About Account Takeover Protection

Video Transcript

Dallas Young, Senior Technical Marketing Manager

Your corporate credentials and cloud accounts are the keys to your business, making them a valuable target for bad actors.

Let's meet Renee. She typically logs into her corporate account around 8:00 in the morning from the San Francisco office location. The SOC team had received an alert from Abnormal that suspicious behavior was detected with Renee's account. A login event was detected from Microsoft Azure, originating from Hong Kong, which is thousands of miles from the San Francisco office, at around 2:01 pm.

Abnormal can determine when legitimate end users have accessed accounts, or when a bad actor has accessed them, by understanding key attributes like common IP addresses, or if the device has been accessed from another browser or operating system, or even items like too-fast-to-travel location signals.

In this case, she's never visited Hong Kong, and these signals indicate that Renee's account is being used from two locations at once, which is a critical indicator of a compromised account. In the example of Renee, Abnormal automatically executed a remediation playback via APIs that opened a ticket within ServiceNow and signed out of all active sessions, locked Renee's account, and reset the password.

This prevented a potentially serious security brief. And that's not all.

Since organizations are only as secure as their partners within the supply chain, Abnormal's VendorBase scans past emails to identify all your suppliers, partners, and vendors and continuously monitors them for risk by gathering signals across the entire enterprise ecosystem. It gives security teams complete visibility into all their vendors' security postures, their relationships within the organization, past compromises observed, a timeline of activity, and more.

End users are automatically protected from compromised vendor accounts and supply chain attacks. All attachments are scanned for suspicious information, such as modified banking details that are different from those typically associated with the vendor. This continuous monitoring of the vendor to assess risk scores through VendorBase ensures all Abnormal customers are safe from this compromised vendor account.

Want to know more? Schedule a threat assessment with Abnormal today. You will potentially uncover threats such as compromised accounts within your organization. It takes five minutes to set up, and there's absolutely no work for you to do. Let's talk.

Demo 2x 1

See the Abnormal Solution to the Email Security Problem

Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security.

Related Resources

B 05 03 22 Using Modern Email Security Webinar
Secure email gateways (SEGs) focus on searching for known bad domains, attachments, and links. But threat actors have changed their tactics—opting to deceive humans instead of technology. It’s time for a modern solution to the email security problem, one that detects and prevents these attacks.
Watch Now
Resource 05 Webinar
With the rise of modern attacks such as supply chain compromise, executive impersonation, and account takeover, it's become obvious: the SEG no longer works. Learn what you need for complete defense in depth protection.
Watch Now
Abonrmal overview cover
Abnormal provides a fundamentally-different approach to email security that precisely blocks all email attacks.
Read More
Abnormal microsoft data sheet cover
Complement Microsoft’s threat intelligence-based defenses with precise, behavioral analysis-based protection against all email and account takeover attacks.
Read More
Video 2
Socially engineered email attacks are the #1 security threat facing companies today, accounting for more than 44% of all cybercrime losses. To stop these types of sophisticated email attacks, you need a fundamentally new approach to email security.
Watch Now
Video 1
With Abnormal, security teams can now eliminate redundant email gateways and enhance Microsoft's built-in security capabilities. Once integrated via one-click API, Abnormal automatically profiles your VIPs and employees, their behavior, relationships, communication patterns...
Watch Now
Data sheet 1
Protect your end users from the full spectrum of targeted email threats: phishing, ransomware, fraud, social engineering, supply chain attacks, executive impersonation, spam, and graymail. Integrate with Microsoft 365 and Google Workspace via a one-click API without disrupting mail flow. No MX record changes, configuration, or custom policies are needed.
Read More
Data sheet 4
Supercharge your SOC workflows and save time with AI-assisted investigation, auto-remediation, follow-up, and reporting. Abnormal provides a frictionless method for user-reported phishing attacks to be submitted, triaged, and reviewed.
Read More
Data sheet 3
By understanding normal behavior, Abnormal can detect any deviations in these baselines to uncover potentially compromised accounts and then immediately remediate them. When left undetected, attackers can use compromised accounts to exfiltrate sensitive data or send lateral phishing emails.
Read More
Data sheet 2
Abnormal Security's Integrated Cloud Email Security (ICES) blocks socially-engineered attacks that secure email gateways miss.
Read More
Email security architectures cover
As organizations have moved their email servers from on-premise systems like Microsoft Exchange to cloud services like Microsoft 365, the range of permutations of email security solutions has also increased. See the range of security options available to organizations and how to solve for advanced threats.
Download Now
Cover ABX White Paper 04 12 22
Abnormal Behavior Technology (ABX) leverages innovative techniques to provide a revolutionary approach to detecting and mitigating targeted email attacks.
Download Now