Human-centric Approach to Email Security - Abnormal Security

Human-centric Approach to Email Security

Existing security solutions today look at known bad email metadata and fail to identify advanced and socially engineered email attacks. Abnormal leverages a human-centric approach to stop threats that employees are most vulnerable to. We provide security teams a holistic view into their employees, vendors, and supply-chain so that security teams can build understanding of normal and deviated user behavior and thus more effectively stop advanced attacks. 

Imagine if you are an employee in the Accounts Payable department and you receive an email asking you to pay a questionable invoice. You might ask yourself whether you are the right person to pay this invoice, who usually handles this request, when is the last time this vendor was paid, who is our point of contact, is the invoice amount correct. Answers to these questions rely on personal context and cannot be answered by just analyzing email metadata. Why shouldn’t security tools just answer these questions on behalf of the victim? 

The most advanced attacks target people. Employees are more likely to fall for prey when attacks seem like normal interactions. At Abnormal Security, our product focuses on sharing human-centric indicators of compromise to help analysts and victims understand the subtle unusual behaviors behind the most sophisticated attacks. We engineer our detection to stop attacks by understanding the sender and recipient as people, looking beyond email metadata. At the end of the day, we want to help analysts safely protect their employees, departments, vendors, partners, and all important entities within the organization. 

Employee Protection 

People-driven profile view of each employee in your organization

Abnormal builds employee entity profiles to help you understand an employee holistically. When a person is attacked or may likely be targeted in the future, the Security team can adjust their posture accordingly to protect an employee based on their risk level. 

Vendor Protection 

Vendor-risk view automatically composed and maintained.

Abnormal closely monitors vendor behavior, activities, and risk level in a federated fashion across our entire customer base. Understanding the likelihood of your vendors being impersonated, compromised, spoofed, or hijacked, gives Abnormal customers visibility to understand attack spread, and also to proactively block impersonated or compromised senders and protect their supply chain more effectively. 

Gaining visibility into the key human entities within your organization helps you build a solid understanding of your security posture. As Abnormal learns more about each entity in your organization, we become more effective at preventing never-before-seen attacks that deviate from baseline behavior and can block attacks before they reach vulnerable end users.