Use Case: Email Account Takeover

Learn how Abnormal finds and disarms compromised email accounts.

Watch the video to see how Abnormal automatically detects and remediates compromised accounts.

Video Transcript

Thanks to our API integrations into a multitude of SaaS collaboration platforms, Abnormal is able to uniquely detect signals of compromised accounts.

In this case, all the signals did come solely from Microsoft 365, but we did see signs of Renee's account being compromised, so an alert was created. If I click into this alert, I can see a timeline and breakdown of exactly how the system came to this verdict.

At 12:33, Renee logged into her account from San Francisco. An hour and a half later, a login was observed from Hong Kong. This kicked off an impossible travel alert, and then 11 minutes later, we saw this mail rule created to move messages from two users to the junk folder.

This is a very common tactic for threat actors to hide their tracks. What this did was create an ATO alert—an account takeover alert. From this point, an alerted analyst is then able to come directly into the portal and, with a couple of clicks, completely remediate this compromised account: sign out of active sessions, block account access, and/or trigger a password reset.

Of course, we do have a multitude of integrations with different SIEM, SOAR, and identity management platforms, if you ever wanted to correlate this data or even automate the remediation workflows.

Want to know more? Request your personalized demo today.


Use Case: Email Account Takeover

See Abnormal in Action

Schedule a Demo
 

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

See a Demo
 
Integrates Insights Reporting 09 08 22

Related Resources

Abnormal Landscape
See how Abnormal is working to make the cloud a safer place for business by protecting against all types of attacks across all types of cloud applications.
Watch Now
B TAG Cyber
Download the white paper to discover how to better secure your cloud email environment and choose the right security solutions provider.
Read More
B ESG
New survey reveals the latest trends shaping communication and collaboration application security.
Read More
B 1500x1500 Choice Hotels Bright Talk Demo Day L1 R1
Discover how Choice Hotels is simplifying their email security, streamlining their operations, and preventing email attacks with the highest efficacy.
Watch Now
B 05 01 23 MKT279 New Slack Data Sheet
Secure your messages and keep Slack from becoming an entry point for attackers.
Read More
B 05 02 23 MKT283 New Zoom Solution Brief
Protect your Zoom collaboration and prevent attackers from using the application to breach your business.
Read More
B Email Like SPM
Monitor high-impact changes to user privileges across collaboration apps with Email-Like Security Posture Management.
Read More
B Email Like Messaging Security
Detect malicious message content across collaboration apps with Email-Like Messaging Security.
Read More
B Email Like ATO
Detect compromised user accounts across your critical communication channels with Email-Like Account Takeover Protection.
Read More