top of page

Product Spotlight: Abnormal Security - Abnormal Cloud Email Security Platform

The Abnormal Cloud Email Security Platform stops targeted phishing, business email compromise and account takeover attacks using a unique combination of data science and behavior modeling.


The heart of the platform, Abnormal Behavior Technology (ABX), is responsible for stopping these attacks. ABX uses a rich set of organization-specific data to uniquely drive the Abnormal Identity Model, the Abnormal Relationship Graph, and Abnormal Content Analysis.


An ensemble of machine learning algorithms evaluates the signals generated by the trio of perspectives from the Abnormal Identity Model, the Abnormal Relationship Graph, and the Abnormal Content Analysis. The algorithms identify specific types of attacks and techniques and result in a final email disposition that is delivered along with clear, concise, and explainable insights.


Most solutions that leverage machine learning technologies result in “black-box” outputs. Some results make sense. Others may not, but users have no mechanism of understanding why and how the algorithms reached a specific conclusion. Abnormal’s decision engine explains and summarizes the automated analysis of thousands of signals that were used to detect the attack.


Key Differentiators:

  • Focus on Business Email Compromise: With a unique focus on Business Email Compromise and its various forms of socially engineered attacks, Abnormal Security is the best-in-class Business Email Compromise solution for enterprise organizations.

  • Abnormal Behavior Technology (ABX): Abnormal Security can identify and stop socially-engineered attacks such as Business Email Compromise that easily slip past existing email security solutions because these attacks lack any traditional threat indicators such as a malicious attachment or link and by design are not sent as part of a large campaign that allows identification based on campaign attributes. ABX establishes context of outside of just the email through the trio of perspectives:

  • Abnormal Identity Model: models the identity of both employees and external parties (vendors and customers) with hundreds of attributes such as personal email address and typical login times/locations (for employees) and key contacts, invoice frequency and software (for vendors)

  • Abnormal Relationship Graph: understanding of the relationships between the different identities above, from human relationships to supply chain relationships. The relationship graph extends beyond frequency and cadence to understand topic and sentiment of communication and extends beyond email to business collaboration tools such as Teams and Slack

  • Abnormal Content Analysis: using a mixture of computer vision techniques, natural language processing, and malware sandboxing to understand topic and sentiment of email (“what is being communicated and how is it being said?”, identify and analyze non-weaponized attachments such as invoices, and weaponized attachments that may contain malware.

  • Cloud-Native Data Science-based Platform: Abnormal Security takes a modern architectural approach and integrates to Office 365 and G Suite via API’s with just one click, requiring no mail routing changes and no configuration. The system just as easily connects to HRIS, ERP and CRM systems, to create a rich data set for which the data science approach can act. It also easily integrates into the existing security stack (SIEM, SOAR, Threat Intel)


Who It's Intended For:

  • Global 1000 companies in all industries, including financial services, retail, manufacturing, utilities, high-tech and healthcare.

  • Enterprise company executives, including CIOs/CISOs, VP of Information Security CEO’s, CFO’s and board of directors

  • Security architects

  • Security operations director and analysts

  • Head of infrastructure/messaging

  • Email administrators


Dashboard Example:



bottom of page