chat
expand_more

Enhancing Security with Custom Role-Based Access Control

Discover how a security-driven RBAC design pattern allows Abnormal customers to maximize their user setup with minimum hurdles.
April 17, 2024

Due to the interconnected nature of today's digital world, safeguarding sensitive information and resources is paramount. Role-Based Access Control (RBAC) stands as an essential component of modern security architectures, offering a structured approach to managing user permissions and access rights. By assigning roles based on job functions or organizational hierarchies, RBAC ensures the rules of least privilege such that individuals only have access to the resources necessary for their responsibilities, minimizing the risk of unauthorized data breaches or malicious activities. This systematic approach not only enhances security but also streamlines administration, providing organizations with greater control and flexibility in protecting their assets.

At Abnormal, we've created a simplified, security-driven RBAC design pattern that allows our customers to maximize their user setup with minimum hurdles.

Why Organizations Are Struggling to Protect Sensitive Data

Based on our research, security users have the following set of concerns about protecting sensitive data across their organization:

  • Privacy: Depending on the role, security clearances, or corporate regulations, users may only access a subset of information or can only obtain very specific data access within each security product.

  • Multi-Tenancy vs. Single Tenant: Gaining a single pane of glass for all email tenants can greatly reduce UX complexity, as well as support changes to the number of tenants in the event of organization changes or M&A.

  • Big Team vs. Small Team: Depending on team size, user roles and areas of focus may vary dramatically, making their needs for Abnormal access differ as well.

  • Managers/CISOs vs. SOC: Different security roles require different types of information, including reporting, incident investigation, admin access, and more.

  • MSSP vs. In-House: UX may differ based on security staffing setup and location.

How Abnormal RBAC Helps Users Create an Effective Security Posture

At Abnormal, we sought to solve these common issues by designing an RBAC experience with the following roles and user experience so that regardless of which type of security team composition you employ, you can easily navigate our user management system. These roles can be applied globally and on a per-module basis to best suit your needs. We've kept it simple while still providing a level of granularity so that our customers can focus less on configuration and more on protecting their organization.

RBAC

Admin Access

Admin users have global access and can easily add new users and assign them appropriate access to the Abnormal Portal. They do not need to touch the remainder of the RBAC system and can continue to enjoy the simplistic experience.

Custom Roles

As the most granular option to meet your team’s needs, custom roles can be configured in a number of ways.

  • Single to all tenants

  • Read or Read + Write

  • Show or hide email content

This role is designed to be incredibly flexible so that a complex organization can provision all aspects of a user and their access to Abnormal across Portal features and functionality. This is great for a larger team that has different analysts covering different feature areas of Abnormal; for example, MSSP teams can be provisioned to see only certain tenants and a certain subset of email information, whereas CISOs may only want to access the reporting aspect of Abnormal.

Notification-Only Access

This role is designed to help non-SOC staff, mailing list accounts, and general-purpose accounts stay informed on Abnormal activities via email notification only. We also want to be mindful of customers who may not be able to access the Abnormal Portal or who prefer to leverage email notifications for existing alerting and SOAR setups.

Implementing RBAC Into Your Security Strategy

As organizations continue to navigate evolving cybersecurity challenges, understanding and implementing RBAC remains paramount. It not only strengthens defenses against cyber threats but also fosters a culture of security-conscious practices. While we know there is always room for improvement, Abnormal’s current design philosophy focuses on keeping it simple and security-driven while building a foundation so that we can support iterations and change.

Interested in learning more about how Abnormal protects your organization from sophisticated threats? Schedule a demo today.

Schedule a Demo
Enhancing Security with Custom Role-Based Access Control

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Proofpoint Customer Story Blog 8
A Fortune 500 transportation and logistics leader blocked more than 6,700 attacks missed by Proofpoint and reclaimed 350 SOC hours per month by adding Abnormal to its security stack.
Read More
B Gartner MQ 2024 Announcement Blog
Abnormal Security was named a Leader in the 2024 Gartner Magic Quadrant for Email Security Platforms and positioned furthest for Completeness of Vision.
Read More
B Gift Card Scams Tricker to Spot Blog
Learn why gift card scams are becoming more difficult to identify, how cybercriminals evolve their tactics, and strategies to protect your organization.
Read More
B Offensive AI 12 16 24
Learn how AI is used in cybersecurity, what defensive AI vs. offensive AI means, and how to use defensive AI to combat offensive AI.
Read More
B Proofpoint Customer Story Blog 7
See how Abnormal's AI helped a Fortune 500 insurance provider detect 27,847 threats missed by Proofpoint and save 6,600+ hours in employee productivity.
Read More
B Cyberattack Forecast Emerging Threats Blog
Uncover the latest email threats and strategies to strengthen your cybersecurity and prepare for 2025.
Read More