chat
expand_more

Summer 2023 Product and Detection Recap: Expansive Integrations Provide Greater Protection for Cloud Email

Discover all of Abnormal's latest integrations across apps like Slack, Zoom, and Microsoft Teams extending your email-like protection across the cloud environment.
August 10, 2023

This summer, Abnormal delivered significant enhancements with real impact—ensuring our customers can truly protect against the full spectrum of email and collaboration attacks while spending less on email security.

Truly, this latest batch of releases is in the service of not only protecting cloud communications today but ultimately helping to secure the future as attackers continue to become more sophisticated.

Before this introduction becomes too overwrought, let’s discuss what’s new at Abnormal to highlight exactly how we are achieving our lofty goals.

Greater Protection Through Expansive Integration

Abnormal Protects Slack, Zoom, and Microsoft Teams to Secure Collaboration

Attackers are finding ways to infiltrate organizations’ own key communal spaces in this remote work world: collaboration apps such as Slack, Zoom, and Microsoft Teams.

In fact, according to recent research by ESG, 89% of surveyed organizations had seen at least one attack on collaboration apps in the month preceding the survey, and 52% had dealt with a multi-channel attack that spanned email and collaboration apps.

To address this, Abnormal extended its messaging protection, account takeover protection, and security posture management capabilities to protect the most common collaboration platforms.

Messages sent in Microsoft Teams, Slack, or Zoom chat are analyzed for malicious URLs. Abnormal administrators are then notified when a suspicious message has been detected. This includes both internal employees and external collaborators with access to these platforms.

Further, any suspicious sign-in activity—such as a user accessing Slack from a known-bad IP address—will be used to determine whether a user has been the victim of an account takeover. Abnormal will also surface changes to user privileges on Slack and Zoom to further bolster the investigation of suspicious accounts.

Abnormal’s Data Ingestion Platform and Deployment Overview Simplify Integration

Every security tool on the market today has dozens of integrations, which makes sense as interoperability with additional tools and ingestion of data from protected platforms ultimately make an organization more secure.

But it can be a difficult task to not only connect to these different data sources but understand which connections already exist.

The Abnormal Data Ingestion Platform gives customers a simple workflow to integrate and ingest data from applications such as Slack, Zoom, and Okta—walking customers through the steps to complete the connection and operationalize the data from their most critical applications and tools.

The Deployment Overview provides a visualization of all connected data sources and applications, as well as activated Abnormal add-on solutions and push and push-pull integrations with additional security tools such as CrowdStrike.

Analyzing Privilege Escalation and Access Policy Abuse in Email Account Takeover Protection

Many of our customers have come to us with a common security concern: a lack of visibility into key email platform configuration changes—noting that user privilege and conditional access policy exploitation can lead to a data breach or help successful attackers establish persistence. But it is often difficult to determine when this has occurred, usually being part of the post-mortem investigation once a breach has gone too far.

To address these concerns, Abnormal now surfaces configuration changes in its account takeover protection cases. For customers that have Email Security Posture Management and Email Account Takeover Protection, a potentially compromised user modifying mail tenant conditional access policies or gaining elevated privileges will be used when determining not only whether an account has truly been taken over but to enhance the ensuing investigation.

Email Security Posture Management Shines a Light on Mail Filter Rules and New App Permissions

Continuing with the Email Security Posture Management updates, Abnormal now surfaces additional configuration changes, including mail rule filter changes and over a dozen new third-party application permissions. This will trigger alerts about new and notable changes, such as a user adjusting mail filter rules to delete all incoming messages—or a third-party app being granted permission to join video calls and directly create and send emails.

Each of these changes can indicate a risk (or worse, a compromised account), so being able to surface and understand these changes is crucial when addressing the aforementioned visibility gap into platform configurations.

Abuse Mailbox Makes it Easy to Triage User-Reported Email Right Through the SIEM

We’ve enhanced our Abuse Mailbox workflows for customers needing to analyze and triage user-reported emails through the SIEM.

As many of our customers consider the SIEM the core of their incident response and compliance workflows; Abnormal integrates with Splunk, SumoLogic, and IBM QRadar to allow customers to pull Abuse Mailbox data for emails that have been deemed a threat, spam, or benign.

This not only streamlines email security operations but ensures visibility into potential attacks across the security function.

Abnormally Effective Improvements to Detection Models and Methods

Product enhancements aside, we have also continued to improve our detection capabilities. Abnormal is built on advanced AI, and it is imperative that our detection models outstrip attackers—especially as those attackers make use of AI themselves.

Expanded Graymail Detection Drastically Improves Efficacy

While not an outright threat, graymail (the promotional emails clogging your inbox) is a threat to organizational productivity.

By expanding our graymail detection methods, such as analyzing unusual graymail sender patterns, we continue to increase the amount of graymail we keep from cluttering customer inboxes.

Message Detection Efficacy Improves to Reduce False Positives

Our messaging detection models are constantly being trained and improved to detect threats, but often the hunt for threats can result in frequent false positives. With this latest round of enhancements, we continue to draw down the number of false positives to separate signal from noise.

What’s Coming This Fall?

So, what’s next for Abnormal? Well, luckily, we are not gearing up for a disappointing series finale. Before we begin to roll out our next round of enhancements, learn about what Abnormal can do for you now by requesting a demo today.

Schedule a Demo
Summer 2023 Product and Detection Recap: Expansive Integrations Provide Greater Protection for Cloud Email

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Dropbox Open Enrollment Attack Blog
Discover how Dropbox was exploited in a sophisticated phishing attack that leveraged AiTM tactics to steal credentials during the open enrollment period.
Read More
B AISOC
Discover how AI is transforming security operation centers by reducing noise, enhancing clarity, and empowering analysts with enriched data for faster threat detection and response.
Read More
B Microsoft Blog
Explore the latest cybersecurity insights from Microsoft’s 2024 Digital Defense Report. Discover next-gen security strategies, AI-driven defenses, and critical approaches to counter evolving threats and safeguard your organization.
Read More
B Osterman Blog
Explore five key insights from Osterman Research on how AI-driven tools are revolutionizing defensive cybersecurity by enhancing threat detection, boosting security team efficiency, and countering sophisticated cyberattacks.
Read More
B AI Native Vendors
Explore how AI-native security like Abnormal fights back against AI-powered cyberattacks, protecting your organization from human-targeted threats.
Read More
B 2024 ISC2 Cybersecurity Workforce Study Recap
Explore key findings from the 2024 ISC2 Cybersecurity Workforce Study and find out how SOC teams can adapt and thrive amidst modern challenges.
Read More