We use Abnormal Security for blocking spam and email threats in a medium-sized manufacturing environment.

Abnormal Security is valuable because it features an automated scoring tool that doesn't require much intervention from our team. It enhances threat detection capabilities by making the process automated and is easy to scale to our entire environment. 

Additionally, it protects us from being business email compromised, which is invaluable for maintaining our security.

There could be more selectable options and more granular selections available.

I have had experience with Abnormal Security for a few years.

The stability of Abnormal Security is excellent. I rate it a ten out of ten with no issues encountered.

The solution is easy to scale across our entire environment, and I would rate it a ten out of ten for scalability.

I rate customer support a nine out of ten. They have been prompt in responding and are knowledgeable.

Positive

We switched to Abnormal Security from a previous solution due to its processing and ease of use.

The initial setup for Abnormal Security was straightforward and easy.

It was myself and one other person, an enterprise manager, who handled the deployment.

The return on investment is seen in the security it provides, preventing business email compromise, which is invaluable.

I find the pricing to be favorable, but I did not disclose the exact cost.

I do not wish to discuss other solutions.

I would recommend Abnormal Security. Overall, I rate it a ten out of ten.

We have a separate Proofpoint email gateway, so Abnormal is what we consider to be defense in depth. It catches malicious emails that our primary email gateway misses, so we're depending on Abnormal to detect them for us. It also gives us trickier stuff, like zero-day threats. 

We also use Abnormal for our abuse mailbox. Our users have a "report phishing" button in Outlook. If they get any suspicious email that they think is malicious or spammy, they can click that button and report it to Abnormal. The Abnormal abuse mailbox automatically analyzes it and responds to the user as to whether it is safe spam or malicious. If it is safe, it sends a copy of the email back to the user so they don't have to look for it in their deleted items. 

We have close to 24,000 users. Not all of those are users because a large percentage of those work mainly in Salesforce, but many mailboxes. It's also three different Microsoft tenants because we acquired or merged with other companies throughout the years. 

Abnormal helps increase the level of our email security. I would be uncomfortable if we did not have that second layer of defense. I think it's super important. Having Abnormal helps me sleep better at night by keeping an eye on the emails that Proofpoint logs in. 

The solution's AI/ML features broaden the types of email attacks it can stop by learning employee behaviors. I recently got numbers from the Proofpoint and Abnormal sides, and the fact that Abnormal was still catching so many specific types of attacks that Proofpoint missed is kind of crazy. It says that Abnormal detected almost 7,000 attacks in the past 30 days. That's a huge number of emails. 

Abnormal Security has reduced the time my team spends on those email incidents. I work on the admin side, so I'm not involved in running down the incidents on the SOC side, but we would need more people if we didn't have Abnormal automatically remediating so many of these attacks. 

I didn't even realize it was stopping this many attacks. You let it go and do its thing. That's a lot of emails, and it takes a lot of time for a person to hunt down this volume of attacks. Even if it took only half an hour per attack, that's more than a full-time employee could deal with. If we didn't have Abnormal doing this, it would take at least two FTEs. 

The solution helps reduce the costs of account takeover detection tools. We have it integrated with CrowdStrike, and Abnormal sends alerts back and forth. The integration with CrowdStrike helps us better monitor the environment and produces more alerts for the SOC to investigate. 

I like Abnormal's threat protection with auto-remediation, but I also love its abuse mailbox feature, which automatically responds to the end user. That feature has a super-valuable security component and helps improve the user experience.

I also like the dashboard. It's easy to get information. For example, when my director asked for numbers, finding all these graphs on the dashboard was great. 

We have an API setup with our automation software, so Abnormal gets alerts about spam and malicious threats. This sends alerts to our SOC, notifying them to take a closer look. From an API perspective, integration with our security automation software is extremely important to help draw attention to those sorts of things.

We've got some of those integrations set up, so it can get help from those feeds from an account takeover perspective. Abnormal can monitor many different inputs to draw attention to when an account might be compromised. We have started implementing those integrations to give Abnormal more signals to alert us about possible account takeover. We don't have it set up yet to monitor things going on in Slack or Zoom to be able to tell us when a conversation might be malicious.

Abnormal should add more automatic reports. I have an open request to our account team for more notification and report types that can be sent automatically. For example, they have an awesome report that gets sent weekly, and I also want them monthly, so I don't need to do so much adding up when my director wants numbers over time. 

The company has been using Abnormal for a couple of years, but I've only worked here since last August. 

I rate Abnormal eight out of 10 for stability. Periodically, we'll have an incident with the portal. They sent me updates about it, so I knew something was happening, but it didn't affect my daily work. Every once in a while, they have some back-end issues, but they communicate about it really well, which is something that I appreciate.

My company has acquired or merged with other companies, and it doesn't seem like Abnormal skips a beat, whereas with the Proofpoint layer, we've had issues with how it performed some upgrades to our cluster lately because we were having issues with email delays. I worry about the Proofpoint layer, not the abnormal layer. Abnormal seems to be so rock solid and scalable that I think it can handle whatever we throw at it. 

I rate Abnormal support nine out of 10. Their support has gotten better. When I started, it seemed like there were a few hiccups, but it has markedly improved in recent months. I had found a support person that I absolutely loved. She was awesome. And she got promoted, and I was like, "I know you deserve this promotion because you are great." It's the support that got me even more excited about the product. 

They're so good at following up on unusual cases and strange things that we were seeing in our environment that other customers weren't even noticing. She did a fantastic job with communication and following up with the back-end support. Since she moved on, it sometimes takes a little longer to get back to me when I open a support case. For the most part, they're still highly responsive and do a good job with communication.

Positive

They had been using Proofpoint Track, which was expensive. They were trying to save money because Abnormal has much of that same functionality. Also, I think it's a good idea to have two different vendors. Each has different threat intel that they can base their catches on. We can save money and get that defense in-depth because there were things the main email gateway was missing. 

It only takes one malicious email that one user interacts with incorrectly to cause company-wide problems, so it's critical to have this area locked down as much as possible. At the last place I worked, we had the same kind of setup where we had an email gateway and a separate second layer. What I like about Abnormal is that it does a great job of automatically detecting and remediating threats. 

I wasn't here when Abnormal was deployed, but I've been told that it was quick and easy. According to the story I heard, they were planning to renew Track before they realized how much it cost. Abnormal was easy enough to integrate with low configuration requirements that they could get it done within a couple of weeks, which is almost unheard of for tools here.

After deployment, the solution doesn't require much maintenance so far, but it will as they add more integrations. That is something I will be spending more time and energy on. Periodically, I need to add something to the safe list, but I don't spend as much time as I did on Proofpoint because Abnormal doesn't have as many false positives. 

I can't put numbers to it, but our current environment needs to trim the budget as much as possible, and Abnormal has proven itself to offer such good value that no one has even mentioned not renewing it. It's considered an invaluable piece of our security fabric here, so it's such a good return on investment that even cost-cutters aren't looking to cut its cost.

It's cheaper than Proofpoint Track, the product Abnormal replaced. It saved us tens of thousands of dollars plus the cost of paying people to manually run down all of these malicious emails. 

Abnormal is cost-efficient for what it does, and it's getting better. They're now adding many new integration types, so we'll expand the scope of what it can do for account takeover. They've also got a new threat intel piece that's available that they're continuing to add functionality to. It was cost-effective when implemented, but they are working to make it a better value.

I rate Abnormal Security 10 out of 10. If someone had doubts about Abnormal's maturity, I would reassure them that it has been rock solid in my experience. They are continuing to build more into the product all the time, and if it's missing a specific feature, then it will probably happen because it's not a static product. 

While some products take a long time to build, Abnormal keeps things moving. They seem to have an excellent sprint cycle, with a solid focus on constant improvement. It would depend on what specifically they are looking for. To me, it acts like a mature product compared to other systems like this that I've used in the past.