We use Abnormal Security for blocking spam and email threats in a medium-sized manufacturing environment.

Abnormal Security is valuable because it features an automated scoring tool that doesn't require much intervention from our team. It enhances threat detection capabilities by making the process automated and is easy to scale to our entire environment.

Additionally, it protects us from being business email compromised, which is invaluable for maintaining our security.

There could be more selectable options and more granular selections available.

I have had experience with Abnormal Security for a few years.

The stability of Abnormal Security is excellent. I rate it a ten out of ten with no issues encountered.

The solution is easy to scale across our entire environment, and I would rate it a ten out of ten for scalability.

I rate customer support a nine out of ten. They have been prompt in responding and are knowledgeable.

We switched to Abnormal Security from a previous solution due to its processing and ease of use.

The initial setup for Abnormal Security was straightforward and easy.

It was myself and one other person, an enterprise manager, who handled the deployment.

The return on investment is seen in the security it provides, preventing business email compromise, which is invaluable.

I find the pricing to be favorable, but I did not disclose the exact cost.

I do not wish to discuss other solutions.

I would recommend Abnormal Security. Overall, I rate it a ten out of ten.

We have a separate Proofpoint email gateway, so Abnormal is what we consider to be defense in depth. It catches malicious emails that our primary email gateway misses, so we're depending on Abnormal to detect them for us. It also gives us trickier stuff, like zero-day threats.

We also use Abnormal for our abuse mailbox. Our users have a "report phishing" button in Outlook. If they get any suspicious email that they think is malicious or spammy, they can click that button and report it to Abnormal. The Abnormal abuse mailbox automatically analyzes it and responds to the user as to whether it is safe spam or malicious. If it is safe, it sends a copy of the email back to the user so they don't have to look for it in their deleted items.

We have close to 24,000 users. Not all of those are users because a large percentage of those work mainly in Salesforce, but many mailboxes. It's also three different Microsoft tenants because we acquired or merged with other companies throughout the years.

Abnormal helps increase the level of our email security. I would be uncomfortable if we did not have that second layer of defense. I think it's super important. Having Abnormal helps me sleep better at night by keeping an eye on the emails that Proofpoint logs in.

The solution's AI/ML features broaden the types of email attacks it can stop by learning employee behaviors. I recently got numbers from the Proofpoint and Abnormal sides, and the fact that Abnormal was still catching so many specific types of attacks that Proofpoint missed is kind of crazy. It says that Abnormal detected almost 7,000 attacks in the past 30 days. That's a huge number of emails.

Abnormal Security has reduced the time my team spends on those email incidents. I work on the admin side, so I'm not involved in running down the incidents on the SOC side, but we would need more people if we didn't have Abnormal automatically remediating so many of these attacks.

I didn't even realize it was stopping this many attacks. You let it go and do its thing. That's a lot of emails, and it takes a lot of time for a person to hunt down this volume of attacks. Even if it took only half an hour per attack, that's more than a full-time employee could deal with. If we didn't have Abnormal doing this, it would take at least two FTEs.

The solution helps reduce the costs of account takeover detection tools. We have it integrated with CrowdStrike, and Abnormal sends alerts back and forth. The integration with CrowdStrike helps us better monitor the environment and produces more alerts for the SOC to investigate.

I like Abnormal's threat protection with auto-remediation, but I also love its abuse mailbox feature, which automatically responds to the end user. That feature has a super-valuable security component and helps improve the user experience.

I also like the dashboard. It's easy to get information. For example, when my director asked for numbers, finding all these graphs on the dashboard was great.

We have an API setup with our automation software, so Abnormal gets alerts about spam and malicious threats. This sends alerts to our SOC, notifying them to take a closer look. From an API perspective, integration with our security automation software is extremely important to help draw attention to those sorts of things.

We've got some of those integrations set up, so it can get help from those feeds from an account takeover perspective. Abnormal can monitor many different inputs to draw attention to when an account might be compromised. We have started implementing those integrations to give Abnormal more signals to alert us about possible account takeover. We don't have it set up yet to monitor things going on in Slack or Zoom to be able to tell us when a conversation might be malicious.

Abnormal should add more automatic reports. I have an open request to our account team for more notification and report types that can be sent automatically. For example, they have an awesome report that gets sent weekly, and I also want them monthly, so I don't need to do so much adding up when my director wants numbers over time.

The company has been using Abnormal for a couple of years, but I've only worked here since last August.

I rate Abnormal eight out of 10 for stability. Periodically, we'll have an incident with the portal. They sent me updates about it, so I knew something was happening, but it didn't affect my daily work. Every once in a while, they have some back-end issues, but they communicate about it really well, which is something that I appreciate.

My company has acquired or merged with other companies, and it doesn't seem like Abnormal skips a beat, whereas with the Proofpoint layer, we've had issues with how it performed some upgrades to our cluster lately because we were having issues with email delays. I worry about the Proofpoint layer, not the abnormal layer. Abnormal seems to be so rock solid and scalable that I think it can handle whatever we throw at it.

I rate Abnormal support nine out of 10. Their support has gotten better. When I started, it seemed like there were a few hiccups, but it has markedly improved in recent months. I had found a support person that I absolutely loved. She was awesome. And she got promoted, and I was like, "I know you deserve this promotion because you are great." It's the support that got me even more excited about the product.

They're so good at following up on unusual cases and strange things that we were seeing in our environment that other customers weren't even noticing. She did a fantastic job with communication and following up with the back-end support. Since she moved on, it sometimes takes a little longer to get back to me when I open a support case. For the most part, they're still highly responsive and do a good job with communication.

They had been using Proofpoint Track, which was expensive. They were trying to save money because Abnormal has much of that same functionality. Also, I think it's a good idea to have two different vendors. Each has different threat intel that they can base their catches on. We can save money and get that defense in-depth because there were things the main email gateway was missing.

It only takes one malicious email that one user interacts with incorrectly to cause company-wide problems, so it's critical to have this area locked down as much as possible. At the last place I worked, we had the same kind of setup where we had an email gateway and a separate second layer. What I like about Abnormal is that it does a great job of automatically detecting and remediating threats.

I wasn't here when Abnormal was deployed, but I've been told that it was quick and easy. According to the story I heard, they were planning to renew Track before they realized how much it cost. Abnormal was easy enough to integrate with low configuration requirements that they could get it done within a couple of weeks, which is almost unheard of for tools here.

After deployment, the solution doesn't require much maintenance so far, but it will as they add more integrations. That is something I will be spending more time and energy on. Periodically, I need to add something to the safe list, but I don't spend as much time as I did on Proofpoint because Abnormal doesn't have as many false positives.

I can't put numbers to it, but our current environment needs to trim the budget as much as possible, and Abnormal has proven itself to offer such good value that no one has even mentioned not renewing it. It's considered an invaluable piece of our security fabric here, so it's such a good return on investment that even cost-cutters aren't looking to cut its cost.

It's cheaper than Proofpoint Track, the product Abnormal replaced. It saved us tens of thousands of dollars plus the cost of paying people to manually run down all of these malicious emails.

Abnormal is cost-efficient for what it does, and it's getting better. They're now adding many new integration types, so we'll expand the scope of what it can do for account takeover. They've also got a new threat intel piece that's available that they're continuing to add functionality to. It was cost-effective when implemented, but they are working to make it a better value.

I rate Abnormal Security 10 out of 10. If someone had doubts about Abnormal's maturity, I would reassure them that it has been rock solid in my experience. They are continuing to build more into the product all the time, and if it's missing a specific feature, then it will probably happen because it's not a static product.

While some products take a long time to build, Abnormal keeps things moving. They seem to have an excellent sprint cycle, with a solid focus on constant improvement. It would depend on what specifically they are looking for. To me, it acts like a mature product compared to other systems like this that I've used in the past.

We use Abnormal Security for our email protection in addition to Microsoft 365. Previously, we relied on another provider for many years to scan emails for malicious content, viruses, and spam. However, with the increasing sophistication of email attacks, our old provider simply couldn't keep up. Their system involved rerouting our emails to them for scanning before delivery to Microsoft 365. This approach proved ineffective, particularly for attacks like CEO impersonation emails or simple text messages requesting personal information. These attacks didn't contain any traditional malicious attachments.

Abnormal Security serves several key functions for us. Primarily, it excels at detecting malicious content. Additionally, it effectively isolates spam, preventing it from cluttering our inboxes. For legitimate but unwanted emails, such as newsletters, it creates a dedicated "Promotions" folder, keeping our inboxes organized. These are the main reasons we appreciate Abnormal Security.

Abnormal Security Portal Provides Comprehensive Email Security Management. We have access to a web portal provided by Abnormal Security. This portal grants us complete visibility into how Abnormal Security analyzes our incoming email. We can see everything it catches, how it classifies the emails as malicious, legitimate, etc., and the reasoning behind the classification. The portal is well-organized with dedicated sections for different threat types. We can easily identify account takeover attempts, vendor fraud attempts, and other threats. A particularly valuable feature is the search and respond functionality. In the past, we've encountered situations where employees accidentally sent out sensitive information or messages that shouldn't have been distributed. The portal allows us to quickly locate these emails and remove them from everyone's inbox, including deleted items. This ensures the emails vanish completely and never reach the intended recipients. Furthermore, the portal empowers us to manage our email security preferences. We can whitelist trusted senders and create custom blocklists for unwanted emails, providing a high level of control over our email environment.

While Abnormal Security has been effective in detecting a wide range of email threats, some emails have slipped through. To address this, we've educated our users. If they suspect spam, phishing, or an unusual email, they can report it directly through the "Report" button in Outlook which forwards to Abnormal, or by forwarding it to the "phishing" email address. This triggers a deeper analysis by Abnormal to identify any missed threats. According to our year-long data, users have submitted over 1,500 emails from 121 employees. Abnormal identified 4 percent as malicious and 9 percent as spam, with the remaining 87 percent deemed safe. These statistics indicate that Abnormal doesn't catch everything. However, by fostering a user base that remains vigilant and reports suspicious emails, we can leverage Abnormal's deep analysis to further enhance our email security.

During the pilot period, Abnormal Security's benefits became clear. We encountered an ongoing account takeover that we were initially unaware of. However, as Abnormal Security ran, it helped us organize and identify threats effectively. Feedback from the field has been very positive compared to our previous vendor. With our previous vendor, we received four daily emails notifying users about quarantined emails. These notifications cluttered inboxes and created confusion. There were instances where legitimate malware was quarantined, but the user received a message like "This email was quarantined for you. Do you want to investigate or recover it?" Unaware of the potential threat, some users might release the email, believing it to be a false positive. This could lead to compromising their credentials or infecting their computer. Abnormal Security takes a different approach. They automatically hide suspicious emails, preventing them from reaching user inboxes. This eliminates confusion and protects users from inadvertently engaging with malicious content.

We encounter AI in various ways. For example, it can be involved in filtering emails. For example, if I am receiving an email in my inbox that I prefer not to see there every day. I might move it to my promotions folder. Conversely, an email might land in promotions that I want to see in my inbox, perhaps because it's considered graymail. In that case, I can move it back to my inbox. The AI can learn from my actions and apply those preferences in the future. AI also plays a crucial role in defending against certain cyberattacks. Traditional methods might not be sufficient to catch these threats. AI can analyze incoming emails for a multitude of factors, performing a kind of predictive analysis on potential threats. These factors might include a sense of urgency in the email's tone, an email supposedly from the CEO but with an unrecognized sender address, or a domain that's a month old. Humans might not readily pick up on such red flags, but AI can effectively identify them.

My colleagues tell me that since we implemented this change, the number of attacks has decreased. I can confirm this by checking the dashboard, which shows the current attack volume. Even more importantly, by filtering out greymail into a promotions folder, everyone saves time by not having to sort through irrelevant emails in their inboxes.

There have been fewer IT tickets lately concerning suspicious activity. People used to report things like clicking on something malicious or questioning if an email was spam. Now, if something seems abnormal, it's sent directly to the Abnormal activity queue. Previously, we'd receive frequent reports about things like fake CEO emails or phishing attempts, but those types of tickets are becoming rare in our help desk.

Previously, we used a much more affordable email security solution. While Abnormal Security costs more, it outperforms or at least matches the capabilities of its competitors. We trialed Barracuda, but their pricing was prohibitive. Even if they lowered their prices now, I wouldn't consider them. Mimecast and Proofpoint, the other options we explored, were priced similarly. However, Abnormal's setup is significantly easier to use. While the initial configuration involves integrating it with our Microsoft 365 environment, Abnormal's day-to-day operation, configuration, and fine-tuning are much simpler compared to the other products.

The ideal scenario would be for Abnormal Security to work in tandem with Microsoft to analyze incoming emails. This means Abnormal Security would assess emails before they reach my inbox, even if it happens slightly after Microsoft's initial scan. Currently, the process isn't seamless. Microsoft analyzes emails and delivers legitimate ones to my inbox. Abnormal Security then scans these delivered emails, and if flagged as malicious, they disappear. This creates a problem for our ticketing system mailbox, which is a third-party service. Emails sent to the ticketing system address are automatically forwarded by Microsoft. However, if these emails are malicious, Abnormal Security only cleans them from my Outlook mailbox after they've been forwarded. Since we primarily rely on the ticketing system and not the Outlook mailbox, these malicious emails still reach the ticketing system.

I have been using Abnormal Security for eleven months.

I have never encountered any stability issues with Abnormal.

I don't know what would happen if we throw thousands of more users to Abnormal. However, based on our current usage and what we've observed with larger customers, there's likely no immediate issue. Abnormal seems to scale well for moderate growth. While substantial growth isn't on the horizon for us, it's worth considering scalability further down the line.

The technical support speed has been fantastic. They're very responsive. I usually get a same-day response on any tickets I submit. The representatives are knowledgeable and helpful, and they always jump right on any issues I bring to their attention. Overall, I haven't experienced any long wait times for support, although thankfully, nothing major has required fixing.

In the past, we utilized Mailroute for our email security. We simply configured our MX records to point to their servers. These servers would then collect and analyze our incoming emails for any threats. Only after deeming them safe would Mailroute forward the emails to our chosen provider, such as Microsoft or another service. We relied on Mailroute during the time we hosted our email on Exchange, before migrating to Microsoft 365. After a long-standing relationship of 15 years, we ultimately decided to switch to a different security solution.

The initial deployment was very easy. All I had to do was access the Abnormal service through the provided URL. It then requested my global administrator credentials for our Microsoft 365 environment, which I granted. This initial step simply integrated Abnormal with our 365 environment. After that, we configured the settings to determine what kind of alerts we wanted to receive. There were a few things that potentially needed to be done beforehand, such as setting up IT login access and establishing a process for handling the "abuse" mailbox and account takeovers. For account takeovers, we could choose to have Abnormal automatically remediate and lock out the user, or we could have it send an email notification to IT for manual intervention. All these configurations were done through simple checkboxes, which we reviewed with an Abnormal technician during our initial call. By following these steps, we were up and running within an hour.

It was super easy to integrate Abnormal via the API.

Barracuda offered a similar security solution, but with all the features we wanted, the cost came out to around $170,000. Abnormal Security, on the other hand, provides the same level of functionality for just over $60,000 – that's half the price! I'm getting even more value from Abnormal Security than I would have from Barracuda.

Last year, we explored alternative solutions. We evaluated Proofpoint, Barracuda, and Mimecast. All three offered API integration with our Microsoft 365 environment, enabling them to detect these types of threats. We piloted Barracuda but found it cost-prohibitive. While Proofpoint was appealing, we weren't impressed, and Mimecast proved overly complex to set up. Consequently, we stuck with our existing provider for another year.

Abnormal Security entered the picture later. We evaluated them and conducted a pilot program. Impressively, within a day of initiating the pilot, they identified a compromised account. Normally, they wouldn't reveal such findings until the pilot's conclusion. However, the urgency warranted immediate notification. They discovered that someone was accessing a low-level account from a location outside the user's usual login area in New York. This incident, coupled with Abnormal Security's overall capabilities, convinced us to switch providers.

I would rate Abnormal Security ten out of ten.

The previous solution had significant limitations. It functioned like a basic antivirus program from the 1990s. It would simply scan a file and determine if it was malicious or not. It lacked any context about the file or the sender. Abnormal Security takes a completely different approach. By integrating with our Microsoft 365 environment through an API, Abnormal Security understands our organization and communication patterns. It can identify important individuals and prioritize emails from them. This helps to prevent fraud attempts where someone might impersonate a VIP by using a spoofed email address. Abnormal Security goes beyond just checking attachments for malware. It analyzes various aspects of emails, including the sender's domain age, the language used, and other key factors. These elements are then factored into an algorithm that determines whether an email is malicious or legitimate. In contrast, the previous solution only focused on attachments. It didn't analyze the email content, sender identity, or any other contextual information. This made it vulnerable to phishing attacks and other email-borne threats.

This system is maintenance-free after deployment. It functions independently, even if I don't actively monitor it. Once deployed in our environment, it automatically adds new users to the portal and scans them. There's no need for further manual adjustments. While I only receive weekly reports outlining the number of attacks, actions taken, and breakdowns in graphs and percentages including most at-risk users, impersonation attempts, etc., the system itself operates autonomously.

There's very little setup involved with Abnormal. The installation and configuration process is virtually seamless. However, there's one key thing to keep in mind: make sure your email environment is clean before onboarding. This means having an accurate user count and keeping your mailboxes free of unnecessary data. Abnormal charges per user mailbox, so it's important to avoid migrating junk or accounts of terminated employees. These will inflate your bill unnecessarily. Beyond that, there's not much preparation needed for new users. Abnormal is a great product! One potential snag to consider is Abnormal's ticketing system integration. As of now, it doesn't directly integrate with Microsoft ticketing systems although they claim future compatibility. This might be an issue if your mailboxes automatically route emails to a ticketing system. Messages routed this way wouldn't be analyzed by Abnormal, potentially missing threats.