Abstract Seafoam Wavy

Enhancing Remediation Controls for Unwanted Mail With an API-based Approach

The most effective way to manage spam and graymail is to leverage a cloud-native, API-based architecture to understand identity, behavior, and content patterns.

June 8, 2022

Promotional mail takes many shapes and forms, and every employee within an organization has a different appetite for content.

No one wants to spend several minutes each day sorting through spam messages, but some marketing-oriented content—like webinars or white papers—can be helpful and appropriate during a workday. Plus, a lot of spam messages are somewhat “unknowable”, in that they’re suspicious, deceitful, or predatory, but not inherently harmful.

So how can an organization deploy technology like an integrated cloud email security platform to provide the right level of protection, to the right users, at the right time?

Why API-Based Architecture Enables Stronger Protection from Attacks

The legacy approach certainly isn’t working. First, secure email gateways (SEGs) don’t integrate tightly with today’s cloud office. Second, they employ a legacy approach to stopping email attacks (including unwanted mail) that is blunt and binary. Emails are simply “good” or “bad”, and employees are responsible for sorting out spam and graymail messages via email digests and summaries.

Further, user preferences are not utilized to adapt protection over time. As a result, employees have to sift through hundreds of messages on a daily basis and mark them as spam or delete the messages to reduce the clutter and focus on relevant messages.

In contrast, the modern approach to limiting spam and graymail leverages business context to apply fine-grained protection.

Abnormal Integrated Cloud Email Security (ICES) derives business context on the organizations we serve from our cloud-native, API-based architecture. This API-based architecture allows us to instantly understand identity, behavior, and content patterns that indicate what departments communicate the most, where employees log in from, the devices they use, which vendors they work with, and more.

When employees move messages into Junk and Promotions folders, our platform gains insight into their specific preferences, including which messages they find valuable and important. Over time, the models learn the user behavior and automate the action of moving the email to the preferred folder, saving valuable time in the day.

Our modern, cloud-native API-based architecture underpins everything we do. It allows us to solve the spam and graymail problem—and any email-related challenge—with a context-rich, fine-grained approach.

To help organizations get ahead of the spam, graymail, and suspicious mail challenge, we offer these capabilities:

Native banners that warn end users of potentially suspicious content

Native Banners with Suspicious Content Warning

Availability: New this week

More flexible configuration options for URL watch, which re-writes messages to detonate malicious content

Rewrite Messages with Malicious Content

Availability: Later this year

The ability to organize graymail in promotional folders

Organize Graymail in Promotional Folders

Availability: Today

The Modern Solution to Reduce Clutter and Increase Productivity

Due to the wide spectrum of graymail and unwanted mail, effectively managing incoming email requires a context-rich and multi-faceted approach based on the nature of the message. Our approach to protecting organizations from unwanted mail relies on these 4 key principles:

  1. Clear-cut attacks should be automatically blocked and quarantined.
  2. Promotional marketing emails should be filtered from the inbox and organized into a user-accessible folder.
  3. Reconnaissance emails should be marked as suspicious, and end users should be warned.
  4. Email trackers should be optionally removed from messages to enhance privacy and security.

We use a variety of solutions to provide the right finessed solution required for the respective email issue:

  • Automatically blocking clear-cut attacks.
  • Continuous protection based on how employees move emails into folders.
  • Warning users of suspicious email that doesn’t neatly fit a given category. (Examples include reconnaissance emails that do not have an obvious payload but are used to escalate toward a future attack.)

The context-rich, API-driven approach enables us to continuously improve on this protection.

Coming soon, Abnormal users will be able to do the following:

  • Remove web trackers embedded in email messages as images
  • Send promotional marketing emails to a separate configurable folder

Our Unique Approach to Handling Suspicious Mail

We're excited to announce we're rolling out the ability to warn users of suspicious emails like reconnaissance messages. These messages do not have an obvious payload, but responses can be used to inform a future attack.

To empower users and portal administrators to take the right action when faced with potentially suspicious mail, we provide:

Customizable banners for suspicious messages

Customizable Banners for Suspicious Messages

Availability: New this week

The ability to prepend a subject for remediated suspicious messages

Prepend a Subject on Suspicious Messages

Availability: New this week

Suspicious messages will no longer be present in the Threat Log

However, these messages are still searchable via Search and Respond. This change is focused on helping our core users focus on the more advanced attacks that need their attention in the Threat Log.

To locate suspicious emails, Abnormal users can search for messages in Search and Respond with the prepended suspicious mail subject line they enable for suspicious mail (the example above is External - Suspicious).

Suspicious Messages Removed from Threat Log

Availability: Effective now

Improving Customer Satisfaction, One Feature at a Time

We actively and regularly seek feedback from our customers. Based on customer inputs, we are laser-focused on:

  1. Continually increasing the efficacy of Abnormal ICES for managing promotional and unwanted mail.
  2. Making sure our dashboard empowers analysts to focus on high-priority threats and filter out noise. For example, removing suspicious messages from the Threat Log allows security teams to enjoy the SOC automation capabilities of the platform while not having to actively review the logs.
  3. Empower users with a differentiated user experience. Users will now be able to self-serve decisions on the very low volume of suspicious messages.

If you have any questions or feedback on this update, please open a case in our Support Portal or email support@abnormalsecurity.com.

Demo 2x 1

See the Abnormal Solution to the Email Security Problem

Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security.

Related Posts

B 06 21 22 Threat Intel blog
Executives are no longer the go-to impersonated party in business email compromise (BEC) attacks. Now, threat actors are opting to impersonate vendors instead.
Read More
B 06 7 22 Disentangling ML Pipelines Blog
Learn how explicitly modeling dependencies in a machine learning pipeline can vastly reduce its complexity and make it behave like a tower of Legos: easy to change, and hard to break.
Read More
B 04 07 22 SEG
As enterprises across the world struggle to stop modern email attacks, it begs the question: how are these attacks evading traditional solutions like SEGs?
Read More
Enhanced Remediation Blog Cover
The most effective way to manage spam and graymail is to leverage a cloud-native, API-based architecture to understand identity, behavior, and content patterns.
Read More
B 05 16 22 VP of Recruiting
We are thrilled to announce the addition of Mary Price, our new Vice President of Talent. Mary will support our continued investment in the next generation of talent here at Abnormal.
Read More
B 06 01 22 Stripe Phishing
In this sophisticated credential phishing attack, the threat actor created a duplicate version of Stripe’s entire website.
Read More
B Podcast Engineering9
In episode 9 of Abnormal Engineering Stories, Dan sits down with Mukund Narasimhan to discuss his perspective on productionizing machine learning.
Read More
B 05 31 22 RSA Conference
Attending RSA Conference 2022? So is Abnormal! We’d love to see you at the event.
Read More
B 05 27 22 Active Ransomware Groups
Here’s an in-depth analysis of the 62 most prominent ransomware groups and their activities since January 2020.
Read More
B 05 24 22 ESI Season 1 Recap Blog
The first season of Enterprise Software Innovators (ESI) has come to a close. While the ESI team is hard at work on season two, here’s a recap of some season one highlights.
Read More
B 05 13 22 Hiring Experience
Abnormal Security is committed to offering an exceptional experience for candidates and employees. Hear about our recruiting and onboarding firsthand from three Abnormal employees.
Read More
B 05 11 22 Scaling Out Redis
As we’ve scaled our customer base, the size of our datasets has also grown. With our rapid expansion, we were on track to hit the data storage limit of our Redis server in two months, so we needed to figure out a way to scale beyond this—and fast!
Read More