Abstract White Logo Closeup

Spring 2022 Product Release: Enhanced AI, RBAC, and Lateral Attack Detection

This quarter, the team at Abnormal launched new features to improve lateral attack detection, role-based access control (RBAC), and explainable AI. Take a deep dive into all of the latest product enhancements.

May 13, 2022

Attackers never stop innovating their techniques, but Abnormal is just as relentless about preventing the attacks that matter most. That’s why every quarter, we introduce numerous enhancements to Abnormal Integrated Cloud Email Security (ICES).

The new features are broad and far-reaching, but they are all focused on helping the organizations that use Abnormal achieve three big outcomes:

  1. Preventing all email attacks with the highest efficacy.

  2. Simplifying email security.

  3. Streamlining operations to increase productivity.

Here's an in-depth look at all of the latest product enhancements.

Three Highlights From Our Spring 2022 Product Release

  • We improved our detection models for a set of lateral attacks impacting the education sector by 27% and reduced false positives in our graymail detection models by 22.5%.

  • This quarter, Abnormal enhanced Role-Based Access Control (RBAC) within the portal. Now, organizations can limit which Abnormal users have access to view email content, and all user activities are detailed in an audit log, which provides a detailed record of any action taken by any Abnormal user.

  • And in the spirit of Explainable AI, we added more attributes and details to the attack descriptions of the emails that Abnormal categorizes as malware, giving analysts quick and simple visibility into why our detection engine flagged them as malicious.

Keep reading to learn more about what’s new in this product release!

Preventing Email Attacks (and Unwanted Mail) With the Highest Efficacy

Abnormal ICES uses behavioral AI to block business email compromise attacks, supply chain fraud, ransomware, spam, and more. Our API-based solution directly integrates with your cloud email platform, where it instantly begins baselining known good behavior and detecting anomalies. By understanding what is normal, Abnormal can block the malicious and unwanted emails that are text-based, lack attack signatures, and originate from the inside of your organization which often bypass legacy secure email gateways (SEGs) and cloud email providers.

This includes hard-to-detect attacks like lateral attacks, which have been cropping up more often in the education sector.

In this environment, students don't usually receive corporate security training, and there are often tens of thousands of dormant accounts. Once an attacker secures a set of credentials they can use the compromised account to scam hundreds or thousands of other students or employees. SEGs usually can't detect these attacks at all.

Common lateral attacks we’ve observed lately in the education sector include fake job postings and spoofed administrator requests. Here’s an example:

Lateral Attack Example Education Sector

This quarter, we enhanced our natural language processing (NLP)/natural language understanding (NLU) models to better detect lateral, internal-to-internal attacks and improved detection efficacy by 27%.

Graymail is a distraction and time-drain on employees, and it takes an estimated five seconds per email to review and categorize. But everyone’s preferences for which emails they want to receive are different—"One man's spam is another's ham." When an organization deploys Abnormal ICES, Abnormal observes and learns how employees interact with email messages, including which folders they sort email into. It then creates personal safelists and blocklists for each user that customize spam and graymail protection per user.

This quarter, we used signals from user interactions (e.g., folder moves) to tune our graymail detection model, with a focus on common automated emails that users were dragging back into their inboxes, like event confirmations and receipts. In doing so, we reduced false positives in our graymail detection models by 22.5%.

Simplifying Email Security

The average organization now has 76 different security-focused tools to manage. SEGs are hard to use, operationally burdensome, and built for the on-premise era, not the cloud. To put it plainly, security teams are dealing with way too much complexity, and SEGs should be the first legacy tool to go.

Abnormal aims to help our customers simplify email security architecture and eliminate the need for a SEG by making Abnormal ICES simple to deploy and integrate with your existing infrastructure. To that end, in addition to introducing SSO support for OneLogin users, we expanded RBAC capabilities so administrators can better control who has access to view email message content in the dashboard. Email content is now hidden by default, and users must explicitly acknowledge that they are viewing email content every time they click on a message.

Also, we enhanced the portal audit log to provide visibility into Abnormal user activity, so you’ll have a record of the actions that any users took inside the dashboard—including viewing emails.

New Role Based Access Controls RBAC

Enhanced role-based access controls (RBAC)

Streamlining Operations to Increase Productivity

Abnormal ICES helps security teams, messaging teams, and employees save time on inbox management and focus on work that matters.

It should be fast and easy to understand why Abnormal flags any given email as an attack. So this quarter, we added more attributes to the information we offer on malware attacks in the Threat Log. Now analysts can quickly see why an email was flagged as malicious with details like MD5 hash, SHA1, file name, file format, and payload behavior attributes surfaced directly on the attack card.

New Content Analysis

Example of updated content analysis

Abuse Mailbox allows analysts to review and remediate user-reported emails 80% faster than traditional solutions. Those efficiencies have only increased with one exciting new, highly requested capability: automated responses to Abuse Mailbox reports.

Customers can now go into Abuse Mailbox settings, customize sender information and email templates as well as test and enable responses—directly within the portal. Customers can benefit from improved control and customization for their Abuse Mailbox templates at any time and without submitting a support ticket

Abuse Mailbox Automated Responses

Example of automated response in Abuse Mailbox

Finally, Detection 360 is the primary way customers interact with Abnormal on false positives and false negatives, helping Abnormal’s detection get better every day. When you submit missed attacks or false positives, a dedicated team of experts investigates them to fix the incident, improve detection efficacy, and provide you with a summary of the steps taken. The faster our team responds to you and corrects the issue, the faster your security team can move on to proactively stop the next attack.

This quarter, we made internal process improvements, allowing us to automate 50% of responses to customer-reported false positives.

Detection 360 Interface

Example of a user submission within Detection 360

Improving Customer Satisfaction, One Feature at a Time

We hope you and your teams find value in the latest enhancements to Abnormal ICES! Our team is committed to continuously improving and constantly innovating to strengthen our detection capabilities and expand our product features. Working together with our customers, we can provide the highest level of protection against all email threats and prevent the attacks that matter most.

If you’re a current customer who would like to request a new feature or provide feedback, please reach out to your Abnormal customer success representative.

Not yet an Abnormal customer? Request a demo today to learn how Abnormal can enhance your email security capabilities and provide visibility into email threats that other solutions miss.

Image

Prevent the Attacks That Matter Most

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Demo 2x 1

See the Abnormal Solution to the Email Security Problem

Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security.

Related Posts

B 05 11 22 Scaling Out Redis
As we’ve scaled our customer base, the size of our datasets has also grown. With our rapid expansion, we were on track to hit the data storage limit of our Redis server in two months, so we needed to figure out a way to scale beyond this—and fast!
Read More
B 05 17 22 Impersonation Attack
See how threat actors used a single mailbox compromise and spoofed domains to subtly impersonate individuals and businesses to coerce victims to pay fraudulent vendor invoices.
Read More
B 05 14 22 Best Workplace
We are over the moon to announce Abnormal has been named one of Inc. Magazine's Best Workplaces of 2022! Learn more about our commitment to our workforce.
Read More
B 05 13 22 Spring Product Release
This quarter, the team at Abnormal launched new features to improve lateral attack detection, role-based access control (RBAC), and explainable AI. Take a deep dive into all of the latest product enhancements.
Read More
B 05 11 22 Champion Finalist
Abnormal has been selected as a Security Customer Champion finalist in the Microsoft Security Excellence Awards! Here’s a look at why.
Read More
Blog series c cover
When we raised our Series B funding 18 months ago, I promised our customers greater value, more capabilities, and better customer support. We’ve delivered on each of those promises and as we receive an even larger investment, I’m excited about how we can continue to further deliver on each of them.
Read More
B 05 09 22 Partner Community
It’s an honor to be named one of CRN’s 2022 Women of the Channel. Here’s why I appreciate the award and what I love about being a Channel Account Manager at Abnormal.
Read More
B 05 05 22 Fast Facts
Watch this short video to learn current trends and key issues in cloud email security, including how to protect your organization against modern threats.
Read More
B 05 03 22
Like all threats in the cyber threat landscape, ransomware will continue to evolve over time. This post builds on our prior research and looks at the changes we observed in the ransomware threat landscape in the first quarter of 2022.
Read More
B 04 28 22 8 Key Differences
At Abnormal, we pride ourselves on our excellent machine learning engineering team. Here are some patterns we use to distinguish between effective and ineffective ML engineers.
Read More
B 04 26 22 Webinar Re Replacing Your SEG
Learn how Microsoft 365 and Abnormal work together to provide comprehensive defense-in-depth protection in part two of our webinar recap.
Read More
Blog mitigate threats cover
Learn about the most common socially-engineered attacks and why these tactics are still so successful—despite a growing awareness from employees.
Read More