New Abnormal Products Extend Email-Like Protection to Slack, Teams, and Zoom

While email remains the most attacked vector into an organization, it is not the only one—and cybercriminals are increasingly setting their sights on new ways to gain money and access. While business email compromise remains the most financially-devastating threat to organizations, security leaders are worried about how the social engineering tactics used in those emails can be used elsewhere.

In fact, when speaking to our customers, we’ve heard two main concerns:

1. The need to reduce security costs and consolidate tools in a turbulent economy.

2. The need to detect threats and mitigate risk across email-adjacent communication applications like Slack and Microsoft Teams.

And this isn't simply anecdotal feedback. According to recent research by analyst firm ESG, 52% of organizations see multi-channel attacks each week that target email and collaboration platforms. And at the same time, nearly one-third of security leaders consider the consolidation of security controls a top priority.

Stopping nascent attacks across largely unprotected platforms while trying to reduce the number of security tools currently in the stack seems conflicting. But with new products from Abnormal, it no longer has to be.

During RSA Conference 2023, we announced major enhancements to our platform and a suite of new products aimed at streamlining security deployment, better integrating and deriving value from existing security investments, and bolstering our detection capabilities. In addition to adding protection capabilities for Slack, Microsoft Teams, and Zoom, customers can also ingest additional data from those collaboration applications, as well as Okta and CrowdStrike.

New deployment options allow Abnormal administrators to easily connect applications via API to start ingesting signals into the platform. By doing so, Abnormal can detect activity across more applications to better protect email—understanding when MFA may have been bypassed in Okta or when there is a suspicious login on Slack, which is connected to the Microsoft 365 account.

By analyzing user activity across authentication platforms, collaboration apps, and CrowdStrike Falcon Identity Threat Detection, the investigation aperture is widened when looking into suspicious user accounts or understanding which platforms a threat actor may be targeting. Where previously, investigation into compromised email accounts was reliant on email activity, this expanded data ingestion allows Abnormal to detect lateral movement across applications or alternative entry points attackers may be using to gain access to the email environment.

But that’s not all… To truly protect email, we must be able to detect threats and mitigate risk across connected applications. And few are more vulnerable than the email-like collaboration applications that are used every day across organizations globally.

Our customers have shared concerns that these applications are susceptible to threats, and there simply are no solutions on the market that account for all of the different ways threats may materialize. To address these concerns, Abnormal has released three new products that align to our email security functionality—preventing malicious messages, detecting compromised accounts, and alerting to changes across your security posture.

The three new products are currently available for Slack, Microsoft Teams, and Zoom:

• Email-Like Messaging Security detects malicious messaging activity, monitoring collaboration applications for messages that contain suspicious URLs and then flagging potential threats for further review. Malicious messages are surfaced regardless of whether the message is sent from an internal employee or an external contractor.

• Email-Like Account Takeover Protection analyzes authentication activity in Slack, Teams, and Zoom, alerting security teams to suspicious sign-in events—whether a user is signing in from a blocked browser, in a risky location or on a known-bad IP address. Each event is automatically flagged for immediate investigation, with single sign-on (SSO) activity from Okta and Azure Active Directory included for additional evidence.

• Email-Like Security Posture Management gives security teams a complete view of user privilege changes across connected applications to ensure only the appropriate users have admin rights. Email-Like Security Posture Management dynamically monitors for new changes, surfacing those that are considered high impact and prompting administrators to take downstream action to mitigate risk.

With these new products, Abnormal can detect and block multi-channel and cross-channel attacks for our customers—enabling organizations to not only protect their email but also other collaboration applications that contain that same sensitive information.

With one extensible platform designed to protect against the attacks of today and tomorrow, our customers can protect against more attacks and spend less while doing so. The unique cloud-native API architecture allows Abnormal to easily ingest thousands of signals from diverse datasets, apply advanced behavioral AI models to stop more attacks and extend email protection to email-like applications. With this release, we’re empowering customers to protect their organizations better while investing in a strategic platform to solve future needs.

The three new products to protect Slack, Microsoft Teams, and Zoom are available today as add-ons to Inbound Email Security.

Interested in learning more about these new products and how to protect your cloud environment from multi-channel attacks?