In Security products, we commonly hear phrases from customers such as ‘Security is a black box’, ‘False positives in security tools’, or wanting ‘a single pane of glass’. These are common vocabularies that describe a security analyst’s perception of products that lack efficacy and are not designed to effectively communicate product value to end users. In another word, good security design is missing.
At Abnormal Security, we believe a good product should not only provide differentiating technology to defend against cyber attacks, but also consistently deliver best-in-class product experience tailored to security analysts. A good product should facilitate trust-building, easy adoption, and accomplishing tasks smoothly and effectively. Simply said, we aim to build a security experience with good and intentional design practice.
Abnormal’s product design focuses on communicating, educating, and sharing various depths of information to Security Analysts so they understand the what, why and how we are able to detect the most sophisticated attacks. Here are some intentional design elements that help analysts look at email attacks with fresh eyes:
Attack Insights: Human-readable and intuitive to analysts
Instead of retrieving headers and analyzing them, Abnormal aggregates all unusual signals via ABX’s adaptive machine learning detection, then delivers suspicious findings via human-readable insights.
We help analysts spend less time locating attack root causes, but focus more on getting the holistic diagnosis right away.
Attack Facets – Key attack structure summaries
Each email attack can be deconstructed with a core set of attributes that answers the following questions: Who is the suspicious sender? What’s their goal? Who is the targeted victim? What’s the intended outcome of this attack? Abnormal surfaces this information we call Attack Facets in a structured manner so at a glance, an analyst can quickly build a mental model of each email.
Email Information Breakdown – Deconstruct analyst’s brain into digestible modules
From our customer interviews, testing, and iterations, we broke down the analyst’s investigation workflow into structured modules so they can access the information in a ‘single pane of glass’. Understanding the sender, content, and entity relationship allows analysts to quickly grasp the key attack vectors. In addition, Abnormal enhances this data by further spotting abnormality between sender and recipients, as well as suspicious content, messaging, invoices that appear as deviations from normal communication patterns.
Storytelling via time – Understand the attacker
Sophisticated attacks often take place over a period of time where attackers build up a repertoire of user communication, behavior, and assets before revealing the attack. Abnormal is designed to automatically helps security analysts reconstruct historical events back in time so that analysts can access the full story, understand attack progression, and build attack case conviction right away.
Tooltips – Small but mighty!
Abnormal’s product has a lot of tooltips! We believe in keeping the product simple but still find a way to showcase wealth of information. Tooltips is a great artifact for customers to learn more about our findings and learn their way around Abnormal Security. After all, there should be no guesswork for you to navigate the system that protects you from cyber attacks.
With each of these design components mentioned and careful incorporated into Abnormal, we hope to achieve the following goals: Allow our users to understand what/why/how Abnormal caught an attack so that email security is not a blackbox for anyone. We help customers build trust in Abnormal’s technology so that we are that elusive single pane of glass for all your email security needs.
Abnormal is the email security company that stands for trust.
© 2020 Abnormal Security Corporation.
All rights reserved.