At a high level, we leverage Abnormal Security for all spam filtering, but it is more than that. It is not your basic old spam filtering. They are finding things or phishing attempts that are very targeted, such as spear phishing emails that come through the pipeline and may look innocent or innocuous to most email security tools. Abnormal Security is able to spot them and essentially, mitigate and remediate them so that the users do not accidentally fall for something they should not.
Abnormal Security provides visibility into internal spam attacks due to its API-based architecture. At a high level, they have a bunch of dashboards and things like that that let you view who are the most targeted people and who are they auto-remediating. That is one of the key features. They reach into the box and pull these sorts of emails out before people start responding to them. All the information about who is being attacked and what sort of attacks are occurring is there in dashboards.
Abnormal Security can detect the full spectrum of email attacks. Because they have this AI-based model, they seem to be able to find things that other spam filters using just the basic algorithms cannot find. Abnormal Security is then able to auto-remediate that. It can pull that stuff right out of the box.
It learns from what employees are doing and what is standard procedure versus not, so the intent is to broaden the types of email attacks it can stop. Its AI and ML capabilities have helped big time to reduce the number of attacks that get through. We have a small team. Without it, they would have to actively work through various types of spear phishing or phishing that get through to our employees. That has been greatly reduced, so the team can work on higher-value tasks. Because of all the auto-remediation, people are more productive, and we can work on more proactive things. In the past, it took anywhere from 40 to 80 hours a week working on these sorts of things. It has gone to less than a day or eight hours of a work week.
Abnormal Security has reduced the amount of time our team spends on email incidents.
Abnormal Security will help to reduce the costs of redundant Secure Email Gateway solutions. All of our contracts have not expired yet.
Its core function or the ability to catch spear phishing that uses certain types of social engineering techniques is valuable. For example, they might send an email to the payroll saying, "I am a former employee, and I need my last check sent to this other address. Can you help me?" They are super innocuous like that. In such situations, someone might get involved in a social engineering error where they go ahead and email back. Abnormal Security catches this type of social engineering behavior through its AI-based spam filtering.
One of the things that I love about them is that the setup and installation are super easy. All you do is give them access to your Microsoft 365 tenant, and through APIs, they are able to do their work. They are doing all this through APIs, so you do not have to install the software and take a month to get it all set up to even see the value of the solution. You could be up and running in less than an hour.
I, as such, do not have anything that I do not like or would like to add, but you could argue that because they are doing it API-based, there is a chance that something could slip through temporarily before they are able to pull it out. In theory, it could happen just because of the nature of the system. They are not in line with the delivery of the mail. They are kind of asynchronous, which is a pro as well as a con. If it is synchronous, then I know it would always stop them, but because it is asynchronous, things could get through temporarily or because of some system issues on the Microsoft side or their side. It is the nature of the beast, but it is a little bit of a con.
We have been using Abnormal Security for a year and three quarters.
It is stable. If there were any issues, they were very little. The one time we needed some support was when we were trying to do phishing tests on our own employees. We were getting help from them to be able to make sure that they were allowed-listed to happen. That was probably the only time when we really needed their help because otherwise, they would have caught it.
It handles us just fine. Because it is on the cloud, I get a feeling that it is very scalable, but we have a small number of accounts. We are at about 1,600 or 2,000. It is not a giant footprint. It has no problems with us. They have much bigger installations than ours.
My team has contacted them but I have not.
We were using something else for spam filtering. It was pretty much a spam filter. We were using Cisco IronPort. They are not even on the same plane. We left Cisco IronPort running while running Abnormal Security. There were things that got through Cisco IronPort but could not get through Abnormal Security, so in line together, it found things that the other one could not.
It is on the cloud. I was not involved in the initial deployment, but my team was. My team did the deployment, which consisted of us giving them API credentials to hit the Office 365 tenant, and it was deployed.
It was super easy to connect or integrate Abnormal Security via API. We literally just gave them an API key to be able to hit Office 365. It has the fastest time to value that I have ever seen for a product. You set up an account in Office 365 and hand in the credentials, and they can start scanning your environment in a split second.
In terms of maintenance, the integration requires no maintenance. There is no maintenance there, but you should be looking at the system and seeing if there is anything that gets through or does not get through. You need to make sure that your team is looking at it actively to see if there is anything that is getting through or if there is something that got overblocked. That can happen on occasion. There could be a false positive, but other than that, typically, your security team looks at your Secure Email Gateway on a regular basis.
We got an enterprise deal, but I do not know how their pricing works.
We had been looking at a host of other options, but nobody had really put in the time. When we saw Abnormal Security, it became obvious that these guys were next-generation, and we should just do it.
To someone who is considering using Abnormal Security but is concerned that it is not as mature or established as other solutions, I would say that many of the new solutions that come out are much better than old solutions because they are coming at the problem from the new modern way they need to. Because Abnormal Security is 100% API-based, they are able to install it super fast and handle the solution much better and easier than the old-school way of doing things. Many times, some of the solutions that are established are still doing things the old way, and they have not kept up with the things that have changed in the cloud or things that have changed in the API or AI and ML. Abnormal Security is surely new, but the capabilities that they have are beyond what many of the current vendors are capable of. It comes down to whether you want to try and stay ahead of the curve, or you want to stay behind it and then you have the wave crash on you because you did not stay ahead of it.
To those researching or evaluating this solution, I would advise doing a PoC with other solutions and seeing how long it takes to get it set up and how much email or time it reduces for your team. I do not think they are even going to be close. When you see how fast you can get Abnormal Security up and running and the novel things that they can find, that alone should make you realize that you need some of this. They do all the basics, and then they find things that nobody else can find. One of the biggest challenges that we have in the industry is the spearfishing of people who sign paychecks or move money around. If you can protect them because they have the keys to the castle, it is worth the money.
Abnormal Security can detect threats in cloud collaboration applications such as Slack, Teams, and Zoom, but we are not leveraging any of that today. It would be valuable for us, especially because attacks on Teams are becoming a thing.
Overall, I would rate Abnormal Security a 10 out of 10.
