chat
expand_more

Summer 2023 Product and Detection Recap: Expansive Integrations Provide Greater Protection for Cloud Email

Discover all of Abnormal's latest integrations across apps like Slack, Zoom, and Microsoft Teams extending your email-like protection across the cloud environment.
August 10, 2023

This summer, Abnormal delivered significant enhancements with real impact—ensuring our customers can truly protect against the full spectrum of email and collaboration attacks while spending less on email security.

Truly, this latest batch of releases is in the service of not only protecting cloud communications today but ultimately helping to secure the future as attackers continue to become more sophisticated.

Before this introduction becomes too overwrought, let’s discuss what’s new at Abnormal to highlight exactly how we are achieving our lofty goals.

Greater Protection Through Expansive Integration

Abnormal Protects Slack, Zoom, and Microsoft Teams to Secure Collaboration

Attackers are finding ways to infiltrate organizations’ own key communal spaces in this remote work world: collaboration apps such as Slack, Zoom, and Microsoft Teams.

In fact, according to recent research by ESG, 89% of surveyed organizations had seen at least one attack on collaboration apps in the month preceding the survey, and 52% had dealt with a multi-channel attack that spanned email and collaboration apps.

To address this, Abnormal extended its messaging protection, account takeover protection, and security posture management capabilities to protect the most common collaboration platforms.

Messages sent in Microsoft Teams, Slack, or Zoom chat are analyzed for malicious URLs. Abnormal administrators are then notified when a suspicious message has been detected. This includes both internal employees and external collaborators with access to these platforms.

Further, any suspicious sign-in activity—such as a user accessing Slack from a known-bad IP address—will be used to determine whether a user has been the victim of an account takeover. Abnormal will also surface changes to user privileges on Slack and Zoom to further bolster the investigation of suspicious accounts.

Abnormal’s Data Ingestion Platform and Deployment Overview Simplify Integration

Every security tool on the market today has dozens of integrations, which makes sense as interoperability with additional tools and ingestion of data from protected platforms ultimately make an organization more secure.

But it can be a difficult task to not only connect to these different data sources but understand which connections already exist.

The Abnormal Data Ingestion Platform gives customers a simple workflow to integrate and ingest data from applications such as Slack, Zoom, and Okta—walking customers through the steps to complete the connection and operationalize the data from their most critical applications and tools.

The Deployment Overview provides a visualization of all connected data sources and applications, as well as activated Abnormal add-on solutions and push and push-pull integrations with additional security tools such as CrowdStrike.

Analyzing Privilege Escalation and Access Policy Abuse in Email Account Takeover Protection

Many of our customers have come to us with a common security concern: a lack of visibility into key email platform configuration changes—noting that user privilege and conditional access policy exploitation can lead to a data breach or help successful attackers establish persistence. But it is often difficult to determine when this has occurred, usually being part of the post-mortem investigation once a breach has gone too far.

To address these concerns, Abnormal now surfaces configuration changes in its account takeover protection cases. For customers that have Email Security Posture Management and Email Account Takeover Protection, a potentially compromised user modifying mail tenant conditional access policies or gaining elevated privileges will be used when determining not only whether an account has truly been taken over but to enhance the ensuing investigation.

Email Security Posture Management Shines a Light on Mail Filter Rules and New App Permissions

Continuing with the Email Security Posture Management updates, Abnormal now surfaces additional configuration changes, including mail rule filter changes and over a dozen new third-party application permissions. This will trigger alerts about new and notable changes, such as a user adjusting mail filter rules to delete all incoming messages—or a third-party app being granted permission to join video calls and directly create and send emails.

Each of these changes can indicate a risk (or worse, a compromised account), so being able to surface and understand these changes is crucial when addressing the aforementioned visibility gap into platform configurations.

Abuse Mailbox Makes it Easy to Triage User-Reported Email Right Through the SIEM

We’ve enhanced our Abuse Mailbox workflows for customers needing to analyze and triage user-reported emails through the SIEM.

As many of our customers consider the SIEM the core of their incident response and compliance workflows; Abnormal integrates with Splunk, SumoLogic, and IBM QRadar to allow customers to pull Abuse Mailbox data for emails that have been deemed a threat, spam, or benign.

This not only streamlines email security operations but ensures visibility into potential attacks across the security function.

Abnormally Effective Improvements to Detection Models and Methods

Product enhancements aside, we have also continued to improve our detection capabilities. Abnormal is built on advanced AI, and it is imperative that our detection models outstrip attackers—especially as those attackers make use of AI themselves.

Expanded Graymail Detection Drastically Improves Efficacy

While not an outright threat, graymail (the promotional emails clogging your inbox) is a threat to organizational productivity.

By expanding our graymail detection methods, such as analyzing unusual graymail sender patterns, we continue to increase the amount of graymail we keep from cluttering customer inboxes.

Message Detection Efficacy Improves to Reduce False Positives

Our messaging detection models are constantly being trained and improved to detect threats, but often the hunt for threats can result in frequent false positives. With this latest round of enhancements, we continue to draw down the number of false positives to separate signal from noise.

What’s Coming This Fall?

So, what’s next for Abnormal? Well, luckily, we are not gearing up for a disappointing series finale. Before we begin to roll out our next round of enhancements, learn about what Abnormal can do for you now by requesting a demo today.

Schedule a Demo
Summer 2023 Product and Detection Recap: Expansive Integrations Provide Greater Protection for Cloud Email

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

 

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

 
Integrates Insights Reporting 09 08 22

Related Posts

B Complex Case of Account Compromise Blog
Discover how Abnormal helped one organization detect the sophisticated tactics an attacker used to compromise an employee's email account.
Read More
B Cross Platform Account Takeover
Discover the dangers of cross-platform account takeover, the challenges of detecting this attack, and how to implement proactive protection against ATO.
Read More
B 5 17 24 Legal
Learn how cybercriminals use superficial disclaimers to deceive others while facilitating illegal activity on cybercrime forums.
Read More
B Cybersecurity Influencers Blog 2024
Stay up to date on the latest cybersecurity trends, industry news, and best practices by following these 15 innovative and influential thought leaders on social media.
Read More
B 5 13 24 Docusign
Cybercriminals are abusing Docusign by selling customizable phishing templates on cybercrime forums, allowing attackers to steal credentials for phishing and business email compromise (BEC) scams.
Read More
B CRN
Abnormal employees honored as CRN 2024 Women of the Channel for their influential leadership in the tech industry.
Read More