Notifications
Clear all
Topic starter
27/06/2026 1:18 pm
TL;DR: 70% of its customers have fully moved away from secure email gateways, as legacy SEG controls continue to miss attack types that are increasing and Microsoft 365 expands native security capabilities, according to Abnormal AI. The shift shows email defence is now a control-design problem, not just a filtering problem.
NHIMG editorial — here’s why we think this discussion matters
By the numbers:
- 70% of Abnormal customers have fully moved away from their secure email gateways.
Questions worth separating out
Q: How should security teams decide whether to keep a secure email gateway?
A: Treat the decision as a control-coverage exercise, not a brand preference.
Q: Why do secure email gateways struggle with identity-linked attacks?
A: Because many modern email attacks are not obvious at delivery time.
Practitioner guidance
- Map SEG coverage to real attack paths Test whether your current gateway catches credential harvesting, thread hijacking, and trusted-service abuse, not just malicious attachments and links.
- Compare native mailbox controls against gateway functions Inventory what Microsoft 365 already enforces for quarantine, detonation, impersonation detection, and post-delivery response, then remove duplicate SEG functions where the platform provides equivalent control.
- Add behavioral detections to email governance Prioritise anomalies such as unusual forwarding, impossible travel linked to mailbox access, and conversation takeover patterns that content filters do not reliably catch.
What to expect at the briefing
Abnormal AI's full webinar covers the operational detail this post intentionally leaves for the source:
- The seven lessons the product experts want teams to apply when replacing a SEG
- Specific examples of the attack types still bypassing legacy email gateways
- How Microsoft 365 native capabilities change the practical decision about retaining or removing a SEG
- Customer-led context on why organisations chose to deprecate the gateway layer
👉 Read Abnormal AI's webinar on the SEG migration and email security lessons →
Secure email gateways: what their migration says for IAM teams?
Explore further
27/06/2026 2:36 pm
Legacy email gateways are a shrinking control boundary, not a complete defence layer. The article’s core claim is not that email security is obsolete, but that the point of enforcement has moved. Once attacks depend on identity context, mailbox state, or trusted cloud services, a gateway’s pre-delivery inspection no longer captures the full risk. Practitioners should treat SEG coverage as one layer in a broader identity-aware email defence model.
A few things that frame the scale:
- 43% of security professionals are concerned about AI systems learning and reproducing sensitive information patterns from codebases, according to The State of Secrets in AppSec.
- Organisations maintain an average of 6 distinct secrets manager instances, which fragments governance and weakens centralized control.
A question worth separating out:
Q: Who should own response when an email attack turns into account compromise?
A: Ownership should be shared, but accountability must be explicit. Messaging, identity, and endpoint teams each touch part of the problem, yet one function needs authority to coordinate containment, user recovery, and mailbox hardening. Without that, email incidents linger long after the initial malicious message is blocked.
👉 Read our full editorial: Legacy secure email gateways are losing ground in email defense
