Enhancing Security with Custom Role-Based Access Control

Due to the interconnected nature of today's digital world, safeguarding sensitive information and resources is paramount. Role-Based Access Control (RBAC) stands as an essential component of modern security architectures, offering a structured approach to managing user permissions and access rights. By assigning roles based on job functions or organizational hierarchies, RBAC ensures the rules of least privilege such that individuals only have access to the resources necessary for their responsibilities, minimizing the risk of unauthorized data breaches or malicious activities. This systematic approach not only enhances security but also streamlines administration, providing organizations with greater control and flexibility in protecting their assets.

At Abnormal, we've created a simplified, security-driven RBAC design pattern that allows our customers to maximize their user setup with minimum hurdles.

Based on our research, security users have the following set of concerns about protecting sensitive data across their organization:

• Privacy: Depending on the role, security clearances, or corporate regulations, users may only access a subset of information or can only obtain very specific data access within each security product.

• Multi-Tenancy vs. Single Tenant: Gaining a single pane of glass for all email tenants can greatly reduce UX complexity, as well as support changes to the number of tenants in the event of organization changes or M&A.

• Big Team vs. Small Team: Depending on team size, user roles and areas of focus may vary dramatically, making their needs for Abnormal access differ as well.

• Managers/CISOs vs. SOC: Different security roles require different types of information, including reporting, incident investigation, admin access, and more.

• MSSP vs. In-House: UX may differ based on security staffing setup and location.

At Abnormal, we sought to solve these common issues by designing an RBAC experience with the following roles and user experience so that regardless of which type of security team composition you employ, you can easily navigate our user management system. These roles can be applied globally and on a per-module basis to best suit your needs. We've kept it simple while still providing a level of granularity so that our customers can focus less on configuration and more on protecting their organization.

Admin Access

Admin users have global access and can easily add new users and assign them appropriate access to the Abnormal Portal. They do not need to touch the remainder of the RBAC system and can continue to enjoy the simplistic experience.

Custom Roles

As the most granular option to meet your team’s needs, custom roles can be configured in a number of ways.

• Single to all tenants

• Read or Read + Write

• Show or hide email content

This role is designed to be incredibly flexible so that a complex organization can provision all aspects of a user and their access to Abnormal across Portal features and functionality. This is great for a larger team that has different analysts covering different feature areas of Abnormal; for example, MSSP teams can be provisioned to see only certain tenants and a certain subset of email information, whereas CISOs may only want to access the reporting aspect of Abnormal.

Notification-Only Access

This role is designed to help non-SOC staff, mailing list accounts, and general-purpose accounts stay informed on Abnormal activities via email notification only. We also want to be mindful of customers who may not be able to access the Abnormal Portal or who prefer to leverage email notifications for existing alerting and SOAR setups.

As organizations continue to navigate evolving cybersecurity challenges, understanding and implementing RBAC remains paramount. It not only strengthens defenses against cyber threats but also fosters a culture of security-conscious practices. While we know there is always room for improvement, Abnormal’s current design philosophy focuses on keeping it simple and security-driven while building a foundation so that we can support iterations and change.

Interested in learning more about how Abnormal protects your organization from sophisticated threats? Schedule a demo today.