Expanding the Abnormal AI Platform: Protecting People Beyond Email
Today, we are making several exciting announcements as we launch new products, groundbreaking AI capabilities for existing products, and new platform features to provide even more value for our customers.
Abnormal AI understands human behavior better than humans. Our behavioral approach has enabled Abnormal to stop phishing attacks, fraud, socially engineered threats, and account takeovers across cloud email with >10x the efficacy and accuracy of any other solution.
However, these attacks are no longer just an email issue; they happen across platforms and across channels. The #1 way that attackers win is by exploiting people, and we must stop them.
To comprehensively protect people across platforms, we must integrate into (and protect) more platforms. These new platforms enable us to expand our existing protection and unleash new behavioral signals that further improve Abnormal AI's understanding of human behavior. It thus becomes a continuous process in which more access to more information continues to improve the sophistication of our Abnormal AI, resulting in improved detection and response across all products while further unlocking new capabilities for AI to automate security operations and augment the work of every analyst and every employee.
So what does this mean for you? Without further ado, we have five exciting product announcements today. I hope you will see that we are not only building superior detection capabilities to stop more attacks in more places but also working to turn the theoretical hype of “AI-powered cybersecurity” into a reality for our customers.
1. AI Security Mailbox: Your New AI Security Operations Coworker
Abnormal AI Security Mailbox provides an AI-powered personal cyber assistant for every end user and an AI-powered security help desk coworker for every analyst to automate email security operations.
Security operation teams struggle to resolve an endless queue of employee-reported emails, resulting in poor end-user experience, missed opportunities for security awareness, and resources diverted from other key priorities. Now, AI Security Mailbox will help do this work.
AI Security Mailbox comes pre-trained with enterprise security best practices automatically tailored to your environment. Through a simple text interface, you can provide additional guidance, knowledge, and context to your AI. Then, when end users report a potential email attack, AI Security Mailbox will automatically analyze the email and instantly reply with the decision, explaining to the end user why the email is safe or suspicious.
End users can then ask follow-up questions about the email or any other security topic, and Abnormal conservational AI will help support and increase security awareness. Administrators can name it and configure its personality so that it responds formally, humorously, or even in pirate mode.
For security operations teams, AI Security Mailbox brings all user-reported threats into a consolidated view, filtering out the majority of emails that are “known good.” For the remaining emails, Abnormal provides AI-assisted investigation, identifies similar messages across all mailboxes, tracks email engagement, and can bulk remediate messages across multiple tenants.
Customer Benefits:
Provides a delightful and helpful experience for end users to engage with security teams
Builds confidence in the security organization by enabling automatic support
Unlocks valuable analyst resources for higher leverage activities with AI triage
Improves response times with AI-assisted investigation and bulk remediation
Existing Abuse Mailbox Automation customers will receive a free upgrade to AI Security Mailbox over the next few weeks. Contact your customer representative to activate your new AI Security Mailbox, or learn more here.
2. New Abnormal Integrations: Better Protection, Visibility, and Control
Abnormal no longer just integrates into your email platform. Abnormal now goes far beyond email, integrating into identity, SaaS, and cloud infrastructure applications to better understand people, provide cross-platform visibility and control, and autonomously protect more platforms and identities.
Abnormal customers can now use our data integration platform to enhance their Abnormal deployment with multiple new platform integrations—all with the quick and easy integration experience that Abnormal is known for.
New platform integrations include:
Identity: Azure Active Directory, Okta, Ping
Collaboration/SaaS: Atlassian, Box, Docusign, Dropbox, Salesforce, ServiceNow, Slack, Workday, Zendesk, Zoom
Cloud Infrastructure: Microsoft Azure, Amazon Web Services, Google Cloud Platform
After enhancing your deployment with more platform integrations, Abnormal will automatically unify all cloud identities into a consolidated profile within PeopleBase, even across multiple tenants and domains. PeopleBase will then show cross-application privileges for each user and cross-platform identity timelines, highlighting notable events like authentication events, privileged actions, and more, all through the power of Abnormal AI.
Because security teams often do not have quick and direct access to cloud applications, this consolidated view of a cloud identity and notable events within Abnormal can help with incident response. For cloud account takeover incidents, Abnormal will now provide a one-click “Identity Disconnect” button, which will terminate sessions, reset passwords, and block access across platforms.*
Customers can enhance the efficacy of Abnormal AI detection in email by integrating more platforms, which enables the platform to see more context and learn behavioral insights for users. By understanding key pieces of information like who the administrators of Workday are and how often a user logs into Salesforce, Abnormal can better understand and protect each customer's environment.
Customer Benefits:
Provides superior visibility into and control of cloud identities and privileges across platforms that security teams are responsible for protecting but may not have access to
Enables accelerated investigations with instant cross-platform identity activity timelines
Allows security team to gain control of apps they need to protect but may not administer
Enchriches efficacy of existing Abnormal products by supplying additional behavioral data
These new integrations, cross-platform visibility offerings, and control capabilities are available starting today and are included for free for all Abnormal customers. To start enhancing your Abnormal deployment, check out the new integration center in the Abnormal Portal, contact your customer representative, or learn more here.
3. AI Account Takeover Protection: Expanding Detection and Response Across Platforms
Yesterday, Abnormal solely provided automated email account takeover protection to continuously validate the identity of authenticated email users. While this provided superior protection for email, customers could not achieve parity and uniform protection across their growing number of cloud accounts—resulting in undiscovered breaches or delayed incident response times.
Today, Abnormal extends this AI detection and response—providing uniform protection across all of your integrated email, identity, SaaS, and cloud infrastructure accounts.
Abnormal AI monitors user authentication events, communications, and notable activity for each identity. These data streams continuously enhance existing behavioral models of users, understanding their access and usage patterns across platforms.
Abnormal AI automatically detects suspicious activity that is anomalous from predicted behavior, enabling it to identify compromised identities with superhuman speed and accuracy. Any detected activity automatically generates a Case within the Abnormal Portal, enabling an analyst to instantly see all notable events consolidated across all connected identities from all integrated applications.
Upon collecting sufficient evidence to accurately determine an account compromise, Abnormal AI can then autonomously take remediation actions by terminating sessions, resetting passwords, and blocking access for all connected identities across platforms.
Customer Benefits:
Uncovers undiscovered breaches with autonomous AI detection of compromised accounts
Accelerates investigations with AI-generated behavioral cases and identity timelines
Enables a >10x reduction in cloud account takeover incident response times with autonomous AI remediation via session termination and access termination
Empowers confidence in achieving uniform and parity protection across cloud accounts and platforms
These new capabilities are currently available in private access but will be generally available to all customers later this year. Existing Email Account Takeover Protection customers will receive a free upgrade to Core Account Takeover Protection, which extends current protection to more Microsoft and Google applications, as well as identity providers like Okta and Ping. Protection for other new platforms requires additional licensing. All customers can expect to hear more in your upcoming business review, where you can join the waitlist for private access. But if you cannot wait, learn more here.
4. ThreatIntelBase: Behaviorally-Derived Threat Intelligence
The behavioral detection models within the Abnormal platform constantly detect never-before-seen zero-day attacks within cloud platforms, yielding previously undiscovered threat intelligence. Abnormal already uses this data across our products, platforms, and customers to improve detection. Now, ThreatIntelBase will allow customers to leverage this data, too.
Customers often struggle to leverage threat intelligence across platforms and assess their environments for known threats sourced from intel feeds. Common questions we hear from customers include, “I have a compromised device… was there malicious activity in my cloud accounts?” and “Has there been any access to my IT ecosystem from Scattered Spider?”
We are also often asked how they can use Abnormal threat intelligence to power other products. Until today, finding the answers to these questions had been difficult and time-consuming.
Today, we are announcing ThreatIntelBase—a new behavioral Knowledge Base within the Abnormal platform—which aggregates behaviorally-derived threat intelligence across products, platforms, and customers. Now, humans will have additional access to some of the underlying data sets that Abnormal AI uses for making autonomous decisions. For example, customers can query ThreatIntelBase for an IP address to view an Abnormal threat report, which includes IOC metadata, associated APTs, common attacks, behavioral patterns, and any other malicious activity within their environment or our federated network.
Today, we are announcing with support to query by IP addresses, and in the future ThreatIntelBase will expand to support other IOCs, including arbitrary files, text, and images. In order to enable customers to automate threat integrations into other products, later this year we will export via STIX, TAXII, and feeds.
Customer Benefits:
Enables faster investigation and incident response with instant cross-product and cross-platform search for cloud account activity and threats associated with a malicious IP
Provides superior visibility and context about malicious IOCs in a single place, with derived insights from Abnormal AI
Improves access to novel, behaviorally-derived threat intelligence to enhance other security products
ThreatIntelBase will be available next week, and it is free for all Abnormal customers. To improve your visibility and empower other security products with Abnormal’s unique threat intelligence, you can access it within the Abnormal Portal, contact your customer representative, or learn more here.
5. An Abnormal Roadmap: Abnormal AI Will Keep Getting Smarter
Along with the new capabilities we are announcing today, we have an incredible roadmap we’ve already begun work on behind the scenes. Abnormal customers can expect to hear more later this year, including:
Dozens of additional platform integrations to further enhance your Abnormal deployment
Extension of our existing security posture management products for people, tenants, and third-party applications to support all integrated platforms across email, identity, SaaS, and cloud infrastructure
A revolutionary approach to phishing training using Abnormal data and generative AI
ThreatIntelBase will expand from just IP addresses to other IOCs, including arbitrary files, text, and images, which will all be exportable through STIX, TAXII, and feeds
Abby, a new autonomous AI security analyst that can proactively share email attack insights, interactively answer questions about your Abnormal environment and provide personalized reporting and analysis
This year, we are growing our AI, product, and engineering teams by more than 50% to further extend our platform and better protect against the human vulnerability. We’ve been working closely with our design partners to build the next generation of AI-powered security products to protect people, and we promise the best is yet to come from Abnormal!
See all these new capabilities in action by requesting a demo here or visiting Booth #860 at RSA Conference 2024.
*Cross-platform session termination and account access termination will be extended to more platforms beyond Microsoft 365 over the next 3-6 months.
See the Abnormal Solution to the Email Security Problem
Protect your organization from the full spectrum of email attacks with Abnormal.
