By default, Abnormal will automatically detect and move malicious emails to designated folders (junk folder, hidden folder, etc) when in Active Mode.
When in Active Mode, customers have the option to restore auto-remediated emails that were moved to junk or hidden folders as Safe.
For each email/email campaign, Abnormal provides a remediation status and aggregates based on a variety of factors:
Remediation status reflects the current state of email campaigns and informs end-users if any additional action is required (to further remediate, mark false positive, etc).
Would Remediate
Passive Mode
In Passive Mode, Abnormal does not remediate/move any malicious emails. All emails detected by Abnormal will have remediation status ‘Would Remediate’, meaning that Abnormal would remediate this email if the customer was in Active mode.
Auto-Remediate
Active Mode
This is the default remediation status in Active mode. Abnormal would automatically detect and move malicious emails to designated folders (Junk folder, hidden folder, etc).
Post-Remediate
Active Mode
Abnormal scans emails that were reported to customer’s phishing mailboxes (Abuse Mailbox). These are mostly emails that were reported by end-users (potential bad emails missed by Abnormal), and malicious emails that were rerouted via other channels. If the submitted message is deemed malicious, Abnormal will find any similar messages and bulk remediate all of them (move to deleted, permanently delete).
Marked Safe
Active Mode
Abnormal erroneously remediated an email (A false positive) and was later moved back by a portal user manually.
The only emails that get remediated are ones where Abnormal’s detection engine has deemed the email to be malicious based on numerous signals. Malicious emails are auto-remediated.
If one of the employees in this example reports the email via the integrated phishing report button to the Abuse Mailbox, Abnormal’s detection engine will pass judgement on if the email is safe or malicious. From Abuse Mailbox, the customer can change Abnormal’s judgement and remediate accordingly.
Abnormal Security does offer the ability to reset passwords on behalf of those email account compromise / account take overs (EAC / ATO). This will require a “password administrator” account and we will send over documentation.
Schedule a personalized product demo to see:
Schedule a personalized product demo to see:
Abnormal is the email security company that stands for trust.
© 2020 Abnormal Security Corporation.
All rights reserved.