Description
Abnormal Security protects organizations from the full range of targeted email attacks by combining data science technologies with the unique visibility and data provided by a cloud-native API architecture.
Abnormal Security protects organizations from the full range of targeted email attacks by combining data science technologies with the unique visibility and data provided by a cloud-native API architecture.
ABX analyzes Email, Organization Structure, Event Information, Threat Intelligence and more to profile communications across:
∙ Identity Model
∙ Relationship Graph
∙ Content Analysis
which are consolidated by an ensemble of machine learning algorithms to stop the full range of email attacks.
Consolidate the email security solution stack with comprehensive coverage for both advanced social engineering attacks and traditional malware protection. The Malware Sandbox identifies and blocks emails with malware-infected attachments or link to malware-infected files.
Global, federated database of an organization's vendor reputation. By aggregating and incorporating a vendor's risk score, Vendorbase provides customers with insight around each legitimate and illegitimate vendors by providing visibility to a vendor's reputation and transactions.
ABX will explain and summarize the automated analysis into human readable and understandable insights.
Abnormal integrates into a number of different sources, including Office 365, GSuite, Microsoft Teams, Proofpoint TAP, and Okta. The full list of integrations can be found at abnormalsecurity.com/integrations/
Abnormal will automatically detect and move malicious emails to designated folders (Junk folder, hidden folder, etc).
Abnormal will be able to inject awareness banners into malicious emails that arrive in individual end user’s email inbox. Customer’s security team would be able to educate their end users to recognize malicious emails via these additional threat awareness content.
In Passive Mode, Abnormal does not remediate/move any malicious emails. All emails detected by Abnormal will have remediation status 'Would Remediate', meaning that Abnormal would remediate this email if customer were in Active mode.
Manual Mode is an integration mode where users can manually remediate malicious emails within Abnormal’s interface. In Manual mode, no email is automatically moved by Abnormal; the move is only initiated by our customers. Manual mode also allows users to manually notify their employees of their abuse mailbox submission result.
Abnormal automatically alerts on end users' unsafe engagement activities. Engagement means the attack recipient has:
∙ Opened the attack (enabled by internal/customer request)
∙ Replied to the attacker
∙ Forwarded the attack to another internal employee
Unsafe engagement activities appear in customer's Portal, and via email notifications to Abnormal's internal mailing lists.
Abnormal now supports automated email notifications within Abuse Mailbox and Abnormal Cases. In Abuse Mailbox, Security Analysts can be auto-alerted when a user-reported email campaign is detected malicious. When an account takeover case is detected, designated security team recipients will also be alerted via email notification. Please reach out to your account manager if would like to start receiving email notifications.
Remediation statues appear for each email/email campaign Abnormal finds and displays in Client Portal. The remediation status is based on a variety of factors:
∙ Abnormal first detected the email, or not
∙ Email judgement (safe, spam, malicious)
∙ Customer mode (Passive view only vs. Active)
∙ End-user interaction
Remediation status reflects current state of email campaigns and informs end users if any additional action is required (to further remediate, mark false positive, etc).
