Abnormal Security Reviews

We use Abnormal Security to protect us against phishing.

We implemented Abnormal Security to reduce the number of phishing attacks that reach users, internal customers, and other users in our organization. This automated AI-driven technology replaces the need for multiple resources to review, identify, and block malicious emails.

The ability to quickly spin up a Proof of Concept is one of the easiest things I have ever done. POCs can integrate with our Outlook and Active Directory environment within 15 minutes. This is because they are API-driven. This allows them to easily go back in time and look for past emails that were missed, as well as show us the remediation option for any new emails that come to our organization.

Abnormal Security also allows us to assess the risk of our partners. When partners send us emails, Abnormal Security can identify whether they are potentially high-risk based on data from other customers or on certain trends that it sees in emails coming our way. This allows me to assess both internal and external risks.

Abnormal Security's ability to detect threats in cloud collaboration applications is critical. These applications, such as Slack and Teams, are increasingly being used for communication, and they can be leveraged by attackers to send malicious links and attachments. For example, an external attacker could reach out to us on Teams and send us a link in the same way as they would in an email. This is why it is important to have security solutions in place to protect against these threats.

The biggest benefit of Abnormal Security is the visibility it provides in the full-blown email environment. At my previous company, we were able to reduce our number of phishing-driven events by 70 percent in the first six months of use. As a result, my team was able to move away from dedicated phishing resources and into a more proactive stance, which has allowed our security organization to mature quickly. We realized the benefits of switching from a high-touch to a low-touch solution almost immediately. Every tool needs some maintenance, but Abnormal Security is much more hands-off. It just works, with minimal care and feeding required. The benefits, or ROI, were evident to everyone, up to and including leadership. Abnormal Security not only reduced spam thanks to its graymail feature, but it also allowed us to reduce noise from advertisements and sales engineers, and to provide better cost-oriented feedback because users now receive feedback when they submit phishing emails.

The AI and machine learning functionality improves visibility into broader attacks. With the advancement of AI, threat actors are now leveraging it to create spear-phishing emails that are quicker to put together and send to specific leaders and executives within organizations. AI can handle upwards of 20 languages, so emails now look cleaner. Typically, if an email is written by someone who doesn't speak English as their native language, we'll find grammatical errors. With AI, these errors are fixed. Abnormal Security's AI and ML technologies can see the patterns, adjust their AI models, and adjust much quicker than a person could at this point. 

The trained AI model can quickly adjust to new attack patterns and update its models accordingly, providing more visibility and quicker adjustments to new types of attacks. Typically, threat actors will change their approach once they see that we have stopped them. They will change the look of their attacks. And while I trust my analysts to figure out and catch the new ones, I would rather trust an AI model that can adjust much quicker on the fly than a human analyst. So I think Abnormal Security provides a good balance between machine learning and human judgment. Their tools are always being updated with customer feedback and input to ensure that they are as effective as possible.

Abnormal Security has helped us reduce the time we spend on email incidents. In my current organization, we are just implementing it, but in my previous organization, Abnormal Security significantly reduced the time we spent on email incidents. When we turned it on, my team was asking me what they should be doing now. This is a good problem to have in my world because I had plenty of stuff for them to do. It has also allowed them to grow, learn, and develop as security leaders. My team used to spend hours each day on email incidents and it turned to 15 to 30 minutes a day after we implemented Abnormal Security.

Abnormal Security helped to reduce the cost of redundant secure email gateway solutions by 50 percent. Abnormal Security integrates well with Microsoft and works very well with the Microsoft email protection tool, as well as others like Mimecast. It reduces the need for an additional SEG or Proofpoint-like solution. The cost is user-based, and I think it's been affordable at both organizations for the value it brings.

It helps reduce the cost of account takeover detection tools, especially for fraud.

Initial auto-remediation allows us to auto-remediate before the email lands in the end user's inbox for a split second. At that point, they identify if it's malicious or not. The auto-remediation feature is as important as the ability to report a phishing email to an abusive mailbox. If something does land in our inbox, and we think it's phishing, we can report it through the phishing button. The solution assesses to see if it's benign spam or legitimately phishing email.

Abnormal Security needs to continue to grow in all directions, partnering with other key players such as CrowdStrike, an EDR solution. I think it is key to continue to partner with these tech leaders and bring all of that telemetry into a single pane of glass.

I have been using Abnormal Security for two years.

We have not had any stability issues with Abnormal Security.

Abnormal Security is scalable and adjusts to our environment.

I am greatly satisfied with the technical support.

Positive

I previously used Proofpoint Email Protection and Armorblox. I switched to Abnormal Security because the proof of concept was easy to set up and the evidence of its effectiveness was clear. I also trusted the recommendations of my peers in the industry who had used Abnormal Security and put it into production. The POC showed us what Abnormal Security could catch that my current tool was missing, which was huge. We also did an apples-to-apples comparison of Abnormal Security to other solutions and asked our peers about their experiences. All of the feedback was positive.

Abnormal Security can be deployed quickly, providing rapid visibility into the environment. We can use AI models to identify patterns and adapt quickly to new types of phishing emails. Our abuse-mailbox allows us to be customer-focused, and we also provide insights to our partners on a daily and weekly basis.

The only con I see with Abnormal Security is the lack of customization.

Deployment is seamless. It took less than 30 minutes to get on a call with Abnormal Security to ensure that we had the right people with the right access on our side, and then to grant Abnormal Security access to integrate their API. From there, the Abnormal Security tool imported almost everything, and setting up users is easy. As an administrator of the solution, I can add more users to it and tweak the console and system to our liking, to a certain extent.

Abnormal Security provides an onboarding engineer, whom they call a success manager, to work with us during implementation.

The license is based on the user count, so the number of users that have an email address in the organization. Compared to other solutions the price is fair.

I would rate Abnormal Security nine out of ten.

We have 1,000 users.

The maintenance required is minimal. 

With its ability to utilize technology, AI, and other tools, Abnormal Security has caught up to or even surpassed its competitors that have been around for longer.

I recommend conducting a proof of concept of Abnormal Security, which is very easy for customers to do and is likely to provide them with more insights.

Our use case was to pull malicious emails that were getting through our secure email gateway and making it to our inboxes. We were trying to shrink that footprint from a typical 85% to less than 5%.

It protects us. It's something that I can trust. I've gone from trying to get things done on a regular basis to I can set it and forget it due to the quality of the app. The platform is very trustworthy.

The most valuable aspect of the solution is the ability to pull out threats from mailboxes quickly instead of going through Microsoft's content query.

Their ability to take things out of the mailbox and catch things much faster than users is excellent. 

It is extremely efficient and quick, giving us visibility into internal spam attacks due to its API-based architecture.

The solution is great for detecting the full spectrum of email attacks.

It's important to have normal architect threats in cloud collaboration applications. My ecosystem is my ecosystem. If we are accepting just from outside of the business, and they are coming in through methods such as Slack, Teams, or Zoom, then they're absolutely a concern.

The AI and ML broaden the types of email attacks it can stop. It learns employee behavior. So far, it has helped us to reduce the number of attacks that get through. While it doesn't completely remove threats, it does bring threats down to a manageable level for small companies or small security teams.

It reduces the amount of time spent on managing threats. It also gives us a little bit more flexibility in some instances. It'll mark something as a threat, or it'll start to monitor things naturally. And then some of the integrations such as the CrowdStrike Integration, put these users on a watchlist. That way, if something strange does happen, extra scrutiny is done on those individuals to ensure that there are no account compromises or anything like that.

Abnormal helped us to reduce the cost of redundant, secure email gateway solutions. We went from Mimecast as a secure email gateway, which was a cost per year, to Microsoft's secure email gateway, which is baked into our existing Office 365, and so that was a cost savings immediately. We've saved probably about $50,000. I spent about $180,000 total for the services and tools that we had. However, then saved $50,000 for the secure email gateway, and then on top of that, I have a much, much better product that catches a lot more - which is limiting my exposure at the user level.

They misclassified extortion quite frequently, however, it still catches it. It's still a threat in some way, shape, or form. They just miscategorize it.

Adding an ideas button inside the console would be helpful. When we're working on something as engineers, and we find an idea or a method of doing something that would be greatly improved by doing it another way, there should be an ability for me to click the ideas button, type in an idea that I have, and submit it to a product review team or developers to have them think through the process a little bit more. This would also give them the ability to have instant input into the console and instant input into the services so that they would have a more agile response to providing better value to the customer.

I've been using the solution for six or seven years.

We've had zero issues with stability. Their uptime is almost 100%.

The solution is completely scalable. 

I regularly communicate with technical support. It's extremely quick. They are very accurate and thorough. They listen to my concerns, and they repeat them back to me as they understand them. They usually have some type of answer. They understand when I'm looking for something, and I'm not getting what I want.

Positive

We previously used Mimecast.

Mimecast just wasn't getting the job done. There were so many threats going into the inbox. I would spend most of my day chasing after threats.

I was involved in the initial deployment. It took more time to have introductions on the call than it did to actually do the API integration. The process was very straightforward. The first ten minutes would have been introduction and conversation, and the last four minutes would have been flow integration.

I mostly handled the setup myself. 

There is no maintenance needed on my end. 

We implemented the product with the help of Abnormal. They have a very hands-on approach.

While the solution is pricey, I get a lot of value from the services I receive. 

I'm a customer. 

I'd rate the solution nine out of ten overall. 

I would advise others to get experience with Abnormal. Do the demo. The proof is in the pudding. It's one of the very few products that works exactly as it's designed to work. The quality of the output is right there. The service speaks for itself. 

Talk to their staff and their team and look at their metrics. Then, turn on Abnormal and see what it catches. Do a side-by-side comparison.