Building “Genome” Identity Profiles to Stop Account Takeovers - Abnormal Security

Building “Genome” Identity Profiles to Stop Account Takeovers

One of the core underpinnings of Abnormal’s best-in-class ABX detection engine is a focus on understanding the details and context of organizations and the people who comprise them. As a result, a large part of Abnormal’s efficacy is derived from the consideration of how individual employees are acting and communicating in addition to producing a detailed understanding of email messages themselves. While this approach has paid dividends for inbound message detection, it is even more useful in the world of Account Takeovers, where cases are exceedingly rare and an understanding of deviations from identity and behavioral norms is critical (see here for an example of the influence of data in effective anomaly detection).

To effectively showcase some of the identity signals and patterns being analyzed behind the scenes, we have developed a new UI component we call the “Genome.” Available in conjunction with user profile cards on the email details page as well as the employee entities page, each employee’s genome tells you all of the key patterns you need to know about their profile—from common browsers used to geographic sign-in history. The employee entities page has additionally been enriched by the inclusion of a chart for relevant login patterns, similar to what Abnormal shows on the ATO Cases page. By providing this information directly to customers, we hope to shed light on individual and organizational behavior and thereby allow our clients to build up context, seamlessly delve into the details, and improve overall security posture.