Abnormal Security Expands Behavioral AI Platform to Protect Against Multi-Channel Attacks

SAN FRANCISCO, April 25, 2023 - Abnormal Security, the leading behavioral AI-based email security platform, today announced the launch of three new products focused on expanding security detection for Slack, Microsoft Teams and Zoom. The company is also extending the platform to better model identity behavior through the ingestion of signals from additional sources, including CrowdStrike, Okta, Slack, Teams and Zoom.

Email remains the most common path into an organization, but cybercriminals are steadily shifting their tactics and targeting additional entry points across the enterprise. The recent attacks on EA Sports and exfiltration of Grand Theft Auto source code highlight how attacks are becoming increasingly multi-channel, as cybercriminals infiltrate one platform and move laterally throughout the environment to gain access to email and other sensitive data. Security leaders are concerned about these new attacks, but lack a single platform that can correlate signals across channels in one unified view.

To solve the problem, Abnormal is expanding its platform API integration capabilities to ingest unique data from more sources. Additional signals from these applications enrich Abnormal’s understanding of user behavior by enabling the platform to analyze sign-in events, geolocation data, session details, communications patterns and more across a number of cloud-based applications. When the platform identifies anomalous activity, it provides a consolidated view through an “Abnormal Behavioral Case Timeline,” which allows security teams to see cross-channel attacker activity and take remediation actions.

“Attackers are increasingly relying on multi-channel attacks to access valuable information and steal data for financial gain,” said Evan Reiser, chief executive officer at Abnormal Security. “The best way to protect against these sophisticated attacks is to ingest many signals from diverse sources to learn the behavior of each identity across the multi-channel cloud surface area, and then apply advanced AI models to precisely detect anomalies. While email remains our primary focus, we know that threats can come from multiple places across the enterprise and we’re excited to take our behavioral AI capabilities to the next level to protect email-like communications in Slack, Teams and Zoom.”

In the latest Market Guide for Email Security, Gartner® states, “Although email is still the most common attack vector, many attackers use emails to begin the communication and then move it to Slack, Teams or any other collaboration platforms.” Accordingly, we believe there is a need to secure these platforms, filtering malicious content and highlighting suspicious interactions.

The new products will extend the power of the Abnormal platform to detect suspicious messages, remediate compromised accounts and provide insight into security posture across the three applications. Capabilities include:

• Email-Like Messaging Security: Allows administrators to take action against malicious activity, monitoring Slack, Microsoft Teams and Zoom for messages that contain suspicious URLs and then flagging potential threats for further review. Malicious messages are surfaced regardless of whether the message is sent from an internal employee or an external contractor.

• Email-Like Account Takeover Protection: Analyzes authentication activity in Slack, Teams and Zoom, alerting security teams to suspicious sign-in events—whether a user is signing in from a blocked browser, in a risky location or on a known-bad IP address. Each event is automatically flagged for immediate investigation, with single sign-on (SSO) activity from Okta and Azure Active Directory included for additional evidence.

• Email-Like Security Posture Management: Gives security teams a complete view of user privilege changes in Slack, Microsoft Teams and Zoom to ensure only the appropriate users have admin rights. Email-Like Security Posture Management dynamically monitors for new changes, surfacing those that are considered high impact.

The new products are part of the comprehensive Abnormal Security platform and will be available for all customers to explore through the brand new Abnormal Marketplace starting next week.

Additional Resources

• To request a personalized demo and get started protecting your cloud communications today, visit this webpage or Booth #854 at RSA Conference.

About Abnormal Security

Abnormal Security provides the leading behavioral AI-based email security platform that leverages machine learning to stop sophisticated inbound email attacks and dangerous email platform attacks that evade traditional solutions. The anomaly detection engine leverages identity and context to analyze the risk of every cloud email event, preventing inbound email attacks, detecting compromised accounts, and remediating emails and messages —all while providing visibility into configuration drifts across your environment. You can deploy Abnormal in minutes with an API integration for Microsoft 365 or Google Workspace and experience the full value of the platform instantly, with additional protection available for Slack, Teams, and Zoom. More information is available at abnormalsecurity.com.

Media Contact

Jade Hill

Director of Communications

media@abnormalsecurity.com