Supercharge your SOC workflows and save time with AI-assisted investigation, auto-remediation, follow-up, and reporting. Abnormal provides a frictionless method for user-reported phishing attacks to be submitted, triaged and reviewed. The platform automatically triages phishing attacks and suspicious email submissions using behavioral AI, and then automatically investigates, remediates the entire email campaign, and notifies the reporters of the results. This automation provides security teams with up to an 80% time savings on investigation and reporting.

View All User-Reported Attacks in One Place

Abnormal Abuse Mailbox organizes all user-reported emails, including their original messages and headers, across all Microsoft Office 365 and Google Workspace tenants into a single view.

You can quickly view quantitative highlights of submissions displayed by malicious, safe, and spam messages, as well as remediated campaigns and messages.

Automatically Triage User-Reported Email Attacks

Abuse Mailbox automatically investigates submissions, and if found malicious, gathers other emails within the phishing campaign, removes them, and reports back to the submitter.

When you submit missed attacks or false positives, a dedicated team of experts investigates them to fix the incident, improve detection efficacy, and provide you with a summary of the steps taken.

Provides Intelligent and Thorough Remediation

Since Abnormal natively integrates with your cloud email service, it scans every email as it is sent, replied to, or forwarded within your email environment.

When an email is found malicious, Abuse Mailbox intelligently gathers all similar and related messages, remediates the entire campaign, and follows up with end users appropriately.

Rapidly Contain Misdirected Email

Find and remediate emails across some or all of your tenants with Abnormal Detection 360° search functionality built for rapid response.

Search for specific emails by sender, recipient, or subject, find emails sent within specific time frames, and then remediate them in bulk. Removing emails and their engagements is necessary when sensitive data is misdirected or if an attack is missed.

All search activity is recorded for any audit or compliance requirements.

Track How Abnormal Gets Better Every Day

When you submit missed attacks or false positives, a dedicated team of experts investigates them to fix the incident, improve detection efficacy, and provide you with a summary of steps taken.

Abnormal SOC Automation Key Capabilities

  • Complete Abuse Mailbox Automation: Reduce your SOC workload by 80% or more.

  • Automated Remediation: Remove email campaigns that are deemed malicious post delivery.

  • Multiple Remediation Options: Permanently delete the email, quarantine it, or move it to another folder.

  • Frictionless Abuse Mailbox Reporting: Provide end users with an easy method to submit emails for further review.

  • Automated Employee Notification: Provide support notifications for safe and malicious email, directly to the user who reported it.

  • Collects and Categorizes: View the entire email attack campaign in one central location.

  • Search and Respond: Use global, multi-tenant email delivery search and removal to find and remediate all attacks.

  • Comprehensive Dashboards: View all reports and documentation within centralized dashboards.

  • Integrate with Third-Party Solutions: Post-remediate attacks detected by Proofpoint TAP Alerts and other solutions.

  • Seamless Integration with your Existing Security Stack: Integrate with ticketing systems such as ServiceNow and SIEM/SOAR tools including Splunk, LogRhythm, QRadar, Demisto, and more.

  • Platform Independent: Integrates with both Microsoft Office 365 and Google Workspace.

Detection 360°: Submit detection enhancements for false negatives and false positives for full feedback from Abnormal, and then view and filter these reports and their statuses.

Fully Automate Your SOC Workflows

Integrate with SIEM, SOAR, ITSM, and IAM solutions to enrich security insights and orchestrate workflows. If Abnormal doesn’t have the integration you need for your security stack, our bi-directional API-based architecture helps you set up your own custom integrations quickly and simply.

Deploys in Minutes and Proven to Save You Time

The Abnormal cloud-native API architecture simplifies deployment and improves response times. Get started today.

Related Resources

Video 1
Abnormal can determine when legitimate end users have accessed accounts, or when a bad actor has accessed them, by understanding key attributes like common IP addresses, or if the device has been accessed...
Read More
Webinar cover 4
CISOs deal with a multitude of threats that can have significant financial and reputational impacts. Of those threats, business email compromise is the #1 attack type, costing businesses almost as much as all other cybersecurity incidents combined.
Read More
Video 2
Socially engineered email attacks are the #1 security threat facing companies today, accounting for more than 44% of all cybercrime losses. To stop these types of sophisticated email attacks, you need a fundamentally new approach to email security.
Read More
Video 1
With Abnormal, security teams can now eliminate redundant email gateways and enhance Microsoft's built-in security capabilities. Once integrated via one-click API, Abnormal automatically profiles your VIPs and employees, their behavior, relationships, communication patterns...
Read More
Data sheet 1
Protect your end users from the full spectrum of targeted email threats: phishing, ransomware, fraud, social engineering, supply chain attacks, executive impersonation, spam, and graymail. Integrate with Microsoft 365 and Google Workspace via a one-click API without disrupting mail flow. No MX record changes, configuration, or custom policies are needed.
Read More
Data sheet 4
Supercharge your SOC workflows and save time with AI-assisted investigation, auto-remediation, follow-up, and reporting. Abnormal provides a frictionless method for user-reported phishing attacks to be submitted, triaged, and reviewed.
Read More
Data sheet 3
By understanding normal behavior, Abnormal can detect any deviations in these baselines to uncover potentially compromised accounts and then immediately remediate them. When left undetected, attackers can use compromised accounts to exfiltrate sensitive data or send lateral phishing emails.
Read More
Data sheet 2
Secure email gateways struggle to block socially-engineered attacks that pass reputation checks, have no links or attachments, and appear to come from trusted sources. The Abnormal Integrated Cloud Email Security (ICES) platform profiles known good behavior and analyzes over 45,000 signals to detect anomalies.
Read More
Webinar cover 2
Ransomware is a major problem, and it’s not going away. To understand it, we must understand why threat actors turn to it—and how it can be stopped. The best way to do that is to chat with the masterminds behind these attacks.
Read More
Webinar cover 1
Traditional cybersecurity infrastructure can’t stop new and emerging threats, particularly in the email channel, and cybercriminals are constantly changing their methods to stay one step ahead. Hear how Theresa Payton, first female White House CIO, thinks about these attacks.
Read More
Webinar cover 3
While you may be confident in your own email security, the truth is that your security is only as good as the security of your partners and vendors. Discover why vendor email compromise is such an important part of your security strategy.
Read More
Threat report 3
Read the Q1 2021 threat report to learn the latest on vendor email compromise, including which scams are most successful and why the volume of attacks has grown so significantly.
Read More