Platform Features

The open design of cloud email platforms provides new opportunities for collaboration and extensibility, but it has also opened up new channels for attackers to exploit.

Only Abnormal Security leverages advanced behavioral data science to stop the full spectrum of email attacks and provides direct visibility into security posture to uncover and mitigate critical risks introduced by cloud email environments.

Platform Capabilities

API Integration

Abnormal’s API-based approach to integration gives Abnormal access to thousands of identity and context signals that are completely invisible to other solutions, spanning entities (third-party applications) and users (employees and vendors). This visibility enables Abnormal to correlate user identity and behavior indicators with signals in email content, and east-west traffic communication, to detect the full spectrum of attacks.


A critical blindspot for many organizations is visibility into installed applications and app permissions. AppBase centralizes app activity data, permissions, and key metadata for all applications integrated into your cloud email platform. Identify risky applications–whether over-permissioned or simply unknown and unusual–then track ongoing activity to conduct a thorough and expeditious investigation into potentially malicious 3rd-party apps.


Provides a directory of each of the active users in the environment. It uses contextual, behavioral data to build a dynamic user genome. PeopleBase also provides an activity timeline of recent events, including sign-on patterns, suspicious email activity, and more. As visibility into user behavior, privileges, and access can often be siloed across multiple tools, PeopleBase synthesizes and contextualizes user activity data in one navigable hub.


Abnormal offers a database cataloging every vendor an organization collaborates with via email, with an inventory of recent email communications, key contacts, a federated risk score, and more. With the persistence of supply chain attacks and supply chain impersonation, it is crucial that your team be able to quickly determine when a vendor is acting suspicious without having to consult multiple tools or perform manual investigations.


If you are like many organizations, you may have a variety of mail tenants for different departments, contractors, or other uses. TenantBase provides a catalog of each of the email tenants Abnormal Security protects and the relevant permissions governing access to them. As recent attacks have been executed by attackers gaining access and compromising mail tenants, it is critical to remain aware of changes as they occur.

Role-Based Access Control

Role-Based Access Control (RBAC) allows security teams, to ensure Abnormal Portal users maintain the appropriate level of access to Portal features, data, and email content.

RBAC gives the ability to restrict access to selected tenants, configure privileges per product or feature, and control user access to email content. You can even create “notification-only” users who can receive Portal email notifications but will have no access to the Abnormal Portal.

Tenant Management

With self-service tenant management, administrators can add new tenants directly from within the Abnormal Portal automating steps of the integration process. A common use case is when a company is involved in a merger or acquisition or when managed service partners (MSPs) need to secure a new email tenant.

Notification and Alerts

Abnormal delivers automated notifications across a range of key email platform security and productivity metrics – from weekly threat and graymail remediation updates, to alerts when a user reports a phishing attack with Abuse Mailbox, or when Account Takeover detects suspicious activity. Security teams can customize notification settings to meet their organizational needs, stay informed, and perform more effective investigations and audits.

Audit Log

Provides a granular audit log to help your team track everything from the IP and location of users logging into the Abnormal Portal to user privilege changes, email content and remediation activity, and whether users are downloading attack and email data. This helps you not only respond to audit requests but quickly detect potential risks from users accessing the Abnormal Portal.


The Abnormal dashboard provides visual reports of historical attack volume and frequency, with deeper insights and trending data across each product and add-on. Security teams can easily report on notable events, discover recent trends, and track the value of the solution.


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

See a Demo
Integrates Insights Reporting 09 08 22