A Monumental Year for Abnormal Security

2023 is underway, and the Abnormal Security team is looking forward to all of the new challenges and opportunities on the horizon. But first, we want to highlight a few accomplishments from the past year and thank our customers for continuing to trust us to keep their organizations, their employees, and their cloud communications safe.

The past year saw an increase in more sophisticated inbound email attacks—ones that are more difficult to detect and prevent than ever before. And it saw the emergence of email platform attacks as threat actors continue finding new ways to infiltrate email environments.

Inspired by customer feedback and our continuous desire to stay one step ahead of attackers, Abnormal delivered new innovations to minimize risk and maximize the value of your security investment. Here are some of the highlights.

Abnormal was founded four years ago to protect organizations from the email attacks that other solutions miss, using behavioral AI to provide the highest possible detection efficacy. But as attacks evolve, our detection engine must evolve to stop them.

Throughout 2022, we continued to improve our systems with the goal of helping our customers block all inbound email attacks with the highest efficacy, while simplifying email security and streamlining operations.

Some of the key updates include:

• Abuse Mailbox Automation: Security teams now have the ability to customize an automated response to end users based on the result of the Abnormal analysis. This improves the employee experience, encourages phishing reporting behavior, and helps grow a healthy cybersecurity culture.

• BERT LLMs: We deployed a BERT Large Language Model (LLM), pre-trained from Google on a large corpus of data, giving Abnormal the ability to understand content and text and the intention of a possible attacker in a highly scalable manner.

• Hybrid Remediation: We added additional remediation options including banner injection and subject tag prepend for selective suspicious emails. This gives Abnormal customers additional controls and further prevents end users from engaging with attacks.

• Unwanted Email Detection: By introducing new models trained with additional inferred labels and continuously enhancing the current models to factor in more known-good behaviors, our platform now detects twice as many unwanted messages.

These feature updates give security teams a better and more secure user experience, help them educate their end users on good email security hygiene, and enhance auditing and compliance controls.

On top of important platform updates, we launched two new add-on modules: Email Productivity and Security Posture Management. These modules complement our core Inbound Email Security product and address two additional challenges modern enterprises face: managing time-wasting graymail messages and blocking the emerging threat of email platform attacks.

We also introduced three new Knowledge Bases, which synthesize tens of thousands of data points to present comprehensive profiles of each employee, third-party application, and email tenant.

Email Productivity

Graymail is a drain on productivity, especially for executives, who receive 230% more graymail than other employees. And the standard approaches to managing graymail that rely on static rules and policies, spam digests, and quarantine portals are neither practical nor scalable.

The Email Productivity add-on uses advanced behavioral AI and natural language processing (NLP) models along with thousands of detection signals to identify time-wasting graymail messages and take action based on the preferences of each end user. When Abnormal categorizes a message as graymail, it automatically sends it to a promotions folder—eliminating the clutter from inboxes.

Security Posture Management

The open, interconnected nature of cloud email platforms yields significant benefits in terms of collaboration and agility. Unfortunately, it also creates new entry points for attackers to exploit and manipulate.

As we’ve seen threat actors shift from inbound email attacks to more advanced email platform attacks that leverage privileged user accounts and third-party applications, it’s become clear that security teams need more insight into changes within their environment. Conversations with our own customers validate this notion as a confluence of limited visibility into permissions and privileges along with time-consuming manual investigation makes these new email platform threats difficult to detect and contain.

The Security Posture Management add-on improves the risk posture of cloud email environments by helping security teams understand and take action on configuration gaps and drifts. By highlighting changes across users, applications, and tenants, it gives security professionals the visibility and context they need to protect the additional entry and exit points associated with misconfigurations, inadequate legacy certification controls, and permission escalation.

Knowledge Bases

To provide even more visibility into potential risks, we launched three additional Knowledge Bases, which consolidate core insights for people, applications, and cloud email tenants:

• PeopleBase: Provides security teams with a searchable database of every identity in their environment that summarizes behavior and identity patterns, creating a timeline of posture events for each individual.

• AppBase: Builds an inventory of all third-party applications that integrate directly into the Microsoft 365 environment and surfaces attributes like access level, permissions, and risk analysis with key posture events.

• TenantBase: Organizes information about the email tenants protected by Abnormal Security, and consolidates events into a single location.

Being on the frontlines of the attack landscape offers Abnormal a unique perspective on evolving threats. We understand how these attacks are executed, why they bypass conventional technologies, and how to stop them.

With that in mind, this summer we introduced Abnormal Intelligence—your new resource for insights into emerging cyber threats and email attack trends. Abnormal Intelligence provides threat research and in-depth analysis that enables enterprises to understand the latest types of business email compromise, credential phishing, malware, and more.

On Abnormal Intelligence, our team shares analyses of real attacks stopped by Abnormal. For example, in the multi-stage attack below, the attacker posed as the HR director, sent an email informing employees of changes to PTO and salary plans, and directed recipients to click on a link to view details.

Clicking on the link (which was made to appear as if it’s hosted on the company domain) redirects recipients to the phishing page, where they are then asked to verify their identity by entering email credentials—ultimately compromising their account.

The email was sent from an external compromised account and contained no malicious attachments. And while it bypassed all other systems, Abnormal detected it because the platform leverages signals across identity, behavior, and content. By analyzing the link intent, the content of the email, and the display name—all of which indicate this email may not be all it appears—Abnormal determined the message was malicious and blocked it from reaching end users.

In another attack, the cybercriminal impersonated a company COO inquiring about bank fees for outgoing wire transactions. The subject line of the email was “legal fees,” implying that they were asking in order to pay an outstanding legal bill. The email was sent from an account hosted on a domain registered by the attacker and the sender’s display name was spoofed to match the COO’s name.

Had the recipient responded to the initial email, the attacker would have sent a follow-up message with bank account information where they wanted the payment to be sent.

The payment instructions were included in the attached PDF, showing a requested payment of more than $32,000.

Stopping these types of attacks provides immense value to our customers, who rely on us to keep their employees and their finances safe from harm. And what’s more, these are just two examples of the nearly 30 million advanced email attacks stopped by Abnormal last year—saving our customers billions in potential losses.

Our technology and our people are the heart of our company. We are delighted by the number of accolades we received in 2022—both for our platform as well as our commitment to our employees.

This year, Abnormal was named one of America’s Best Startup Employers of 2022 by Forbes, selected as an Inc. Best Workplace of 2022, and earned the Great Place to Work™ certification. As we grow, we continue to hire amazing people who embody our VOICE values, and this shows when we’re selected for these awards.

And when it comes to our product and technology, we were thrilled to receive a number of awards. We were named to the Forbes AI 50, included for the second year in a row on the Enterprise Tech 30, and awarded the title of 2022 Microsoft Rising Azure Technology Partner of the Year. In addition, Abnormal was included on Madrona Venture Group’s list of Intelligent Applications (IA40), and perhaps most exciting, Abnormal was named a Top 25 Startup for the Enterprise by CNBC.

While we’re certainly proud of the industry recognition we’ve received, the approval and endorsement of our customers are of the utmost importance. Our solution maintains a 4.8/5.0 rating on Gartner® Peer Insights™ with a 99% recommendation rate. We’re also honored to say that Abnormal is trusted by over 10% of the Fortune 500—and this number continues to grow each month.

In short, this past year was truly memorable for Abnormal Security. We ended the year with multiple new products, hundreds of new employees, millions of mailboxes protected, and a continued appreciation for our customers. We’re looking forward to the next year, and all that it brings as we continue to make the cloud a safe place for business.

See for yourself why organizations across the globe trust Abnormal. Schedule your demo today.