Product FAQ: Remediation Options
Email Remediation Options
By default, Abnormal will automatically detect and move malicious emails to designated folders (junk folder, hidden folder, etc) when in Active Mode.
When in Active Mode, customers have the option to restore auto-remediated emails that were moved to junk or hidden folders as Safe.
Remediation Status
For each email/email campaign, Abnormal provides a remediation status and aggregates based on a variety of factors:
- Abnormal first detected the email, or not
- Email judgment (safe, spam, malicious)
- Customer mode (Passive view-only vs. Active mode)
- End-user interaction
Remediation status reflects the current state of email campaigns and informs end-users if any additional action is required (to further remediate, mark false positive, etc).
Status
Would Remediate
Screenshot
Mode
Passive Mode
Description
In Passive Mode, Abnormal does not remediate/move any malicious emails. All emails detected by Abnormal will have remediation status ‘Would Remediate’, meaning that Abnormal would remediate this email if the customer was in Active mode.
Auto-Remediate
Active Mode
This is the default remediation status in Active mode. Abnormal would automatically detect and move malicious emails to designated folders (Junk folder, hidden folder, etc).
Post-Remediate
Active Mode
Abnormal scans emails that were reported to customer’s phishing mailboxes (Abuse Mailbox). These are mostly emails that were reported by end-users (potential bad emails missed by Abnormal), and malicious emails that were rerouted via other channels. If the submitted message is deemed malicious, Abnormal will find any similar messages and bulk remediate all of them (move to deleted, permanently delete).
Marked Safe
Active Mode
Abnormal erroneously remediated an email (A false positive) and was later moved back by a portal user manually.
Commonly Asked Questions:
If employees have never spoken before, or have rarely communicated with one another, can I remediate the emails?
The only emails that get remediated are ones where Abnormal’s detection engine has deemed the email to be malicious based on numerous signals. Malicious emails are auto-remediated.
If one of the employees in this example reports the email via the integrated phishing report button to the Abuse Mailbox, Abnormal’s detection engine will pass judgement on if the email is safe or malicious. From Abuse Mailbox, the customer can change Abnormal’s judgement and remediate accordingly.
Can Abnormal Security assist in resetting passwords for those internal compromised accounts (EAC / ATO)?
Abnormal Security does offer the ability to reset passwords on behalf of those email account compromise / account take overs (EAC / ATO). This will require a “password administrator” account and we will send over documentation.
Want to learn more?
Schedule a personalized product demo to see:
- Threat analytics, insights and reporting
- Automated Triage, Investigation and response tools
- Platform integrations into SIEM, SOAR
- …and more
Want to learn more?
Schedule a personalized product demo to see:
- Threat analytics, insights and reporting
- Automated Triage, Investigation and response tools
- Platform integrations into SIEM, SOAR
- …and more
Abnormal is the email security company that stands for trust.
© 2021 Abnormal Security Corporation.
All rights reserved.