Prevent account takeovers with a solution that deeply understands and baselines normal user behavior. By understanding normal behavior, Abnormal can detect any deviations in these baselines to uncover potentially compromised accounts and then immediately remediate them. When left undetected, attackers can use compromised accounts to exfiltrate sensitive data or send lateral phishing emails. Abnormal protects your end users and their information, no matter how account credentials were stolen.


Baselines Good Behavior with Multi-Channel Analysis

Abnormal deeply understands and baselines normal behavior for every end user by analyzing signals including login frequency, locations, devices, operating systems, browsers used, applications accessed, communication behavior, information shared, and many more.

Understanding the normal allows Abnormal to detect abnormal login behavior, unusual email recipients, changes in tone, lateral phishing messages, and other indicators to recognize potentially compromised accounts. This information is conveniently presented as a ‘genome’ for analysis by security teams.

account takeover protection good behavior baseline

Monitors Vendors for Compromised Accounts with VendorBase

When vendors and partners become compromised, bad actors can use those accounts to send attacks to your end users.. Abnormal automatically correlates thousands of signals to identify and block suspicious emails sent from compromised vendors.

account takeover protection monitoring vendor for account compromise

Recreates the Crime Scene in Detail

Abnormal intelligently gathers and organizes all the evidence that led to the diagnosis, along with summarized conclusions.

Its ability to pull together a case file—by drawing signals across email systems, Active Directory, devices, browsers, applications, and more—equips security teams to take immediate action.

account takeover protection case file workflow

Provides an Explainable Attack Analysis

Abnormal intelligently gathers and organizes all evidence that led to the diagnosis, along with summarized conclusions, and equips security teams to take immediate action.

This analysis enables SOC analysts to understand why an account was judged as compromised. You will see the evidence-based on monitored relevant signals and an event log of unusual events, such as suspicious logins, mail rule changes, or abnormal communication patterns.

account takeover protection detecting compromised account

Automatically Remediates Accounts

Stop attackers in their tracks by signing users out of active sessions, instantly disabling accounts, triggering Microsoft Office 365 and SSO password resets and creating service tickets.

account takeover protection remediating account

Abnormal Account Takeover Protection Key Capabilities

  • Automated Remediation: Allow Abnormal to disable the account, sign out of active sessions, and reset account passwords.

  • Manual Account Remediation: Manually disable the account, sign out of active sessions, and reset account passwords.

  • Automated Alerts: Receive alerts via email and your preferred SIEM platform.

  • Compromised Vendor Detection: Block emails from compromised vendors and partners and understand vendor risk with VendorBase.

  • Explainable Attack Analysis: Receive insight into why accounts have been flagged as compromised.

  • Third-Party Identity Provider Integration: Integrate seamlessly with Microsoft Active Directory, Google Workspace, and Okta for additional account compromise signals based on user sign-in behaviors and MFA failures.

Deploys in Minutes and Proven to Save You Time

The Abnormal cloud-native API architecture simplifies deployment and improves response times. Get started today.

Demo 2x 1

See the Abnormal Solution to the Email Security Problem

Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security.

Related Resources

B 05 03 22 Using Modern Email Security Webinar
Secure email gateways (SEGs) focus on searching for known bad domains, attachments, and links. But threat actors have changed their tactics—opting to deceive humans instead of technology. It’s time for a modern solution to the email security problem, one that detects and prevents these attacks.
Watch Now
Resource 05 Webinar
With the rise of modern attacks such as supply chain compromise, executive impersonation, and account takeover, it's become obvious: the SEG no longer works. Learn what you need for complete defense in depth protection.
Watch Now
Abonrmal overview cover
Abnormal provides a fundamentally-different approach to email security that precisely blocks all email attacks.
Read More
Abnormal microsoft data sheet cover
Complement Microsoft’s threat intelligence-based defenses with precise, behavioral analysis-based protection against all email and account takeover attacks.
Read More
Video 1
Abnormal can determine when legitimate end users have accessed accounts, or when a bad actor has accessed them, by understanding key attributes like common IP addresses, or if the device has been accessed...
Watch Now
Video 2
Socially engineered email attacks are the #1 security threat facing companies today, accounting for more than 44% of all cybercrime losses. To stop these types of sophisticated email attacks, you need a fundamentally new approach to email security.
Watch Now
Video 1
With Abnormal, security teams can now eliminate redundant email gateways and enhance Microsoft's built-in security capabilities. Once integrated via one-click API, Abnormal automatically profiles your VIPs and employees, their behavior, relationships, communication patterns...
Watch Now
Data sheet 1
Protect your end users from the full spectrum of targeted email threats: phishing, ransomware, fraud, social engineering, supply chain attacks, executive impersonation, spam, and graymail. Integrate with Microsoft 365 and Google Workspace via a one-click API without disrupting mail flow. No MX record changes, configuration, or custom policies are needed.
Read More
Data sheet 4
Supercharge your SOC workflows and save time with AI-assisted investigation, auto-remediation, follow-up, and reporting. Abnormal provides a frictionless method for user-reported phishing attacks to be submitted, triaged, and reviewed.
Read More
Data sheet 2
Abnormal Security's Integrated Cloud Email Security (ICES) blocks socially-engineered attacks that secure email gateways miss.
Read More
Email security architectures cover
As organizations have moved their email servers from on-premise systems like Microsoft Exchange to cloud services like Microsoft 365, the range of permutations of email security solutions has also increased. See the range of security options available to organizations and how to solve for advanced threats.
Download Now
Cover ABX White Paper 04 12 22
Abnormal Behavior Technology (ABX) leverages innovative techniques to provide a revolutionary approach to detecting and mitigating targeted email attacks.
Download Now