Abnormal Security expands its platform and launches new products
The company is also extending the platform to better model identity behavior through the ingestion of signals from additional sources, including CrowdStrike, Okta, Slack, Teams and Zoom.
Email remains the most common path into an organization, but cybercriminals are steadily shifting their tactics and targeting additional entry points across the enterprise.
The recent attacks on EA Sports and exfiltration of Grand Theft Auto source code highlight how attacks are becoming increasingly multi-channel, as cybercriminals infiltrate one platform and move laterally throughout the environment to gain access to email and other sensitive data.
Security leaders are concerned about these new attacks, but lack a single platform that can correlate signals across channels in one unified view.
To solve the problem, Abnormal is expanding its platform API integration capabilities to ingest unique data from more sources. Additional signals from these applications enrich Abnormal’s understanding of user behavior by enabling the platform to analyze sign-in events, geolocation data, session details, communications patterns and more across a number of cloud-based applications.
When the platform identifies anomalous activity, it provides a consolidated view through an “Abnormal Behavioral Case Timeline,” which allows security teams to see cross-channel attacker activity and take remediation actions.
“Attackers are increasingly relying on multi-channel attacks to access valuable information and steal data for financial gain,” said Evan Reiser, CEO at Abnormal Security.
“The best way to protect against these sophisticated attacks is to ingest many signals from diverse sources to learn the behavior of each identity across the multi-channel cloud surface area, and then apply advanced AI models to precisely detect anomalies. While email remains our primary focus, we know that threats can come from multiple places across the enterprise and we’re excited to take our behavioral AI capabilities to the next level to protect email-like communications in Slack, Teams and Zoom,” Reiser continued.
In the latest Market Guide for Email Security, Gartner states, “Although email is still the most common attack vector, many attackers use emails to begin the communication and then move it to Slack, Teams or any other collaboration platforms.”
As such, there is a need to secure these platforms, filtering malicious content and highlighting suspicious interactions. The new products will extend the power of the Abnormal platform to detect suspicious messages, remediate compromised accounts and provide insight into security posture across the three applications.
Alongside the new data ingestion capabilities available at no cost, Abnormal is introducing three new products:
- Email-Like Messaging Security: Allows administrators to take action against malicious activity, monitoring Slack, Microsoft Teams and Zoom for messages that contain suspicious URLs and then flagging potential threats for further review. Malicious messages are surfaced regardless of whether the message is sent from an internal employee or an external contractor.
- Email-Like Account Takeover Protection: Analyzes authentication activity in Slack, Teams and Zoom, alerting security teams to suspicious sign-in events—whether a user is signing in from a blocked browser, in a risky location or on a known-bad IP address. Each event is automatically flagged for immediate investigation, with single sign-on (SSO) activity from Okta and Azure Active Directory included for additional evidence.
- Email-Like Security Posture Management: Gives security teams a complete view of user privilege changes in Slack, Microsoft Teams and Zoom to ensure only the appropriate users have admin rights. Email-Like Security Posture Management dynamically monitors for new changes, surfacing those that are considered high impact.