chat
expand_more

New Ingestion Capabilities Enhance Detection and Secure Collaboration

Discover how new Abnormal capabilities allow your organization to experience improved security and better collaboration.
May 8, 2023

Inventor Charles Kettering once said, ā€œIf you have always done it that way, then it is probably wrong.ā€ As business email compromise (BEC) still accounts for $2.7 billion in annual losses as of 2022, this quote holds particular relevance in the world of email security.

For years, organizations solely relied on secure email gateways (SEGs) and security tools native to Microsoft and Google. And for years, those tools wereā€¦ enough. They could detect malware and malicious links. They could uncover suspicious domains. They could block emails that did not pass authentication checks. Essentially, they did what they were designed to do, and they did it well enough that security leaders were satisfied.

But we do not live in that world anymore. Now, socially-engineered BEC attacks are the leading cause of losses for organizations and have resulted in more than $43 billion in exposed losses since 2016. In these attacks, there are no unusual domain names or phishing linksā€” instead, they prey on user emotions, exploiting trusted relationships to encourage the recipient to complete the requested action. In the most egregious attacks, internal accounts may be compromised and used to send malicious internal emails, or attackers may move laterally across the various applications organizations use to communicate.

So what do we do about it? The simple answer may be: add more security layers!

But as much as email security requires innovation, in the current economic climate, it also requires consolidation and automation. While security leaders are concerned about attacks across their email and collaboration platforms, they are just as concerned about tool sprawl, notification noise, and the cost of maintaining effective security operations. Thus the question becomesā€¦ how do you add additional protection, without increasing the number of tools and the time it takes to maintain them?

Thatā€™s what Abnormal set out to answer. We needed to find a way to help our customers protect more while spending less, all through one consolidated platform. As a result, we made enhancements to our platform. With new ingestion capabilities and new products, weā€™re enhancing detection efficacy, automating email security, and helping organizations get the most from Abnormal.

More Data, More Integrations, and Streamlined Deployment

The recent attacks on EA Sports and exfiltration of Grand Theft Auto source code highlight how attacks are becoming increasingly multi-channel, as cybercriminals infiltrate one platform and move laterally throughout the environment to gain access to email and other sensitive data. Focused on getting as much money from their scams as possible, attackers are unlikely to stop at emailā€”and as more organizations protect their email environment, theyā€™re turning to other entry points to gain access.

To detect compromised accounts, security teams need insight into how attackers are gaining accessā€”across all connected cloud applications. And while point solutions can provide some insight into compromised accounts and attacker activity, there are limited options when it comes to a full timeline of movement across multiple applications.

With our latest ā€˜Platform Integrationsā€™ feature launch, Abnormal now provides a singular view into multiple cloud applications with expanded platform API integrations that ingests unique data from multiple sources. With new ingestion capabilities across not only email, but also ā€‹ā€‹CrowdStrike, Okta, Slack, Microsoft Teams, and Zoom, security analysts now have a complete picture of how attackers are illegitimately gaining access and traversing throughout their applications. Additional signals from these applications enrich Abnormalā€™s understanding of user behavior by enabling the platform to analyze sign-in events, geolocation data, session details, communications patterns, and more across a number of cloud-based applications.

Ingestion capabilities 1

When the platform identifies anomalous activity, it provides a consolidated view through an ā€œAbnormal Behavioral Case Timeline,ā€ which allows security teams to see cross-channel attacker activity and take remediation actions. In the example shown here, Abnormal first notices a suspicious sign-in from Slack from an IP address that is considered risky. Five minutes later, the attacker moves to Okta, and three minutes after that has access to the email environment through the Okta login.

Ingestion capabilities 2

Because Abnormal can see and understand this consolidated view across multiple applications, it can better detect suspicious activity within email, further strengthening your email security posture, as well as providing additional security functionality to connected applications like Slack. Based on these insights, the security analyst is then able to acknowledge the account takeover and resolve it in minutesā€”kicking the attacker out of the system before they can exfiltrate data or cause further damage.

Securing the Future Across Multiple Applications

Unfortunately, attackers will not stop with email, and infiltration into these connected collaboration applications is only going to become more prevalent. With these new ingestion capabilities and the related protection for Slack, Teams, and Zoom, Abnormal can help security teams feel more confident in their email postureā€”against the attacks of today and those of tomorrow.

We are firmly committed to helping our customers protect more by detecting and stopping the full spectrum of email attacks, spend less by fully automating email security operations and significantly mitigating cybercrime-centric financial loss, and secure the future by building a platform that understands the evolving threat landscape and anticipates their needs.

Our unique cloud-native API architecture allows Abnormal to easily integrate our platform with thousands of signals from diverse datasets and apply advanced behavioral AI models to stop more attacks. These ingestion capabilities are the first step in better protection across the cloud, as organizations worldwide look to strategic partners with a single platform to solve their needs.

Right now, more than 10% of the Fortune 500 trust Abnormal with their email and collaboration security. See a demo today to understand how our ingestion capabilities, our behavioral AI detection, and our connected application security can improve your email security posture.

Interested in learning more about how Abnormal's new ingestion capabilities can better protect your organization?

Schedule a Demo
New Ingestion Capabilities Enhance Detection and Secure Collaboration

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B MKT628 Cyber Savvy Social Images
Discover key insights from seasoned cybersecurity professional Nicholas Schopperth, CISO at Dayton Childrenā€™s Hospital.
Read More
B Podcast Blog
Discover 'SOC Unlocked,' Abnormal Security's new podcast featuring host Mick Leach and cybersecurity expert guests like Jeremy Ventura, Dave Kennedy, and Mick Douglas.
Read More
B 07 22 24 MKT624 Images for Paris Olympics Blog
Threat actors are targeting French businesses ahead of the Paris 2024 Olympics. Learn how they're capitalizing on the event and how to protect your organization.
Read More
B Cross Platform ATO
Cross-platform account takeover is an attack where one compromised account is used to access other accounts. Learn about four real-world examples: compromised email passwords, hijacked GitHub accounts, stolen AWS credentials, and leaked Slack logins.
Read More
B Why MFA Alone Will No Longer Suffice
Explore why account takeover attacks pose a major threat to enterprises and why multi-factor authentication (MFA) alone isn't enough to prevent them.
Read More
B NLP
Learn how Abnormal uses natural language processing or NLP to protect organizations from phishing, account takeovers, and more.
Read More