The Abnormal Platform

Learn what’s included in our platform and how it fuels our fundamentally different approach to cloud email security.

One Platform for Your Cloud Email Security Needs

Connect, Ingest, and Understand

The Abnormal platform integrates via API in seconds with Microsoft 365 and its 85+ associated apps, Google Workspace, cloud apps including Slack, Zoom, Workday, Salesforce, cloud infrastructure—AWS, Azure, and Google Cloud Platform—as well as identity providers like Okta and Ping, and other security tools like CrowdStrike and Splunk.

Discover the Architecture

Aggregate Behavior Intelligence

Abnormal Knowledge Bases surface anomalous behavior and activity across your people, applications, tenants, vendors, and threat intelligence. Security analysts use this insight to hunt for threats and investigate potential incidents more quickly.

See the Knowledge Bases

Surface Impactful Insights

Abnormal provides the visibility and control security analysts need to investigate and remediate threats, with comprehensive attack insights and the ability to search for and respond to specific messages and campaigns.

View Demos of Platform Features

Integrate Your Security Ecosystem

Abnormal integrates easily into multiple security operations solutions, including SIEM, SOAR, and EDR/XDR platforms. These API-based integrations allow security teams to leverage Abnormal’s high-efficacy threat detection within existing response workflows.

See Technology Partners

AI-Native and API-Based Architecture Focused on Human Behavior

Why Abnormal

Understand what makes Abnormal unique.

Products Overview

Uncover the full line of products to secure the cloud email platform and connected cloud applications and infrastructure.

Solutions Overview

See how Abnormal can solve your security problems.

Read Case Study

Microsoft 365 covers a lot of bases. But it doesn't have the speciality Abnormal does to address threats that come from trusted sources like vendors.”

— Kirit Marvania, Digital Operations Director at Mace

Frequently Asked Questions

How does Abnormal use AI?

Abnormal developed focused artificial intelligence for cybersecurity that excels at analyzing vast amounts of data, identifying patterns, and making quick, accurate decisions about human behavior and attack patterns. Abnormal creates a human behavior baseline via its API ingestion of tens of thousands of human-related signals. This baseline is used by predictive AI and large language models (LLMs) to assess risk, stop attacks, and apply remediation. In addition, Abnormal uses engines that combine both system types, detecting attacks using machine learning-based predictive AI with generative AI agents that refine the decisions of the traditional systems. Generative AI agents are also used to refine and augment the training data that powers the predictive AI systems.

How is the Abnormal platform packaged?

Every platform feature, including the Knowledge Bases, is included in any purchase of Inbound Email Security. To learn more about the Abnormal products, visit the Products Overview page.

Can Abnormal replace my secure email gateway?

Yes. By adding Abnormal to your Microsoft 365 or Google Workspace environment, you can replace your SEG functionality and receive superior detection efficacy. Many of our customers use Abnormal and Microsoft in lieu of a SEG. You can learn more about how this works here.

Can I use Abnormal in addition to my SEG?

Yes. While Abnormal + native cloud email platforms can be used instead of a SEG, the Abnormal platform can also serve as a supplement to a SEG. In this case, Abnormal provides coverage for advanced and complex attacks missed by the gateway.

Can I integrate Abnormal with my SOAR or SIEM solution?

Yes. Abnormal can be integrated via API with various security operations solutions, including SOAR, SIEM, and XDR products. You can learn more about our technology integrations here.