Abnormal - Cloud Email Security (EU)

We use Abnormal Security  for blocking spam and email threats in a medium-sized manufacturing environment.

Abnormal Security  is valuable because it features an automated scoring tool that doesn't require much intervention from our team. It enhances threat detection capabilities by making the process automated and is easy to scale to our entire environment. 

Additionally, it protects us from being business email compromised, which is invaluable for maintaining our security.

There could be more selectable options and more granular selections available.

I have had experience with Abnormal Security for a few years.

The stability of Abnormal Security is excellent. I rate it a ten out of ten with no issues encountered.

The solution is easy to scale across our entire environment, and I would rate it a ten out of ten for scalability.

I rate customer support a nine out of ten. They have been prompt in responding and are knowledgeable.

Positive

We switched to Abnormal Security from a previous solution due to its processing and ease of use.

The initial setup for Abnormal Security was straightforward and easy.

It was myself and one other person, an enterprise manager, who handled the deployment.

The return on investment is seen in the security it provides, preventing business email compromise, which is invaluable.

I find the pricing to be favorable, but I did not disclose the exact cost.

I do not wish to discuss other solutions.

I would recommend Abnormal Security. Overall, I rate it a ten out of ten.

We have a separate Proofpoint email gateway, so Abnormal is what we consider to be defense in depth. It catches malicious emails that our primary email gateway misses, so we're depending on Abnormal to detect them for us. It also gives us trickier stuff, like zero-day threats. 

We also use Abnormal for our abuse mailbox. Our users have a "report phishing" button in Outlook. If they get any suspicious email that they think is malicious or spammy, they can click that button and report it to Abnormal. The Abnormal abuse mailbox automatically analyzes it and responds to the user as to whether it is safe spam or malicious. If it is safe, it sends a copy of the email back to the user so they don't have to look for it in their deleted items. 

We have close to 24,000 users. Not all of those are users because a large percentage of those work mainly in Salesforce, but many mailboxes. It's also three different Microsoft tenants because we acquired or merged with other companies throughout the years. 

Abnormal helps increase the level of our email security. I would be uncomfortable if we did not have that second layer of defense. I think it's super important. Having Abnormal helps me sleep better at night by keeping an eye on the emails that Proofpoint logs in. 

The solution's AI/ML features broaden the types of email attacks it can stop by learning employee behaviors. I recently got numbers from the Proofpoint and Abnormal sides, and the fact that Abnormal was still catching so many specific types of attacks that Proofpoint missed is kind of crazy. It says that Abnormal detected almost 7,000 attacks in the past 30 days. That's a huge number of emails. 

Abnormal Security has reduced the time my team spends on those email incidents. I work on the admin side, so I'm not involved in running down the incidents on the SOC side, but we would need more people if we didn't have Abnormal automatically remediating so many of these attacks. 

I didn't even realize it was stopping this many attacks. You let it go and do its thing. That's a lot of emails, and it takes a lot of time for a person to hunt down this volume of attacks. Even if it took only half an hour per attack, that's more than a full-time employee could deal with. If we didn't have Abnormal doing this, it would take at least two FTEs. 

The solution helps reduce the costs of account takeover detection tools. We have it integrated with CrowdStrike, and Abnormal sends alerts back and forth. The integration with CrowdStrike helps us better monitor the environment and produces more alerts for the SOC to investigate. 

I like Abnormal's threat protection with auto-remediation, but I also love its abuse mailbox feature, which automatically responds to the end user. That feature has a super-valuable security component and helps improve the user experience.

I also like the dashboard. It's easy to get information. For example, when my director asked for numbers, finding all these graphs on the dashboard was great. 

We have an API setup with our automation software, so Abnormal gets alerts about spam and malicious threats. This sends alerts to our SOC, notifying them to take a closer look. From an API perspective, integration with our security automation software is extremely important to help draw attention to those sorts of things.

We've got some of those integrations set up, so it can get help from those feeds from an account takeover perspective. Abnormal can monitor many different inputs to draw attention to when an account might be compromised. We have started implementing those integrations to give Abnormal more signals to alert us about possible account takeover. We don't have it set up yet to monitor things going on in Slack or Zoom to be able to tell us when a conversation might be malicious.

Abnormal should add more automatic reports. I have an open request to our account team for more notification and report types that can be sent automatically. For example, they have an awesome report that gets sent weekly, and I also want them monthly, so I don't need to do so much adding up when my director wants numbers over time. 

The company has been using Abnormal for a couple of years, but I've only worked here since last August. 

I rate Abnormal eight out of 10 for stability. Periodically, we'll have an incident with the portal. They sent me updates about it, so I knew something was happening, but it didn't affect my daily work. Every once in a while, they have some back-end issues, but they communicate about it really well, which is something that I appreciate.

My company has acquired or merged with other companies, and it doesn't seem like Abnormal skips a beat, whereas with the Proofpoint layer, we've had issues with how it performed some upgrades to our cluster lately because we were having issues with email delays. I worry about the Proofpoint layer, not the abnormal layer. Abnormal seems to be so rock solid and scalable that I think it can handle whatever we throw at it. 

I rate Abnormal support nine out of 10. Their support has gotten better. When I started, it seemed like there were a few hiccups, but it has markedly improved in recent months. I had found a support person that I absolutely loved. She was awesome. And she got promoted, and I was like, "I know you deserve this promotion because you are great." It's the support that got me even more excited about the product. 

They're so good at following up on unusual cases and strange things that we were seeing in our environment that other customers weren't even noticing. She did a fantastic job with communication and following up with the back-end support. Since she moved on, it sometimes takes a little longer to get back to me when I open a support case. For the most part, they're still highly responsive and do a good job with communication.

Positive

They had been using Proofpoint Track, which was expensive. They were trying to save money because Abnormal has much of that same functionality. Also, I think it's a good idea to have two different vendors. Each has different threat intel that they can base their catches on. We can save money and get that defense in-depth because there were things the main email gateway was missing. 

It only takes one malicious email that one user interacts with incorrectly to cause company-wide problems, so it's critical to have this area locked down as much as possible. At the last place I worked, we had the same kind of setup where we had an email gateway and a separate second layer. What I like about Abnormal is that it does a great job of automatically detecting and remediating threats. 

I wasn't here when Abnormal was deployed, but I've been told that it was quick and easy. According to the story I heard, they were planning to renew Track before they realized how much it cost. Abnormal was easy enough to integrate with low configuration requirements that they could get it done within a couple of weeks, which is almost unheard of for tools here.

After deployment, the solution doesn't require much maintenance so far, but it will as they add more integrations. That is something I will be spending more time and energy on. Periodically, I need to add something to the safe list, but I don't spend as much time as I did on Proofpoint because Abnormal doesn't have as many false positives. 

I can't put numbers to it, but our current environment needs to trim the budget as much as possible, and Abnormal has proven itself to offer such good value that no one has even mentioned not renewing it. It's considered an invaluable piece of our security fabric here, so it's such a good return on investment that even cost-cutters aren't looking to cut its cost.

It's cheaper than Proofpoint Track, the product Abnormal replaced. It saved us tens of thousands of dollars plus the cost of paying people to manually run down all of these malicious emails. 

Abnormal is cost-efficient for what it does, and it's getting better. They're now adding many new integration types, so we'll expand the scope of what it can do for account takeover. They've also got a new threat intel piece that's available that they're continuing to add functionality to. It was cost-effective when implemented, but they are working to make it a better value.

I rate Abnormal Security 10 out of 10. If someone had doubts about Abnormal's maturity, I would reassure them that it has been rock solid in my experience. They are continuing to build more into the product all the time, and if it's missing a specific feature, then it will probably happen because it's not a static product. 

While some products take a long time to build, Abnormal keeps things moving. They seem to have an excellent sprint cycle, with a solid focus on constant improvement. It would depend on what specifically they are looking for. To me, it acts like a mature product compared to other systems like this that I've used in the past.

We use Abnormal Security for our email protection in addition to Microsoft 365. Previously, we relied on another provider for many years to scan emails for malicious content, viruses, and spam. However, with the increasing sophistication of email attacks, our old provider simply couldn't keep up. Their system involved rerouting our emails to them for scanning before delivery to Microsoft 365. This approach proved ineffective, particularly for attacks like CEO impersonation emails or simple text messages requesting personal information. These attacks didn't contain any traditional malicious attachments.

Abnormal Security serves several key functions for us. Primarily, it excels at detecting malicious content. Additionally, it effectively isolates spam, preventing it from cluttering our inboxes. For legitimate but unwanted emails, such as newsletters, it creates a dedicated "Promotions" folder, keeping our inboxes organized. These are the main reasons we appreciate Abnormal Security.

Abnormal Security Portal Provides Comprehensive Email Security Management. We have access to a web portal provided by Abnormal Security. This portal grants us complete visibility into how Abnormal Security analyzes our incoming email. We can see everything it catches, how it classifies the emails as malicious, legitimate, etc., and the reasoning behind the classification. The portal is well-organized with dedicated sections for different threat types. We can easily identify account takeover attempts, vendor fraud attempts, and other threats. A particularly valuable feature is the search and respond functionality. In the past, we've encountered situations where employees accidentally sent out sensitive information or messages that shouldn't have been distributed. The portal allows us to quickly locate these emails and remove them from everyone's inbox, including deleted items. This ensures the emails vanish completely and never reach the intended recipients. Furthermore, the portal empowers us to manage our email security preferences. We can whitelist trusted senders and create custom blocklists for unwanted emails, providing a high level of control over our email environment.

While Abnormal Security has been effective in detecting a wide range of email threats, some emails have slipped through. To address this, we've educated our users. If they suspect spam, phishing, or an unusual email, they can report it directly through the "Report" button in Outlook which forwards to Abnormal, or by forwarding it to the "phishing" email address. This triggers a deeper analysis by Abnormal to identify any missed threats. According to our year-long data, users have submitted over 1,500 emails from 121 employees. Abnormal identified 4 percent as malicious and 9 percent as spam, with the remaining 87 percent deemed safe. These statistics indicate that Abnormal doesn't catch everything. However, by fostering a user base that remains vigilant and reports suspicious emails, we can leverage Abnormal's deep analysis to further enhance our email security.

During the pilot period, Abnormal Security's benefits became clear. We encountered an ongoing account takeover that we were initially unaware of. However, as Abnormal Security ran, it helped us organize and identify threats effectively. Feedback from the field has been very positive compared to our previous vendor. With our previous vendor, we received four daily emails notifying users about quarantined emails. These notifications cluttered inboxes and created confusion. There were instances where legitimate malware was quarantined, but the user received a message like "This email was quarantined for you. Do you want to investigate or recover it?" Unaware of the potential threat, some users might release the email, believing it to be a false positive. This could lead to compromising their credentials or infecting their computer. Abnormal Security takes a different approach. They automatically hide suspicious emails, preventing them from reaching user inboxes. This eliminates confusion and protects users from inadvertently engaging with malicious content.

We encounter AI in various ways. For example, it can be involved in filtering emails. For example, if I am receiving an email in my inbox that I prefer not to see there every day. I might move it to my promotions folder. Conversely, an email might land in promotions that I want to see in my inbox, perhaps because it's considered graymail. In that case, I can move it back to my inbox. The AI can learn from my actions and apply those preferences in the future. AI also plays a crucial role in defending against certain cyberattacks. Traditional methods might not be sufficient to catch these threats. AI can analyze incoming emails for a multitude of factors, performing a kind of predictive analysis on potential threats. These factors might include a sense of urgency in the email's tone, an email supposedly from the CEO but with an unrecognized sender address, or a domain that's a month old. Humans might not readily pick up on such red flags, but AI can effectively identify them.

My colleagues tell me that since we implemented this change, the number of attacks has decreased. I can confirm this by checking the dashboard, which shows the current attack volume. Even more importantly, by filtering out greymail into a promotions folder, everyone saves time by not having to sort through irrelevant emails in their inboxes.

There have been fewer IT tickets lately concerning suspicious activity. People used to report things like clicking on something malicious or questioning if an email was spam. Now, if something seems abnormal, it's sent directly to the Abnormal activity queue. Previously, we'd receive frequent reports about things like fake CEO emails or phishing attempts, but those types of tickets are becoming rare in our help desk.

Previously, we used a much more affordable email security solution. While Abnormal Security costs more, it outperforms or at least matches the capabilities of its competitors. We trialed Barracuda, but their pricing was prohibitive. Even if they lowered their prices now, I wouldn't consider them. Mimecast and Proofpoint, the other options we explored, were priced similarly. However, Abnormal's setup is significantly easier to use. While the initial configuration involves integrating it with our Microsoft 365 environment, Abnormal's day-to-day operation, configuration, and fine-tuning are much simpler compared to the other products.

The ideal scenario would be for Abnormal Security to work in tandem with Microsoft to analyze incoming emails. This means Abnormal Security would assess emails before they reach my inbox, even if it happens slightly after Microsoft's initial scan. Currently, the process isn't seamless. Microsoft analyzes emails and delivers legitimate ones to my inbox. Abnormal Security then scans these delivered emails, and if flagged as malicious, they disappear. This creates a problem for our ticketing system mailbox, which is a third-party service. Emails sent to the ticketing system address are automatically forwarded by Microsoft. However, if these emails are malicious, Abnormal Security only cleans them from my Outlook mailbox after they've been forwarded. Since we primarily rely on the ticketing system and not the Outlook mailbox, these malicious emails still reach the ticketing system.

I have been using Abnormal Security for eleven months.

I have never encountered any stability issues with Abnormal.

I don't know what would happen if we throw thousands of more users to Abnormal. However, based on our current usage and what we've observed with larger customers, there's likely no immediate issue. Abnormal seems to scale well for moderate growth. While substantial growth isn't on the horizon for us, it's worth considering scalability further down the line.

The technical support speed has been fantastic. They're very responsive. I usually get a same-day response on any tickets I submit. The representatives are knowledgeable and helpful, and they always jump right on any issues I bring to their attention. Overall, I haven't experienced any long wait times for support, although thankfully, nothing major has required fixing.

Positive

In the past, we utilized Mailroute for our email security. We simply configured our MX records to point to their servers. These servers would then collect and analyze our incoming emails for any threats. Only after deeming them safe would Mailroute forward the emails to our chosen provider, such as Microsoft or another service. We relied on Mailroute during the time we hosted our email on Exchange, before migrating to Microsoft 365. After a long-standing relationship of 15 years, we ultimately decided to switch to a different security solution.

The initial deployment was very easy. All I had to do was access the Abnormal service through the provided URL. It then requested my global administrator credentials for our Microsoft 365 environment, which I granted. This initial step simply integrated Abnormal with our 365 environment. After that, we configured the settings to determine what kind of alerts we wanted to receive. There were a few things that potentially needed to be done beforehand, such as setting up IT login access and establishing a process for handling the "abuse" mailbox and account takeovers. For account takeovers, we could choose to have Abnormal automatically remediate and lock out the user, or we could have it send an email notification to IT for manual intervention. All these configurations were done through simple checkboxes, which we reviewed with an Abnormal technician during our initial call. By following these steps, we were up and running within an hour.

It was super easy to integrate Abnormal via the API.

Barracuda offered a similar security solution, but with all the features we wanted, the cost came out to around $170,000. Abnormal Security, on the other hand, provides the same level of functionality for just over $60,000 – that's half the price! I'm getting even more value from Abnormal Security than I would have from Barracuda.

Last year, we explored alternative solutions. We evaluated Proofpoint, Barracuda, and Mimecast. All three offered API integration with our Microsoft 365 environment, enabling them to detect these types of threats. We piloted Barracuda but found it cost-prohibitive. While Proofpoint was appealing, we weren't impressed, and Mimecast proved overly complex to set up. Consequently, we stuck with our existing provider for another year.

Abnormal Security entered the picture later. We evaluated them and conducted a pilot program. Impressively, within a day of initiating the pilot, they identified a compromised account. Normally, they wouldn't reveal such findings until the pilot's conclusion. However, the urgency warranted immediate notification. They discovered that someone was accessing a low-level account from a location outside the user's usual login area in New York. This incident, coupled with Abnormal Security's overall capabilities, convinced us to switch providers.

I would rate Abnormal Security ten out of ten.

The previous solution had significant limitations. It functioned like a basic antivirus program from the 1990s. It would simply scan a file and determine if it was malicious or not. It lacked any context about the file or the sender. Abnormal Security takes a completely different approach. By integrating with our Microsoft 365 environment through an API, Abnormal Security understands our organization and communication patterns. It can identify important individuals and prioritize emails from them. This helps to prevent fraud attempts where someone might impersonate a VIP by using a spoofed email address. Abnormal Security goes beyond just checking attachments for malware. It analyzes various aspects of emails, including the sender's domain age, the language used, and other key factors. These elements are then factored into an algorithm that determines whether an email is malicious or legitimate. In contrast, the previous solution only focused on attachments. It didn't analyze the email content, sender identity, or any other contextual information. This made it vulnerable to phishing attacks and other email-borne threats.

This system is maintenance-free after deployment. It functions independently, even if I don't actively monitor it. Once deployed in our environment, it automatically adds new users to the portal and scans them. There's no need for further manual adjustments. While I only receive weekly reports outlining the number of attacks, actions taken, and breakdowns in graphs and percentages including most at-risk users, impersonation attempts, etc., the system itself operates autonomously.

There's very little setup involved with Abnormal. The installation and configuration process is virtually seamless. However, there's one key thing to keep in mind: make sure your email environment is clean before onboarding. This means having an accurate user count and keeping your mailboxes free of unnecessary data. Abnormal charges per user mailbox, so it's important to avoid migrating junk or accounts of terminated employees. These will inflate your bill unnecessarily. Beyond that, there's not much preparation needed for new users. Abnormal is a great product! One potential snag to consider is Abnormal's ticketing system integration. As of now, it doesn't directly integrate with Microsoft ticketing systems although they claim future compatibility. This might be an issue if your mailboxes automatically route emails to a ticketing system. Messages routed this way wouldn't be analyzed by Abnormal, potentially missing threats.

We use Abnormal Security for our email security.

Abnormal Security's visibility into internal spam attacks, thanks to its API-based architecture, has been exceptional. It's incredibly fast, with no delays, unlike other solutions that can introduce lag times of up to ten minutes. For executives, this is unacceptable. Having direct API integration is a game-changer. It provides clear visibility into messages and is remarkably user-friendly. There's no need for days of training on the admin dashboard; it's intuitive and straightforward. Clicking here and there is all it takes to search for emails. The interface displays delivery details, current location, and the processing outcome, indicating whether the email was deemed spam and moved to junk or considered legitimate.

Abnormal Security's full-spectrum email attack detection has proven effective in protecting us against various threats, including credential phishing, invoice fraud, extortion attempts, and name impersonation. On rare occasions where emails slip through the cracks, reporting them leads to swift remediation within two hours, accompanied by training updates to prevent similar occurrences. I haven't encountered similar emails after submitting reports.

It is important that threats can be detected in cloud collaboration applications such as Slack Teams and Zoom. Anything that will help protect our organization is valuable.

The Proof of Concept for Abnormal Security demonstrated its effectiveness by catching threats that Mimecast missed.

Its AI and machine learning expand the range of email attacks it can stop, while also reducing false positives. We had significant issues with our previous provider, Mimecast, experiencing numerous false positives reported by various teams. When I suggested that the system should be smarter, the response was usually dismissive. Thankfully, I don't encounter this issue with Abnormal Security. The biggest example I can give involves impersonation attacks. With Mimecast, any new employee creating an account on Thursday and then receiving emails from our recruiting team on the same day would trigger an impersonation alert, despite the recruiting team having prior interactions with that person. Abnormal Security, however, recognizes that the new account was recently created, the older account has a history of sending emails, and there was prior communication between the two accounts, accurately concluding that this is not an impersonation attempt. While we could potentially collect flight data to further solidify this, Abnormal Security's intelligence allows it to understand that such activity from a new employee is legitimate. We haven't experienced any false positives or false negatives with Abnormal Security.

The AI and machine learning capabilities have helped reduce the number of attacks that get through.

We have another solution that we placed in front of Abnormal Security for added security and we found that Abnormal Security is catching emails that were phishing extortion invoice fraud that the other solution didn't recognize as a threat.

Abnormal Security has reduced the amount of time our team spends on email incidents by a minimum of four to five hours per week.

It helped reduce the cost of redundant security email gateway solutions.

Previously, our solution lacked warnings about potential security issues. Abnormal Security, however, has identified a couple of instances where it flagged suspicious activity. For example, it might alert us that someone's account seems compromised and suggest taking action. If we don't intervene, Abnormal Security will automatically handle the situation. Importantly, these alerts provide valuable insights we never had before, such as identifying VPN usage. This increased visibility significantly enhances our security posture.

The features that appeal to me most are the combination of auto-remediation and Detection 360. The latter allows us to submit emails that seem to have been missed by the system. Within a few hours, a human expert reviews the submission and determines if it represents a missed attack. If so, they explain why it went undetected and then automatically remediate the issue. Additionally, the submitted email is used to train the AI, improving its ability to detect similar threats in the future.

One feature I'd love to see is outbound scanning. Currently, the system detects malicious outbound messages originating from my end. For example, if someone hacks into an account on my network and sends a malicious file to one of our clients, Abnormal Security alerts me about the message, but it doesn't prevent it from being sent. I'd like the ability to prevent such occurrences in the future.

I have been using Abnormal Security for three months.

Abnormal Security has been stable with zero issues.

Scaling Abnormal Security is not a problem.

Their technical support is incredibly fast and provides detailed responses, which is rare in my experience. Often, support representatives try to close tickets quickly and move on, which is understandable. However, I appreciate receiving thorough explanations, especially for complex issues like Detection 360.

For example, with Detection 360, they might say: "The most recent attack has been contained, and we've implemented a new feature to detect similar messages in the future. Business attacks occurred due to a gap in sender and recipient frequency analysis. To address this, we'll be incorporating a new general model."

This kind of information is valuable because it explains the problem and the solution. Similarly, if we have questions about phishing campaigns, they provide clear answers. For example, if we wanted to run a phishing campaign, Abnormal Security would already know it was a campaign based on our settings and would allow us to continue, which is unlike Mimecast and the other solutions I am aware of that would require digging deep through the settings and do test after test.

Positive

Previously, we relied on Mimecast for email security, but we found their product underperforming and their account team unhelpful. The support staff lacked expertise, leaving us vulnerable to phishing attempts and impersonations. We would receive phishing emails from scammers claiming to be the CEO of the company requesting gift cards, and some employees unfortunately fell victim. The need for robust email security, encompassing both phishing and malicious link protection, prompted us to switch to Abnormal Security.

Mimecast is so much of a problem that I have blocked its domain in Abnormal Security from emailing me.

Abnormal Security is the easiest solution I have ever deployed. Integrating Abnormal Security via the API is simple. I would be comfortable allowing a junior member of my team to deploy the solution.

The deployment took one minute to complete and required one person.

We implemented Abnormal Security with the help of one of their engineers on a call who walked us through the steps. After the deployment we continued to have regular weekly calls to check in and see how things were running and if we had any questions or concerns.

The pricing appears fair, and they demonstrate a genuine willingness to work with us on it. The media and entertainment industry has been impacted by recent strikes. They were quite understanding of our unique situation, given the significant impact on our industry, and they're always open to discussing how they can tailor their pricing to suit our needs. We feel a positive connection with them, and the feeling seems mutual. So, while pricing isn't typically a major hurdle, they are always looking at ways to further collaborate to make this work for both parties.

I would rate Abnormal Security nine out of ten.

Minimal maintenance is required.

While some may have concerns about Abnormal Security's relative newness, I'm curious what specific aspects of its youth are causing apprehension. The product is demonstrably performing well for our needs, and I'd encourage those with reservations to consider trying it firsthand. If not, I'm happy to move on from the discussion unless they're open to a hands-on evaluation. I'm always transparent about my experience with Mimecast and other solutions we explored before choosing Abnormal Security. Ultimately, as long as a product delivers results, its age shouldn't be the primary factor in our decision-making.

It's worth checking the Abnormal app store for potential integrations with other platforms your organization already uses, such as Teams, Slack, Zoom, Microsoft 365, Okta, or CrowdStrike. During the proof-of-concept, if Abnormal Security identifies existing integrations with these tools, it can further enhance its functionality.