New Ingestion Capabilities Enhance Detection and Secure Collaboration

Discover how new Abnormal capabilities allow your organization to experience improved security and better collaboration.
May 8, 2023

Inventor Charles Kettering once said, “If you have always done it that way, then it is probably wrong.” As business email compromise (BEC) still accounts for $2.7 billion in annual losses as of 2022, this quote holds particular relevance in the world of email security.

For years, organizations solely relied on secure email gateways (SEGs) and security tools native to Microsoft and Google. And for years, those tools were… enough. They could detect malware and malicious links. They could uncover suspicious domains. They could block emails that did not pass authentication checks. Essentially, they did what they were designed to do, and they did it well enough that security leaders were satisfied.

But we do not live in that world anymore. Now, socially-engineered BEC attacks are the leading cause of losses for organizations and have resulted in more than $43 billion in exposed losses since 2016. In these attacks, there are no unusual domain names or phishing links— instead, they prey on user emotions, exploiting trusted relationships to encourage the recipient to complete the requested action. In the most egregious attacks, internal accounts may be compromised and used to send malicious internal emails, or attackers may move laterally across the various applications organizations use to communicate.

So what do we do about it? The simple answer may be: add more security layers!

But as much as email security requires innovation, in the current economic climate, it also requires consolidation and automation. While security leaders are concerned about attacks across their email and collaboration platforms, they are just as concerned about tool sprawl, notification noise, and the cost of maintaining effective security operations. Thus the question becomes… how do you add additional protection, without increasing the number of tools and the time it takes to maintain them?

That’s what Abnormal set out to answer. We needed to find a way to help our customers protect more while spending less, all through one consolidated platform. As a result, we made enhancements to our platform. With new ingestion capabilities and new products, we’re enhancing detection efficacy, automating email security, and helping organizations get the most from Abnormal.

More Data, More Integrations, and Streamlined Deployment

The recent attacks on EA Sports and exfiltration of Grand Theft Auto source code highlight how attacks are becoming increasingly multi-channel, as cybercriminals infiltrate one platform and move laterally throughout the environment to gain access to email and other sensitive data. Focused on getting as much money from their scams as possible, attackers are unlikely to stop at email—and as more organizations protect their email environment, they’re turning to other entry points to gain access.

To detect compromised accounts, security teams need insight into how attackers are gaining access—across all connected cloud applications. And while point solutions can provide some insight into compromised accounts and attacker activity, there are limited options when it comes to a full timeline of movement across multiple applications.

With our latest ‘Platform Integrations’ feature launch, Abnormal now provides a singular view into multiple cloud applications with expanded platform API integrations that ingests unique data from multiple sources. With new ingestion capabilities across not only email, but also ​​CrowdStrike, Okta, Slack, Microsoft Teams, and Zoom, security analysts now have a complete picture of how attackers are illegitimately gaining access and traversing throughout their applications. Additional signals from these applications enrich Abnormal’s understanding of user behavior by enabling the platform to analyze sign-in events, geolocation data, session details, communications patterns, and more across a number of cloud-based applications.

Ingestion capabilities 1

When the platform identifies anomalous activity, it provides a consolidated view through an “Abnormal Behavioral Case Timeline,” which allows security teams to see cross-channel attacker activity and take remediation actions. In the example shown here, Abnormal first notices a suspicious sign-in from Slack from an IP address that is considered risky. Five minutes later, the attacker moves to Okta, and three minutes after that has access to the email environment through the Okta login.

Ingestion capabilities 2

Because Abnormal can see and understand this consolidated view across multiple applications, it can better detect suspicious activity within email, further strengthening your email security posture, as well as providing additional security functionality to connected applications like Slack. Based on these insights, the security analyst is then able to acknowledge the account takeover and resolve it in minutes—kicking the attacker out of the system before they can exfiltrate data or cause further damage.

Securing the Future Across Multiple Applications

Unfortunately, attackers will not stop with email, and infiltration into these connected collaboration applications is only going to become more prevalent. With these new ingestion capabilities and the related protection for Slack, Teams, and Zoom, Abnormal can help security teams feel more confident in their email posture—against the attacks of today and those of tomorrow.

We are firmly committed to helping our customers protect more by detecting and stopping the full spectrum of email attacks, spend less by fully automating email security operations and significantly mitigating cybercrime-centric financial loss, and secure the future by building a platform that understands the evolving threat landscape and anticipates their needs.

Our unique cloud-native API architecture allows Abnormal to easily integrate our platform with thousands of signals from diverse datasets and apply advanced behavioral AI models to stop more attacks. These ingestion capabilities are the first step in better protection across the cloud, as organizations worldwide look to strategic partners with a single platform to solve their needs.

Right now, more than 10% of the Fortune 500 trust Abnormal with their email and collaboration security. See a demo today to understand how our ingestion capabilities, our behavioral AI detection, and our connected application security can improve your email security posture.

Interested in learning more about how Abnormal's new ingestion capabilities can better protect your organization?

Schedule a Demo
New Ingestion Capabilities Enhance Detection and Secure Collaboration

See Abnormal in Action

Schedule a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

Integrates Insights Reporting 09 08 22

Related Posts

BC 5 31 23 Vendor Risks
Learn the biggest risks associated with your vendor relationships and how to protect your organization from Vendor Email Compromise (VEC) attacks.
Read More
B 5 30 23 Teams
See how Abnormal's advanced security solutions protect Microsoft Teams workspace from malicious attacks and account takeovers.
Read More
Zoom BC
Discover how Abnormal protects your Zoom messages and prevents attackers from using the application to breach your business.
Read More
B 5 22 23 SOC
Discover how Abnormal simplifies detection, enhances investigation, and automates remediation, increasing threat investigation efficacy at the SOC level.
Read More
B Phishing
Knowing what to do after receiving a phishing attack is essential for preventing costly consequences. Learn how to respond to Phishing attacks.
Read More
B 5 15 23 Israel BEC
Abnormal research into an advanced Israel-based threat group puts a spotlight on the continuing rise of BEC attacks.
Read More