Account Takeover Protection

Prevent account takeovers with a solution that deeply understands and baselines normal user behavior. By understanding normal behavior, Abnormal can detect any deviations in these baselines to uncover potentially compromised accounts and then immediately remediate them. When left undetected, attackers can use compromised accounts to exfiltrate sensitive data or send lateral phishing emails. Abnormal protects your end users and their information, no matter how account credentials were stolen.


Baselines Good Behavior with Multi-Channel Analysis

Abnormal deeply understands and baselines normal behavior for every end user by analyzing signals including login frequency, locations, devices, operating systems, browsers used, applications accessed, communication behavior, information shared, and many more.

Understanding the normal allows Abnormal to detect abnormal login behavior, unusual email recipients, changes in tone, lateral phishing messages, and other indicators to recognize potentially compromised accounts. This information is conveniently presented as a ‘genome’ for analysis by security teams.

Monitors Vendors for Compromised Accounts with VendorBase

When vendors and partners become compromised, bad actors can use those accounts to send attacks to your end users.. Abnormal automatically correlates thousands of signals to identify and block suspicious emails sent from compromised vendors.

Recreates the Crime Scene in Detail

Abnormal intelligently gathers and organizes all the evidence that led to the diagnosis, along with summarized conclusions.

Its ability to pull together a case file—by drawing signals across email systems, Active Directory, devices, browsers, applications, and more—equips security teams to take immediate action.

Provides an Explainable Attack Analysis

Abnormal intelligently gathers and organizes all evidence that led to the diagnosis, along with summarized conclusions, and equips security teams to take immediate action.

This analysis enables SOC analysts to understand why an account was judged as compromised. You will see the evidence-based on monitored relevant signals and an event log of unusual events, such as suspicious logins, mail rule changes, or abnormal communication patterns.

Automatically Remediates Accounts

Stop attackers in their tracks by signing users out of active sessions, instantly disabling accounts, triggering Microsoft Office 365 and SSO password resets and creating service tickets.

Abnormal Account Takeover Protection Key Capabilities

  • Automated Remediation: Allow Abnormal to disable the account, sign out of active sessions, and reset account passwords.

  • Manual Account Remediation: Manually disable the account, sign out of active sessions, and reset account passwords.

  • Automated Alerts: Receive alerts via email and your preferred SIEM platform.

  • Compromised Vendor Detection: Block emails from compromised vendors and partners and understand vendor risk with VendorBase.

  • Explainable Attack Analysis: Receive insight into why accounts have been flagged as compromised.

  • Third-Party Identity Provider Integration: Integrate seamlessly with Microsoft Active Directory, Google Workspace, and Okta for additional account compromise signals based on user sign-in behaviors and MFA failures.

Deploys in Minutes and Proven to Save You Time

The Abnormal cloud-native API architecture simplifies deployment and improves response times. Get started today.

Related Resources

Video 1
Abnormal can determine when legitimate end users have accessed accounts, or when a bad actor has accessed them, by understanding key attributes like common IP addresses, or if the device has been accessed...
Read More
Webinar cover 4
CISOs deal with a multitude of threats that can have significant financial and reputational impacts. Of those threats, business email compromise is the #1 attack type, costing businesses almost as much as all other cybersecurity incidents combined.
Read More
Video 2
Socially engineered email attacks are the #1 security threat facing companies today, accounting for more than 44% of all cybercrime losses. To stop these types of sophisticated email attacks, you need a fundamentally new approach to email security.
Read More
Video 1
With Abnormal, security teams can now eliminate redundant email gateways and enhance Microsoft's built-in security capabilities. Once integrated via one-click API, Abnormal automatically profiles your VIPs and employees, their behavior, relationships, communication patterns...
Read More
Data sheet 1
Protect your end users from the full spectrum of targeted email threats: phishing, ransomware, fraud, social engineering, supply chain attacks, executive impersonation, spam, and graymail. Integrate with Microsoft 365 and Google Workspace via a one-click API without disrupting mail flow. No MX record changes, configuration, or custom policies are needed.
Read More
Data sheet 4
Supercharge your SOC workflows and save time with AI-assisted investigation, auto-remediation, follow-up, and reporting. Abnormal provides a frictionless method for user-reported phishing attacks to be submitted, triaged, and reviewed.
Read More
Data sheet 3
By understanding normal behavior, Abnormal can detect any deviations in these baselines to uncover potentially compromised accounts and then immediately remediate them. When left undetected, attackers can use compromised accounts to exfiltrate sensitive data or send lateral phishing emails.
Read More
Data sheet 2
Secure email gateways struggle to block socially-engineered attacks that pass reputation checks, have no links or attachments, and appear to come from trusted sources. The Abnormal Integrated Cloud Email Security (ICES) platform profiles known good behavior and analyzes over 45,000 signals to detect anomalies.
Read More
Webinar cover 2
Ransomware is a major problem, and it’s not going away. To understand it, we must understand why threat actors turn to it—and how it can be stopped. The best way to do that is to chat with the masterminds behind these attacks.
Read More
Webinar cover 1
Traditional cybersecurity infrastructure can’t stop new and emerging threats, particularly in the email channel, and cybercriminals are constantly changing their methods to stay one step ahead. Hear how Theresa Payton, first female White House CIO, thinks about these attacks.
Read More
Webinar cover 3
While you may be confident in your own email security, the truth is that your security is only as good as the security of your partners and vendors. Discover why vendor email compromise is such an important part of your security strategy.
Read More
Threat report 3
Read the Q1 2021 threat report to learn the latest on vendor email compromise, including which scams are most successful and why the volume of attacks has grown so significantly.
Read More