September 28, 2023 · 10m read
In the last two decades, email has evolved to become much more than a messaging application. Workplace email accounts have become data repositories, de-facto identities for other SaaS applications, and collaboration tools. It’s no longer sufficient to approach email security solely from the perspective of securing data in transit.
At Material, we've taken a fundamentally different approach to email security.
Material was built to be a complete security solution for your Google and Microsoft accounts - built with the idea that phishing protection is part of that solution but there are many other things to consider beyond detecting inbound threats.
Material is single tenant - data are stored in infrastructure specific to each customer and we provide direct access to that infrastructure. Each customer is able to control access to data and audit data access in a way that no other provider can offer.
While most programs and vendors have traditionally focused on preventing a breach, we need to look no further than the recent Microsoft Incident to see that even at the highest levels, largest solutions providers, and with massive investment in security, it is vital to plan and secure for a post-breach scenario.
Material offers a complete solution by ensuring strong prevention and critical, post-breach controls. In this blog, we'll walk you through this comprehensive approach.
The first line of defense will always be prevention. Prevention in this context is accomplished by monitoring Microsoft 365 and Google Workspace environments to ensure proper security hygiene and behavior. Material accomplishes this by enabling security teams to:
- Measure risky user behavior and poor security hygiene
- Fix misconfiguration and vulnerabilities due to legacy settings
- Discover unsanctioned apps and risky partners
Just as importantly, we strive to deliver high-signal (not high-volume) alerts and suggested actions from one-click remediations for quick fixes to step-by-step guides for more significant initiatives.
Detection is a primary and important aspect of securing an organization against phishing attempts, and because of this, most security vendors have focused on building more robust and differentiated approaches to detection. Historically, this has meant that these vendors could offer greater detection capabilities. Material offers a complete set of detections through a combination of:
- Built-in rules we’ve developed and continue to expand
- AI-based detections powered by threat research and machine learning to detect BEC, VIP impersonation, and other attacks
- Custom rules that we enable organizations to build for their instance based on their needs
- Operationalization of user-identified signals
- Incorporation of alerts from email platforms (Microsoft and Google)
Remediations are also very important, but it is important to do more than just remove messages from the mailbox. A proper remediation protocol should consider:
- Time-to-response - Striking the right balance between security and end-user productivity requires creative solutions. Material automates speed bumps within emails to provide immediate response time and minimal impact on productivity.
- False-positives - Improving the signal-to-noise ratio across security tools is necessary to enable teams to be effective. Material analyzes reported messages to find similar threats and de-escalate false positives.
Investigation and analysis - Whether your organization is using a single instance of Microsoft/Google or your employee base is distributed across tenants and platforms, Material uniquely enables instant, full-text message search, and bulk actions. Learn more about Material's Phishing Protection.
Train & Test
Simulation and education is the last element to ensure that users are prepared for phishing attacks. This process should be simple, effective, and repeatable, and should include:
- Real phishing campaigns - Stale and fictional phishing messages cannot provide proper training or a true understanding of organizational risk. Material allows you to build templates using actual attacks that bypassed detection.
- Ease of deployment - Many solutions require complicated deployments that force security teams to deal with allow lists, MX records, etc. Material uses native APIs to deliver simulations directly.
- Minimal changes to end-user behavior - The more training and workflow changes required to deploy a training/simulation, the poorer the experience and the weaker the impact. Material integrates directly into your email platform to enable users to report messages via various methods so that you can focus on training users on what to look for and not how to respond.
In spite of significant investment and advancement, no vendor, tool, or team can promise 100% detection and prevention of malicious attacks. Email is unique in the fact that it can be both an attack vector and a target.
While pre-breach security practices secure against attack, it’s vital to secure the target as well - sensitive data, information and access contained within email accounts.
Historically, heavy-handed and productivity-reducing email retention policies have been the primary means of reducing the consequences of a breach and traditional DLP solutions in the modern era offer little more than security theater. Security teams have thus had two options: delete emails or hope for the best. Material was created to offer something more.
A proper approach to securing an organization against the risks presented when an account is compromised should include the following elements:
Not all emails are the same - the age of an email has no correlation with the sensitivity of the content or attachments within it. Material offers immediate identification and classification of PII, PHI, financial data, and other common types of sensitive information. Additionally, security teams are able to define custom matching criteria or integrate with third-party tools to fit their organization's unique needs.
Once identified, sensitive content is redacted from emails to significantly reduce the consequences of a breach. Redaction controls are dynamic and can be configured to whatever context makes sense for an organization’s business. This goes beyond considerations of age and includes content category, user, group, or domains.
When a protected email needs to be retrieved by an end-user, the process is a simple and familiar workflow via the organization’s existing identity or MFA provider.
Learn more about this new way to keep data safe via Material's Data Protection.
As demonstrated in recent news, once an account has been compromised it is very difficult for organizations to assess the extent and severity of data loss, lateral account takeovers, and other nefarious activities that are possible. Material offers the visibility and tooling needed not just to secure Microsoft 365 and Google Workspace; but also to more quickly identify threats (internal and external) and to provide an understanding of who has sensitive data, where it went, and how to manage it.
- Monitor and rate-limit sensitive content access with the built-in access log
- Understand which accounts and partners handle the most sensitive content and what risk factors make them vulnerable with built-in reports or custom analytics in Google BigQuery, Snowflake, and more
Easily search across all mailboxes regardless of the number of email tenants or providers in place.
Secure your most critical application
Organizations of all shapes and sizes trust Material to provide visibility, defense-in-depth, and security infrastructure for Microsoft 365 and Google Workspace.
Material integrates in minutes via Microsoft 365 and Google Workspace APIs with zero downtime. Customers get a single-tenant, isolated instance and complete control over the underlying infrastructure.
To learn more, visit www.material.security.