Account Takeovers Lead to Costly Data Breaches
Nearly 80% of Fortune 1000 organizations have at least one compromised account.
33 million email credentials were stolen in 2021.
Compromised credentials leading to data breaches cost an average of $4.5 million.
How Abnormal Stops Email Account Takeovers in Real Time
Detects Compromised Email Accounts
Abnormal observes and baselines normal end-user behavior then detects deviations across logins, MFA methods, and location. It also detects mail rule filter changes, changes in email content and tone, and unusual recipients.
Recreates the Crime Scene in Detail
Abnormal creates a case file for manual review, correlating signals across email systems, Active Directory, devices, browsers, applications, and more to provide a conclusive judgment and enable security teams to take action and mitigate impact.
Kicks Attackers Out of Hijacked Accounts*
Only Abnormal ejects users out of compromised email accounts by automatically blocking access, forcing a password reset, and ending all active sessions. Administrators can choose to auto-remediate or manually review cases.
*Only Available for Microsoft 365
Remediates Emails Sent From Compromised Accounts
Unlike secure email gateways, Abnormal has full visibility into internal-to-internal email traffic to prevent lateral phishing attacks. When emails from compromised accounts are sent to other employees, Abnormal automatically remediates them.
Email Account Takeover Protection Features
Account Takeover Discovery
Quickly detect compromised accounts by assessing abnormalities in user locations, devices, email content, and mail rules.
Automatically remediate accounts by immediately signing a user out of all open sessions, blocking access, and forcing a password reset.
Account Takeover Investigation
Investigate an automatically-generated case enriched with a detailed timeline of suspicious activity and remediation steps taken.
I really like the account compromise feature that auto-detects threats and locks users out of those mailboxes. That was the real cherry on top for me, because it gives me peace of mind that not only is Abnormal blocking all the attacks, but also that if one actually succeeded, Abnormal auto-remediates that mailbox."
— Jim Robinson, CIO, SuperConcepts