Supercharge your SOC workflows and save time with AI-assisted investigation, auto-remediation, follow-up, and reporting. Abnormal provides a frictionless method for user-reported phishing attacks to be submitted, triaged and reviewed. The platform automatically triages phishing attacks and suspicious email submissions using behavioral AI, and then automatically investigates, remediates the entire email campaign, and notifies the reporters of the results. This automation provides security teams with up to an 80% time savings on investigation and reporting.

View All User-Reported Attacks in One Place

Abnormal Abuse Mailbox organizes all user-reported emails, including their original messages and headers, across all Microsoft Office 365 and Google Workspace tenants into a single view.

You can quickly view quantitative highlights of submissions displayed by malicious, safe, and spam messages, as well as remediated campaigns and messages.

abuse mailbox automated dashboard

Automatically Triage User-Reported Email Attacks

Abuse Mailbox automatically investigates submissions, and if found malicious, gathers other emails within the phishing campaign, removes them, and reports back to the submitter.

When you submit missed attacks or false positives, a dedicated team of experts investigates them to fix the incident, improve detection efficacy, and provide you with a summary of the steps taken.

integrated cloud email security automates soc reporting

Provides Intelligent and Thorough Remediation

Since Abnormal natively integrates with your cloud email service, it scans every email as it is sent, replied to, or forwarded within your email environment.

When an email is found malicious, Abuse Mailbox intelligently gathers all similar and related messages, remediates the entire campaign, and follows up with end users appropriately.

abuse mailbox malicious email response options

Rapidly Contain Misdirected Email

Find and remediate emails across some or all of your tenants with Abnormal Detection 360° search functionality built for rapid response.

Search for specific emails by sender, recipient, or subject, find emails sent within specific time frames, and then remediate them in bulk. Removing emails and their engagements is necessary when sensitive data is misdirected or if an attack is missed.

All search activity is recorded for any audit or compliance requirements.

abnormal security search and respond remediating misdirected emails

Track How Abnormal Gets Better Every Day

When you submit missed attacks or false positives, a dedicated team of experts investigates them to fix the incident, improve detection efficacy, and provide you with a summary of steps taken.

D 06 UI Screen detection360 v2 2x

Abnormal SOC Automation Key Capabilities

  • Complete Abuse Mailbox Automation: Reduce your SOC workload by 80% or more.

  • Automated Remediation: Remove email campaigns that are deemed malicious post delivery.

  • Multiple Remediation Options: Permanently delete the email, quarantine it, or move it to another folder.

  • Frictionless Abuse Mailbox Reporting: Provide end users with an easy method to submit emails for further review.

  • Automated Employee Notification: Provide support notifications for safe and malicious email, directly to the user who reported it.

  • Collects and Categorizes: View the entire email attack campaign in one central location.

  • Search and Respond: Use global, multi-tenant email delivery search and removal to find and remediate all attacks.

  • Comprehensive Dashboards: View all reports and documentation within centralized dashboards.

  • Integrate with Third-Party Solutions: Post-remediate attacks detected by Proofpoint TAP Alerts and other solutions.

  • Seamless Integration with your Existing Security Stack: Integrate with ticketing systems such as ServiceNow and SIEM/SOAR tools including Splunk, LogRhythm, QRadar, Demisto, and more.

  • Platform Independent: Integrates with both Microsoft Office 365 and Google Workspace.

Detection 360°: Submit detection enhancements for false negatives and false positives for full feedback from Abnormal, and then view and filter these reports and their statuses.

Fully Automate Your SOC Workflows

Integrate with SIEM, SOAR, ITSM, and IAM solutions to enrich security insights and orchestrate workflows. If Abnormal doesn’t have the integration you need for your security stack, our bi-directional API-based architecture helps you set up your own custom integrations quickly and simply.

Deploys in Minutes and Proven to Save You Time

The Abnormal cloud-native API architecture simplifies deployment and improves response times. Get started today.

Related Resources

B Demo Days Webinar01
In this on-demand recording of our first “Abnormal Demo Day”, we explore key platform features and capabilities designed to address today’s toughest security challenges.
Watch Now
B 08 08 22 Graymail Datasheet
Improve employee productivity and measure your time savings with adaptive graymail protection.
Read More
B 05 03 22 Using Modern Email Security Webinar
Secure email gateways (SEGs) focus on searching for known bad domains, attachments, and links. But threat actors have changed their tactics—opting to deceive humans instead of technology. It’s time for a modern solution to the email security problem, one that detects and prevents these attacks.
Watch Now
Resource 05 Webinar
With the rise of modern attacks such as supply chain compromise, executive impersonation, and account takeover, it's become obvious: the SEG no longer works. Learn what you need for complete defense in depth protection.
Watch Now
Abonrmal overview cover
Abnormal provides a fundamentally-different approach to email security that precisely blocks all email attacks.
Read More
Abnormal microsoft data sheet cover
Complement native Microsoft defenses with precise, behavioral analysis-based protection against email and account takeover attacks.
Read More
Video 1
Abnormal can determine when legitimate end users have accessed accounts, or when a bad actor has accessed them, by understanding key attributes like common IP addresses, or if the device has been accessed...
Watch Now
Video 2
Socially engineered email attacks are the #1 security threat facing companies today, accounting for more than 44% of all cybercrime losses. To stop these types of sophisticated email attacks, you need a fundamentally new approach to email security.
Watch Now
Video 1
With Abnormal, security teams can now eliminate redundant email gateways and enhance Microsoft's built-in security capabilities. Once integrated via one-click API, Abnormal automatically profiles your VIPs and employees, their behavior, relationships, communication patterns...
Watch Now