‹  Back

September 28, 2023 · 10m read

A Comprehensive Approach to Securing Email

Material Team 

In the last two decades, email has evolved to become much more than a messaging application. Workplace email accounts have become data repositories, de-facto identities for other SaaS applications, and collaboration tools. It’s no longer sufficient to approach email security solely from the perspective of securing data in transit.

At Material, we've taken a fundamentally different approach to email security.

Material was built to be a complete security solution for your Google and Microsoft accounts - built with the idea that phishing protection is part of that solution but there are many other things to consider beyond detecting inbound threats.

Material is single tenant - data are stored in infrastructure specific to each customer and we provide direct access to that infrastructure. Each customer is able to control access to data and audit data access in a way that no other provider can offer.

While most programs and vendors have traditionally focused on preventing a breach, we need to look no further than the recent Microsoft Incident to see that even at the highest levels, largest solutions providers, and with massive investment in security, it is vital to plan and secure for a post-breach scenario.

Material offers a complete solution by ensuring strong prevention and critical, post-breach controls. In this blog, we'll walk you through this comprehensive approach.

Pre-Breach Security


The first line of defense will always be prevention. Prevention in this context is accomplished by monitoring Microsoft 365 and Google Workspace environments to ensure proper security hygiene and behavior. Material accomplishes this by enabling security teams to:

Just as importantly, we strive to deliver high-signal (not high-volume) alerts and suggested actions from one-click remediations for quick fixes to step-by-step guides for more significant initiatives.


Detection is a primary and important aspect of securing an organization against phishing attempts, and because of this, most security vendors have focused on building more robust and differentiated approaches to detection. Historically, this has meant that these vendors could offer greater detection capabilities. Material offers a complete set of detections through a combination of:


Remediations are also very important, but it is important to do more than just remove messages from the mailbox. A proper remediation protocol should consider:

Investigation and analysis - Whether your organization is using a single instance of Microsoft/Google or your employee base is distributed across tenants and platforms, Material uniquely enables instant, full-text message search, and bulk actions. Learn more about Material's Phishing Protection.

Train & Test

Simulation and education is the last element to ensure that users are prepared for phishing attacks. This process should be simple, effective, and repeatable, and should include:

Post-Breach Security

In spite of significant investment and advancement, no vendor, tool, or team can promise 100% detection and prevention of malicious attacks. Email is unique in the fact that it can be both an attack vector and a target.

While pre-breach security practices secure against attack, it’s vital to secure the target as well - sensitive data, information and access contained within email accounts.

Historically, heavy-handed and productivity-reducing email retention policies have been the primary means of reducing the consequences of a breach and traditional DLP solutions in the modern era offer little more than security theater. Security teams have thus had two options: delete emails or hope for the best. Material was created to offer something more.

A proper approach to securing an organization against the risks presented when an account is compromised should include the following elements:


Not all emails are the same - the age of an email has no correlation with the sensitivity of the content or attachments within it. Material offers immediate identification and classification of PII, PHI, financial data, and other common types of sensitive information. Additionally, security teams are able to define custom matching criteria or integrate with third-party tools to fit their organization's unique needs.


Once identified, sensitive content is redacted from emails to significantly reduce the consequences of a breach. Redaction controls are dynamic and can be configured to whatever context makes sense for an organization’s business. This goes beyond considerations of age and includes content category, user, group, or domains.

When a protected email needs to be retrieved by an end-user, the process is a simple and familiar workflow via the organization’s existing identity or MFA provider.

Learn more about this new way to keep data safe via Material's Data Protection.


As demonstrated in recent news, once an account has been compromised it is very difficult for organizations to assess the extent and severity of data loss, lateral account takeovers, and other nefarious activities that are possible. Material offers the visibility and tooling needed not just to secure Microsoft 365 and Google Workspace; but also to more quickly identify threats (internal and external) and to provide an understanding of who has sensitive data, where it went, and how to manage it.

Easily search across all mailboxes regardless of the number of email tenants or providers in place.

Secure your most critical application

Organizations of all shapes and sizes trust Material to provide visibility, defense-in-depth, and security infrastructure for Microsoft 365 and Google Workspace.

Material integrates in minutes via Microsoft 365 and Google Workspace APIs with zero downtime. Customers get a single-tenant, isolated instance and complete control over the underlying infrastructure.

To learn more, visit www.material.security.