We use Abnormal Security for our email protection in addition to Microsoft 365. Previously, we relied on another provider for many years to scan emails for malicious content, viruses, and spam. However, with the increasing sophistication of email attacks, our old provider simply couldn't keep up. Their system involved rerouting our emails to them for scanning before delivery to Microsoft 365. This approach proved ineffective, particularly for attacks like CEO impersonation emails or simple text messages requesting personal information. These attacks didn't contain any traditional malicious attachments.

Abnormal Security serves several key functions for us. Primarily, it excels at detecting malicious content. Additionally, it effectively isolates spam, preventing it from cluttering our inboxes. For legitimate but unwanted emails, such as newsletters, it creates a dedicated "Promotions" folder, keeping our inboxes organized. These are the main reasons we appreciate Abnormal Security.

Abnormal Security Portal Provides Comprehensive Email Security Management. We have access to a web portal provided by Abnormal Security. This portal grants us complete visibility into how Abnormal Security analyzes our incoming email. We can see everything it catches, how it classifies the emails as malicious, legitimate, etc., and the reasoning behind the classification. The portal is well-organized with dedicated sections for different threat types. We can easily identify account takeover attempts, vendor fraud attempts, and other threats. A particularly valuable feature is the search and respond functionality. In the past, we've encountered situations where employees accidentally sent out sensitive information or messages that shouldn't have been distributed. The portal allows us to quickly locate these emails and remove them from everyone's inbox, including deleted items. This ensures the emails vanish completely and never reach the intended recipients. Furthermore, the portal empowers us to manage our email security preferences. We can whitelist trusted senders and create custom blocklists for unwanted emails, providing a high level of control over our email environment.

While Abnormal Security has been effective in detecting a wide range of email threats, some emails have slipped through. To address this, we've educated our users. If they suspect spam, phishing, or an unusual email, they can report it directly through the "Report" button in Outlook which forwards to Abnormal, or by forwarding it to the "phishing" email address. This triggers a deeper analysis by Abnormal to identify any missed threats. According to our year-long data, users have submitted over 1,500 emails from 121 employees. Abnormal identified 4 percent as malicious and 9 percent as spam, with the remaining 87 percent deemed safe. These statistics indicate that Abnormal doesn't catch everything. However, by fostering a user base that remains vigilant and reports suspicious emails, we can leverage Abnormal's deep analysis to further enhance our email security.

During the pilot period, Abnormal Security's benefits became clear. We encountered an ongoing account takeover that we were initially unaware of. However, as Abnormal Security ran, it helped us organize and identify threats effectively. Feedback from the field has been very positive compared to our previous vendor. With our previous vendor, we received four daily emails notifying users about quarantined emails. These notifications cluttered inboxes and created confusion. There were instances where legitimate malware was quarantined, but the user received a message like "This email was quarantined for you. Do you want to investigate or recover it?" Unaware of the potential threat, some users might release the email, believing it to be a false positive. This could lead to compromising their credentials or infecting their computer. Abnormal Security takes a different approach. They automatically hide suspicious emails, preventing them from reaching user inboxes. This eliminates confusion and protects users from inadvertently engaging with malicious content.

We encounter AI in various ways. For example, it can be involved in filtering emails. For example, if I am receiving an email in my inbox that I prefer not to see there every day. I might move it to my promotions folder. Conversely, an email might land in promotions that I want to see in my inbox, perhaps because it's considered graymail. In that case, I can move it back to my inbox. The AI can learn from my actions and apply those preferences in the future. AI also plays a crucial role in defending against certain cyberattacks. Traditional methods might not be sufficient to catch these threats. AI can analyze incoming emails for a multitude of factors, performing a kind of predictive analysis on potential threats. These factors might include a sense of urgency in the email's tone, an email supposedly from the CEO but with an unrecognized sender address, or a domain that's a month old. Humans might not readily pick up on such red flags, but AI can effectively identify them.

My colleagues tell me that since we implemented this change, the number of attacks has decreased. I can confirm this by checking the dashboard, which shows the current attack volume. Even more importantly, by filtering out greymail into a promotions folder, everyone saves time by not having to sort through irrelevant emails in their inboxes.

There have been fewer IT tickets lately concerning suspicious activity. People used to report things like clicking on something malicious or questioning if an email was spam. Now, if something seems abnormal, it's sent directly to the Abnormal activity queue. Previously, we'd receive frequent reports about things like fake CEO emails or phishing attempts, but those types of tickets are becoming rare in our help desk.

Previously, we used a much more affordable email security solution. While Abnormal Security costs more, it outperforms or at least matches the capabilities of its competitors. We trialed Barracuda, but their pricing was prohibitive. Even if they lowered their prices now, I wouldn't consider them. Mimecast and Proofpoint, the other options we explored, were priced similarly. However, Abnormal's setup is significantly easier to use. While the initial configuration involves integrating it with our Microsoft 365 environment, Abnormal's day-to-day operation, configuration, and fine-tuning are much simpler compared to the other products.

The ideal scenario would be for Abnormal Security to work in tandem with Microsoft to analyze incoming emails. This means Abnormal Security would assess emails before they reach my inbox, even if it happens slightly after Microsoft's initial scan. Currently, the process isn't seamless. Microsoft analyzes emails and delivers legitimate ones to my inbox. Abnormal Security then scans these delivered emails, and if flagged as malicious, they disappear. This creates a problem for our ticketing system mailbox, which is a third-party service. Emails sent to the ticketing system address are automatically forwarded by Microsoft. However, if these emails are malicious, Abnormal Security only cleans them from my Outlook mailbox after they've been forwarded. Since we primarily rely on the ticketing system and not the Outlook mailbox, these malicious emails still reach the ticketing system.

I have been using Abnormal Security for eleven months.

I have never encountered any stability issues with Abnormal.

I don't know what would happen if we throw thousands of more users to Abnormal. However, based on our current usage and what we've observed with larger customers, there's likely no immediate issue. Abnormal seems to scale well for moderate growth. While substantial growth isn't on the horizon for us, it's worth considering scalability further down the line.

The technical support speed has been fantastic. They're very responsive. I usually get a same-day response on any tickets I submit. The representatives are knowledgeable and helpful, and they always jump right on any issues I bring to their attention. Overall, I haven't experienced any long wait times for support, although thankfully, nothing major has required fixing.

Positive

In the past, we utilized Mailroute for our email security. We simply configured our MX records to point to their servers. These servers would then collect and analyze our incoming emails for any threats. Only after deeming them safe would Mailroute forward the emails to our chosen provider, such as Microsoft or another service. We relied on Mailroute during the time we hosted our email on Exchange, before migrating to Microsoft 365. After a long-standing relationship of 15 years, we ultimately decided to switch to a different security solution.

The initial deployment was very easy. All I had to do was access the Abnormal service through the provided URL. It then requested my global administrator credentials for our Microsoft 365 environment, which I granted. This initial step simply integrated Abnormal with our 365 environment. After that, we configured the settings to determine what kind of alerts we wanted to receive. There were a few things that potentially needed to be done beforehand, such as setting up IT login access and establishing a process for handling the "abuse" mailbox and account takeovers. For account takeovers, we could choose to have Abnormal automatically remediate and lock out the user, or we could have it send an email notification to IT for manual intervention. All these configurations were done through simple checkboxes, which we reviewed with an Abnormal technician during our initial call. By following these steps, we were up and running within an hour.

It was super easy to integrate Abnormal via the API.

Barracuda offered a similar security solution, but with all the features we wanted, the cost came out to around $170,000. Abnormal Security, on the other hand, provides the same level of functionality for just over $60,000 – that's half the price! I'm getting even more value from Abnormal Security than I would have from Barracuda.

Last year, we explored alternative solutions. We evaluated Proofpoint, Barracuda, and Mimecast. All three offered API integration with our Microsoft 365 environment, enabling them to detect these types of threats. We piloted Barracuda but found it cost-prohibitive. While Proofpoint was appealing, we weren't impressed, and Mimecast proved overly complex to set up. Consequently, we stuck with our existing provider for another year.

Abnormal Security entered the picture later. We evaluated them and conducted a pilot program. Impressively, within a day of initiating the pilot, they identified a compromised account. Normally, they wouldn't reveal such findings until the pilot's conclusion. However, the urgency warranted immediate notification. They discovered that someone was accessing a low-level account from a location outside the user's usual login area in New York. This incident, coupled with Abnormal Security's overall capabilities, convinced us to switch providers.

I would rate Abnormal Security ten out of ten.

The previous solution had significant limitations. It functioned like a basic antivirus program from the 1990s. It would simply scan a file and determine if it was malicious or not. It lacked any context about the file or the sender. Abnormal Security takes a completely different approach. By integrating with our Microsoft 365 environment through an API, Abnormal Security understands our organization and communication patterns. It can identify important individuals and prioritize emails from them. This helps to prevent fraud attempts where someone might impersonate a VIP by using a spoofed email address. Abnormal Security goes beyond just checking attachments for malware. It analyzes various aspects of emails, including the sender's domain age, the language used, and other key factors. These elements are then factored into an algorithm that determines whether an email is malicious or legitimate. In contrast, the previous solution only focused on attachments. It didn't analyze the email content, sender identity, or any other contextual information. This made it vulnerable to phishing attacks and other email-borne threats.

This system is maintenance-free after deployment. It functions independently, even if I don't actively monitor it. Once deployed in our environment, it automatically adds new users to the portal and scans them. There's no need for further manual adjustments. While I only receive weekly reports outlining the number of attacks, actions taken, and breakdowns in graphs and percentages including most at-risk users, impersonation attempts, etc., the system itself operates autonomously.

There's very little setup involved with Abnormal. The installation and configuration process is virtually seamless. However, there's one key thing to keep in mind: make sure your email environment is clean before onboarding. This means having an accurate user count and keeping your mailboxes free of unnecessary data. Abnormal charges per user mailbox, so it's important to avoid migrating junk or accounts of terminated employees. These will inflate your bill unnecessarily. Beyond that, there's not much preparation needed for new users. Abnormal is a great product! One potential snag to consider is Abnormal's ticketing system integration. As of now, it doesn't directly integrate with Microsoft ticketing systems although they claim future compatibility. This might be an issue if your mailboxes automatically route emails to a ticketing system. Messages routed this way wouldn't be analyzed by Abnormal, potentially missing threats.

We use Abnormal Security for our email security.

Abnormal Security's visibility into internal spam attacks, thanks to its API-based architecture, has been exceptional. It's incredibly fast, with no delays, unlike other solutions that can introduce lag times of up to ten minutes. For executives, this is unacceptable. Having direct API integration is a game-changer. It provides clear visibility into messages and is remarkably user-friendly. There's no need for days of training on the admin dashboard; it's intuitive and straightforward. Clicking here and there is all it takes to search for emails. The interface displays delivery details, current location, and the processing outcome, indicating whether the email was deemed spam and moved to junk or considered legitimate.

Abnormal Security's full-spectrum email attack detection has proven effective in protecting us against various threats, including credential phishing, invoice fraud, extortion attempts, and name impersonation. On rare occasions where emails slip through the cracks, reporting them leads to swift remediation within two hours, accompanied by training updates to prevent similar occurrences. I haven't encountered similar emails after submitting reports.

It is important that threats can be detected in cloud collaboration applications such as Slack Teams and Zoom. Anything that will help protect our organization is valuable.

The Proof of Concept for Abnormal Security demonstrated its effectiveness by catching threats that Mimecast missed.

Its AI and machine learning expand the range of email attacks it can stop, while also reducing false positives. We had significant issues with our previous provider, Mimecast, experiencing numerous false positives reported by various teams. When I suggested that the system should be smarter, the response was usually dismissive. Thankfully, I don't encounter this issue with Abnormal Security. The biggest example I can give involves impersonation attacks. With Mimecast, any new employee creating an account on Thursday and then receiving emails from our recruiting team on the same day would trigger an impersonation alert, despite the recruiting team having prior interactions with that person. Abnormal Security, however, recognizes that the new account was recently created, the older account has a history of sending emails, and there was prior communication between the two accounts, accurately concluding that this is not an impersonation attempt. While we could potentially collect flight data to further solidify this, Abnormal Security's intelligence allows it to understand that such activity from a new employee is legitimate. We haven't experienced any false positives or false negatives with Abnormal Security.

The AI and machine learning capabilities have helped reduce the number of attacks that get through.

We have another solution that we placed in front of Abnormal Security for added security and we found that Abnormal Security is catching emails that were phishing extortion invoice fraud that the other solution didn't recognize as a threat.

Abnormal Security has reduced the amount of time our team spends on email incidents by a minimum of four to five hours per week.

It helped reduce the cost of redundant security email gateway solutions.

Previously, our solution lacked warnings about potential security issues. Abnormal Security, however, has identified a couple of instances where it flagged suspicious activity. For example, it might alert us that someone's account seems compromised and suggest taking action. If we don't intervene, Abnormal Security will automatically handle the situation. Importantly, these alerts provide valuable insights we never had before, such as identifying VPN usage. This increased visibility significantly enhances our security posture.

The features that appeal to me most are the combination of auto-remediation and Detection 360. The latter allows us to submit emails that seem to have been missed by the system. Within a few hours, a human expert reviews the submission and determines if it represents a missed attack. If so, they explain why it went undetected and then automatically remediate the issue. Additionally, the submitted email is used to train the AI, improving its ability to detect similar threats in the future.

One feature I'd love to see is outbound scanning. Currently, the system detects malicious outbound messages originating from my end. For example, if someone hacks into an account on my network and sends a malicious file to one of our clients, Abnormal Security alerts me about the message, but it doesn't prevent it from being sent. I'd like the ability to prevent such occurrences in the future.

I have been using Abnormal Security for three months.

Abnormal Security has been stable with zero issues.

Scaling Abnormal Security is not a problem.

Their technical support is incredibly fast and provides detailed responses, which is rare in my experience. Often, support representatives try to close tickets quickly and move on, which is understandable. However, I appreciate receiving thorough explanations, especially for complex issues like Detection 360.

For example, with Detection 360, they might say: "The most recent attack has been contained, and we've implemented a new feature to detect similar messages in the future. Business attacks occurred due to a gap in sender and recipient frequency analysis. To address this, we'll be incorporating a new general model."

This kind of information is valuable because it explains the problem and the solution. Similarly, if we have questions about phishing campaigns, they provide clear answers. For example, if we wanted to run a phishing campaign, Abnormal Security would already know it was a campaign based on our settings and would allow us to continue, which is unlike Mimecast and the other solutions I am aware of that would require digging deep through the settings and do test after test.

Positive

Previously, we relied on Mimecast for email security, but we found their product underperforming and their account team unhelpful. The support staff lacked expertise, leaving us vulnerable to phishing attempts and impersonations. We would receive phishing emails from scammers claiming to be the CEO of the company requesting gift cards, and some employees unfortunately fell victim. The need for robust email security, encompassing both phishing and malicious link protection, prompted us to switch to Abnormal Security.

Mimecast is so much of a problem that I have blocked its domain in Abnormal Security from emailing me.

Abnormal Security is the easiest solution I have ever deployed. Integrating Abnormal Security via the API is simple. I would be comfortable allowing a junior member of my team to deploy the solution.

The deployment took one minute to complete and required one person.

We implemented Abnormal Security with the help of one of their engineers on a call who walked us through the steps. After the deployment we continued to have regular weekly calls to check in and see how things were running and if we had any questions or concerns.

The pricing appears fair, and they demonstrate a genuine willingness to work with us on it. The media and entertainment industry has been impacted by recent strikes. They were quite understanding of our unique situation, given the significant impact on our industry, and they're always open to discussing how they can tailor their pricing to suit our needs. We feel a positive connection with them, and the feeling seems mutual. So, while pricing isn't typically a major hurdle, they are always looking at ways to further collaborate to make this work for both parties.

I would rate Abnormal Security nine out of ten.

Minimal maintenance is required.

While some may have concerns about Abnormal Security's relative newness, I'm curious what specific aspects of its youth are causing apprehension. The product is demonstrably performing well for our needs, and I'd encourage those with reservations to consider trying it firsthand. If not, I'm happy to move on from the discussion unless they're open to a hands-on evaluation. I'm always transparent about my experience with Mimecast and other solutions we explored before choosing Abnormal Security. Ultimately, as long as a product delivers results, its age shouldn't be the primary factor in our decision-making.

It's worth checking the Abnormal app store for potential integrations with other platforms your organization already uses, such as Teams, Slack, Zoom, Microsoft 365, Okta, or CrowdStrike. During the proof-of-concept, if Abnormal Security identifies existing integrations with these tools, it can further enhance its functionality.

I use Abnormal Security to enhance my email and identity security. It helps prevent phishing, business email compromises, and user account takeovers. 

What I like about Abnormal Security is that it notifies me if any of my partners or suppliers are experiencing a security breach by analyzing their database and identifying potential cyber threats.

While Abnormal Security excels in features and capabilities for email security, there could be room for improvement in enhancing integration with other cybersecurity tools. Better integration would facilitate automation, logging, and coordination with various security measures.

I have been working with Abnormal Security for two years.

Overall, Abnormal Security is a stable product and I would rate the stability as an eight out of ten. While there are a few identified bugs, they are not significant enough to compromise security. However, there may be some issues with the console features, as they may not always provide the necessary information seamlessly.

We have approximately 15,000 end users of the product.

We switched from Microsoft email security due to Abnormal's superior capability in filtering out negative emails, providing enhanced security for our communication.

The initial installation is quite simple.

Abnormal Security is not overly expensive. I would say it is worth the money.

Our company chose Abnormal Security over other options because it is an advanced tool, especially in comparison to other products. It outperforms competitors like Proofpoint in detecting fraudulent, spam, and malicious emails. The use of machine learning sets Abnormal Security apart, making it more effective in identifying various types of harmful emails.

I would strongly recommend using Abnormal Security. I would rate the product as a nine out of ten. While it excels in functionality and effectively filters out bad emails, it is not a perfect ten due to identified bugs in the console and integration issues with other tools. Overall, it is a highly effective security solution.

Our main goal is to use Abnormal Security as an additional shield against the increasingly advanced email threats targeting our organization. During our implementation, we've discovered additional benefits. Firstly, it dramatically reduces the time needed for investigations, giving our IT team more efficient access to search and discovery tools than our current system provides. Secondly, it empowers both our threat-hunting and incident response teams, especially frontline responders. This allows them to access crucial data points directly, without always needing to wait for escalations.

The biggest challenge we faced was sophisticated business email compromise attacks. These targeted our customers or vendors, with attackers gaining access to their legitimate email systems and impersonating users to send emails to our enterprise. Our existing security tools were ineffective at detecting this traffic, as it originated from legitimate mail servers and mailboxes of people we regularly communicate with. Traditional security analysis didn't have enough telemetry to detect the anomalies. We needed a solution to differentiate between genuine interactions with our customers and vendors and those disguised as them by attackers who had hijacked their mailboxes. This was the primary use case for Abnormal Security, and it's proven highly effective in addressing this challenge.

I'm impressed with their API architecture. One of the main reasons is its invisibility to threat actors trying to launch attacks. Unlike our traditional email security tools in the SEG, which attackers can easily detect before they even start emailing us, the API remains hidden until they've already begun their attack. This gives us valuable early visibility via the API, allowing us to easily pipe that data to other tools and stop advanced attacks more effectively. The improved visibility into our email infrastructure also benefits our IT teams. Using the API integration, they can now remediate issues in minutes, whereas before it could take hours. Previously, identifying an inbound cyber attack meant bouncing between several tools: one to identify the attack, another to track affected emails, and yet another to quarantine them. Abnormal's APIs streamline this process. With a single search, an IT technician can identify users who received the emails, track who clicked on them, see where the emails are located, and even delete them from everyone's inbox directly. This has drastically reduced our investigation and response time for phishing and BEC attacks, from hours to mere minutes.

Compared to many other vendors we considered, Abnormal Security stands out in its ability to detect the full spectrum of email threats. While our existing Secure Email Gateway handles traditional threats like spam and malware quite well, it often misses more sophisticated attacks. The SEG relies on static indicators like email flags, suspicious file hashes, or mass recipient lists. We can easily identify and filter out emails matching these criteria, but they do little to stop targeted attacks. Here's where Abnormal Security shines. Their anomaly detection engine excels at recognizing one-off attacks, including those where a threat actor infiltrates a vendor's mailbox and manipulates payment instructions or redirects transactions. Abnormal identifies these anomalies using behavioral analysis, effectively catching threats that traditional static methods typically miss.

The two main benefits Abnormal Security offers us are its ease of use and its powerful search capabilities. These features empower our internal teams to get more involved in the response process, helping us track down threats efficiently. Additionally, Abnormal's ability to stop advanced attacks significantly reduces our security team's workload. Security teams are consistently stretched thin, so minimizing wasted effort chasing false alarms is crucial. By keeping harmful emails out of user inboxes, Abnormal allows us to focus on other priorities. In summary, our primary gains from Abnormal are its effectiveness in blocking attacks and its ability to empower our internal teams, ultimately strengthening our overall security posture.

Abnormal Security's AI and machine learning capabilities significantly expand the range of email attacks they can block. This is crucial to optimizing their product's performance for us. Specifically, their ability to leverage AI indicators and extensive email telemetry is critical for stopping advanced threats, like compromised mailboxes sending disguised emails. Traditional methods often fall short in such scenarios. Our primary concern is identifying emails sent by a threat actor posing as a legitimate mailbox owner. AI-powered anomaly detection proves virtually indispensable in discerning the true sender's identity. Abnormal Security has identified and prevented several such sophisticated attacks in our own experience. One remarkable example involved a vendor's seemingly legitimate email flagged as suspicious by Abnormal. Initially dismissed as a false positive by our first responders, a deeper analysis of the email's telemetry revealed subtle anomalies. The email's sudden shift to a professional tone, unlike the typically casual communication with this vendor, was one such anomaly. As it turned out, Abnormal's suspicions were correct – the vendor's account had been compromised. This instance highlights the unparalleled effectiveness of AI in detecting sophisticated email threats. By focusing on abnormalities in email behavior, AI can uncover hidden dangers that might otherwise elude traditional security measures.

The deployment of AI has significantly reduced the number of internal attacks we encounter, and it has even extended its benefits beyond our perimeter. We've proactively alerted several customers and vendors about potential compromises before they even realized their systems were under attack. This proactive approach has been well-received, with many recipients expressing their appreciation for our timely intervention. Within our organization, AI has dramatically streamlined our security operations by automating the analysis of sophisticated attacks, freeing up valuable time and resources for our security teams.

Abnormal Security has dramatically reduced the time our team spends resolving email incidents. What used to consume hours or even days, depending on the attack and response complexity is now handled within minutes, often by less experienced team members. This has significantly improved our efficiency and freed up valuable time for other security tasks.

Although no product can eliminate attacks, we've been pleasantly surprised by the effectiveness of Abnormal Security. Initially, when we approached them with our use case and problem, we'd have been happy with a much lower catch rate. Stopping even a significant number of attacks would have been a success. But the actual results have been incredibly impressive. While some attacks still slip through, the features in Abnormal allow us to feed those cases back into their system. This feedback fuels the AI's learning process, helping it avoid repeating the same mistakes. Interestingly, the attacks that remain undetected are often difficult to define even for human analysts. They involve subtle cues that would be challenging for any AI to spot in the specific contexts we've encountered. One example involved a new customer with whom we had exchanged only a handful of emails. While this customer's account became compromised, the attacker wasn't the usual contact person. Since the AI had only profiled the communication style of the usual contact, the malicious email appeared normal compared to that limited baseline. In such cases, where the AI lacks sufficient data, even exceptional systems can be caught off guard. While no product is perfect, we're highly impressed by Abnormal's speed and efficiency in catching attacks. They've dramatically reduced the workload on our help desk compared to the past, with the results being clear and measurable.

Compared to our old solutions, Abnormal Security's incident response is like night and day. With our previous SEG, identifying and remediating a suspicious email was a cumbersome process. We'd flag the email, then jump through hoops to figure out who received it and if anyone clicked on it. With different modules and separate views, it was a mess. Once we confirmed the threat, another system hunt began, pulling emails from user inboxes. It was slow, fragmented, and frustrating. Abnormal is a breath of fresh air. If we spot a threat alert on the dashboard, we simply click on it to see all recipients, where the email sits, and who interacted with it. And then, the holy grail – a single button. Click 'Remediate', and those emails vanish from user inboxes, instantly neutralized. Just a button click from issue detection to resolution in seconds. All from one screen. That's the transformative power of Abnormal Security. Something our old solutions couldn't dream of.

Ease of use is undoubtedly one of the most valuable features of Abnormal Security. Its intuitive interface requires minimal training for our IT staff to extract significant value. It was practically plug-and-play, with minimal configuration needed on our end. The product itself has limited configuration options, as it leverages pre-built back-end tooling and algorithms to work its magic. This streamlined design makes it ridiculously easy to use and set up. Moreover, the Abnormal team provides phenomenal support whenever we encounter any issues, far exceeding the support we receive from many of our other tech vendors.

The biggest pain point for us is the lack of support for on-premise email systems. This would be a game-changer for our team. I haven't identified any other major areas for improvement. The platform is already streamlined and user-friendly for our users. Ideally, we would love to manage everything within the Abnormal console. It already addresses all the pain points our internal groups identified with our old SEG tooling. From our perspective, the main area for improvement would be adding support for on-premise email systems. If Abnormal offered such functionality, we wouldn't need any additional external tools.

I have been using Abnormal Security for almost two years.

Abnormal Security is stable. We have not encountered any downtime or issues that impact performance.

Abnormal Security offers excellent scalability, making it ideal for environments of various sizes. Our main enterprise setup with 12,000 mailboxes, operates seamlessly. Additionally, when we acquire smaller companies with, say, just 50 mailboxes, we can easily integrate them as subtenants, granting them immediate access. Regardless of the mailbox count, be it 50 or 10,000, Abnormal Security scales effortlessly to accommodate their needs.

Abnormal's technical support is incredibly responsive when we encounter issues. We first used them shortly after our initial deployment when we hit a snag with an email we thought should have been blocked. It was just a single email, and they resolved the issue within five minutes. They promptly stopped another attack just a few minutes later. Their response times are truly impressive, and they avoid unnecessary back-and-forth communication. Unlike many tech support teams who spend long periods gathering information before handing things off to another technician for a callback, Abnormal takes ownership and resolves issues swiftly. We always feel heard and valued when we contact them. They get it right, and they get it done quickly.

Positive

Before adopting Abnormal Security, we relied on Microsoft Office 365's security suite, including Defender and Exchange Online Protection, along with Mimecast Secure Email Gateway. However, these traditional tools proved ineffective against advanced attacks that slipped through the cracks. This vulnerability prompted us to seek a more robust solution, leading us to Abnormal Security. The rationale behind this shift was twofold. Firstly, we needed a tool capable of intercepting the sophisticated threats bypassing our existing defenses, attacks with severe financial repercussions if successful. Secondly, we aimed to minimize the operational burden on our IT and security teams. By deploying an automated platform capable of handling routine incident detection and containment, we could refocus our personnel on higher-level tasks.

We've implemented Abnormal Security for our main enterprise and a few of our acquired companies that already had cloud email systems. The process is incredibly user-friendly. Authorization involves only two clicks once their support team sends the necessary links for adding them to our enterprise tenants. It's a breeze to set up and eliminates the substantial configuration work required by traditional SEGs, which surprised us greatly. We're glad to be free from policy creation, allowlist, and blocklist maintenance, and even bypass configurations for SPF headers. The tool's elegance lies in its automated backend processes, eliminating the need for manual allowlist/blocklist adjustments, as the technology intelligently manages these aspects.

Integrating Abnormal Security through their API was incredibly straightforward. It took only two clicks! We've even combined it with one of our existing security platforms, and that too was just a single click within each platform thanks to the well-designed API. Honestly, it's one of the simplest security product deployments I've ever experienced in our company.

Only one IT team member, possessing the necessary permissions, could deploy the change.

The implementation was completed in-house with the help of Abnormal's deployment team.

Overall, we'd certainly prefer lower pricing, but Abnormal Security doesn't seem unreasonable compared to similar offerings in the market. Notably, if we replaced our Mimecast email protection with Abnormal Security, we'd save money. Given their strong features and competitive pricing, I believe they're well-positioned. While I understand the appeal of lower prices, I think Abnormal's current pricing is fair for what they offer.

While evaluating solutions back then, Abnormal Security stood out with its advanced AI capabilities in the email security space. While a few other players existed, none matched their level of sophistication. Today, there are new contenders like Avanan. We did consider Proofpoint, impressed by their AI initiatives and user-centric approach. However, similar to Mimecast, they seemed adept at catching signature-based threats but struggled with advanced business email compromise attempts. During our Abnormal Security proof-of-concept, the detections lit up like a Christmas tree, highlighting their effectiveness against these sophisticated attacks.

I would rate Abnormal Security a ten out of ten.

It is not that important that Abnormal Security can detect threats in cloud collaboration applications because we are a Microsoft team shop so we are not using a lot of the other collaboration tools. So exploring new frontiers isn't a high priority for us right now. While I'm curious to see what innovations emerge in that space, it's not something we're actively looking to deploy at this time.

While Abnormal Security offers strong capabilities, it hasn't eliminated the need for our existing secure email gateway solution entirely. Our situation is unique due to our merger and acquisition activity. We initially hoped Abnormal could replace our SEG and reduce costs. In terms of features and performance, it outperforms our current solution for specific tasks. However, we couldn't fully switch because our existing SEG provides crucial protection for both on-premise and cloud-based emails. In our acquisition scenario, Abnormal wouldn't immediately protect acquired companies using non-cloud email systems. The migration process would be lengthy, delaying security coverage. Conversely, our current SEG allows us to quickly add protection by simply repointing DNS records, offering immediate security for acquired companies within an hour. Therefore, while Abnormal is a compelling alternative, it doesn't address our specific on-premise email needs due to their current product offerings. If not for this factor, we would readily consider migrating entirely to Abnormal Security.

Although Abnormal Security has delivered cost savings in managing account takeover incidents, the key driver behind its implementation wasn't cost reduction. We didn't have a separate solution focused solely on account takeover before, so Abnormal filled a critical gap in our security posture.

While the platform itself requires no active maintenance, it's still essential to provide some basic care. This involves regularly reviewing audit logs and threat dashboards to ensure their continued functionality. The key difference compared to other platforms lies in the lack of constant updates. Unlike systems plagued by frequent firmware updates, signature refreshes, and hash revisions, this one quietly hums in the background, needing only oversight to confirm its smooth operation.

Our initial internal debate about Abnormal Security's maturity stemmed from the specific problem we wanted to solve by adopting their platform. Our threat actors are highly sophisticated and constantly evolving their tactics, outpacing traditional security solutions. While classic methods are excellent for known threats with established patterns (think signatures based on 20 years of historical data), they struggle to keep up with rapidly changing attackers. This is where AI-powered solutions like Abnormal shine. The significant advancements in AI have only recently matured enough to meaningfully impact security, and companies like Abnormal, focused on cutting-edge solutions, can't boast long-standing track records because the technology itself is barely five years old. So, for those facing novel, bleeding-edge threats, partnering with a provider like Abnormal, operating in the same bleeding-edge space as the attackers, becomes crucial. Our initial hesitation about Abnormal seems rather silly in retrospect, especially considering we only planned to use it as an initial augmentation to our existing defenses. My advice for anyone with similar doubts is to, clearly define what they need to protect and they will realize that tackling cutting-edge problems requires solutions that meet their opponents on their bleeding-edge turf.