Abnormal Inbound Email Protection

Protect your end users from the full spectrum of targeted email threats: phishing, ransomware, fraud, social engineering, supply chain attacks, executive impersonation, spam, and graymail. Integrate with Microsoft 365 and Google Workspace via a one-click API without disrupting mail flow. No MX record changes, configuration, or custom policies are needed.

Secure email gateways struggle to block socially-engineered attacks that pass reputation checks, have no links or attachments, and appear to come from trusted sources. The Abnormal Integrated Cloud Email Security (ICES) platform profiles known good behavior and analyzes over 45,000 signals to detect anomalies that deviate from these baselines, and then precisely blocks all socially-engineered and unwanted emails—both internal and external—and detects and remediates compromised accounts.

Organizations that require comprehensive inbound email protection are stuck with multiple products, incompatible architectures, unnecessary expense, and management overhead. With ICES, you can simplify your stack by eliminating the redundant email gateway layer and re-enabling and enhancing Microsoft’s cloud gateway capabilities.

By deeply understanding entities—users and vendors, their behavior, relationships, and tone and content shared—Abnormal ICES precisely detects anomalies and blocks attacks that regularly evade Microsoft, Google, and secure email gateways.

Your organization’s security posture is only as strong as the security postures of your vendors. Soon after integration, ICES reviews all your emails to extract your vendor relationships. It monitors your vendors for security risks observed across the entire enterprise ecosystem, automatically identifies when vendor accounts have been compromised, and protects your end users from them.

Abnormal learns end-user preferences by observing how they move messages between folders, allowing it to automatically create and manage individualized safe and blocklists, as well as deliver spam and graymail to junk and promotional folders respectively. End users no longer have to rely on spam and quarantine digests to salvage missed messages.

Not all emails are malicious. So why rewrite every single URL within them? Abnormal scans every email to determine its risk profile, and only rewrites URLs within those emails that look suspicious.

Abnormal precisely assesses every email for potential threat and the type of threat, and if deliverable, automatically provides relevant information using banners. End users, as a result, are better equipped to ensure that they do not fall victim to attack.

Centralize metrics, insights, and actions across email security solutions, and the management of global blocklists across hundreds of tenants, from a single pane of glass.

The Abnormal cloud-native API architecture simplifies deployment and improves response times. Get started today.