GF 04 720x478 2x

Replace Your Secure Email Gateway

Modern Attacks Need Modern Email Protection
Precisely block never-seen-before email attacks that regularly evade secure email gateways using an API and machine learning approach.

Impact of Modern Attacks


of all cybercrime losses are due to socially engineered email attacks

2020 IC3 Internet Crime Report


average loss to businesses from business email compromise

Data Breach Investigations Report, 2020


chance of receiving a supply chain compromise attack each week.

Abnormal Data Science Team

Secure Email Gateways Were Not Built to Stop Modern Attacks

Legacy SEG Architecture

  • No native cloud-based API integrations

  • Limited visibility into East-West traffic

  • Lack of internal email context leads to low efficacy

Outdated Known Bad Approach

  • Rules and policies based

  • Detected based on known-bad indicators

  • No vendor risk context for supply chain attacks

Limited Cloud Platform Signals

  • Little to no visibility into user event attributes

  • Limited visibility into compromised accounts or credentials

  • Unable to access and leverage thousands of cloud signals

Csc generation

“We’ve deprecated our email gateway and now rely on Microsoft and Abnormal for protection. We’ve enabled gateway functionality in Microsoft 365, which had been disabled when our gateway was active.”

Justin Yoshimura,
CEO, CSC Generation

Modern Attacks that Bypass Your SEG

Attacks that bypass a secure email gateway

Problem: 1. Business Email Compromise (BEC) evades SEGs.

In the current threat landscape, bad actors evade detection by avoiding the use of phishing links, malware, or ransomware in their attacks. Instead, these attacks have become highly sophisticated using text-only social engineering techniques.

Since SEGs rely on conventional threat indicators and do not have comprehension of the communication or context within the email, these attacks are often delivered to the users' inbox.

Abnormal scanning messages for signs of BEC

Solution: 1. Abnormal provides precise protection against BEC attacks.

Unlike secure email gateways, Abnormal scans every email, including internal messages using natural language processing (NLP) and natural language understanding (NLU) algorithms to identify anomalous behavior.

The algorithms detect suspicious activity by analyzing the topic, tone, and sentiment and further cross-reference this with other high fidelity detection signals from our detection engine to block text-only based email attacks successfully.

Sample phishing email bypassing secure email gateway

Problem: 2. SEGs leave you vulnerable to supply chain compromise attacks.

Here is a real customer example of a modern attack launched against a Fortune 100 company that evaded the SEG. The attacker impersonated a vendor to trick an unsuspecting employee to transfer $753,000 to a new bank account.

The SEG determined the attack to be a legitimate email, as it was looking for known-bad IOCs while the attacker was using never-seen-before tactics to exploit human behavior—a text-based email with no malicious links and no malicious attachments.

Identifying a supply chain compromise email

Solution: 2. Abnormal prevents supply chain compromise.

Only Abnormal scans all emails to automatically compile a list of your organization’s vendors and their contacts. Abnormal then continuously monitors them for security risks observed across the entire enterprise ecosystem to block supply chain fraud attacks.

Abnormal detects these sophisticated supply chain attacks by combining natural language processing (NLP) with a variety of critical cloud signals and behavioral models.

Secure email gateway gaps in architecture

Problem: 3. SEGs lack visibility, leaving gaps in your email security.

SEGs create a disjointed security architecture. Because SEGs are designed to be deployed at the perimeter, they have little to no visibility into internal (east-west) email communications to identify and prevent account takeovers, lateral phishing attempts, or unwanted email content.

Abnormal integrating with Microsoft to inspect every email

Solution: 3. Abnormal inspects every email to provide complete visibility.

Abnormal’s API-based security approach leverages a direct and native integration into Microsoft 365 and Google Workspace.

This behavioral-based analysis precisely strikes down email threats within milliseconds, including lateral phishing and never-before-seen socially-engineered email attacks, without delaying email delivery or introducing single points of failure like SEGs.

The Modern Solution is Abnormal

Cloud-Native and API-Based Architecture.

Abnormal has one-click API integration into cloud email solutions like Microsoft 365 and Google Workplace. The native API integration provides visibility into inbound and outbound email and internal east-west email from cloud email providers for better detection and remediation of attacks.

Behavioral Approach.

Abnormal’s approach is based on baselining the known good behavior and detecting anomalies for a higher efficacy in blocking modern attacks. There are no custom rules or policies. Instead, the machine learning engine continuously combines a wide variety of signals to build models that focus on identity, relationships, and context.

Leverages the Full Power of Cloud Signals:

Abnormal directly integrates into the cloud email provider through API integrations, which provides exclusive access to cloud-based signals through 45,000+ signals, including critical information like sign-in events, compromised credentials, and more.

Deploys in Minutes and Proven to Save You Time

During Fortune 1000 evaluations, 79% of the time, we find a compromised employee account.

Deploy in minutes at any scale.

Simple, no configuration or custom policies required.

Proven, 2 out of 3 Abnormal enterprise customers do not use a SEG.


Prevent the Attacks That Matter Most