About Account Takeover Protection

Abnormal can determine when legitimate end users have accessed accounts, or when a bad actor has accessed them, by understanding key attributes like common IP addresses, or if the device has been accessed...

Video Transcript

Dallas Young, Senior Technical Marketing Manager

Your corporate credentials and cloud accounts are the keys to your business, making them a valuable target for bad actors.

Let's meet Renee. She typically logs into her corporate account around 8:00 in the morning from the San Francisco office location. The SOC team had received an alert from Abnormal that suspicious behavior was detected with Renee's account. A login event was detected from Microsoft Azure, originating from Hong Kong, which is thousands of miles from the San Francisco office, at around 2:01 pm.

Abnormal can determine when legitimate end users have accessed accounts, or when a bad actor has accessed them, by understanding key attributes like common IP addresses, or if the device has been accessed from another browser or operating system, or even items like too-fast-to-travel location signals.

In this case, she's never visited Hong Kong, and these signals indicate that Renee's account is being used from two locations at once, which is a critical indicator of a compromised account. In the example of Renee, Abnormal automatically executed a remediation playback via APIs that opened a ticket within ServiceNow and signed out of all active sessions, locked Renee's account, and reset the password.

This prevented a potentially serious security brief. And that's not all.

Since organizations are only as secure as their partners within the supply chain, Abnormal's VendorBase scans past emails to identify all your suppliers, partners, and vendors and continuously monitors them for risk by gathering signals across the entire enterprise ecosystem. It gives security teams complete visibility into all their vendors' security postures, their relationships within the organization, past compromises observed, a timeline of activity, and more.

End users are automatically protected from compromised vendor accounts and supply chain attacks. All attachments are scanned for suspicious information, such as modified banking details that are different from those typically associated with the vendor. This continuous monitoring of the vendor to assess risk scores through VendorBase ensures all Abnormal customers are safe from this compromised vendor account.

Want to know more? Schedule a threat assessment with Abnormal today. You will potentially uncover threats such as compromised accounts within your organization. It takes five minutes to set up, and there's absolutely no work for you to do. Let's talk.

About Account Takeover Protection

See Abnormal in Action

Schedule a Demo
 

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

See a Demo
 
Integrates Insights Reporting 09 08 22

Related Resources

B 01 12 23 ESG Tech Validation
This technical validation report details ESG's analysis of the Abnormal Cloud Email Security platform.
Read More
B 01 12 23 ADT video 1
With Abnormal, ADT has a robust security solution that protects its employees from advanced email attacks.
Read More
B 12 09 22 December Demo Day
A recap of the key updates and releases Abnormal delivered in 2022, from technical enhancements to entirely new solutions and partnerships.
Watch Now
B 1500x1500 Progress Residential demo L1 R1
Noah Wallace, Director of InfoSec at Progress Residential, shares the success and time-savings he's achieved since partnering with Abnormal.
Watch Now
B 12 05 22 1500x1500 Resource Center Analyst L1 R1
Learn how investing in Abnormal Security can yield a 278% ROI within 3 years and help your organization avoid $4 million in losses from BEC.
Read More
B 11 14 22 Security Posture Management Demo on Resources Page
Abnormal's New Security Posture Management add-on module proactively improves the posture of Cloud Email environments by helping security teams increase their risk visibility.
Read More
B 1500x1500 Security Posture Management Datasheet L2 R1 2x
Discover and mitigate misconfiguration risks across your cloud email environment.
Read More
B Demo Days Air Canada 1500x1500
Discover how Abnormal provides better intelligence on blocked attacks, freeing time for Air Canada analysts to focus on other threats.
Watch Now
B 1500x1500 Threat Log L2 R2 2x
Understanding and analyzing the hundreds of email or texts organization sees a day consumes hours of time. To help, Abnormal Security offers Threat Log, a record of every malicious email flagged by our AI-based detection engine.
Read More