Email Account
Takeover Protection
When attackers compromise email credentials, the possibilities are endless. Detect and mitigate email account takeovers in real time when you combine Abnormal Inbound Email Security with the Email Account Takeover Protection add-on module.
Account Takeovers Lead to Costly Data Breaches
Common
Nearly 80% of Fortune 1000 organizations have at least one compromised account.
Source: Abnormal Data
Frequent
33 million email credentials were stolen in 2021.
Source: 2022 Verizon DBIR
Costly
Compromised credentials leading to data breaches cost an average of $4.5 million.
Source: IBM Cost of a Data Breach 2022
PROBLEM:
Legacy Solutions Can't Detect Compromised Internal Accounts
Credential compromise is the most common cause of data breaches. Traditional email security solutions can’t effectively detect account takeovers in progress because they lack visibility into identity, behavior, and device attributes that indicate a user’s account has been hijacked.
THE SOLUTION:
Abnormal Inbound Email Security with Email Account Takeover Protection
Abnormal baselines normal behavior for every end user by analyzing signals like login frequency, authentication methods, locations, devices, operating systems, browsers, and more.
Armed with this knowledge, Abnormal detects when employee accounts have been compromised, remediates any messages sent from them, and disarms the account before attackers can do further damage.
Working together with Abnormal Inbound Email Security, the Email Account Takeover Protection module stops account takeover attempts to prevent additional attacks.
How Abnormal Stops Account Takeovers in Real Time
Detects Compromised Email Accounts
Abnormal observes end user behavior for activity that deviates from their known normal, including login behavior, MFA methods, too-fast-to-travel locations, mail rule changes, change in email content and tone, unusual email recipients, and more. This behavioral analysis uncovers subtle anomalies to precisely detect compromised accounts.
Recreates the Crime Scene in Detail
Abnormal creates a case file of the account takeover diagnosis to organize the evidence for manual review. The analysis includes signals across email systems, Active Directory, devices, browsers, applications and more to provide a conclusive judgment and enable security teams to take broader downstream actions to mitigate the damage.
Kicks Attackers Out of Hijacked Accounts*
Only Abnormal ejects users out of compromised email accounts by automatically blocking account access, triggering a password reset, and signing out of all active sessions. Administrators can choose to auto-remediate compromised accounts or manually review cases.
*Currently available only for Microsoft 365.
Remediates Emails Sent From
Compromised Accounts
When malicious emails from compromised accounts are sent to other employees, Abnormal automatically remediates them to hidden folders so users cannot see or engage with them. Unlike secure email gateways, Abnormal has full visibility into internal-to-internal email traffic, empowering you to inspect and remediate malicious lateral messages.
Deployment Outcomes
Costs Mitigated
$54K
Average cost savings with each compromised account remediated.
Dwell Time Eliminated
6 Seconds
Time to remediate compromised accounts post-detection.
Trusted by Global Enterprises
Detect, Disable, and Remediate Compromised Accounts.
With an AI-based approach to detection, you can catch account takeover attempts that other solutions miss.
