Abnormal Cloud Email Security Platform takes a data-science approach and leverages API-based integrations to stop targeted attacks. It combines three key features: an identity model, a relationship graph and content analysis. These methods help create a high-confidence decision engine to reduce the number of false positives.

The cloud platform integrates directly with cloud email platforms using APIs. That way, email platforms work with or without an email gateway in place and offer visibility into the internal email functionality. The API-based architecture allows Abnormal Security to integrate within minutes without an MX record change and enables time-of-delivery blocking as well as post-delivery remediation. Visibility is improved through the analyses of inbound, outbound and internal email communications.

The abnormal behavior technology is a triangulation of three concepts that drive high confidence in detection and eliminates many false positives: federal identity; baseline behaviors; and content analysis. A data-science approach, composite analysis and attack-agnostic nature give this solution a distinct competitive advantage because it derives analytical conclusions from a robust big picture and detects unknown threats.

To understanding user behavior, Abnormal Security builds robust, stateful models of both internal and external identities. Internally, it collects data on everything from directory information to application usage. Abnormal Security also has a unique approach to relationship analysis. By deciphering communication email tones, artificial intelligence determines the strength of a relationship between two correspondents. Abnormal Security leverages machine learning technology to detect anomalous behavior and flag emails as suspicious.

Email content inspection is granular and runs the content through deep URL analysis, computer vision analysis, natural language processing and cross-references threat intelligence. Auto-remediation moves a malicious email from the inbox into the junk folder as soon as it is detected. 

Administrators can see items like attack score, analysis overview and content analysis. This information helps determine with high confidence that an email is malicious or otherwise compromised. There are several widgets on the dashboard with robust drilldown capabilities, but there are also some aspects we found cumbersome and would recommend adjusting, like the small text and plain design. We would have liked the ability to search threat intelligence more in depth. However, the dashboard provides a lot of information.

Pricing includes SaaS Service with 24/7 support and a technical account manager.

Tested by Matthew Hreben