Why Abnormal - Abnormal Security

The Abnormal Difference

  • Your infrastructure has moved to the cloud.
  • The attacks have transformed: socially engineered and novel.
  • Email security needs a new approach.

Why Abnormal Security?

The Abnormal Difference: Detect Email Account Compromise​
  • Your infrastructure has moved to the cloud.
  • The attacks have transformed: socially engineered and novel.
  • Email security needs a new approach.

The Abnormal Architecture

Abnormal Security goes beyond email to establish a clear understanding of the enterprise, your people, and your supply chain.

Abnormal Security goes beyond email to establish a clear understanding of the enterprise, your people, and your supply chain.
01Data Layer

Cloud-Native API Architecture

Cloud-Native API Architecture
Abnormal Security’s cloud-native architecture seamlessly integrates into dozens of enterprise platforms: Microsoft Office 365, G Suite, Slack and more. Abnormal consolidates data across multiple channels into a single platform for analysis and provide consistent protection across platforms and channels.

Easy to Integrate, Fast Time-to-Value

  • One-Click API Integration takes seconds to complete
  • No risk to mail flow: no MX record or mail routing changes
  • Does not interfere with existing security tools

Maximizes Investment in Microsoft

  • Augments and enhances the native security capabilities of Microsoft EOP and ATP
  • Leverages the rich information available via the Microsoft APIs

Extensible & Bi-Directional

  • Multi-tenant and cross-platform support in a single dashboard (multiple O365 tenants + G Suite)
  • Seamless, bi-directional API integration into your current security stack: SIEM, SOAR, detection tools, ticketing systems, etc.
  • Custom application development enabled by Abnormal’s open API
Cloud-Native API Architecture
02

AI Analysis Layer

Abnormal Security leverages a myriad of AI techniques to analyze the rich data made available via the numerous data sources accessed via the API integrations.

Easy to Integrate, Fast Time-to-Value

  • Natural Language Processing (NLP)
  • Computer Vision
  • Form Identification
  • Link Crawling
  • Document Identification
  • Entity Recognition
  • Text Analytics
  • Knowledge Mining
03Business Insights Layer

User Behavior

Abnormal Security develops a deep understanding of the people and their behaviors. By analyzing and normalizing data across thousands of dimensions, Abnormal assembles a single, consolidated profile of every person in your enterprise.
Resolves Multiple Identities to a Specific Person

Resolves Multiple Identities to a Specific Person

  • Maps all forms of identity (email, phone, device IDs, Slack ) to an individual
  • Automatically associates unofficial identities such as personal email addresses, non-corporate Slack workspaces, etc.

Generates Consolidated Timeline of Events

  • AI system analyzes data across multiple platforms and channels to create a consolidated view of each person
Generates Consolidated Timeline of Events

Unified Behavioral Profile for Each Person

  • Single behavioral profile of each person, containing thousands of dimensions of behavioral norms, attributes and predictions
03Business Insights Layer

User Behavior

Abnormal Security develops a deep understanding of the people and their behaviors. By analyzing and normalizing data across thousands of dimensions, Abnormal assembles a single, consolidated profile of every person in your enterprise.
Resolves Multiple Identities to a Specific Person

Resolves Multiple Identities to a Specific Person

  • Maps all forms of identity (email, phone, device IDs, Slack ) to an individual
  • Automatically associates unofficial identities such as personal email addresses, non-corporate Slack workspaces, etc.

Generates Consolidated Timeline of Events

  • AI system analyzes data across multiple platforms and channels to create a consolidated view of each person
Generates Consolidated Timeline of Events

Unified Behavioral Profile for Each Person

  • Single behavioral profile of each person, containing thousands of dimensions of behavioral norms, attributes and predictions

Organizational Insights

Abnormal Security integrates with the directory systems but goes beyond to learn and understand the informal organizational hierarchy by observing communication patterns and behaviors.
Understanding of Business Relationships​

Understanding of Business Relationships

  • Maps internal relationships
  • Maps cross-organizational relationships
  • Assimilates informal relationships (e.g., key influencers in the organization) by analyzing communicating patterns and channels
Automated Mapping of Business Processes​

Automated Mapping of Business Processes

  • Learns business processes within the enterprise (e.g., approval processes, escalation paths, etc.)
  • Captures the tribal knowledge and organizational processes that cannot be sourced from any system
Contextual Understanding of Communications​

Contextual Understanding of Communications

  • Analyzes communication patterns across different channels such as email, Teams and Slack
  • Contextualizes communications based on relationship, channel, topic and tone

Organizational Insights

Abnormal Security integrates with the directory systems but goes beyond to learn and understand the informal organizational hierarchy by observing communication patterns and behaviors.
Understanding of Business Relationships​

Understanding of Business Relationships

  • Maps internal relationships
  • Maps cross-organizational relationships
  • Assimilates informal relationships (e.g., key influencers in the organization) by analyzing communicating patterns and channels
Automated Mapping of Business Processes​

Automated Mapping of Business Processes

  • Learns business processes within the enterprise (e.g., approval processes, escalation paths, etc.)
  • Captures the tribal knowledge and organizational processes that cannot be sourced from any system
Contextual Understanding of Communications​

Contextual Understanding of Communications

  • Analyzes communication patterns across different channels such as email, Teams and Slack
  • Contextualizes communications based on relationship, channel, topic and tone

Supply Chain Graph

Abnormal Security continuously maps your entire supply chain, ensuring a deep understanding of all 3rd-parties interacting with your enterprise.
Resolution of Business Attributes to a Specific Entity​

Resolution of Business Attributes to a Specific Entity

  • Every attribute found in 3rd-party communications (email domain, phone number, address, etc) is resolved to a specific business entity
Unified Profile of Each Business Entity

Unified Profile of Each Business Entity

  • Key contacts, contact information, and communication channels are mapped for each business entity
  • Business documents are identified and classified: Invoices, Purchase Orders, Order Forms, etc
  • Business attributes are extracted and maintained: banking and remittance information, product data, etc.
Federated Insights of Supply Chain Entities

Federated Insights of Supply Chain Entities

  • Federated insights enrich the global knowledge of every communication from a vendor, partner or customer
  • Hundreds of thousands of business entities are actively tracked today

Supply Chain Graph

Abnormal Security continuously maps your entire supply chain, ensuring a deep understanding of all 3rd-parties interacting with your enterprise.
Resolution of Business Attributes to a Specific Entity​

Resolution of Business Attributes to a Specific Entity

  • Every attribute found in 3rd-party communications (email domain, phone number, address, etc) is resolved to a specific business entity
Unified Profile of Each Business Entity

Unified Profile of Each Business Entity

  • Key contacts, contact information, and communication channels are mapped for each business entity
  • Business documents are identified and classified: Invoices, Purchase Orders, Order Forms, etc
  • Business attributes are extracted and maintained: banking and remittance information, product data, etc.
Federated Insights of Supply Chain Entities

Federated Insights of Supply Chain Entities

  • Federated insights enrich the global knowledge of every communication from a vendor, partner or customer
  • Hundreds of thousands of business entities are actively tracked today
04

AI Decision Engine

Abnormal Security identifies deviations from predicted normal behaviors with an anomalous behavior detection engine.

Threat Mitigation by Analyzing Human Behavior

  • An ensemble of machine learning models detects anomalous behavior against baseline Business Insights to determine magniture of anomaly and level of risk

Explainable and Provable AI

  • Results of the decision engine can be enumerated and understood by humans for transparency
  • Explainable AI builds trust and consistency with security analysts and end-users
04

AI Decision Engine

Abnormal Security identifies deviations from predicted normal behaviors with an anomalous behavior detection engine.

Threat Mitigation by Analyzing Human Behavior

  • An ensemble of machine learning models detects anomalous behavior against baseline Business Insights to determine magniture of anomaly and level of risk

Explainable and Provable AI

  • Results of the decision engine can be enumerated and understood by humans for transparency
  • Explainable AI builds trust and consistency with security analysts and end-users
05

Applications

Abnormal Security identifies deviations from predicted normal behaviors with an anomalous behavior detection engine.

Email Protection

Stop the full range of Business Email Compromise (BEC) attacks with an AI decision engine that computes thousands of signals to secure your business communications.

Account Takeover Protection

Prevent one of the most difficult to detect attacks by leveraging advanced signal analysis that goes beyond IP tracking to stop compromised accounts with accuracy and confidence.

Incident Response Automation

Augment security operation teams with automation and tools to respond quickly and proactively protect the organization.

Future and Custom Applications

Bi-directional, open-APIs enable customers to develop applications to operate the current Abnormal functionality headlessly or build custom applications.

Want to learn more?

Schedule a personalized product demo to see:

  • Threat analytics, insights and reporting
  • Automated Triage, Investigation and response tools
  • Platform integrations into SIEM, SOAR
  • …and more

Want to learn more?

Schedule a personalized product demo to see:

  • Threat analytics, insights and reporting
  • Automated Triage, Investigation and response tools
  • Platform integrations into SIEM, SOAR
  • …and more