Abnormal Security Posture Management offers protection against email platform attacks

Abnormal Security has released Security Posture Management, its newest addition to the product portfolio as the company progresses toward delivering the cloud email security.

Abnormal Security Posture Management

The latest innovation protects customers from emerging email platform attacks that are increasing in volume and severity as attackers find new ways to target organizations.

The open, interconnected nature of cloud email platforms creates new entry points for attackers to exploit and manipulate—increasing the need for security tools that protect organizations from attacks beyond those that are delivered through inbound email.

While advanced inbound email attacks like business email compromise and credential phishing remain the primary cloud email attack vector, accounting for $43 billion in exposed losses since 2016, this addition to the Abnormal product portfolio expands the capabilities of cloud email security to protect against side-channel attacks that directly target the entire email platform.

In recent headlines, cybercriminals have exploited unguarded entry and exit points to carry out platform attacks, including:

  • Compromising user and administrator accounts by bypassing MFA policies
  • Exploiting global administrator privileges by setting up tenant-wide email forwarding rules that send company emails to attacker inboxes
  • Tricking employees into installing malicious OAuth applications through consent phishing email links disguised as file-sharing links

These examples showcase the need for security tools that can detect changes to the cloud email environment and provide full visibility into the current posture. But because security teams often share responsibility for these platforms alongside IT and messaging teams, it is operationally difficult and manual to understand the full scope of potential configurations across thousands of users, third-party applications and email tenants, and manage them accordingly.

“As we’ve spoken to our customers, we’ve heard increasing concerns about this next generation of attacks. Since they have implemented Abnormal to secure the inbound channel against advanced attacks such as BEC, attackers are looking for new ways to access their inboxes and email platforms,” states Mike Britton, chief information security officer at Abnormal Security.

“Implementing a solution that can alert security teams to new integrated applications, over-permissioned users, and other potentially risky events will be extremely helpful to security leaders, and Abnormal is excited to evolve our inbound email security platform to provide this capability and better protect our customers from the full spectrum of attacks.”, Britton continued.

The new Security Posture Management product from Abnormal gives security teams immediate visibility to each of the potential entry and exit points to the cloud email platform. Increased visibility begins with three new Knowledge Bases, in addition to the existing VendorBase, which present comprehensive databases of employees, third-party applications, and email tenants.

Each of the three new Knowledge Bases provides the foundational visibility security teams need to understand potentially exposed surface areas in Microsoft 365 and conduct security investigations.

  • AppBase: Provides a running inventory of all of the third-party applications that have access to data within Microsoft 365. It provides a summary of important information about application permissions and data access, as well as an activity timeline of recent events.
  • PeopleBase: Provides a directory of each active user in the environment. It uses contextual, behavioral data to build a dynamic user genome. PeopleBase also provides an activity timeline of recent events, including sign-on patterns, suspicious email activity, and more.
  • TenantBase: Provides a catalog of each of the email tenants Abnormal Security protects and relevant permissions governing access to them.

Taking the information derived from these Knowledge Bases, the new Security Posture Management product then monitors each entity for potentially risky configuration changes. Key changes may include the escalation of administrator privileges or the integration of new unverified applications with read-write access to mailboxes.

When changes occur, Security Posture Management alerts administrators so they can understand the impact and take appropriate downstream action to protect their cloud email platform from insider threats or attacker infiltration.

While the monitoring and alerting capabilities of Security Posture Management are available as an add-on purchase to Inbound Email Security, Abnormal is providing the foundational visibility of its new Knowledge Bases at no cost to all customers with Microsoft 365.

New product continues to drive Abnormal growth in the email security market

The posture management offering underscores Abnormal’s commitment to providing its customers with the email security platform. In recent weeks, Abnormal was named to the CNBC Top 25 Startups for the Enterprise list of companies that are best suited to meet the needs of large enterprises, as well as the Madrona Intelligent Applications 40 list for the platform’s capabilities in using machine learning to extract useful information from real-time and historical data.

These awards highlight the continued success of the company as Abnormal continues to experience more than 2x growth per year, with notable customers including Xerox, Urban Outfitters, Royal Caribbean International, and Groupon. The company maintains a 4.8-star review on Gartner Peer Insights, with 100% recommendation from participating companies.

This continued growth is driven by the recent Series C funding round in which Abnormal raised $210 million with backing from Insight Partners, Greylock Partners, and Menlo Ventures.

Security Posture Management is the second major product launch in the past six months, with Abnormal releasing the Email Productivity module in August 2022. The Email Productivity add-on uses behavioral AI to filter time-wasting promotional emails away from employee and executive inboxes, automatically personalizing protection to each user based on behavior cues like folder moves.

By shielding employees and executives from the growing barrage of promotional emails, including vendor cold calls, newsletters, and marketing promotions, Email Productivity saves enterprises multiple hours per employee per month. Both new products are part of the Abnormal Cloud Email Security platform, which stops the full spectrum of email-borne attacks.

Share this