Inbound Email Protection

Precisely block all email attacks including phishing, malware, ransomware, social engineering, executive impersonation, invoice fraud, and spam and graymail, using behavioral AI.

Deploy in minutes at any scale. No configuration or policies required.

Highest-Precision Protection Against
All Email Attacks

Complete Email Attack Protection

Uses behavioral AI to detect attacks that evade cloud email security and SEGs

Streamline Security Operations

Deploys with one click, and is proven to simplify your email security architecture

Improve Employee Experience

No more spam and quarantine digests; keep end users in their mailboxes

Stop Attacks That Evade Secure Email Gateways

Continuously analyzes email, Active Directory, and security logs via cloud APIs to baseline good behavior and precisely block all email attacks and unwanted email.

Profiles Good Behavior

By integrating with Microsoft Office 365 and Google Workspace, Abnormal continuously learns about the digital identity of every employee in your organization.

  • Which department do they belong to? What title and level do they hold?
  • Which employees are subject to greater risk?
  • When do they typically log in, from where, and using which devices?
  • With whom, why, and how often do they communicate with each other?
  • What content do they typically share? What is their tone over email?

These signals enhance our detection capabilities without any need for custom policies.


Precisely Detects and Remediates All Anomalies

Unlike secure email gateways, Abnormal scans every email, including internal messages. Using known good behavior baselines, every email is precisely scrutinized for anomalies.

  • Do they communicate this frequently?
  • Are the tone and the content shared typical?
  • Does the account appear compromised?

This behavioral-based analysis precisely strikes down all threats within milliseconds, including never-before-seen socially-engineered email attacks.

B 04 Profiles All Vendors Potential Threats 2x 2

Profiles All Your Vendors For Potential Threats

Your organization’s security posture is only as strong as the security posture of your vendors.

Soon after you integrate with Abnormal, VendorBase reviews all your emails to extract your vendor relationships. It then continuously monitors your vendors for security risks observed across the entire enterprise ecosystem and automatically identifies when a vendor has been compromised.

Defense In Depth v6

Simplify Your Email Security Stack

Eliminate the redundant secure email gateway layer, and re-enable and enhance cloud gateway capabilities built into Microsoft and Google.

Unify your entire inbound email security defenses, from email hygiene to zero-day advanced attacks.

Improve Employee Productivity and Experience

Eliminates spam and quarantine digests and portals.

Personalized End-User Email Experience

Abnormal learns end-user preferences by observing how they move messages between folders, allowing it to automatically create and manage individualized safe and block lists, as well as deliver spam and graymail to junk and promotional folders respectively.

End users no longer have to rely on spam and quarantine digests to salvage missed messages.


Smart URL Rewriting

Not all emails are malicious. So why rewrite every single URL within them?

Abnormal judges every email to determine its risk profile, and only rewrites URLs within those emails that look like borderline attacks.

B 07 Contextual Banner 2x

Contextual Banners That Help End Users

Abnormal precisely assesses every email for potential threat and the type of threat, and if deliverable, automatically provides relevant information using banners.

End users, as a result, are better equipped to ensure that they do not fall victim to attack.

Streamline Security Operations

Deploy with one-click via an API integration.
B 08 Natively Integrates 2x

Natively Integrates With Microsoft and Google

Integrate within minutes via API, without any disruption to mail flow. No changes to your email configuration or MX records are required.

Plus, there is no need to configure Abnormal or to set custom policies. It learns from Active Directory, other directory services, existing emails, and more to baseline good behavior and stop all attacks within hours.

B 09 Integrated Visibility Dashboard NEW

Integrated Visibility and Control

With a single pane of glass, analysts no longer need to toggle between your native cloud email security dashboard and other email security solution dashboards.

With deep integration, you get unified visibility and control across Microsoft Office 365, Google Workspace, and Abnormal, greatly simplifying investigation, remediation, follow-up, and reporting.

B 10 Cusotmizable Remediation Options 2x

Customizable Remediation Options

To comply with regulations or critical business needs, admins can:

  • Ensure delivery for certain groups, with contextual banners when necessary

  • Defend highly-targeted groups differently

  • Increase end user access to emails, via the junk folder, or by using banners, enabling them to inform Abnormal of their preferences

With Abnormal, you can fully automate remediation while addressing the unique needs of various groups within your organization.

Fully Automate Your SOC Workflows

Integrate with SIEM, SOAR, ITSM, and IAM solutions to enrich security insights and orchestrate workflows.


Augment your SIEM with metadata and risk scores for better attack correlation.


Trigger playbooks when users engage with bad email or compromised accounts.


Create tickets for compromised accounts or when users engage with bad emails.

Secure Email Gateways

Trigger automated post-delivery protection when gateways send alerts on missed attacks.

Phishing Training

Allow emails for training to pass inspections, and present reports on user engagement.

Identity Access Management

Log in to Abnormal via SSO, and to provide data to better detect account takeover attempts.


Our bi-directional architecture helps you set up your own custom integrations quickly and simply.

Eliminate the Broadest Spectrum of Threats

Phishing and Business Email Compromise

Stop the full range of phishing attacks, including never-before-seen socially engineered attacks.

Executive and Employee Impersonation

Block seemingly trustworthy emails that induce employees to take actions that lead to financial loss and reputational damage.

Invoice and Payment Fraud

Defuse schemes to steal money via fraudulent invoices and prevent attackers from changing legitimate bank account details.

Vendor Email Compromise

Prevent attackers from exploiting compromised vendor accounts to launch email attacks against your organization.

Malware and Ransomware

Protect your end users from emails that contain malicious attachments, ransomware, and other viruses.

Spam and Graymail

Stop spam, unsolicited messages, and other unwanted email from reaching your end users.

Trusted by Global Enterprises


See an Abnormal Product Demo

Related Resources

Data sheet 1
Protect your end users from the full spectrum of targeted email threats: phishing, ransomware, fraud, social engineering, supply chain attacks, executive impersonation, spam, and graymail. Integrate with Microsoft 365 and Google Workspace via a one-click API without disrupting mail flow. No MX record changes, configuration, or custom policies are needed.
Read More
B Gartner Highlights 1
The Gartner Market Guide for Email Security explains what integrated cloud email security (ICES) solutions are and why they’re essential for modern enterprises. Download a copy now to learn why enterprises are moving away from the SEG.
Read More
Whitepaper cover 1
Business email compromise (BEC) is the most significant cybersecurity threat to enterprise organizations, with $1.8 billion lost in 2020 alone. This type of email attack occurs when a cybercriminal uses social engineering to impersonate a trusted contact—typically an executive, coworker, vendor, or partner.
Read More
Ices announcement cover
Abnormal ICES offers all-in-one email security, delivering a precise approach to combat the full spectrum of email-borne threats. Powered by behavioral AI technology and deeply integrated with Microsoft 365...
Read More
Blog door arches
When Abnormal Security was founded, our engineering and data science teams were focused on solving the toughest—and most expensive—email security problem for enterprises: business email compromise, or BEC. Fast-forward to today and Abnormal serves some of the largest enterprises...
Read More
Video 2
Socially engineered email attacks are the #1 security threat facing companies today, accounting for more than 44% of all cybercrime losses. To stop these types of sophisticated email attacks, you need a fundamentally new approach to email security.
Read More
Webinar microsoft cover
The emergence and evolution of advanced socially-engineered cyber attacks, including business email compromise, supply chain fraud, and ransomware, has organizations rethinking their security strategies and tech stacks.
Read More
Blog basic office building
Compromised accounts are commonly used by cybercriminals to send additional attacks because they appear to originate from a trustworthy source—typically a known partner or customer, or a known coworker within the organization. In this attack, the account was first...
Read More