Email Security

Q&A: Material Security’s Rajan Kapoor On Evolving Email Threats & Securing The Whole Productivity Suite

Expert Insights interviews Rajan Kapoor, Field CISO, Material Security.

Last updated on Jan 07, 2025
Joel Witts Written by Joel Witts
Material Field CISO

Email security is one of the primary vectors for cyber-attacks in the enterprise. Organizations are having to grapple with increasingly sophisticated threats like social engineering, AI-driven phishing, and account takeovers.

To successfully combat these threats, we must think bigger than just securing the inbox itself, argues Rajan Kapoor, Field CISO at Material Security.

“What needs to change is the way we think about email security, because it’s not just an email problem – it’s a workspace problem. We’re only looking at a small part of the true security when we think about it taking place when email travels into the inbox,” he tells Expert Insights.

With more than two decades of experience in cybersecurity, privacy, and IT, Rajan Kapoor knows these challenges inside out. Prior to joining Material Security, Kapoor served as the Director of Security at Dropbox, where he oversaw teams focused on data security, account security, and technical program management.

In this Q&A, Kapoor discusses the evolving challenges of email security, the Material Security platform, and the priorities organizations should focus on as they plan for 2025.

Q. What are the biggest challenges for customers in the email security space today and how are threats evolving?

Really, the biggest challenges around email security today are the same that they’ve always been: there are countless ways for attackers to get into your inbox, and once they’re in, they can do an immense amount of damage.

What needs to change is the way we think about email security, because it’s not just an email problem – it’s a workspace problem. We’re only looking at a small part of the true security when we think about it taking place when email travels into the inbox. We have decades of proof that a breach will happen, and we should be putting protections in place that limit the damage.

This is even more important in today’s threat landscape, where we’re faced with the social engineering, password stuffing, and session hijacking exploits we’re familiar with, only at an unprecedented scale. That’s because the same AI tools we use to streamline our work are being used by bad actors to scale and personalize these campaigns, making them even more dangerous and even more likely to evade traditional approaches to email security.

This scale of attacks means that focusing solely on preventing intrusion into the inbox without hardening the workspace surrounding it means information is more vulnerable than ever. Attackers only have to be right–or get lucky–once to subvert even the strongest inbound protection. Securing sensitive data, understanding the risk profile of your entire productivity suite and protecting broader access to systems and apps tied to the inbox is the logical next evolutionary step of email security.

Q. How does the Material Security platform help teams to address these challenges, and how do you differentiate yourselves from competitors?

Material helps customers stop inbound email threats, but that’s just one component of our solution. It was founded on the gap in the market that left the inbox–and the data and links to other sensitive apps–completely vulnerable to attackers once the walls were breached.

Material fills this gap with a multi-layered approach that brings a true zero trust approach to email and productivity suite security. It integrates directly with customers’ Google Workspace and Microsoft 365 via API and not only scans inbound emails for threats, but automatically detects and secures sensitive data, password resets, account signups, and other sensitive emails behind MFA prompts.

This additional layer of protection is already more than what competitors can offer, but Material doesn’t stop there. Material surfaces signals from across the productivity suite to find more subtle areas of risk that are difficult to detect and even harder to remediate using native tooling. Material’s unified detections platform leverages a range of ML models to surface and correlate issues across email, data, and identity security as well as data governance and configuration management to give security teams a comprehensive and prioritized view into the risks and threats across their email and productivity suite.

This provides another layer of protection, minimizing the blast radius of a compromised account by significantly limiting the amount of sensitive data an attacker can access and preventing them from jumping to other SaaS apps and services linked with that account.

Material also streamlines security operations in the productivity suite, automating user report response and risky file sharing management in Google Drive. In short, Material provides streamlined comprehensive security operations across the email and productivity suite, stopping more attacks, minimizing the effect of breaches, and proactively hardening security posture to prevent attacks in the first place.

Q. What are your top recommendations for CISOs in the process of looking for an email security solution?

Take a full view of your environment–look at your inbound protections, of course. But take a broader look at your security operations around your email. Take a full inventory of the risks across your environment, look at where your security team is spending their time around email and productivity suite security, and make sure those line up.

How much sensitive data lives in your inbox–and which inboxes have the most critical files? How many files within your Drive contain sensitive data and are shared outside your organization? Are there gaps in your SSO federation or MFA deployment? How many third-party apps could an attacker get to from a compromised inbox? There is no one-size-fits-all security program. Every company’s unique organizational structures and workflows create unique risks. The first step toward mitigating those risks is understanding them.

Q. What trends do you expect to see in the email security space in 2025? 

The obvious answer here is the continued expansion of AI within email security tools. AI, particularly generative AI like LLMs and GPTs, have transformed the way we all do business, and AI in some form or another has been strengthening cybersecurity tools under the hood for longer than most realize.

But as we’re seeing machine learning models evolve at incredible speeds, the potential benefits they offer to security teams is immense. But there’s potential risk there, as well.

Understanding how these models are trained, how they operate, how they handle data, and how their results are verified is critical. There’s a balance to be struck between artificial intelligence and human expertise, and ensuring you have enough transparency to understand what’s going on will be critical.

We’re also hopeful that in 2025, the market will recognize the importance of seeing email security through the lens of the entire spectrum of threats against the productivity suite.

Not just inbound attacks, but data exfiltration from the inbox, external sharing of sensitive files from shared drives, misconfigurations, and risky user behaviors–all of these things can have the same impact as clicking a link on a phishing email, yet receive a fraction of the attention.

Q. In your view, what should organizations’ top email security planning priorities for 2025 be?

Continue to monitor and stay on top of evolving threats. As generative AI becomes more and more broadly-used, BEC and spear phishing will continue to grow in volume and complexity, as these attacks become more convincing, harder to spot, and easier and faster to execute.

Leverage AI and ML responsibly. Look for solutions that put AI and ML to detect and block novel threats that may not have been detected in the wild previously.

Continue to train and raise awareness. The human element remains a weak point in cybersecurity programs. Phishing and email security trainings, simulations, and awareness campaigns are critical. Where possible, real-world trainings based on actual attacks are very helpful.

Extend Zero Trust to your inbox. Continuous authentication, particularly for sensitive data, app-specific passwords, and other vulnerable emails is critical. Likewise, pay attention to the sources of inbound emails themselves: DKIM, SPF, and DMARC, as well as tracking known sender and domains is critical. 

Protect against data leakage and insider threats. Your inbox is a treasure trove of sensitive data, and your shared files even more so. Ensure you have visibility into what confidential, regulated, and mission-critical data exists and who has access to it. Full audit logs of who accessed data, when, and from where is critical not only for compliance but for peace of mind.

Minimize the blast radius of account compromises. All it takes is one distracted user clicking the wrong link for an email account to be breached. Take steps to make sure that even if an account is taken over, the damage an attacker can do is limited–and ensure you have systems in place to surface as many signs of ATO attacks as possible.

Understanding the risk in your environment. You might be surprised by how much sensitive data lives in your inboxes and shared drives, how many unfederated third-party apps your employees are using, and how far once-secure cloud email and productivity configurations may have drifted.

Further reading

Joel Witts

Content Director

LinkedIn Email
Joel Witts is the Content Director at Expert Insights, meaning he oversees all articles published and topics covered. He is an experienced journalist and writer, specialising in identity and access management, Zero Trust, cloud business technologies, and cybersecurity. Joel is a co-host of the Expert Insights Podcast and conducts regular interviews with leading B2B tech industry experts, including directors at Microsoft and Google. Joel holds a First Class Honours degree in Journalism from Cardiff University.