Our main goal is to use Abnormal Security as an additional shield against the increasingly advanced email threats targeting our organization. During our implementation, we've discovered additional benefits. Firstly, it dramatically reduces the time needed for investigations, giving our IT team more efficient access to search and discovery tools than our current system provides. Secondly, it empowers both our threat-hunting and incident response teams, especially frontline responders. This allows them to access crucial data points directly, without always needing to wait for escalations.

The biggest challenge we faced was sophisticated business email compromise attacks. These targeted our customers or vendors, with attackers gaining access to their legitimate email systems and impersonating users to send emails to our enterprise. Our existing security tools were ineffective at detecting this traffic, as it originated from legitimate mail servers and mailboxes of people we regularly communicate with. Traditional security analysis didn't have enough telemetry to detect the anomalies. We needed a solution to differentiate between genuine interactions with our customers and vendors and those disguised as them by attackers who had hijacked their mailboxes. This was the primary use case for Abnormal Security, and it's proven highly effective in addressing this challenge.

I'm impressed with their API architecture. One of the main reasons is its invisibility to threat actors trying to launch attacks. Unlike our traditional email security tools in the SEG, which attackers can easily detect before they even start emailing us, the API remains hidden until they've already begun their attack. This gives us valuable early visibility via the API, allowing us to easily pipe that data to other tools and stop advanced attacks more effectively. The improved visibility into our email infrastructure also benefits our IT teams. Using the API integration, they can now remediate issues in minutes, whereas before it could take hours. Previously, identifying an inbound cyber attack meant bouncing between several tools: one to identify the attack, another to track affected emails, and yet another to quarantine them. Abnormal's APIs streamline this process. With a single search, an IT technician can identify users who received the emails, track who clicked on them, see where the emails are located, and even delete them from everyone's inbox directly. This has drastically reduced our investigation and response time for phishing and BEC attacks, from hours to mere minutes.

Compared to many other vendors we considered, Abnormal Security stands out in its ability to detect the full spectrum of email threats. While our existing Secure Email Gateway handles traditional threats like spam and malware quite well, it often misses more sophisticated attacks. The SEG relies on static indicators like email flags, suspicious file hashes, or mass recipient lists. We can easily identify and filter out emails matching these criteria, but they do little to stop targeted attacks. Here's where Abnormal Security shines. Their anomaly detection engine excels at recognizing one-off attacks, including those where a threat actor infiltrates a vendor's mailbox and manipulates payment instructions or redirects transactions. Abnormal identifies these anomalies using behavioral analysis, effectively catching threats that traditional static methods typically miss.

The two main benefits Abnormal Security offers us are its ease of use and its powerful search capabilities. These features empower our internal teams to get more involved in the response process, helping us track down threats efficiently. Additionally, Abnormal's ability to stop advanced attacks significantly reduces our security team's workload. Security teams are consistently stretched thin, so minimizing wasted effort chasing false alarms is crucial. By keeping harmful emails out of user inboxes, Abnormal allows us to focus on other priorities. In summary, our primary gains from Abnormal are its effectiveness in blocking attacks and its ability to empower our internal teams, ultimately strengthening our overall security posture.

Abnormal Security's AI and machine learning capabilities significantly expand the range of email attacks they can block. This is crucial to optimizing their product's performance for us. Specifically, their ability to leverage AI indicators and extensive email telemetry is critical for stopping advanced threats, like compromised mailboxes sending disguised emails. Traditional methods often fall short in such scenarios. Our primary concern is identifying emails sent by a threat actor posing as a legitimate mailbox owner. AI-powered anomaly detection proves virtually indispensable in discerning the true sender's identity. Abnormal Security has identified and prevented several such sophisticated attacks in our own experience. One remarkable example involved a vendor's seemingly legitimate email flagged as suspicious by Abnormal. Initially dismissed as a false positive by our first responders, a deeper analysis of the email's telemetry revealed subtle anomalies. The email's sudden shift to a professional tone, unlike the typically casual communication with this vendor, was one such anomaly. As it turned out, Abnormal's suspicions were correct – the vendor's account had been compromised. This instance highlights the unparalleled effectiveness of AI in detecting sophisticated email threats. By focusing on abnormalities in email behavior, AI can uncover hidden dangers that might otherwise elude traditional security measures.

The deployment of AI has significantly reduced the number of internal attacks we encounter, and it has even extended its benefits beyond our perimeter. We've proactively alerted several customers and vendors about potential compromises before they even realized their systems were under attack. This proactive approach has been well-received, with many recipients expressing their appreciation for our timely intervention. Within our organization, AI has dramatically streamlined our security operations by automating the analysis of sophisticated attacks, freeing up valuable time and resources for our security teams.

Abnormal Security has dramatically reduced the time our team spends resolving email incidents. What used to consume hours or even days, depending on the attack and response complexity is now handled within minutes, often by less experienced team members. This has significantly improved our efficiency and freed up valuable time for other security tasks.

Although no product can eliminate attacks, we've been pleasantly surprised by the effectiveness of Abnormal Security. Initially, when we approached them with our use case and problem, we'd have been happy with a much lower catch rate. Stopping even a significant number of attacks would have been a success. But the actual results have been incredibly impressive. While some attacks still slip through, the features in Abnormal allow us to feed those cases back into their system. This feedback fuels the AI's learning process, helping it avoid repeating the same mistakes. Interestingly, the attacks that remain undetected are often difficult to define even for human analysts. They involve subtle cues that would be challenging for any AI to spot in the specific contexts we've encountered. One example involved a new customer with whom we had exchanged only a handful of emails. While this customer's account became compromised, the attacker wasn't the usual contact person. Since the AI had only profiled the communication style of the usual contact, the malicious email appeared normal compared to that limited baseline. In such cases, where the AI lacks sufficient data, even exceptional systems can be caught off guard. While no product is perfect, we're highly impressed by Abnormal's speed and efficiency in catching attacks. They've dramatically reduced the workload on our help desk compared to the past, with the results being clear and measurable.

Compared to our old solutions, Abnormal Security's incident response is like night and day. With our previous SEG, identifying and remediating a suspicious email was a cumbersome process. We'd flag the email, then jump through hoops to figure out who received it and if anyone clicked on it. With different modules and separate views, it was a mess. Once we confirmed the threat, another system hunt began, pulling emails from user inboxes. It was slow, fragmented, and frustrating. Abnormal is a breath of fresh air. If we spot a threat alert on the dashboard, we simply click on it to see all recipients, where the email sits, and who interacted with it. And then, the holy grail – a single button. Click 'Remediate', and those emails vanish from user inboxes, instantly neutralized. Just a button click from issue detection to resolution in seconds. All from one screen. That's the transformative power of Abnormal Security. Something our old solutions couldn't dream of.

Ease of use is undoubtedly one of the most valuable features of Abnormal Security. Its intuitive interface requires minimal training for our IT staff to extract significant value. It was practically plug-and-play, with minimal configuration needed on our end. The product itself has limited configuration options, as it leverages pre-built back-end tooling and algorithms to work its magic. This streamlined design makes it ridiculously easy to use and set up. Moreover, the Abnormal team provides phenomenal support whenever we encounter any issues, far exceeding the support we receive from many of our other tech vendors.

The biggest pain point for us is the lack of support for on-premise email systems. This would be a game-changer for our team. I haven't identified any other major areas for improvement. The platform is already streamlined and user-friendly for our users. Ideally, we would love to manage everything within the Abnormal console. It already addresses all the pain points our internal groups identified with our old SEG tooling. From our perspective, the main area for improvement would be adding support for on-premise email systems. If Abnormal offered such functionality, we wouldn't need any additional external tools.

I have been using Abnormal Security for almost two years.

Abnormal Security is stable. We have not encountered any downtime or issues that impact performance.

Abnormal Security offers excellent scalability, making it ideal for environments of various sizes. Our main enterprise setup with 12,000 mailboxes, operates seamlessly. Additionally, when we acquire smaller companies with, say, just 50 mailboxes, we can easily integrate them as subtenants, granting them immediate access. Regardless of the mailbox count, be it 50 or 10,000, Abnormal Security scales effortlessly to accommodate their needs.

Abnormal's technical support is incredibly responsive when we encounter issues. We first used them shortly after our initial deployment when we hit a snag with an email we thought should have been blocked. It was just a single email, and they resolved the issue within five minutes. They promptly stopped another attack just a few minutes later. Their response times are truly impressive, and they avoid unnecessary back-and-forth communication. Unlike many tech support teams who spend long periods gathering information before handing things off to another technician for a callback, Abnormal takes ownership and resolves issues swiftly. We always feel heard and valued when we contact them. They get it right, and they get it done quickly.

Positive

Before adopting Abnormal Security, we relied on Microsoft Office 365's security suite, including Defender and Exchange Online Protection, along with Mimecast Secure Email Gateway. However, these traditional tools proved ineffective against advanced attacks that slipped through the cracks. This vulnerability prompted us to seek a more robust solution, leading us to Abnormal Security. The rationale behind this shift was twofold. Firstly, we needed a tool capable of intercepting the sophisticated threats bypassing our existing defenses, attacks with severe financial repercussions if successful. Secondly, we aimed to minimize the operational burden on our IT and security teams. By deploying an automated platform capable of handling routine incident detection and containment, we could refocus our personnel on higher-level tasks.

We've implemented Abnormal Security for our main enterprise and a few of our acquired companies that already had cloud email systems. The process is incredibly user-friendly. Authorization involves only two clicks once their support team sends the necessary links for adding them to our enterprise tenants. It's a breeze to set up and eliminates the substantial configuration work required by traditional SEGs, which surprised us greatly. We're glad to be free from policy creation, allowlist, and blocklist maintenance, and even bypass configurations for SPF headers. The tool's elegance lies in its automated backend processes, eliminating the need for manual allowlist/blocklist adjustments, as the technology intelligently manages these aspects.

Integrating Abnormal Security through their API was incredibly straightforward. It took only two clicks! We've even combined it with one of our existing security platforms, and that too was just a single click within each platform thanks to the well-designed API. Honestly, it's one of the simplest security product deployments I've ever experienced in our company.

Only one IT team member, possessing the necessary permissions, could deploy the change.

The implementation was completed in-house with the help of Abnormal's deployment team.

Overall, we'd certainly prefer lower pricing, but Abnormal Security doesn't seem unreasonable compared to similar offerings in the market. Notably, if we replaced our Mimecast email protection with Abnormal Security, we'd save money. Given their strong features and competitive pricing, I believe they're well-positioned. While I understand the appeal of lower prices, I think Abnormal's current pricing is fair for what they offer.

While evaluating solutions back then, Abnormal Security stood out with its advanced AI capabilities in the email security space. While a few other players existed, none matched their level of sophistication. Today, there are new contenders like Avanan. We did consider Proofpoint, impressed by their AI initiatives and user-centric approach. However, similar to Mimecast, they seemed adept at catching signature-based threats but struggled with advanced business email compromise attempts. During our Abnormal Security proof-of-concept, the detections lit up like a Christmas tree, highlighting their effectiveness against these sophisticated attacks.

I would rate Abnormal Security a ten out of ten.

It is not that important that Abnormal Security can detect threats in cloud collaboration applications because we are a Microsoft team shop so we are not using a lot of the other collaboration tools. So exploring new frontiers isn't a high priority for us right now. While I'm curious to see what innovations emerge in that space, it's not something we're actively looking to deploy at this time.

While Abnormal Security offers strong capabilities, it hasn't eliminated the need for our existing secure email gateway solution entirely. Our situation is unique due to our merger and acquisition activity. We initially hoped Abnormal could replace our SEG and reduce costs. In terms of features and performance, it outperforms our current solution for specific tasks. However, we couldn't fully switch because our existing SEG provides crucial protection for both on-premise and cloud-based emails. In our acquisition scenario, Abnormal wouldn't immediately protect acquired companies using non-cloud email systems. The migration process would be lengthy, delaying security coverage. Conversely, our current SEG allows us to quickly add protection by simply repointing DNS records, offering immediate security for acquired companies within an hour. Therefore, while Abnormal is a compelling alternative, it doesn't address our specific on-premise email needs due to their current product offerings. If not for this factor, we would readily consider migrating entirely to Abnormal Security.

Although Abnormal Security has delivered cost savings in managing account takeover incidents, the key driver behind its implementation wasn't cost reduction. We didn't have a separate solution focused solely on account takeover before, so Abnormal filled a critical gap in our security posture.

While the platform itself requires no active maintenance, it's still essential to provide some basic care. This involves regularly reviewing audit logs and threat dashboards to ensure their continued functionality. The key difference compared to other platforms lies in the lack of constant updates. Unlike systems plagued by frequent firmware updates, signature refreshes, and hash revisions, this one quietly hums in the background, needing only oversight to confirm its smooth operation.

Our initial internal debate about Abnormal Security's maturity stemmed from the specific problem we wanted to solve by adopting their platform. Our threat actors are highly sophisticated and constantly evolving their tactics, outpacing traditional security solutions. While classic methods are excellent for known threats with established patterns (think signatures based on 20 years of historical data), they struggle to keep up with rapidly changing attackers. This is where AI-powered solutions like Abnormal shine. The significant advancements in AI have only recently matured enough to meaningfully impact security, and companies like Abnormal, focused on cutting-edge solutions, can't boast long-standing track records because the technology itself is barely five years old. So, for those facing novel, bleeding-edge threats, partnering with a provider like Abnormal, operating in the same bleeding-edge space as the attackers, becomes crucial. Our initial hesitation about Abnormal seems rather silly in retrospect, especially considering we only planned to use it as an initial augmentation to our existing defenses. My advice for anyone with similar doubts is to, clearly define what they need to protect and they will realize that tackling cutting-edge problems requires solutions that meet their opponents on their bleeding-edge turf.

Our use case was to pull malicious emails that were getting through our secure email gateway and making it to our inboxes. We were trying to shrink that footprint from a typical 85% to less than 5%.

It protects us. It's something that I can trust. I've gone from trying to get things done on a regular basis to I can set it and forget it due to the quality of the app. The platform is very trustworthy.

The most valuable aspect of the solution is the ability to pull out threats from mailboxes quickly instead of going through Microsoft's content query.

Their ability to take things out of the mailbox and catch things much faster than users is excellent. 

It is extremely efficient and quick, giving us visibility into internal spam attacks due to its API-based architecture.

The solution is great for detecting the full spectrum of email attacks.

It's important to have normal architect threats in cloud collaboration applications. My ecosystem is my ecosystem. If we are accepting just from outside of the business, and they are coming in through methods such as Slack, Teams, or Zoom, then they're absolutely a concern.

The AI and ML broaden the types of email attacks it can stop. It learns employee behavior. So far, it has helped us to reduce the number of attacks that get through. While it doesn't completely remove threats, it does bring threats down to a manageable level for small companies or small security teams.

It reduces the amount of time spent on managing threats. It also gives us a little bit more flexibility in some instances. It'll mark something as a threat, or it'll start to monitor things naturally. And then some of the integrations such as the CrowdStrike Integration, put these users on a watchlist. That way, if something strange does happen, extra scrutiny is done on those individuals to ensure that there are no account compromises or anything like that.

Abnormal helped us to reduce the cost of redundant, secure email gateway solutions. We went from Mimecast as a secure email gateway, which was a cost per year, to Microsoft's secure email gateway, which is baked into our existing Office 365, and so that was a cost savings immediately. We've saved probably about $50,000. I spent about $180,000 total for the services and tools that we had. However, then saved $50,000 for the secure email gateway, and then on top of that, I have a much, much better product that catches a lot more - which is limiting my exposure at the user level.

They misclassified extortion quite frequently, however, it still catches it. It's still a threat in some way, shape, or form. They just miscategorize it.

Adding an ideas button inside the console would be helpful. When we're working on something as engineers, and we find an idea or a method of doing something that would be greatly improved by doing it another way, there should be an ability for me to click the ideas button, type in an idea that I have, and submit it to a product review team or developers to have them think through the process a little bit more. This would also give them the ability to have instant input into the console and instant input into the services so that they would have a more agile response to providing better value to the customer.

I've been using the solution for six or seven years.

We've had zero issues with stability. Their uptime is almost 100%.

The solution is completely scalable. 

I regularly communicate with technical support. It's extremely quick. They are very accurate and thorough. They listen to my concerns, and they repeat them back to me as they understand them. They usually have some type of answer. They understand when I'm looking for something, and I'm not getting what I want.

Positive

We previously used Mimecast.

Mimecast just wasn't getting the job done. There were so many threats going into the inbox. I would spend most of my day chasing after threats.

I was involved in the initial deployment. It took more time to have introductions on the call than it did to actually do the API integration. The process was very straightforward. The first ten minutes would have been introduction and conversation, and the last four minutes would have been flow integration.

I mostly handled the setup myself. 

There is no maintenance needed on my end. 

We implemented the product with the help of Abnormal. They have a very hands-on approach.

While the solution is pricey, I get a lot of value from the services I receive. 

I'm a customer. 

I'd rate the solution nine out of ten overall. 

I would advise others to get experience with Abnormal. Do the demo. The proof is in the pudding. It's one of the very few products that works exactly as it's designed to work. The quality of the output is right there. The service speaks for itself. 

Talk to their staff and their team and look at their metrics. Then, turn on Abnormal and see what it catches. Do a side-by-side comparison.

The primary need for the product, what drove us to that product, was a need for greater email security. We had been experiencing a series of executive impersonation attacks that our current email gateway was not able to pick up. People were pretending to be an executive at our organization and trying to get people to buy gift cards or send them the codes or complete an action or something along those lines for them. We did a proof of concept with Abnormal, and it did a really good job of preventing those attacks from happening.

With Abnormal, I've gotten my weekends back. In my case, I was getting paid every weekend to do email remediation, and I was having to pull in on-call administrators. We were doing search and destroy and forward attacks. That was every single weekend basically that we were dealing with some type of attack. Usually, the attack was an executive impersonation that required us to move quickly. Once I put Abnormal in and we got it into Active Protection, it was almost like magic. Those attacks just went away.

The net result for the business is that we get to focus on more proactive things. We stopped firefighting, and we started doing things that helped us holistically improve our security posture. The automation really, really helped us focus on more important work.

The time to value was immediate. We put it into a passive mode for a month or so as part of a proof of concept. We liked what we saw. When we turned it into active mode, it was immediate.

Email is the primary attack factor on humans, and we needed something that could protect our staff.

Artificial intelligence does an incredible job of identifying an attack and auto-remediating it before it hits our users' inboxes. That for us is huge. It keeps problems from ever hitting the inbox. It's done a very good job of it.

It is giving us visibility into internal spam attacks due to its API-based architecture. It's really our primary tool for email defense. We have visibility into attacks now. We can see what's been remediated or not remediated. We've had very good and responsive tech support in the process. The fidelity has been very high. If it identifies an attack, it's very rarely wrong. It also does an incredible job of identifying compromised accounts. We don't get a lot of false positives.

The solution overall is fantastic for detecting the full spectrum of email attacks due to its API-based architecture.

The solution's AI and ML for learning employee behavior broadens the type of email attacks it can stop. It's not just looking at basic things, either. It's really taking a look at things like the address that's used in the email. It does some really cool stuff that other tools aren't doing. We found it to be really effective, and the  AI/ML functionality is really what differentiates them. It's reduced the number of attacks by maybe 60% or 70% at a minimum. It's likely higher. There was a significant drop in attacks once the solution was implemented. 

The solution's AI and ML capabilities help to eliminate the type of attacks that get through, like, credential phishing and account takeovers. A majority of attacks no longer end up in anyone's inbox. 

Overall, Abnormal Security reduces the amount of time our team spends on email incidents by maybe 60%. It's had a major impact. It's allowed us to do more proactive work. 

The solution saves time. The amount of time saved is likely at least half of a full-time employee. 

There's nothing we need to improve at this time. Their team has been great with us. Their technical teams talk to us often. We've had the opportunity to serve on advisory committees; we even had a call with the CEO of the company, asking about how the product is working for us. They have been and continue to be super attentive to our needs. As a result, I don't really have any gaps in the product as they've been listening all along the way and adjusting.

That said, the pricing for academic institutions and student mailboxes is challenging. We have a lot of vendors who, when we purchase for faculty and staff, we get student licenses for free. We typically don't have IT budgets at universities like major corporations do. It makes this product very expensive for us. In the end, we came to a fair result, however, there's room for adjustments in that licensing model.

I've been using the solution for about two years right now. In January, we will start our renewal process for the third year.

We've never had stability issues. I'd rate stability nine or ten out of ten. 

We are protecting our entire mail environment, which is Google and Microsoft. We are protecting students, faculty, and staff, and we are protecting a healthcare environment since we have a university hospital system that we are protecting. Overall, we've got over 25,000 employees and over 30,000 students.

The solution is cloud-based, so it is pretty scalable. I'd rate scalability ten out of ten.

We may expand usage in terms of product expansion. They have another product that is on our roadmap to look at. They also have some integrations with Crowdstrike that look interesting. 

Technical support is excellent. 

I've never had a vendor engaged like this. They're really passionate about improving the product, and whenever we've had an issue, we've got great support. I've never had to escalate anything. They've been great.

Positive

We use Microsoft Advanced Threat Protection. It's complimentary. Advanced Threat Protection is still in place. This sits on top of that and provides an additional layer of security. It catches a lot of things that Advanced Threat Protection does not catch. 

It was easy to integrate Abnormal Security via API. It was a lot harder to get through things like contracts and business associate agreements. The actual part of turning the tech on took less than a day.

We monitored everything in a proof of concept. We monitored the results for about a month before we turned it on and active; however, that was just a toggle. The actual part of hooking it up to our systems took a day.

We had security and mail administrators involved in the deployment. We had four people involved; however, it wasn't a massive thing. It was more just to make sure that everyone's voice was included. 

Not much maintenance is needed. We don't have to spend a lot of time on the tool to get value out of it. We use it for reporting. We use it to investigate incidents, et cetera, however, there's no hands-on maintenance due to the way that it's deployed. There's no patching or updating VMs or anything like that. That's all handled by the vendor.

I can't speak to a direct ROI. However, we did have staff time returned to us, and we have been able to focus on other initiatives around email. It has been a net positive, however, I don't have any specific statistics related to ROI.

The pricing is fair. We've worked with Abnormal on pricing as we're an educational institution and have a different makeup than a typical organization with a specific number of employees.

We chose Advanced Threat Protection from Microsoft several years prior. At the time, we also evaluated Proofpoint and chose Microsoft. We did not directly evaluate any other solutions beyond Abnormal. 

I'm a customer and end-user.

While I understand Abnormal security can detect threats in cloud collaboration applications like Slack, Teams, and Zoom, we have not expanded into that. We've used it really only for email so far. That said, I'm very interested in that. After all, with email it's been very effective for us.

If a company that's considering using Abnormal says they are concerned about it not being as mature or established as other solutions on the market, I would just tell them to do a POC. We had a remarkable POC. It's really easy to set up. You can do it in a read-only mode, and you'll get a really good idea of what the tool can or cannot do, and then you can make a good decision. I've participated in several reference calls for others in higher education who had questions about the product. I've referred multiple customers to them. It solved so many problems for me, and it allowed me to focus on more high-priority tasks.

I would absolutely recommend the product. 

I'd rate it ten out of ten. It's one of the very few products that I would not want to be ripped out of my environment. It really does solve so many problems.

We use Abnormal Security to protect us against phishing.

We implemented Abnormal Security to reduce the number of phishing attacks that reach users, internal customers, and other users in our organization. This automated AI-driven technology replaces the need for multiple resources to review, identify, and block malicious emails.

The ability to quickly spin up a Proof of Concept is one of the easiest things I have ever done. POCs can integrate with our Outlook and Active Directory environment within 15 minutes. This is because they are API-driven. This allows them to easily go back in time and look for past emails that were missed, as well as show us the remediation option for any new emails that come to our organization.

Abnormal Security also allows us to assess the risk of our partners. When partners send us emails, Abnormal Security can identify whether they are potentially high-risk based on data from other customers or on certain trends that it sees in emails coming our way. This allows me to assess both internal and external risks.

Abnormal Security's ability to detect threats in cloud collaboration applications is critical. These applications, such as Slack and Teams, are increasingly being used for communication, and they can be leveraged by attackers to send malicious links and attachments. For example, an external attacker could reach out to us on Teams and send us a link in the same way as they would in an email. This is why it is important to have security solutions in place to protect against these threats.

The biggest benefit of Abnormal Security is the visibility it provides in the full-blown email environment. At my previous company, we were able to reduce our number of phishing-driven events by 70 percent in the first six months of use. As a result, my team was able to move away from dedicated phishing resources and into a more proactive stance, which has allowed our security organization to mature quickly. We realized the benefits of switching from a high-touch to a low-touch solution almost immediately. Every tool needs some maintenance, but Abnormal Security is much more hands-off. It just works, with minimal care and feeding required. The benefits, or ROI, were evident to everyone, up to and including leadership. Abnormal Security not only reduced spam thanks to its graymail feature, but it also allowed us to reduce noise from advertisements and sales engineers, and to provide better cost-oriented feedback because users now receive feedback when they submit phishing emails.

The AI and machine learning functionality improves visibility into broader attacks. With the advancement of AI, threat actors are now leveraging it to create spear-phishing emails that are quicker to put together and send to specific leaders and executives within organizations. AI can handle upwards of 20 languages, so emails now look cleaner. Typically, if an email is written by someone who doesn't speak English as their native language, we'll find grammatical errors. With AI, these errors are fixed. Abnormal Security's AI and ML technologies can see the patterns, adjust their AI models, and adjust much quicker than a person could at this point. 

The trained AI model can quickly adjust to new attack patterns and update its models accordingly, providing more visibility and quicker adjustments to new types of attacks. Typically, threat actors will change their approach once they see that we have stopped them. They will change the look of their attacks. And while I trust my analysts to figure out and catch the new ones, I would rather trust an AI model that can adjust much quicker on the fly than a human analyst. So I think Abnormal Security provides a good balance between machine learning and human judgment. Their tools are always being updated with customer feedback and input to ensure that they are as effective as possible.

Abnormal Security has helped us reduce the time we spend on email incidents. In my current organization, we are just implementing it, but in my previous organization, Abnormal Security significantly reduced the time we spent on email incidents. When we turned it on, my team was asking me what they should be doing now. This is a good problem to have in my world because I had plenty of stuff for them to do. It has also allowed them to grow, learn, and develop as security leaders. My team used to spend hours each day on email incidents and it turned to 15 to 30 minutes a day after we implemented Abnormal Security.

Abnormal Security helped to reduce the cost of redundant secure email gateway solutions by 50 percent. Abnormal Security integrates well with Microsoft and works very well with the Microsoft email protection tool, as well as others like Mimecast. It reduces the need for an additional SEG or Proofpoint-like solution. The cost is user-based, and I think it's been affordable at both organizations for the value it brings.

It helps reduce the cost of account takeover detection tools, especially for fraud.

Initial auto-remediation allows us to auto-remediate before the email lands in the end user's inbox for a split second. At that point, they identify if it's malicious or not. The auto-remediation feature is as important as the ability to report a phishing email to an abusive mailbox. If something does land in our inbox, and we think it's phishing, we can report it through the phishing button. The solution assesses to see if it's benign spam or legitimately phishing email.

Abnormal Security needs to continue to grow in all directions, partnering with other key players such as CrowdStrike, an EDR solution. I think it is key to continue to partner with these tech leaders and bring all of that telemetry into a single pane of glass.

I have been using Abnormal Security for two years.

We have not had any stability issues with Abnormal Security.

Abnormal Security is scalable and adjusts to our environment.

I am greatly satisfied with the technical support.

Positive

I previously used Proofpoint Email Protection and Armorblox. I switched to Abnormal Security because the proof of concept was easy to set up and the evidence of its effectiveness was clear. I also trusted the recommendations of my peers in the industry who had used Abnormal Security and put it into production. The POC showed us what Abnormal Security could catch that my current tool was missing, which was huge. We also did an apples-to-apples comparison of Abnormal Security to other solutions and asked our peers about their experiences. All of the feedback was positive.

Abnormal Security can be deployed quickly, providing rapid visibility into the environment. We can use AI models to identify patterns and adapt quickly to new types of phishing emails. Our abuse-mailbox allows us to be customer-focused, and we also provide insights to our partners on a daily and weekly basis.

The only con I see with Abnormal Security is the lack of customization.

Deployment is seamless. It took less than 30 minutes to get on a call with Abnormal Security to ensure that we had the right people with the right access on our side, and then to grant Abnormal Security access to integrate their API. From there, the Abnormal Security tool imported almost everything, and setting up users is easy. As an administrator of the solution, I can add more users to it and tweak the console and system to our liking, to a certain extent.

Abnormal Security provides an onboarding engineer, whom they call a success manager, to work with us during implementation.

The license is based on the user count, so the number of users that have an email address in the organization. Compared to other solutions the price is fair.

I would rate Abnormal Security nine out of ten.

We have 1,000 users.

The maintenance required is minimal. 

With its ability to utilize technology, AI, and other tools, Abnormal Security has caught up to or even surpassed its competitors that have been around for longer.

I recommend conducting a proof of concept of Abnormal Security, which is very easy for customers to do and is likely to provide them with more insights.

At a high level, we leverage Abnormal Security for all spam filtering, but it is more than that. It is not your basic old spam filtering. They are finding things or phishing attempts that are very targeted, such as spear phishing emails that come through the pipeline and may look innocent or innocuous to most email security tools. Abnormal Security is able to spot them and essentially, mitigate and remediate them so that the users do not accidentally fall for something they should not.

Abnormal Security provides visibility into internal spam attacks due to its API-based architecture. At a high level, they have a bunch of dashboards and things like that that let you view who are the most targeted people and who are they auto-remediating. That is one of the key features. They reach into the box and pull these sorts of emails out before people start responding to them. All the information about who is being attacked and what sort of attacks are occurring is there in dashboards.

Abnormal Security can detect the full spectrum of email attacks. Because they have this AI-based model, they seem to be able to find things that other spam filters using just the basic algorithms cannot find. Abnormal Security is then able to auto-remediate that. It can pull that stuff right out of the box.

It learns from what employees are doing and what is standard procedure versus not, so the intent is to broaden the types of email attacks it can stop. Its AI and ML capabilities have helped big time to reduce the number of attacks that get through. We have a small team. Without it, they would have to actively work through various types of spear phishing or phishing that get through to our employees. That has been greatly reduced, so the team can work on higher-value tasks. Because of all the auto-remediation, people are more productive, and we can work on more proactive things. In the past, it took anywhere from 40 to 80 hours a week working on these sorts of things. It has gone to less than a day or eight hours of a work week.

Abnormal Security has reduced the amount of time our team spends on email incidents.

Abnormal Security will help to reduce the costs of redundant Secure Email Gateway solutions. All of our contracts have not expired yet. 

Its core function or the ability to catch spear phishing that uses certain types of social engineering techniques is valuable. For example, they might send an email to the payroll saying, "I am a former employee, and I need my last check sent to this other address. Can you help me?" They are super innocuous like that. In such situations, someone might get involved in a social engineering error where they go ahead and email back. Abnormal Security catches this type of social engineering behavior through its AI-based spam filtering.

One of the things that I love about them is that the setup and installation are super easy. All you do is give them access to your Microsoft 365 tenant, and through APIs, they are able to do their work. They are doing all this through APIs, so you do not have to install the software and take a month to get it all set up to even see the value of the solution. You could be up and running in less than an hour.

I, as such, do not have anything that I do not like or would like to add, but you could argue that because they are doing it API-based, there is a chance that something could slip through temporarily before they are able to pull it out. In theory, it could happen just because of the nature of the system. They are not in line with the delivery of the mail. They are kind of asynchronous, which is a pro as well as a con. If it is synchronous, then I know it would always stop them, but because it is asynchronous, things could get through temporarily or because of some system issues on the Microsoft side or their side. It is the nature of the beast, but it is a little bit of a con.

We have been using Abnormal Security for a year and three quarters.

It is stable. If there were any issues, they were very little. The one time we needed some support was when we were trying to do phishing tests on our own employees. We were getting help from them to be able to make sure that they were allowed-listed to happen. That was probably the only time when we really needed their help because otherwise, they would have caught it.

It handles us just fine. Because it is on the cloud, I get a feeling that it is very scalable, but we have a small number of accounts. We are at about 1,600 or 2,000. It is not a giant footprint. It has no problems with us. They have much bigger installations than ours.

My team has contacted them but I have not. 

We were using something else for spam filtering. It was pretty much a spam filter. We were using Cisco IronPort. They are not even on the same plane. We left Cisco IronPort running while running Abnormal Security. There were things that got through Cisco IronPort but could not get through Abnormal Security, so in line together, it found things that the other one could not.

It is on the cloud. I was not involved in the initial deployment, but my team was. My team did the deployment, which consisted of us giving them API credentials to hit the Office 365 tenant, and it was deployed.

It was super easy to connect or integrate Abnormal Security via API. We literally just gave them an API key to be able to hit Office 365. It has the fastest time to value that I have ever seen for a product. You set up an account in Office 365 and hand in the credentials, and they can start scanning your environment in a split second.

In terms of maintenance, the integration requires no maintenance. There is no maintenance there, but you should be looking at the system and seeing if there is anything that gets through or does not get through. You need to make sure that your team is looking at it actively to see if there is anything that is getting through or if there is something that got overblocked. That can happen on occasion. There could be a false positive, but other than that, typically, your security team looks at your Secure Email Gateway on a regular basis.

We got an enterprise deal, but I do not know how their pricing works. 

We had been looking at a host of other options, but nobody had really put in the time. When we saw Abnormal Security, it became obvious that these guys were next-generation, and we should just do it.

To someone who is considering using Abnormal Security but is concerned that it is not as mature or established as other solutions, I would say that many of the new solutions that come out are much better than old solutions because they are coming at the problem from the new modern way they need to. Because Abnormal Security is 100% API-based, they are able to install it super fast and handle the solution much better and easier than the old-school way of doing things. Many times, some of the solutions that are established are still doing things the old way, and they have not kept up with the things that have changed in the cloud or things that have changed in the API or AI and ML. Abnormal Security is surely new, but the capabilities that they have are beyond what many of the current vendors are capable of. It comes down to whether you want to try and stay ahead of the curve, or you want to stay behind it and then you have the wave crash on you because you did not stay ahead of it.

To those researching or evaluating this solution, I would advise doing a PoC with other solutions and seeing how long it takes to get it set up and how much email or time it reduces for your team. I do not think they are even going to be close. When you see how fast you can get Abnormal Security up and running and the novel things that they can find, that alone should make you realize that you need some of this. They do all the basics, and then they find things that nobody else can find. One of the biggest challenges that we have in the industry is the spearfishing of people who sign paychecks or move money around. If you can protect them because they have the keys to the castle, it is worth the money.

Abnormal Security can detect threats in cloud collaboration applications such as Slack, Teams, and Zoom, but we are not leveraging any of that today. It would be valuable for us, especially because attacks on Teams are becoming a thing.

Overall, I would rate Abnormal Security a 10 out of 10.