Abstract White Logo Closeup

Spring 2022 Product Release: Enhanced AI, RBAC, and Lateral Attack Detection

This quarter, the team at Abnormal launched new features to improve lateral attack detection, role-based access control (RBAC), and explainable AI. Take a deep dive into all of the latest product enhancements.

May 13, 2022

Attackers never stop innovating their techniques, but Abnormal is just as relentless about preventing the attacks that matter most. That’s why every quarter, we introduce numerous enhancements to Abnormal Integrated Cloud Email Security (ICES).

The new features are broad and far-reaching, but they are all focused on helping the organizations that use Abnormal achieve three big outcomes:

  1. Preventing all email attacks with the highest efficacy.

  2. Simplifying email security.

  3. Streamlining operations to increase productivity.

Here's an in-depth look at all of the latest product enhancements.

Three Highlights From Our Spring 2022 Product Release

  • We improved our detection models for a set of lateral attacks impacting the education sector by 27% and reduced false positives in our graymail detection models by 22.5%.

  • This quarter, Abnormal enhanced Role-Based Access Control (RBAC) within the portal. Now, organizations can limit which Abnormal users have access to view email content, and all user activities are detailed in an audit log, which provides a detailed record of any action taken by any Abnormal user.

  • And in the spirit of Explainable AI, we added more attributes and details to the attack descriptions of the emails that Abnormal categorizes as malware, giving analysts quick and simple visibility into why our detection engine flagged them as malicious.

Keep reading to learn more about what’s new in this product release!

Preventing Email Attacks (and Unwanted Mail) With the Highest Efficacy

Abnormal ICES uses behavioral AI to block business email compromise attacks, supply chain fraud, ransomware, spam, and more. Our API-based solution directly integrates with your cloud email platform, where it instantly begins baselining known good behavior and detecting anomalies. By understanding what is normal, Abnormal can block the malicious and unwanted emails that are text-based, lack attack signatures, and originate from the inside of your organization which often bypass legacy secure email gateways (SEGs) and cloud email providers.

This includes hard-to-detect attacks like lateral attacks, which have been cropping up more often in the education sector.

In this environment, students don't usually receive corporate security training, and there are often tens of thousands of dormant accounts. Once an attacker secures a set of credentials they can use the compromised account to scam hundreds or thousands of other students or employees. SEGs usually can't detect these attacks at all.

Common lateral attacks we’ve observed lately in the education sector include fake job postings and spoofed administrator requests. Here’s an example:

Lateral Attack Example Education Sector

This quarter, we enhanced our natural language processing (NLP)/natural language understanding (NLU) models to better detect lateral, internal-to-internal attacks and improved detection efficacy by 27%.

Graymail is a distraction and time-drain on employees, and it takes an estimated five seconds per email to review and categorize. But everyone’s preferences for which emails they want to receive are different—"One man's spam is another's ham." When an organization deploys Abnormal ICES, Abnormal observes and learns how employees interact with email messages, including which folders they sort email into. It then creates personal safelists and blocklists for each user that customize spam and graymail protection per user.

This quarter, we used signals from user interactions (e.g., folder moves) to tune our graymail detection model, with a focus on common automated emails that users were dragging back into their inboxes, like event confirmations and receipts. In doing so, we reduced false positives in our graymail detection models by 22.5%.

Simplifying Email Security

The average organization now has 76 different security-focused tools to manage. SEGs are hard to use, operationally burdensome, and built for the on-premise era, not the cloud. To put it plainly, security teams are dealing with way too much complexity, and SEGs should be the first legacy tool to go.

Abnormal aims to help our customers simplify email security architecture and eliminate the need for a SEG by making Abnormal ICES simple to deploy and integrate with your existing infrastructure. To that end, in addition to introducing SSO support for OneLogin users, we expanded RBAC capabilities so administrators can better control who has access to view email message content in the dashboard. Email content is now hidden by default, and users must explicitly acknowledge that they are viewing email content every time they click on a message.

Also, we enhanced the portal audit log to provide visibility into Abnormal user activity, so you’ll have a record of the actions that any users took inside the dashboard—including viewing emails.

New Role Based Access Controls RBAC

Enhanced role-based access controls (RBAC)

Streamlining Operations to Increase Productivity

Abnormal ICES helps security teams, messaging teams, and employees save time on inbox management and focus on work that matters.

It should be fast and easy to understand why Abnormal flags any given email as an attack. So this quarter, we added more attributes to the information we offer on attachments in the Threat Log. Now analysts can quickly see why an email was flagged as malicious with details like MD5 hash, SHA1, file name, and file format surfaced directly on the attack card.

Attachment Analysis

Example of updated content analysis

Abuse Mailbox allows analysts to review and remediate user-reported emails 80% faster than traditional solutions. Those efficiencies have only increased with one exciting new, highly requested capability: automated responses to Abuse Mailbox reports.

Customers can now go into Abuse Mailbox settings, customize sender information and email templates as well as test and enable responses—directly within the portal. Customers can benefit from improved control and customization for their Abuse Mailbox templates at any time and without submitting a support ticket

Abuse Mailbox Automated Responses

Example of automated response in Abuse Mailbox

Finally, Detection 360 is the primary way customers interact with Abnormal on false positives and false negatives, helping Abnormal’s detection get better every day. When you submit missed attacks or false positives, a dedicated team of experts investigates them to fix the incident, improve detection efficacy, and provide you with a summary of the steps taken. The faster our team responds to you and corrects the issue, the faster your security team can move on to proactively stop the next attack.

This quarter, we made internal process improvements, allowing us to automate 50% of responses to customer-reported false positives.

Detection 360 Interface

Example of a user submission within Detection 360

Improving Customer Satisfaction, One Feature at a Time

We hope you and your teams find value in the latest enhancements to Abnormal ICES! Our team is committed to continuously improving and constantly innovating to strengthen our detection capabilities and expand our product features. Working together with our customers, we can provide the highest level of protection against all email threats and prevent the attacks that matter most.

If you’re a current customer who would like to request a new feature or provide feedback, please reach out to your Abnormal customer success representative.

Not yet an Abnormal customer? Request a demo today to learn how Abnormal can enhance your email security capabilities and provide visibility into email threats that other solutions miss.


Prevent the Attacks That Matter Most

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Demo 2x 1

See the Abnormal Solution to the Email Security Problem

Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security.

Related Posts

B 10 3 22 Cobalt Terrapin Blog
Threat group Cobalt Terrapin uses sophisticated impersonation techniques with multiple steps to commit invoice fraud.
Read More
B 09 29 22 CISO Cybersecurity Awareness Month
October is here, which means Cybersecurity Awareness Month is officially in full swing! These five tips can help security leaders take full advantage of the month.
Read More
B Email Security Challenges Blog 09 26 22
Understanding common email security challenges caused by your legacy technology will help you determine the best solution to improve your security posture.
Read More
B 5 Crucial Tips
Retailers are a popular target for threat actors due to their wealth of customer data and availability of funds. Here are 5 cybersecurity tips to help retailers reduce their risk of attack.
Read More
B 3 Essential Elements
Legacy approaches to managing unwanted mail are neither practical nor scalable. Learn the 3 essential elements of modern, effective graymail management.
Read More
B Back to School
Discover how threat group Chiffon Herring leverages impersonation and spoofed email addresses to divert paychecks to mule accounts.
Read More
B 09 06 22 Rearchitecting a System Blog
We recently shared a look at how the Abnormal engineering team overhauled our Unwanted Mail service architecture to accommodate our rapid growth. Today, we’re diving into how the team migrated traffic to the new architecture—with zero downtime.
Read More
B Industry Leading CIS Os
Stay up to date on the latest cybersecurity trends, industry news, and best practices by following these 12 innovative and influential thought leaders on social media.
Read More
B Podcast Engineering 11 08 24 22
In episode 11 of Abnormal Engineering Stories, David Hagar, Director of Engineering and Abnormal Head of UK Engineering, continues his conversation with Zehan Wang, co-founder of Magic Pony.
Read More