Comfort Systems USA Builds Its Business More Securely with Abnormal

Comfort Systems USA is one of North America’s largest mechanical contracting firms with more than 45 operating companies in 170 locations. The firm offers on- and off-site construction, HVAC, plumbing, electrical, building maintenance, modular construction, and building automation services to its customers. The company has cemented its position as an industry leader through acquisitions and prides itself on solving tough challenges for clients.

Growth through acquisition requires integrating and securing multiple email platforms and systems. It also means the organization is constantly collaborating with new vendors and customers, as it acquires companies and their existing workflows. Although Comfort Systems USA had native email security features enabled in Microsoft 365 and a SEG, advanced email threats continued to evade automated countermeasures.

“We found ourselves in a situation where bad actors had compromised some of our vendors and customers, utilizing those mailboxes to try and piggyback on existing communication threads,” said Christopher Chambers, VP of Information Security. “Our SEG just wasn't cutting it in terms of determining whether it was a real contact or a threat actor behind the keyboard.”

“We knew that a solution using AI and machine learning would be a better option than a static solution using compromise indicators like hashes and signatures. The more I looked into what Abnormal was doing in terms of AI and ML, the more I became a big fan of their approach versus what I was seeing from other vendors.”
—Christopher Chambers, VP of Information Security

Chambers and his team wanted a solution that would complement Microsoft and their SEG to stop business email compromise (BEC) and account takeover attacks without generating excessive false positives. “Running down false positives hinders the responsiveness that our customers rely on. Millions can be at stake for both us and them so keeping focused on what really matters is a huge priority for our security team,” Chambers said.

Abnormal met Chambers’ expectations for efficacy and accuracy. “When Abnormal blocks a message or flags an attempted account compromise, sometimes our security folks get initial feedback that it’s a false positive or think it looks legitimate. When we dive in and give those instances a closer look, we see that Abnormal had the right call all along. That shows how difficult it is even for trained individuals to pick up those advanced threats. The greatest benefit to Abnormal is that anomaly detection through AI and machine learning,” Chambers said.

“I also love the API-based aspect because it keeps attackers guessing. Stuff that goes through our SEG has that information stamped in the header if it bounces back, and threat actors can see that and try to work around it. API-based solutions keep them in the dark, making it harder for them to adapt their approach,” Chambers said. “And our teams can pipe that telemetry elsewhere, including CrowdStrike for endpoint and identity protection, which we couldn’t do with a more traditional security solution.”

“Integrating Abnormal and CrowdStrike was simple and effective. Now, when Abnormal detects an attempted account takeover attack, CrowdStrike receives that telemetry and automatically adds it to our IP watch lists. When we have IP detection around an attempted compromise, Abnormal receives that data. This bilateral integration allows us to fully resolve an investigation that used to require hours in just minutes—and some are resolved automatically.”
—Christopher Chambers, VP of Information Security

Abnormal has given Comfort Systems USA a solution that prevents advanced attacks, minimizes false positives, and works well with other platforms. Abnormal has also proven to be a reliable partner as the company navigates the challenges of serving a growing customer base while acquiring new businesses.

“Any time we’ve had to reach out, it’s just required a quick email,” Chambers said. “We’ve had nothing but great experiences working with Abnormal, and in my experience dealing with vendors, there are only a handful that are this easy to work with.”