I use Abnormal Security to enhance my email and identity security. It helps prevent phishing, business email compromises, and user account takeovers.

What I like about Abnormal Security is that it notifies me if any of my partners or suppliers are experiencing a security breach by analyzing their database and identifying potential cyber threats.

While Abnormal Security excels in features and capabilities for email security, there could be room for improvement in enhancing integration with other cybersecurity tools. Better integration would facilitate automation, logging, and coordination with various security measures.

I have been working with Abnormal Security for two years.

Overall, Abnormal Security is a stable product and I would rate the stability as an eight out of ten. While there are a few identified bugs, they are not significant enough to compromise security. However, there may be some issues with the console features, as they may not always provide the necessary information seamlessly.

We have approximately 15,000 end users of the product.

We switched from Microsoft email security due to Abnormal's superior capability in filtering out negative emails, providing enhanced security for our communication.

The initial installation is quite simple.

Abnormal Security is not overly expensive. I would say it is worth the money.

Our company chose Abnormal Security over other options because it is an advanced tool, especially in comparison to other products. It outperforms competitors like Proofpoint in detecting fraudulent, spam, and malicious emails. The use of machine learning sets Abnormal Security apart, making it more effective in identifying various types of harmful emails.

I would strongly recommend using Abnormal Security. I would rate the product as a nine out of ten. While it excels in functionality and effectively filters out bad emails, it is not a perfect ten due to identified bugs in the console and integration issues with other tools. Overall, it is a highly effective security solution.

Our main goal is to use Abnormal Security as an additional shield against the increasingly advanced email threats targeting our organization. During our implementation, we've discovered additional benefits. Firstly, it dramatically reduces the time needed for investigations, giving our IT team more efficient access to search and discovery tools than our current system provides. Secondly, it empowers both our threat-hunting and incident response teams, especially frontline responders. This allows them to access crucial data points directly, without always needing to wait for escalations.

The biggest challenge we faced was sophisticated business email compromise attacks. These targeted our customers or vendors, with attackers gaining access to their legitimate email systems and impersonating users to send emails to our enterprise. Our existing security tools were ineffective at detecting this traffic, as it originated from legitimate mail servers and mailboxes of people we regularly communicate with. Traditional security analysis didn't have enough telemetry to detect the anomalies. We needed a solution to differentiate between genuine interactions with our customers and vendors and those disguised as them by attackers who had hijacked their mailboxes. This was the primary use case for Abnormal Security, and it's proven highly effective in addressing this challenge.

I'm impressed with their API architecture. One of the main reasons is its invisibility to threat actors trying to launch attacks. Unlike our traditional email security tools in the SEG, which attackers can easily detect before they even start emailing us, the API remains hidden until they've already begun their attack. This gives us valuable early visibility via the API, allowing us to easily pipe that data to other tools and stop advanced attacks more effectively. The improved visibility into our email infrastructure also benefits our IT teams. Using the API integration, they can now remediate issues in minutes, whereas before it could take hours. Previously, identifying an inbound cyber attack meant bouncing between several tools: one to identify the attack, another to track affected emails, and yet another to quarantine them. Abnormal's APIs streamline this process. With a single search, an IT technician can identify users who received the emails, track who clicked on them, see where the emails are located, and even delete them from everyone's inbox directly. This has drastically reduced our investigation and response time for phishing and BEC attacks, from hours to mere minutes.

Compared to many other vendors we considered, Abnormal Security stands out in its ability to detect the full spectrum of email threats. While our existing Secure Email Gateway handles traditional threats like spam and malware quite well, it often misses more sophisticated attacks. The SEG relies on static indicators like email flags, suspicious file hashes, or mass recipient lists. We can easily identify and filter out emails matching these criteria, but they do little to stop targeted attacks. Here's where Abnormal Security shines. Their anomaly detection engine excels at recognizing one-off attacks, including those where a threat actor infiltrates a vendor's mailbox and manipulates payment instructions or redirects transactions. Abnormal identifies these anomalies using behavioral analysis, effectively catching threats that traditional static methods typically miss.

The two main benefits Abnormal Security offers us are its ease of use and its powerful search capabilities. These features empower our internal teams to get more involved in the response process, helping us track down threats efficiently. Additionally, Abnormal's ability to stop advanced attacks significantly reduces our security team's workload. Security teams are consistently stretched thin, so minimizing wasted effort chasing false alarms is crucial. By keeping harmful emails out of user inboxes, Abnormal allows us to focus on other priorities. In summary, our primary gains from Abnormal are its effectiveness in blocking attacks and its ability to empower our internal teams, ultimately strengthening our overall security posture.

Abnormal Security's AI and machine learning capabilities significantly expand the range of email attacks they can block. This is crucial to optimizing their product's performance for us. Specifically, their ability to leverage AI indicators and extensive email telemetry is critical for stopping advanced threats, like compromised mailboxes sending disguised emails. Traditional methods often fall short in such scenarios. Our primary concern is identifying emails sent by a threat actor posing as a legitimate mailbox owner. AI-powered anomaly detection proves virtually indispensable in discerning the true sender's identity. Abnormal Security has identified and prevented several such sophisticated attacks in our own experience. One remarkable example involved a vendor's seemingly legitimate email flagged as suspicious by Abnormal. Initially dismissed as a false positive by our first responders, a deeper analysis of the email's telemetry revealed subtle anomalies. The email's sudden shift to a professional tone, unlike the typically casual communication with this vendor, was one such anomaly. As it turned out, Abnormal's suspicions were correct – the vendor's account had been compromised. This instance highlights the unparalleled effectiveness of AI in detecting sophisticated email threats. By focusing on abnormalities in email behavior, AI can uncover hidden dangers that might otherwise elude traditional security measures.

The deployment of AI has significantly reduced the number of internal attacks we encounter, and it has even extended its benefits beyond our perimeter. We've proactively alerted several customers and vendors about potential compromises before they even realized their systems were under attack. This proactive approach has been well-received, with many recipients expressing their appreciation for our timely intervention. Within our organization, AI has dramatically streamlined our security operations by automating the analysis of sophisticated attacks, freeing up valuable time and resources for our security teams.

Abnormal Security has dramatically reduced the time our team spends resolving email incidents. What used to consume hours or even days, depending on the attack and response complexity is now handled within minutes, often by less experienced team members. This has significantly improved our efficiency and freed up valuable time for other security tasks.

Although no product can eliminate attacks, we've been pleasantly surprised by the effectiveness of Abnormal Security. Initially, when we approached them with our use case and problem, we'd have been happy with a much lower catch rate. Stopping even a significant number of attacks would have been a success. But the actual results have been incredibly impressive. While some attacks still slip through, the features in Abnormal allow us to feed those cases back into their system. This feedback fuels the AI's learning process, helping it avoid repeating the same mistakes. Interestingly, the attacks that remain undetected are often difficult to define even for human analysts. They involve subtle cues that would be challenging for any AI to spot in the specific contexts we've encountered. One example involved a new customer with whom we had exchanged only a handful of emails. While this customer's account became compromised, the attacker wasn't the usual contact person. Since the AI had only profiled the communication style of the usual contact, the malicious email appeared normal compared to that limited baseline. In such cases, where the AI lacks sufficient data, even exceptional systems can be caught off guard. While no product is perfect, we're highly impressed by Abnormal's speed and efficiency in catching attacks. They've dramatically reduced the workload on our help desk compared to the past, with the results being clear and measurable.

Compared to our old solutions, Abnormal Security's incident response is like night and day. With our previous SEG, identifying and remediating a suspicious email was a cumbersome process. We'd flag the email, then jump through hoops to figure out who received it and if anyone clicked on it. With different modules and separate views, it was a mess. Once we confirmed the threat, another system hunt began, pulling emails from user inboxes. It was slow, fragmented, and frustrating. Abnormal is a breath of fresh air. If we spot a threat alert on the dashboard, we simply click on it to see all recipients, where the email sits, and who interacted with it. And then, the holy grail – a single button. Click 'Remediate', and those emails vanish from user inboxes, instantly neutralized. Just a button click from issue detection to resolution in seconds. All from one screen. That's the transformative power of Abnormal Security. Something our old solutions couldn't dream of.

Ease of use is undoubtedly one of the most valuable features of Abnormal Security. Its intuitive interface requires minimal training for our IT staff to extract significant value. It was practically plug-and-play, with minimal configuration needed on our end. The product itself has limited configuration options, as it leverages pre-built back-end tooling and algorithms to work its magic. This streamlined design makes it ridiculously easy to use and set up. Moreover, the Abnormal team provides phenomenal support whenever we encounter any issues, far exceeding the support we receive from many of our other tech vendors.

The biggest pain point for us is the lack of support for on-premise email systems. This would be a game-changer for our team. I haven't identified any other major areas for improvement. The platform is already streamlined and user-friendly for our users. Ideally, we would love to manage everything within the Abnormal console. It already addresses all the pain points our internal groups identified with our old SEG tooling. From our perspective, the main area for improvement would be adding support for on-premise email systems. If Abnormal offered such functionality, we wouldn't need any additional external tools.

I have been using Abnormal Security for almost two years.

Abnormal Security is stable. We have not encountered any downtime or issues that impact performance.

Abnormal Security offers excellent scalability, making it ideal for environments of various sizes. Our main enterprise setup with 12,000 mailboxes, operates seamlessly. Additionally, when we acquire smaller companies with, say, just 50 mailboxes, we can easily integrate them as subtenants, granting them immediate access. Regardless of the mailbox count, be it 50 or 10,000, Abnormal Security scales effortlessly to accommodate their needs.

Abnormal's technical support is incredibly responsive when we encounter issues. We first used them shortly after our initial deployment when we hit a snag with an email we thought should have been blocked. It was just a single email, and they resolved the issue within five minutes. They promptly stopped another attack just a few minutes later. Their response times are truly impressive, and they avoid unnecessary back-and-forth communication. Unlike many tech support teams who spend long periods gathering information before handing things off to another technician for a callback, Abnormal takes ownership and resolves issues swiftly. We always feel heard and valued when we contact them. They get it right, and they get it done quickly.

Before adopting Abnormal Security, we relied on Microsoft Office 365's security suite, including Defender and Exchange Online Protection, along with Mimecast Secure Email Gateway. However, these traditional tools proved ineffective against advanced attacks that slipped through the cracks. This vulnerability prompted us to seek a more robust solution, leading us to Abnormal Security. The rationale behind this shift was twofold. Firstly, we needed a tool capable of intercepting the sophisticated threats bypassing our existing defenses, attacks with severe financial repercussions if successful. Secondly, we aimed to minimize the operational burden on our IT and security teams. By deploying an automated platform capable of handling routine incident detection and containment, we could refocus our personnel on higher-level tasks.

We've implemented Abnormal Security for our main enterprise and a few of our acquired companies that already had cloud email systems. The process is incredibly user-friendly. Authorization involves only two clicks once their support team sends the necessary links for adding them to our enterprise tenants. It's a breeze to set up and eliminates the substantial configuration work required by traditional SEGs, which surprised us greatly. We're glad to be free from policy creation, allowlist, and blocklist maintenance, and even bypass configurations for SPF headers. The tool's elegance lies in its automated backend processes, eliminating the need for manual allowlist/blocklist adjustments, as the technology intelligently manages these aspects.

Integrating Abnormal Security through their API was incredibly straightforward. It took only two clicks! We've even combined it with one of our existing security platforms, and that too was just a single click within each platform thanks to the well-designed API. Honestly, it's one of the simplest security product deployments I've ever experienced in our company.

Only one IT team member, possessing the necessary permissions, could deploy the change.

The implementation was completed in-house with the help of Abnormal's deployment team.

Overall, we'd certainly prefer lower pricing, but Abnormal Security doesn't seem unreasonable compared to similar offerings in the market. Notably, if we replaced our Mimecast email protection with Abnormal Security, we'd save money. Given their strong features and competitive pricing, I believe they're well-positioned. While I understand the appeal of lower prices, I think Abnormal's current pricing is fair for what they offer.

While evaluating solutions back then, Abnormal Security stood out with its advanced AI capabilities in the email security space. While a few other players existed, none matched their level of sophistication. Today, there are new contenders like Avanan. We did consider Proofpoint, impressed by their AI initiatives and user-centric approach. However, similar to Mimecast, they seemed adept at catching signature-based threats but struggled with advanced business email compromise attempts. During our Abnormal Security proof-of-concept, the detections lit up like a Christmas tree, highlighting their effectiveness against these sophisticated attacks.

I would rate Abnormal Security a ten out of ten.

It is not that important that Abnormal Security can detect threats in cloud collaboration applications because we are a Microsoft team shop so we are not using a lot of the other collaboration tools. So exploring new frontiers isn't a high priority for us right now. While I'm curious to see what innovations emerge in that space, it's not something we're actively looking to deploy at this time.

While Abnormal Security offers strong capabilities, it hasn't eliminated the need for our existing secure email gateway solution entirely. Our situation is unique due to our merger and acquisition activity. We initially hoped Abnormal could replace our SEG and reduce costs. In terms of features and performance, it outperforms our current solution for specific tasks. However, we couldn't fully switch because our existing SEG provides crucial protection for both on-premise and cloud-based emails. In our acquisition scenario, Abnormal wouldn't immediately protect acquired companies using non-cloud email systems. The migration process would be lengthy, delaying security coverage. Conversely, our current SEG allows us to quickly add protection by simply repointing DNS records, offering immediate security for acquired companies within an hour. Therefore, while Abnormal is a compelling alternative, it doesn't address our specific on-premise email needs due to their current product offerings. If not for this factor, we would readily consider migrating entirely to Abnormal Security.

Although Abnormal Security has delivered cost savings in managing account takeover incidents, the key driver behind its implementation wasn't cost reduction. We didn't have a separate solution focused solely on account takeover before, so Abnormal filled a critical gap in our security posture.

While the platform itself requires no active maintenance, it's still essential to provide some basic care. This involves regularly reviewing audit logs and threat dashboards to ensure their continued functionality. The key difference compared to other platforms lies in the lack of constant updates. Unlike systems plagued by frequent firmware updates, signature refreshes, and hash revisions, this one quietly hums in the background, needing only oversight to confirm its smooth operation.

Our initial internal debate about Abnormal Security's maturity stemmed from the specific problem we wanted to solve by adopting their platform. Our threat actors are highly sophisticated and constantly evolving their tactics, outpacing traditional security solutions. While classic methods are excellent for known threats with established patterns (think signatures based on 20 years of historical data), they struggle to keep up with rapidly changing attackers. This is where AI-powered solutions like Abnormal shine. The significant advancements in AI have only recently matured enough to meaningfully impact security, and companies like Abnormal, focused on cutting-edge solutions, can't boast long-standing track records because the technology itself is barely five years old. So, for those facing novel, bleeding-edge threats, partnering with a provider like Abnormal, operating in the same bleeding-edge space as the attackers, becomes crucial. Our initial hesitation about Abnormal seems rather silly in retrospect, especially considering we only planned to use it as an initial augmentation to our existing defenses. My advice for anyone with similar doubts is to, clearly define what they need to protect and they will realize that tackling cutting-edge problems requires solutions that meet their opponents on their bleeding-edge turf.