Prevent account takeovers with a solution that deeply understands and baselines normal user behavior. By understanding normal behavior, Abnormal can detect any deviations in these baselines to uncover potentially compromised accounts and then immediately remediate them. When left undetected, attackers can use compromised accounts to exfiltrate sensitive data or send lateral phishing emails. Abnormal protects your end users and their information, no matter how account credentials were stolen.

Baselines Good Behavior with Multi-Channel Analysis

Abnormal deeply understands and baselines normal behavior for every end user by analyzing signals including login frequency, locations, devices, operating systems, browsers used, applications accessed, communication behavior, information shared, and many more.

Understanding the normal allows Abnormal to detect abnormal login behavior, unusual email recipients, changes in tone, lateral phishing messages, and other indicators to recognize potential account takeovers. This information is conveniently presented as a ‘genome’ for analysis by security teams.

account takeover protection good behavior baseline

Monitors Vendors for Compromised Accounts with VendorBase

When vendors and partners become compromised, bad actors can use those accounts to send attacks to your end users. Abnormal automatically correlates thousands of signals to identify and block suspicious emails sent from compromised vendors.

account takeover protection monitoring vendor for account compromise

Recreates the Crime Scene in Detail

Abnormal intelligently gathers and organizes all the evidence that led to the diagnosis, along with summarized conclusions.

Its ability to pull together a case file—by drawing signals across email systems, Active Directory, devices, browsers, applications, and more—equips security teams to take immediate action.

account takeover protection case file workflow

Provides an Explainable Attack Analysis

Abnormal intelligently gathers and organizes all evidence that led to the diagnosis, along with summarized conclusions, and equips security teams to take immediate action.

This analysis enables SOC analysts to understand why an account was judged as compromised. You will see the evidence-based on monitored relevant signals and an event log of unusual events, such as suspicious logins, mail rule changes, or abnormal communication patterns.

account takeover protection detecting compromised account

Automatically Remediates Accounts

Stop attackers in their tracks by signing users out of active sessions, instantly disabling accounts, triggering Microsoft Office 365 and SSO password resets and creating service tickets.

account takeover protection remediating account

Abnormal Account Takeover Protection Key Capabilities

  • Automated Remediation: Allow Abnormal to disable the account, sign out of active sessions, and reset account passwords.

  • Manual Account Remediation: Manually disable the account, sign out of active sessions, and reset account passwords.

  • Automated Alerts: Receive alerts via email and your preferred SIEM platform.

  • Compromised Vendor Detection: Block emails from compromised vendors and partners and understand vendor risk with VendorBase.

  • Explainable Attack Analysis: Receive insight into why accounts have been flagged as compromised.

  • Third-Party Identity Provider Integration: Integrate seamlessly with Microsoft Active Directory, Google Workspace, and Okta for additional account compromise signals based on user sign-in behaviors and MFA failures.

Deploys in Minutes and Proven to Save You Time

The Abnormal cloud-native API architecture simplifies deployment and improves response times. Get started today.

Related Resources

B Demo Days Webinar01
In this on-demand recording of our first “Abnormal Demo Day”, we explore key platform features and capabilities designed to address today’s toughest security challenges.
Watch Now
B 08 08 22 Graymail Datasheet
Improve employee productivity and measure your time savings with adaptive graymail protection.
Read More
B 05 03 22 Using Modern Email Security Webinar
Secure email gateways (SEGs) focus on searching for known bad domains, attachments, and links. But threat actors have changed their tactics—opting to deceive humans instead of technology. It’s time for a modern solution to the email security problem, one that detects and prevents these attacks.
Watch Now
Resource 05 Webinar
With the rise of modern attacks such as supply chain compromise, executive impersonation, and account takeover, it's become obvious: the SEG no longer works. Learn what you need for complete defense in depth protection.
Watch Now
Abonrmal overview cover
Abnormal provides a fundamentally-different approach to email security that precisely blocks all email attacks.
Read More
Abnormal microsoft data sheet cover
Complement native Microsoft defenses with precise, behavioral analysis-based protection against email and account takeover attacks.
Read More
Video 1
Abnormal can determine when legitimate end users have accessed accounts, or when a bad actor has accessed them, by understanding key attributes like common IP addresses, or if the device has been accessed...
Watch Now
Video 2
Socially engineered email attacks are the #1 security threat facing companies today, accounting for more than 44% of all cybercrime losses. To stop these types of sophisticated email attacks, you need a fundamentally new approach to email security.
Watch Now
Video 1
With Abnormal, security teams can now eliminate redundant email gateways and enhance Microsoft's built-in security capabilities. Once integrated via one-click API, Abnormal automatically profiles your VIPs and employees, their behavior, relationships, communication patterns...
Watch Now