Account Takeover Protection
Automatically detects and disables access to Microsoft Office 365 and Google Workspace accounts that show anomalous behavior and appear to be compromised.
Stop Attack Progression and Remediate Compromised Accounts
Detect Compromised Accounts
instantly, across internal employees and external partners
Disarm Takeovers Automatically
by logging out of active sessions, blocking access, and helps affected users regain access
Incident Management and Reporting
via integrations that streamline remediation
Automatically Detects and Disables Compromised Accounts
Multi-Channel Analysis Baselines Good Behavior
Abnormal deeply understands and baselines normal behavior for every end user by analyzing signals including login frequency, locations, devices, operating systems, browsers used, applications accessed, communication behavior, information shared, and many more.
Any deviations from these baselines enables Abnormal to detect potentially compromised accounts.
This information is conveniently presented as a ‘genome’ for analysis by security teams.
Detects Compromised Accounts with High Precision
Abnormal continuously observes end user behavior for activity that deviates from normal, including login behavior, locations, mail rule changes, change in email content and tone, unusual email recipients, lateral phishing messages, and more.
The platform also detects any attempts made to bypass multi-factor authentication using legacy authentication protocols, or repeated sign-in attempts.
This behavioral analysis approach detects even the most subtle anomalies to precisely disable compromised accounts.
Monitors Vendors for Compromised Accounts
Abnormal automatically correlates thousands of signals to identify and block suspicious emails sent from compromised vendors.
Signals include unusual locations, typosquatting, reply-to address changes, unusual message content, irregular invoice cadence, abnormal invoice formats, and questionable bank account or payment instructions.
You can review your organization's vendors, their contacts within your organization, and their communication. You can also use VendorBase to see each vendor’s risk profile based on signals collected across the entire enterprise ecosystem.
Rapidly Respond to Account Compromises through Auto-Remediation
Recreates the Crime Scene in Detail
Abnormal intelligently gathers and organizes all the evidence that led to the diagnosis, along with summarized conclusions.
Its ability to pull together a case file—by drawing signals across email systems, Active Directory, devices, browsers, applications, and more—with a conclusive judgement, equips security teams to take immediate action.
Provides Explainable Attack Analysis
Abnormal helps you understand why an account was judged as compromised.
You’ll see evidence presented based on relevant signals monitored and an event log of unusual events that triggered the judgement.
Automatically Remediates Accounts
Stop attackers in their tracks by signing users out of active sessions, instantly disabling accounts, triggering Microsoft Office 365 and SSO password resets, and creating service tickets.