Notifications
Clear all
Topic starter
27/06/2026 1:26 pm
TL;DR: Legacy secure email gateways are no longer sufficient against modern email threats, and Abnormal AI’s Innovate 2025 webinar argues that organizations are replacing SEGs with Microsoft plus Abnormal to improve detection and simplify operations. The real issue is that email security now depends on behavioral detection and operational consolidation, not just perimeter filtering.
NHIMG editorial — here’s why we think this discussion matters
Questions worth separating out
Q: How should security teams handle email threats that bypass secure email gateways?
A: Teams should treat bypass as a signal that perimeter filtering is no longer enough.
Q: Why do email attacks often become identity incidents?
A: Email attacks become identity incidents when the goal is credential theft, session abuse, or unauthorized workflow action.
Practitioner guidance
- Map email compromise to identity impact paths Trace how phishing, impersonation, and mailbox takeover can lead to credential theft, reset abuse, or privileged workflow manipulation.
- Test whether your stack detects behavioral abuse Validate whether controls can flag anomalous sender behavior, message timing, unusual reply chains, and suspicious user interactions rather than only known-bad links or attachments.
- Align email security with access governance Create shared incident playbooks for mailbox compromise, token theft, and account takeover so identity remediation happens alongside email containment.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- How Microsoft plus Abnormal is positioned for email detection and response workflows in practice
- The session’s explanation of why organizations are moving away from secure email gateways
- Operational claims about reduced security complexity and how teams can reorganize monitoring
- ISC2 CPE eligibility and webinar access steps for attendees
👉 Watch Abnormal AI's on-demand webinar on replacing secure email gateways →
Secure email gateways and AI email defense: are controls keeping up?
Explore further
27/06/2026 2:46 pm
Legacy email perimeter controls are no longer aligned to how identity-driven attacks actually work. The problem is not only that threats are more sophisticated, but that the control model was built around filtering content rather than understanding trust, behavior, and downstream identity abuse. Once attackers use convincing messages and legitimate-looking workflows, the secure email gateway becomes a narrow checkpoint instead of a meaningful governance layer. Practitioners should treat email security as part of identity protection, not a separate inbox-only problem.
A few things that frame the scale:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- A further 47% have only partial visibility into those OAuth-connected vendors, which leaves most organisations unable to assess downstream trust chains with confidence.
A question worth separating out:
Q: What is the difference between perimeter email filtering and behavioral email security?
A: Perimeter filtering focuses on content, reputation, and obvious malicious indicators. Behavioral email security looks at how messages, senders, and users behave over time, which helps catch impersonation, compromised accounts, and low-signal attacks that do not look malicious at delivery.
👉 Read our full editorial: Email security is shifting beyond secure email gateways
