Communicate Security Insights via Good Design - Abnormal Security

Communicate Security Insights via Good Design

In Security products, we commonly hear phrases from customers such as ‘Security is a black box’, ‘False positives in security tools’, or wanting ‘a single pane of glass’. These are common vocabularies that describe a security analyst’s perception of products that lack efficacy and are not designed to effectively communicate product value to end users. In another word, good security design is missing.

At Abnormal Security, we believe a good product should not only provide differentiating technology to defend against cyber attacks, but also consistently deliver best-in-class product experience tailored to security analysts. A good product should facilitate trust-building, easy adoption, and accomplishing tasks smoothly and effectively. Simply said, we aim to build a security experience with good and intentional design practice

Abnormal’s product design focuses on communicating, educating, and sharing various depths of information to Security Analysts so they understand the what, why and how we are able to detect the most sophisticated attacks. Here are some intentional design elements that help analysts look at email attacks with fresh eyes: 

Attack Insights: Human-readable and intuitive to analysts 

Instead of retrieving headers and analyzing them, Abnormal aggregates all unusual signals via ABX’s adaptive machine learning detection, then delivers suspicious findings via human-readable insights. 

We help analysts spend less time locating attack root causes, but focus more on getting the holistic diagnosis right away. 

Abnormal Insights translate complicated attack detection into human readable languages.

Attack Facets – Key attack structure summaries 

Each email attack can be deconstructed with a core set of attributes that answers the following questions: Who is the suspicious sender? What’s their goal? Who is the targeted victim? What’s the intended outcome of this attack? Abnormal surfaces this information we call Attack Facets in a structured manner so at a glance, an analyst can quickly build a mental model of each email. 

Understand key attack facets by looking at key attributes extracted with Abnormal's ABX machine learning detection.

Email Information Breakdown – Deconstruct analyst’s brain into digestible modules 

From our customer interviews, testing, and iterations, we broke down the analyst’s investigation workflow into structured modules so they can access the information in a ‘single pane of glass’. Understanding the sender, content, and entity relationship allows analysts to quickly grasp the key attack vectors. In addition, Abnormal enhances this data by further spotting abnormality between sender and recipients, as well as suspicious content, messaging, invoices that appear as deviations from normal communication patterns. 

Abnormal deconstructs an email attack into multiple digestible pieces in order for analysts to understand Abnormal's detection reasoning.

Storytelling via time – Understand the attacker 

Sophisticated attacks often take place over a period of time where attackers build up a repertoire of user communication, behavior, and assets before revealing the attack. Abnormal is designed to automatically helps security analysts reconstruct historical events back in time so that analysts can access the full story, understand attack progression, and build attack case conviction right away. 

Abnormal provides a timeline of user compromise activities to allow analysts to quickly understand historical account activities.

Tooltips – Small but mighty! 

Abnormal’s product has a lot of tooltips! We believe in keeping the product simple but still find a way to showcase wealth of information. Tooltips is a great artifact for customers to learn more about our findings and learn their way around Abnormal Security. After all, there should be no guesswork for you to navigate the system that protects you from cyber attacks. 

Abuses Mailbox Reporting uses abundance amount of tooltips to provide the narrative of the report and help navigate user to the data they look for.

With each of these design components mentioned and careful incorporated into Abnormal, we hope to achieve the following goals: Allow our users to understand what/why/how Abnormal caught an attack so that email security is not a blackbox for anyone. We help customers build trust in Abnormal’s technology so that we are that elusive  single pane of glass for all your email security needs.