Product FAQ: Service Availability - Abnormal Security Product FAQ Service Availability
Product FAQs  Service Availability

Product FAQ: Service Availability

Commonly Asked Questions:

What parameters and mechanisms are in place to monitor the uptime and service availability?

Abnormal Security uses several metrics to monitor in realtime to ensure service uptime and availability. Every statistic is published from each instance through Prometheus and to Cloudwatch reporting and logging purposes. All these aggregated metrics are monitored in realtime to ensure uptime, SLA monitoring, health and the 99.9th percentile latencies.

What is the process and response time for scaling the infrastructure that your services run on?

Abnormal Security’s technology stack is based on a horizontally scalable architecture to seamlessly support the highest throughput and high scale deployments of up to millions of mailboxes. The architecture follows a Service Oriented Architecture pattern. The services are auto-scaled by using AWS and instances are automatically and seamlessly added to keep up with requests and throughput.

What are the processes and tools used for vulnerability and patch management?

An OS upgrade is done by creating Amazon Machine Images. These are containerized using Docker, tested on local environments and then on staging environments before being pushed to production. We use sample and debug queries to verify the compatibility before upgrades. After pushing to production, alerts on success rates and overall business metrics determine the health of an upgrade. Systems are rolled back if the performance after upgrade is lower than before the upgrade. 

We use RDS for MySQL with auto minor version upgrades. Major version upgrades will be a carefully planned operation with customized test suite generation, testing, deployment and rollback plans.

How do you gain visibility into emerging threats via your internet backbone (attacks)?

We have continuous monitoring services in place within our AWS infrastructure and we use Rippling endpoint security for device management.  Similar to our product, we observe and report on anomalous behavior and have a dedicated team responsible for reviewing and addressing threat alerts. More details can be provided upon request.

What is Abnormal Security's service availability ratio and failure frequency?

Our uptime SLA is 99.9%

Several metrics are monitored in realtime to ensure service uptime and availability. Every interesting statistic is published from each instance through Prometheus and to Cloudwatch. All these aggregated metrics are monitored in realtime to ensure uptime, SLA monitoring, health and the 99th percentile latencies.

What is the time frame for when a change is made by a user or another API tool to when it is updated within Abnormal Security portal?

Real time.

Whenever there is any sort of activity within a user’s mailbox then our system will receive the notification and is reflected within our portal in real-time because of our connectivity to your mail storage tenant (M365 or G-Suite).

What type of O365 Admin is required to approve the API integration?

Global Admin access is required to approve the API integration. In addition to the Exchange APIs, Abnormal Security also uses the ActiveDirectory APIs, and security events APIs in order to ingest, canonicalize, and alert holistically on risky employees.

Want to learn more?

Schedule a personalized product demo to see:

  • Threat analytics, insights and reporting
  • Automated Triage, Investigation and response tools
  • Platform integrations into SIEM, SOAR
  • …and more
Automated Triage, Investigation and response tools

Want to learn more?

Schedule a personalized product demo to see:

  • Threat analytics, insights and reporting
  • Automated Triage, Investigation and response tools
  • Platform integrations into SIEM, SOAR
  • …and more