Account Takeover Detection - Abnormal Security
Datasheet

Email Account Compromise Detection

Comprehensive Email Account Compromise (EAC) Detection

Abnormal Security’s cloud-native architecture integrates directly into Microsoft Office 365 EOP and ATP, as well as G Suite, via APIs and requires no configuration or ongoing maintenance. Abnormal consolidates data across multiple channels into a single platform for analysis and provides consistent protection against Email Account Compromise and other BEC attacks. Learn more

Features

Internal Email Account Compromise Detection

Automatically correlates thousands of signals to identify abnormal internal email account behavior to stop compromised accounts. Suspicious signals include identifying never-seen-before financial invoice details, mail filter rule changes, geo-locationa and IP tracking for too-fast-to-travel, financial request language as well as abnormal interdepartmental correspondence patterns.

 
External Email Account Compromise Detection

Automatically correlates thousands of signals to identify abnormal external email account behavior to stop compromised accounts. Suspicious signals include identifying never-seen-before financial invoice details, mail filter rule changes, geo-location and IP tracking for too-fast-to-travel, financial request language as well as abnormal interdepartmental correspondence patterns. Additionally, Abnormal automatically maps all partners your organization communicates with over email, and assesses which vendors are high-risk to the organization (VendorBase). Learn more

Automatic Remediation

Abnormal automatically alerts SecOps teams when an account has been compromised. Additionally, Abnormal allows employees to:

  • Locks an account, meaning employees cannot perform actions or log in at all, even with appropriate credentials. Account cannot be used until an administrator re-enables it
  • Signs out employees of any logged-in sessions which prevents an attacker who is logged in from performing any dangerous actions
  • Reset their password via their phone or secondary email address
Account Compromise Attack Analysis

Abnormal provides explainable insights and analysis that summarize the key signals used to identify an account compromise attack.

Case Timeline Visibility

Visibility into the suspicious actions that lead up to an account compromise attack for further analysis.

Compromised Employee Login Patterns

Overview of affected internal employees including detailed login patterns and highlights of their risky events. Also includes detail on supply chain vendors involved in the attack.

VendorBase (Supply Chain Protection & Intelligence)

Abnormal’s global, federated database of vendors and supply chain customers. VendorBase automatically maps all partners your organization communicates with over email, and assesses which vendors are high-risk to the organization. Provides detailed visibility into supply chain partner employees that interact with your organization’s employees, as well as visibility into vendor email accounts that may be compromised and related suspicious activities. Learn more

Suspicious MFA Events

Organizations with multi-factor authentication will have additional account compromise detectors based on MFA sign-in failures.