Spring 2022 Product Release: Enhanced AI, RBAC, and Lateral Attack Detection

This quarter, the team at Abnormal launched new features to improve lateral attack detection, role-based access control (RBAC), and explainable AI. Take a deep dive into all of the latest product enhancements.
May 13, 2022

Attackers never stop innovating their techniques, but Abnormal is just as relentless about preventing the attacks that matter most. That’s why every quarter, we introduce numerous enhancements to Abnormal Inbound Email Security.

The new features are broad and far-reaching, but they are all focused on helping the organizations that use Abnormal achieve three big outcomes:

  1. Preventing all email attacks with the highest efficacy.

  2. Simplifying email security.

  3. Streamlining operations to increase productivity.

Here's an in-depth look at all of the latest product enhancements.

Three Highlights From Our Spring 2022 Product Release

  • We improved our detection models for a set of lateral attacks impacting the education sector by 27% and reduced false positives in our graymail detection models by 22.5%.

  • This quarter, Abnormal enhanced Role-Based Access Control (RBAC) within the portal. Now, organizations can limit which Abnormal users have access to view email content, and all user activities are detailed in an audit log, which provides a detailed record of any action taken by any Abnormal user.

  • And in the spirit of Explainable AI, we added more attributes and details to the attack descriptions of the emails that Abnormal categorizes as malware, giving analysts quick and simple visibility into why our detection engine flagged them as malicious.

Keep reading to learn more about what’s new in this product release!

Preventing Email Attacks (and Unwanted Mail) With the Highest Efficacy

The Abnormal platform uses behavioral AI to block business email compromise attacks, supply chain fraud, ransomware, spam, and more. Our API-based solution directly integrates with your cloud email platform, where it instantly begins baselining known good behavior and detecting anomalies. By understanding what is normal, Abnormal can block the malicious and unwanted emails that are text-based, lack attack signatures, and originate from the inside of your organization which often bypass legacy secure email gateways (SEGs) and cloud email providers.

This includes hard-to-detect attacks like lateral attacks, which have been cropping up more often in the education sector.

In this environment, students don't usually receive corporate security training, and there are often tens of thousands of dormant accounts. Once an attacker secures a set of credentials they can use the compromised account to scam hundreds or thousands of other students or employees. SEGs usually can't detect these attacks at all.

Common lateral attacks we’ve observed lately in the education sector include fake job postings and spoofed administrator requests. Here’s an example:

Lateral Attack Example Education Sector

This quarter, we enhanced our natural language processing (NLP)/natural language understanding (NLU) models to better detect lateral, internal-to-internal attacks and improved detection efficacy by 27%.

Graymail is a distraction and time-drain on employees, and it takes an estimated five seconds per email to review and categorize. But everyone’s preferences for which emails they want to receive are different—"One man's spam is another's ham." When an organization deploys Abnormal, the solution observes and learns how employees interact with email messages, including which folders they sort email into. It then creates personal safelists and blocklists for each user that customize spam and graymail protection per user.

This quarter, we used signals from user interactions (e.g., folder moves) to tune our graymail detection model, with a focus on common automated emails that users were dragging back into their inboxes, like event confirmations and receipts. In doing so, we reduced false positives in our graymail detection models by 22.5%.

Simplifying Email Security

The average organization now has 76 different security-focused tools to manage. SEGs are hard to use, operationally burdensome, and built for the on-premise era, not the cloud. To put it plainly, security teams are dealing with way too much complexity, and SEGs should be the first legacy tool to go.

Abnormal aims to help our customers simplify email security architecture and eliminate the need for a SEG by making Abnormal simple to deploy and integrate with your existing infrastructure. To that end, in addition to introducing SSO support for OneLogin users, we expanded RBAC capabilities so administrators can better control who has access to view email message content in the dashboard. Email content is now hidden by default, and users must explicitly acknowledge that they are viewing email content every time they click on a message.

Also, we enhanced the portal audit log to provide visibility into Abnormal user activity, so you’ll have a record of the actions that any users took inside the dashboard—including viewing emails.

New Role Based Access Controls RBAC

Enhanced role-based access controls (RBAC)

Streamlining Operations to Increase Productivity

Abnormal helps security teams, messaging teams, and employees save time on inbox management and focus on work that matters.

It should be fast and easy to understand why Abnormal flags any given email as an attack. So this quarter, we added more attributes to the information we offer on attachments in the Threat Log. Now analysts can quickly see why an email was flagged as malicious with details like MD5 hash, SHA1, file name, and file format surfaced directly on the attack card.

Attachment Analysis

Example of updated content analysis

Abuse Mailbox allows analysts to review and remediate user-reported emails 80% faster than traditional solutions. Those efficiencies have only increased with one exciting new, highly requested capability: automated responses to Abuse Mailbox reports.

Customers can now go into Abuse Mailbox settings, customize sender information and email templates as well as test and enable responses—directly within the portal. Customers can benefit from improved control and customization for their Abuse Mailbox templates at any time and without submitting a support ticket

Abuse Mailbox Automated Responses

Example of automated response in Abuse Mailbox

Finally, Detection 360 is the primary way customers interact with Abnormal on false positives and false negatives, helping Abnormal’s detection get better every day. When you submit missed attacks or false positives, a dedicated team of experts investigates them to fix the incident, improve detection efficacy, and provide you with a summary of the steps taken. The faster our team responds to you and corrects the issue, the faster your security team can move on to proactively stop the next attack.

This quarter, we made internal process improvements, allowing us to automate 50% of responses to customer-reported false positives.

Detection 360 Interface

Example of a user submission within Detection 360

Improving Customer Satisfaction, One Feature at a Time

We hope you and your teams find value in the latest enhancements to Abnormal Inbound Email Security! Our team is committed to continuously improving and constantly innovating to strengthen our detection capabilities and expand our product features. Working together with our customers, we can provide the highest level of protection against all email threats and prevent the attacks that matter most.

If you’re a current customer who would like to request a new feature or provide feedback, please reach out to your Abnormal customer success representative.

Not yet an Abnormal customer? Request a demo today to learn how Abnormal can enhance your email security capabilities and provide visibility into email threats that other solutions miss.

Spring 2022 Product Release: Enhanced AI, RBAC, and Lateral Attack Detection

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

Integrates Insights Reporting 09 08 22

Related Posts

B travelscams
Cybercriminals exploit stolen financial data to offer consumers heavily discounted travel deals. Learn how these email scams work and tips to avoid falling victim to them this summer travel season.
Read More
B Earn Your CPE Credits with Abnormal
Earn your continuing education credits with ISC2 by viewing cybersecurity content from Abnormal Security.
Read More
B Seg Lessons
Discover key insights gleaned from replacing 100+ SEGs for Abnormal customers.
Read More
B Europe Attack Data Blog
Discover what our research uncovered about the European threat landscape and attack trends for organizations in the region.
Read More
Abnormal aims to provide superior detection of email attacks while also directly and indirectly influencing the security awareness of your employees.
Read More
B 6 3 24 BEC Attacks
Discover how cybercriminals obtain corporate data from brokers like ZoomInfo and Apollo to enable targeted business email compromise (BEC) attacks.
Read More