Account Takeover Protection

Automatically detects and disables access to Microsoft Office 365 and Google Workspace accounts that show anomalous behavior and appear to be compromised.

Stop Attack Progression and Remediate Compromised Accounts

Detect Compromised Accounts

instantly, across internal employees and external partners

Disarm Takeovers Automatically

by logging out of active sessions, blocking access, and helps affected users regain access

Incident Management and Reporting

via integrations that streamline remediation

Automatically Detects and Disables Compromised Accounts

Protect your end users and their information, no matter how account credentials were stolen.
C 01 multi channel 2x

Multi-Channel Analysis Baselines Good Behavior

Abnormal deeply understands and baselines normal behavior for every end user by analyzing signals including login frequency, locations, devices, operating systems, browsers used, applications accessed, communication behavior, information shared, and many more.

Any deviations from these baselines enables Abnormal to detect potentially compromised accounts.

This information is conveniently presented as a ‘genome’ for analysis by security teams.

C 02 compromised 2x

Detects Compromised Accounts with High Precision

Abnormal continuously observes end user behavior for activity that deviates from normal, including login behavior, locations, mail rule changes, change in email content and tone, unusual email recipients, lateral phishing messages, and more.

The platform also detects any attempts made to bypass multi-factor authentication using legacy authentication protocols, or repeated sign-in attempts.

This behavioral analysis approach detects even the most subtle anomalies to precisely disable compromised accounts.

C 03 vendor 2x

Monitors Vendors for Compromised Accounts

Abnormal automatically correlates thousands of signals to identify and block suspicious emails sent from compromised vendors.

Signals include unusual locations, typosquatting, reply-to address changes, unusual message content, irregular invoice cadence, abnormal invoice formats, and questionable bank account or payment instructions.

You can review your organization's vendors, their contacts within your organization, and their communication. You can also use VendorBase to see each vendor’s risk profile based on signals collected across the entire enterprise ecosystem.

Rapidly Respond to Account Compromises through Auto-Remediation

Orchestrate workflows to quickly coordinate efforts, disable accounts and report on incidents.
C 04 recreates 2x

Recreates the Crime Scene in Detail

Abnormal intelligently gathers and organizes all the evidence that led to the diagnosis, along with summarized conclusions.

Its ability to pull together a case file—by drawing signals across email systems, Active Directory, devices, browsers, applications, and more—with a conclusive judgement, equips security teams to take immediate action.

C 02 compromised 2x

Provides Explainable Attack Analysis

Abnormal helps you understand why an account was judged as compromised.

You’ll see evidence presented based on relevant signals monitored and an event log of unusual events that triggered the judgement.

C 06 Auto Remediation 2x

Automatically Remediates Accounts

Stop attackers in their tracks by signing users out of active sessions, instantly disabling accounts, triggering Microsoft Office 365 and SSO password resets, and creating service tickets.

Trusted by Global Enterprises


See an Abnormal Product Demo

Related Resources

Data sheet 3
By understanding normal behavior, Abnormal can detect any deviations in these baselines to uncover potentially compromised accounts and then immediately remediate them. When left undetected, attackers can use compromised accounts to exfiltrate sensitive data or send lateral phishing emails.
Read More
Threat report 1
Cybercriminals upped their game over the last quarter—increasing the number of credential phishing attacks and account takeover attempts. In our quarterly threat report, Abnormal Security discovered significant increases in the number of brute force attacks and impersonation attempts.
Read More
B Gartner Highlights 1
The Gartner Market Guide for Email Security explains what integrated cloud email security (ICES) solutions are and why they’re essential for modern enterprises. Download a copy now to learn why enterprises are moving away from the SEG.
Read More
Blog basic office building
Compromised accounts are commonly used by cybercriminals to send additional attacks because they appear to originate from a trustworthy source—typically a known partner or customer, or a known coworker within the organization. In this attack, the account was first...
Read More
Microsoft whitepaper cover
In today’s cloud-first approach to managing corporate infrastructure and running applications, more than 56% of organizations globally now use Microsoft 365. See how Abnormal can help you augment your infrastructure to block the most dangerous attacks.
Read More