Abnormal Security continues to innovate our Cloud Email Security Platform – the most advanced enterprise BEC solution to stop modern attacks. Our Fall 2020 release features recon protection, enterprise-grade multi-tenancy controls, Office 365 group messages and more.
Our commitment to our customers is exhibited by the high velocity of product improvements and enhancements, listening and delivering the best of breed innovation to keep moving the needle forward. Today, we’re announcing the Fall 2020 Platform Release, which shows a continued emphasis on meeting today’s challenges for enterprises looking to stop BEC while also leveraging a scalable solution to meet their specific needs.
The following is detail on the most significant new features and capabilities included in this update.
Recon Email Protection
Reconnaissance emails are seemingly harmless emails that come into an organization without attachments or links and contain little to no content. These emails are often sent from Gmail or iCloud and probe organizations looking to find specifically targeted employees for future phishing attacks. Recon emails are particularly hard to track, and frustrating to receive because they are so similar to cold-call emails.
Abnormal has made improvements in capturing recon email attacks, as we’re now catching 70% more of these attacks for our clients week over week. Furthermore, we have enabled hybrid remediation for emails flagged as potential reconnaissance emails – where attacks that are caught with high confidence are sent to hidden folders immediately, and suspicious messages are sent to junk folders so that the end-user has the chance to verify if they are safe messages or not.
Role-Based Access Control for Multi-Tenancy
Enterprise customers often operate in complex environments and need solutions to streamline security controls. Abnormal removes the burden of deploying, configuring, and managing email security by offering a multi-tenant portal environment for enterprises that manage multiple brands for increased control and visibility.
Additionally, we provide the UI capabilities to add platform users and assign user roles and privileges for Abnormal’s Cloud Portal Access. Customers benefit from complete self-serve control when granting Cloud Portal provisioning and increased options to ensure security and data access.
This gives organizations the ability to assign global admins, tenant admins, or tenant readers that have various privileges access options to the portal. Enterprises gain added control over user-role assignments and data-sharing.
- Global Admins – Access to all tenants with read/write privilege
- Tenant Admin – Access to assigned tenant(s) with read/write privilege
- Tenant Reader – Read-only access to assigned tenant(s)
- Notification Recipients – Notification access only, no portal access
Cross-Tenant Abuse Mailbox Support
Additionally, enterprise customers with multiple tenants that leverage a unified phishing mailbox to collect employee reported attacks can now set up Abnormal’s Abuse Mailbox without altering their workflow.
Regardless of the originating tenant, customers can search and remediate message campaigns across all tenants. Customers benefit from increased visibility and coverage when looking at abuse reports cross-tenant via Abuse Mailbox with minimized operational intrusion.
Microsoft Office 365 Group Messages Detection and Alerting
Attackers not only target individual mailboxes but also group mailboxes that are shared among members in an organization. To protect against these threats, Abnormal is now able to detect malicious emails that exist within a Microsoft Office 365 Group mailbox.
Customers can get instant alert notification when a group mailbox message is found and proceed to remediate the message in their own tenant. Customers can benefit from reduced time to detection and response, increased protection coverage, and reduced risk from attacks interaction within the O365 environment.
Added Graymail Support
We’ve added sampled Graymail messages to display in the Cloud Portal. Customers are now able to review sample Graymail messages to understand graymail attack definition, remediation, and detection details. Customers can benefit from increased visibility and control in the Portal platform and lowered risk of Graymail messages invading employees’ inboxes.
Abnormal now integrates with Any.run API such that users can directly load any links or attachments via Abnormal’s Portal to Any.run services. Customers can benefit from reduced latency in handling attachments and increased control in speeding up email investigation workflow.
Customer Support Portal
Most customer false negative (CFN) reporting capabilities involve emailing into a customer support address and waiting to hear back on the status of the issue.
Abnormal takes customer feedback seriously. To reduce the friction and lack of visibility, we launched a centralized customer report dashboard to handle CFN reports submitted by an organization to Abnormal. SecOps can keep track of the issues they file, check detailed report status, investigation details, read improvements and reasons behind the made from each report.