New Ingestion Capabilities Enhance Detection and Secure Collaboration

Inventor Charles Kettering once said, “If you have always done it that way, then it is probably wrong.” As business email compromise (BEC) still accounts for $2.7 billion in annual losses as of 2022, this quote holds particular relevance in the world of email security.

For years, organizations solely relied on secure email gateways (SEGs) and security tools native to Microsoft and Google. And for years, those tools were… enough. They could detect malware and malicious links. They could uncover suspicious domains. They could block emails that did not pass authentication checks. Essentially, they did what they were designed to do, and they did it well enough that security leaders were satisfied.

But we do not live in that world anymore. Now, socially-engineered BEC attacks are the leading cause of losses for organizations and have resulted in more than $43 billion in exposed losses since 2016. In these attacks, there are no unusual domain names or phishing links— instead, they prey on user emotions, exploiting trusted relationships to encourage the recipient to complete the requested action. In the most egregious attacks, internal accounts may be compromised and used to send malicious internal emails, or attackers may move laterally across the various applications organizations use to communicate.

So what do we do about it? The simple answer may be: add more security layers!

But as much as email security requires innovation, in the current economic climate, it also requires consolidation and automation. While security leaders are concerned about attacks across their email and collaboration platforms, they are just as concerned about tool sprawl, notification noise, and the cost of maintaining effective security operations. Thus the question becomes… how do you add additional protection, without increasing the number of tools and the time it takes to maintain them?

That’s what Abnormal set out to answer. We needed to find a way to help our customers protect more while spending less, all through one consolidated platform. As a result, we made enhancements to our platform. With new ingestion capabilities and new products, we’re enhancing detection efficacy, automating email security, and helping organizations get the most from Abnormal.

The recent attacks on EA Sports and exfiltration of Grand Theft Auto source code highlight how attacks are becoming increasingly multi-channel, as cybercriminals infiltrate one platform and move laterally throughout the environment to gain access to email and other sensitive data. Focused on getting as much money from their scams as possible, attackers are unlikely to stop at email—and as more organizations protect their email environment, they’re turning to other entry points to gain access.

To detect compromised accounts, security teams need insight into how attackers are gaining access—across all connected cloud applications. And while point solutions can provide some insight into compromised accounts and attacker activity, there are limited options when it comes to a full timeline of movement across multiple applications.

With our latest ‘Platform Integrations’ feature launch, Abnormal now provides a singular view into multiple cloud applications with expanded platform API integrations that ingests unique data from multiple sources. With new ingestion capabilities across not only email, but also ​​CrowdStrike, Okta, Slack, Microsoft Teams, and Zoom, security analysts now have a complete picture of how attackers are illegitimately gaining access and traversing throughout their applications. Additional signals from these applications enrich Abnormal’s understanding of user behavior by enabling the platform to analyze sign-in events, geolocation data, session details, communications patterns, and more across a number of cloud-based applications.

When the platform identifies anomalous activity, it provides a consolidated view through an “Abnormal Behavioral Case Timeline,” which allows security teams to see cross-channel attacker activity and take remediation actions. In the example shown here, Abnormal first notices a suspicious sign-in from Slack from an IP address that is considered risky. Five minutes later, the attacker moves to Okta, and three minutes after that has access to the email environment through the Okta login.

Because Abnormal can see and understand this consolidated view across multiple applications, it can better detect suspicious activity within email, further strengthening your email security posture, as well as providing additional security functionality to connected applications like Slack. Based on these insights, the security analyst is then able to acknowledge the account takeover and resolve it in minutes—kicking the attacker out of the system before they can exfiltrate data or cause further damage.

Unfortunately, attackers will not stop with email, and infiltration into these connected collaboration applications is only going to become more prevalent. With these new ingestion capabilities and the related protection for Slack, Teams, and Zoom, Abnormal can help security teams feel more confident in their email posture—against the attacks of today and those of tomorrow.

We are firmly committed to helping our customers protect more by detecting and stopping the full spectrum of email attacks, spend less by fully automating email security operations and significantly mitigating cybercrime-centric financial loss, and secure the future by building a platform that understands the evolving threat landscape and anticipates their needs.

Our unique cloud-native API architecture allows Abnormal to easily integrate our platform with thousands of signals from diverse datasets and apply advanced behavioral AI models to stop more attacks. These ingestion capabilities are the first step in better protection across the cloud, as organizations worldwide look to strategic partners with a single platform to solve their needs.

Right now, more than 10% of the Fortune 500 trust Abnormal with their email and collaboration security. See a demo today to understand how our ingestion capabilities, our behavioral AI detection, and our connected application security can improve your email security posture.

Interested in learning more about how Abnormal's new ingestion capabilities can better protect your organization?