IT and messaging teams, it is operationally difficult and manual to understand the full scope of potential configurations across thousands of users, third-party applications and email tenants, and manage them accordingly.

“As we’ve spoken to our customers, we’ve heard increasing concerns about this next generation of attacks. Since they have implemented Abnormal to secure the inbound channel against advanced attacks such as BEC, attackers are looking for new ways to access their inboxes and email platforms,” states Mike Britton, chief information security officer at Abnormal Security. “Implementing a solution that can alert security teams to new integrated applications, over-permissioned users, and other potentially risky events will be extremely helpful to security leaders, and Abnormal is excited to evolve our inbound email security platform to provide this capability and better protect our customers from the full spectrum of attacks.”

The new Security Posture Management product from Abnormal gives security teams immediate visibility to each of the potential entry and exit points to the cloud email platform. Increased visibility begins with three new Knowledge Bases, in addition to the existing VendorBase, which present comprehensive databases of employees, third-party applications, and email tenants. Each of the three new Knowledge Bases provides the foundational visibility security teams need to understand potentially exposed surface areas in Microsoft 365 and conduct security investigations.

• AppBase:Provides a running inventory of all of the third-party applications that have access to data within Microsoft 365. It provides a summary of important information about application permissions and data access, as well as an activity timeline of recent events.
• PeopleBase: Provides a directory of each active user in the environment. It uses contextual, behavioral data to build a dynamic user genome. PeopleBase also provides an activity timeline of recent events, including sign-on patterns, suspicious email activity, and more.
• TenantBase: Provides a catalog of each of the email tenants Abnormal Security protects and relevant permissions governing access to them.

Taking the information derived from these Knowledge Bases, the new Security Posture Management product then monitors each entity for potentially risky configuration changes. Key changes may include the escalation of administrator privileges or the integration of new unverified applications with read-write access to mailboxes. When changes occur, Security Posture Management alerts administrators so they can understand the impact and take appropriate downstream action to protect their cloud email platform from insider threats or attacker infiltration.