Abnormal Security - Experts & Thought Leaders

Abnormal Security, the pioneer in AI-native human behaviour security, announced it has been recognised as a pioneer in the first-ever Gartner® Magic Quadrant™ for Email Security Platforms. A complimentary version of the full report can be found. Gartner evaluated 14 vendors across the email security market and placed Abnormal in the Leaders Quadrant. They feel this placement recognises Abnormal for excelling in both Completeness of Vision by addressing current and future email threats, and in Ability to Execute by delivering tangible results for customers. Of all 14 vendors in the Magic Quadrant, Abnormal is positioned furthest for Completeness of Vision. Behavioural AI approach In the report, Gartner highlights that “humans are increasingly incapable of identifying social engineering attacks as large language models (LLMs) are refined for purpose by attackers.” To combat these sophisticated threats, they believe that organisations need solutions that utilise behavioural AI and natural language processing to analyse user behaviour and detect anomalies. Abnormal’s Human Behaviour AI Platform stands out in the market for its unique behavioural AI approach to stopping the full spectrum of email attacks, including sophisticated social engineering threats like business email compromise, credential phishing, and account takeover. Autonomous AI models The platform links via API to analyse thousands of signals from datasets and precisely baseline known behaviour The platform connects via API to analyse thousands of signals from multiple data sets and precisely baseline known behaviour. Autonomous AI models then enable Abnormal to detect anomalous activity and stop never-before-seen attacks with superhuman speed and accuracy. “It’s an honour to be named a Leader in the inaugural Gartner Magic Quadrant for Email Security Platforms,” said Evan Reiser, chief executive officer at Abnormal Security. Gartner Peer Insights™ Customers’ Choice Reiser added: “As organisations seek autonomous solutions to combat sophisticated email threats, Abnormal is setting the bar—using AI to protect humans better than humans can protect humans—and we believe this recognition is a testament to that. We view our Magic Quadrant position as the latest validation of our momentum as an independent, AI-driven cybersecurity company, further cementing our position among the fastest-growing security companies in history.” Abnormal’s inclusion in this Magic Quadrant follows the company’s recent recognition as a Gartner Peer Insights™ Customers’ Choice for Email Security. As of December 19th 2024, out of 263 reviews, Abnormal has a 99% Would Recommend rating and an average rating of 4.8 on Gartner Peer Insights™. Gartner's research publications Gartner's research serials consist of the views of Gartner’s study corps and should not be construed Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner's research publications consist of the opinions of Gartner’s research organisation and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. GARTNER is a registered trademark and service mark of Gartner and Magic Quadrant and Peer Insights are a registered trademark, of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. Views of Gartner Peer Insights Gartner Peer Insights content consists of the opinions of individual end-users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.

Business email compromise (BEC) attacks involve manipulating or impersonating email accounts to deceive employees, often leading to financial fraud, breaches or data loss. According to Verizon, BEC attacks doubled last year and comprised nearly 60% of all social engineering incidents. To deal with this growing frequency of BEC attacks, MSPs need advanced strategies, such as user behaviour analysis and employee training programs. Let’s look at the key BEC protection strategies for MSPs. What are BEC attacks? BEC attacks are a sophisticated form of cyber threat where malicious actors exploit email communication BEC attacks are a sophisticated form of cyber threat where malicious actors exploit and manipulate email communication within an organisation. These attacks typically target individuals with access to sensitive information or financial transactions or those in positions of authority. These scams rely on social engineering tactics like phishing attacks, domain spoofing, impersonation of executives and urgent requests. The importance of BEC protection strategies By offering robust BEC protection services, enterprises can protect their clients from the following consequences.  Financial losses One of the most immediate and significant impacts of a BEC attack is financial loss. Cybercriminals may successfully manipulate employees into making unauthorised wire transfers or redirecting funds to fraudulent accounts or other financial scams, resulting in direct monetary losses for the organisation. Victims of a BEC attack also face an increase in premiums for their cyber insurance or challenges in renewing their policies after the incident. Operational disruptions In response to a BEC attack, clients may need to temporarily shut down or restrict access to certain IT systems to conduct thorough investigations, implement security patches and remove malicious elements. This downtime can disrupt regular business operations and impact revenue. In fact, unplanned downtime costs Fortune Global 500 companies 11% of their yearly turnover — around $1.5 trillion, per Siemens. Reputational damage Diminished investor confidence impacts the ability to attract funding When clients and partners discover that an organisation has fallen victim to manipulation and deception, they question the company’s ability to conduct secure business transactions. Diminished investor confidence impacts the ability to attract funding, with publicly traded companies seeing a short-term drop in market value. Comparitech found that the share prices of compromised companies experience an average drop of 3.5% after a cyber-attack. Regulatory consequences A BEC attack leads to non-compliance with industry-specific regulations, such as HIPAA in the healthcare sector and PCI DSS in the financial industry. Regulatory authorities often have the power to impose hefty fines for non-compliance with data protection and privacy regulations.  Top four strategies for improved business email compromise protection BEC protection requires a comprehensive and multi-layered approach. Here are four key strategies to get started with BEC security: 1. Awareness and training Employees open almost 28% of emails that are BEC attacks and even reply to 15% of these emails, according to Abnormal Security. With an effective security awareness program, organisations can train employees to recognise and respond appropriately to potential BEC threats. Tailor training content to different roles within the organisation. For instance, employees with financial responsibilities, such as CFOs or accountants, should receive specialised training on recognising fraudulent financial requests. MSPs and MSSPs should train clients to look for the following signs of BEC: High-level executives asking for unusual information Requests instructing employees not to communicate with others Poor grammar, awkward phrasing or date formats that differ from the standard conventions used in their organisation Email domains and ‘Reply To’ addresses that do not match legitimate ones 2. Monitoring and alerting for anomalies Start by establishing a baseline of normal communication behaviour for customers’ employees’ email accounts and financial transactions within the organisation.  Use SaaS security software to set up automated alerting when anomalies are detected Understanding what is typical allows security systems to identify anomalies and compare activities against known indicators of compromise (IOCs), such as a sudden increase in the volume of outgoing emails or unusual attachment types. This information helps them effectively identify and respond to potential BEC threats. Use SaaS security software to set up automated alerting when anomalies are detected. Enterprises can configure these cyber security alerts to notify security teams or IT personnel, ensuring a rapid response to potential BEC attacks. 3. Multi-Factor Authentication (MFA) Implementing MFA helps mitigate the risk of unauthorised access to email accounts, even if credentials are compromised. Some MFA solutions offer adaptive authentication, which adjusts the level of security based on contextual factors. For example, if a user attempts to log in from an unknown location or device, the system requires additional authentication steps, providing adaptive protection against unauthorised access. 4. Incident response and recovery Develop a comprehensive incident response plan outlining roles, responsibilities, communication protocols and the steps to be taken, if a suspected or confirmed BEC attack occurs. Automated remediation tools play a crucial role in isolating and containing BEC threats Automated remediation tools play a crucial role in isolating and containing BEC threats. They automatically deactivate compromised email accounts, block malicious email addresses or enforce temporary restrictions on certain activities to prevent further damage. An ideal recovery plan should outline the steps to restore normal operations, following a BEC incident. These steps include: Restoring data from backups Validating the integrity of systems Implementing additional security measures to mitigate future incidents Protect against business email compromise attacks with SaaS Alerts A robust security tool like SaaS Alerts is essential for businesses to stay one step ahead of malicious actors and boost BEC protection. Here’s how SaaS Alerts helps MSPs better protect their clients: Continuous threat detection capabilities identify anomalous activities like logins from unfamiliar devices or locations, suspicious email forwards and irregular data downloads. Automated remediation triggers predefined responses automatically, such as isolating affected accounts or blocking malicious email addresses. Customised alerting and reporting features allow MSPs to customise their offering based on their client’s specific needs. This flexibility allows them to tailor the tool to each organisation’s unique characteristics and risks.

Coats is the provider of industrial thread manufacturing, with more than 17,000 employees producing enough fibre daily to stretch to the sun and back four times. The 250-year-old company has stayed at the forefront of textile innovation as demand evolved from sewing thread to healthcare PPE and carbon composite fibres for aerospace manufacturing. Coats leverages new technologies and market expertise to develop products for customers in the apparel, luggage, footwear, home and recreation, personal protection, transportation, telecommunications and energy industries. Advanced email attacks Coats—like many enterprises—faced an increase in advanced email attacks year over year. Coats had invested in Microsoft Defender for Office 365 which was effective in blocking common email attacks by leveraging rules and policies and threat intelligence. However, for advanced attacks they needed a solution like Abnormal Security that leverages a behavioural approach to detect and block never-seen-before attacks with high efficacy. Authority comment Abnormal automatically reduces threat exposure and shrinks the attack surface “We were also finding messages in quarantine that didn’t belong there and we didn’t understand why they were quarantined. The overall result was more risky messages getting through, more good messages stuck in quarantine and more time assessing why our controls weren’t stopping potentially illegitimate messages and trying to fine-tune our safelist,” said Benjamin Corll, VP of Cyber Security and Data Protection. The result was time and attention diverted from innovation and other security priorities. “Abnormal keeps our users from receiving advanced threat emails in their inbox, eliminating the risk of engaging in fraud or compromised messages. Abnormal automatically reduces our threat exposure and shrinks our attack surface,” said Helge Brummer, VP of Global Technology & Operations Finding a Defence-in-Depth “We chose Microsoft 365 to reduce our on-premises overhead, increase email system uptime and meet executives’ needs for familiar email tools,” said Albert Carreon, Head of Global Architecture. “Microsoft Defender and Exchange Online Protection handle the basic blocking and tackling on email security to filter out messages that are known to be bad.” The challenge The challenge was stopping email attacks designed without malicious links or attachments to evade basic safeguards The challenge was stopping email attacks designed without malicious links or attachments to evade basic safeguards. The number of phishing and business email compromise messages getting through left Coats vulnerable to attacks that could cause extensive damage. Coats knew it needed to layer another solution onto its Microsoft controls.  Traditional secure email gateways “We looked at traditional secure email gateways (SEGs), but their protections were similar to what Microsoft was doing,” Corll said. “We needed a powerful, modern, behaviour-based solution that was designed to work seamlessly with Microsoft. Abnormal Security’s Integrated Cloud Email Security (ICES) platform was the right choice. ICES uses ML and AI to evaluate behaviour and content,” Corll said. “Since we turned on ICES in the past year, we have not experienced a single compromised account.” Securing Email Communication Coats operates in 55 countries, supplying more than 1,000 customers Coats operates in 55 countries, supplying more than 1,000 customers who make items ranging from jeans, luggage and mattresses to firefighter gear, fibre optic cables, vehicle airbags and smartphones. Because Coats and its customers have such complex supply chains, Coats Digital developed its own agile, sustainable supply chain solution for fashion manufacturers and brands. Preventing supply chain compromise Preventing supply chain compromise is a critical component of maintaining security and trust across the Coats ecosystem. Upon implementation, Abnormal’s AI-driven VendorBase identified Coats’ 7,099 vendors and evaluated their messages for potential compromise, based on each vendor’s legitimacy, history of compromise and history of impersonation attempts at Coats and across all Abnormal customers. The behavioural analysis within VendorBase found 30 vendors at high risk, another 20 at medium risk and 33 attacks from legitimate vendor and partner accounts. Based on the results, “Abnormal showed that it’s a robust defence-in-depth solution with unparalleled vendor analysis,” Corll said.