Abnormal Security Reviews

The primary need for the product, what drove us to that product, was a need for greater email security. We had been experiencing a series of executive impersonation attacks that our current email gateway was not able to pick up. People were pretending to be an executive at our organization and trying to get people to buy gift cards or send them the codes or complete an action or something along those lines for them. We did a proof of concept with Abnormal, and it did a really good job of preventing those attacks from happening.

With Abnormal, I've gotten my weekends back. In my case, I was getting paid every weekend to do email remediation, and I was having to pull in on-call administrators. We were doing search and destroy and forward attacks. That was every single weekend basically that we were dealing with some type of attack. Usually, the attack was an executive impersonation that required us to move quickly. Once I put Abnormal in and we got it into Active Protection, it was almost like magic. Those attacks just went away.

The net result for the business is that we get to focus on more proactive things. We stopped firefighting, and we started doing things that helped us holistically improve our security posture. The automation really, really helped us focus on more important work.

The time to value was immediate. We put it into a passive mode for a month or so as part of a proof of concept. We liked what we saw. When we turned it into active mode, it was immediate.

Email is the primary attack factor on humans, and we needed something that could protect our staff.

Artificial intelligence does an incredible job of identifying an attack and auto-remediating it before it hits our users' inboxes. That for us is huge. It keeps problems from ever hitting the inbox. It's done a very good job of it.

It is giving us visibility into internal spam attacks due to its API-based architecture. It's really our primary tool for email defense. We have visibility into attacks now. We can see what's been remediated or not remediated. We've had very good and responsive tech support in the process. The fidelity has been very high. If it identifies an attack, it's very rarely wrong. It also does an incredible job of identifying compromised accounts. We don't get a lot of false positives.

The solution overall is fantastic for detecting the full spectrum of email attacks due to its API-based architecture.

The solution's AI and ML for learning employee behavior broadens the type of email attacks it can stop. It's not just looking at basic things, either. It's really taking a look at things like the address that's used in the email. It does some really cool stuff that other tools aren't doing. We found it to be really effective, and the  AI/ML functionality is really what differentiates them. It's reduced the number of attacks by maybe 60% or 70% at a minimum. It's likely higher. There was a significant drop in attacks once the solution was implemented. 

The solution's AI and ML capabilities help to eliminate the type of attacks that get through, like, credential phishing and account takeovers. A majority of attacks no longer end up in anyone's inbox. 

Overall, Abnormal Security reduces the amount of time our team spends on email incidents by maybe 60%. It's had a major impact. It's allowed us to do more proactive work. 

The solution saves time. The amount of time saved is likely at least half of a full-time employee. 

There's nothing we need to improve at this time. Their team has been great with us. Their technical teams talk to us often. We've had the opportunity to serve on advisory committees; we even had a call with the CEO of the company, asking about how the product is working for us. They have been and continue to be super attentive to our needs. As a result, I don't really have any gaps in the product as they've been listening all along the way and adjusting.

That said, the pricing for academic institutions and student mailboxes is challenging. We have a lot of vendors who, when we purchase for faculty and staff, we get student licenses for free. We typically don't have IT budgets at universities like major corporations do. It makes this product very expensive for us. In the end, we came to a fair result, however, there's room for adjustments in that licensing model.

I've been using the solution for about two years right now. In January, we will start our renewal process for the third year.

We've never had stability issues. I'd rate stability nine or ten out of ten. 

We are protecting our entire mail environment, which is Google and Microsoft. We are protecting students, faculty, and staff, and we are protecting a healthcare environment since we have a university hospital system that we are protecting. Overall, we've got over 25,000 employees and over 30,000 students.

The solution is cloud-based, so it is pretty scalable. I'd rate scalability ten out of ten.

We may expand usage in terms of product expansion. They have another product that is on our roadmap to look at. They also have some integrations with Crowdstrike that look interesting. 

Technical support is excellent. 

I've never had a vendor engaged like this. They're really passionate about improving the product, and whenever we've had an issue, we've got great support. I've never had to escalate anything. They've been great.

Positive

We use Microsoft Advanced Threat Protection. It's complimentary. Advanced Threat Protection is still in place. This sits on top of that and provides an additional layer of security. It catches a lot of things that Advanced Threat Protection does not catch. 

It was easy to integrate Abnormal Security via API. It was a lot harder to get through things like contracts and business associate agreements. The actual part of turning the tech on took less than a day.

We monitored everything in a proof of concept. We monitored the results for about a month before we turned it on and active; however, that was just a toggle. The actual part of hooking it up to our systems took a day.

We had security and mail administrators involved in the deployment. We had four people involved; however, it wasn't a massive thing. It was more just to make sure that everyone's voice was included. 

Not much maintenance is needed. We don't have to spend a lot of time on the tool to get value out of it. We use it for reporting. We use it to investigate incidents, et cetera, however, there's no hands-on maintenance due to the way that it's deployed. There's no patching or updating VMs or anything like that. That's all handled by the vendor.

I can't speak to a direct ROI. However, we did have staff time returned to us, and we have been able to focus on other initiatives around email. It has been a net positive, however, I don't have any specific statistics related to ROI.

The pricing is fair. We've worked with Abnormal on pricing as we're an educational institution and have a different makeup than a typical organization with a specific number of employees.

We chose Advanced Threat Protection from Microsoft several years prior. At the time, we also evaluated Proofpoint and chose Microsoft. We did not directly evaluate any other solutions beyond Abnormal. 

I'm a customer and end-user.

While I understand Abnormal security can detect threats in cloud collaboration applications like Slack, Teams, and Zoom, we have not expanded into that. We've used it really only for email so far. That said, I'm very interested in that. After all, with email it's been very effective for us.

If a company that's considering using Abnormal says they are concerned about it not being as mature or established as other solutions on the market, I would just tell them to do a POC. We had a remarkable POC. It's really easy to set up. You can do it in a read-only mode, and you'll get a really good idea of what the tool can or cannot do, and then you can make a good decision. I've participated in several reference calls for others in higher education who had questions about the product. I've referred multiple customers to them. It solved so many problems for me, and it allowed me to focus on more high-priority tasks.

I would absolutely recommend the product. 

I'd rate it ten out of ten. It's one of the very few products that I would not want to be ripped out of my environment. It really does solve so many problems.

Our use case was to pull malicious emails that were getting through our secure email gateway and making it to our inboxes. We were trying to shrink that footprint from a typical 85% to less than 5%.

It protects us. It's something that I can trust. I've gone from trying to get things done on a regular basis to I can set it and forget it due to the quality of the app. The platform is very trustworthy.

The most valuable aspect of the solution is the ability to pull out threats from mailboxes quickly instead of going through Microsoft's content query.

Their ability to take things out of the mailbox and catch things much faster than users is excellent. 

It is extremely efficient and quick, giving us visibility into internal spam attacks due to its API-based architecture.

The solution is great for detecting the full spectrum of email attacks.

It's important to have normal architect threats in cloud collaboration applications. My ecosystem is my ecosystem. If we are accepting just from outside of the business, and they are coming in through methods such as Slack, Teams, or Zoom, then they're absolutely a concern.

The AI and ML broaden the types of email attacks it can stop. It learns employee behavior. So far, it has helped us to reduce the number of attacks that get through. While it doesn't completely remove threats, it does bring threats down to a manageable level for small companies or small security teams.

It reduces the amount of time spent on managing threats. It also gives us a little bit more flexibility in some instances. It'll mark something as a threat, or it'll start to monitor things naturally. And then some of the integrations such as the CrowdStrike Integration, put these users on a watchlist. That way, if something strange does happen, extra scrutiny is done on those individuals to ensure that there are no account compromises or anything like that.

Abnormal helped us to reduce the cost of redundant, secure email gateway solutions. We went from Mimecast as a secure email gateway, which was a cost per year, to Microsoft's secure email gateway, which is baked into our existing Office 365, and so that was a cost savings immediately. We've saved probably about $50,000. I spent about $180,000 total for the services and tools that we had. However, then saved $50,000 for the secure email gateway, and then on top of that, I have a much, much better product that catches a lot more - which is limiting my exposure at the user level.

They misclassified extortion quite frequently, however, it still catches it. It's still a threat in some way, shape, or form. They just miscategorize it.

Adding an ideas button inside the console would be helpful. When we're working on something as engineers, and we find an idea or a method of doing something that would be greatly improved by doing it another way, there should be an ability for me to click the ideas button, type in an idea that I have, and submit it to a product review team or developers to have them think through the process a little bit more. This would also give them the ability to have instant input into the console and instant input into the services so that they would have a more agile response to providing better value to the customer.

I've been using the solution for six or seven years.

We've had zero issues with stability. Their uptime is almost 100%.

The solution is completely scalable. 

I regularly communicate with technical support. It's extremely quick. They are very accurate and thorough. They listen to my concerns, and they repeat them back to me as they understand them. They usually have some type of answer. They understand when I'm looking for something, and I'm not getting what I want.

Positive

We previously used Mimecast.

Mimecast just wasn't getting the job done. There were so many threats going into the inbox. I would spend most of my day chasing after threats.

I was involved in the initial deployment. It took more time to have introductions on the call than it did to actually do the API integration. The process was very straightforward. The first ten minutes would have been introduction and conversation, and the last four minutes would have been flow integration.

I mostly handled the setup myself. 

There is no maintenance needed on my end. 

We implemented the product with the help of Abnormal. They have a very hands-on approach.

While the solution is pricey, I get a lot of value from the services I receive. 

I'm a customer. 

I'd rate the solution nine out of ten overall. 

I would advise others to get experience with Abnormal. Do the demo. The proof is in the pudding. It's one of the very few products that works exactly as it's designed to work. The quality of the output is right there. The service speaks for itself. 

Talk to their staff and their team and look at their metrics. Then, turn on Abnormal and see what it catches. Do a side-by-side comparison.

I use Abnormal Security to enhance my email and identity security. It helps prevent phishing, business email compromises, and user account takeovers. 

What I like about Abnormal Security is that it notifies me if any of my partners or suppliers are experiencing a security breach by analyzing their database and identifying potential cyber threats.

While Abnormal Security excels in features and capabilities for email security, there could be room for improvement in enhancing integration with other cybersecurity tools. Better integration would facilitate automation, logging, and coordination with various security measures.

I have been working with Abnormal Security for two years.

Overall, Abnormal Security is a stable product and I would rate the stability as an eight out of ten. While there are a few identified bugs, they are not significant enough to compromise security. However, there may be some issues with the console features, as they may not always provide the necessary information seamlessly.

We have approximately 15,000 end users of the product.

We switched from Microsoft email security due to Abnormal's superior capability in filtering out negative emails, providing enhanced security for our communication.

The initial installation is quite simple.

Abnormal Security is not overly expensive. I would say it is worth the money.

Our company chose Abnormal Security over other options because it is an advanced tool, especially in comparison to other products. It outperforms competitors like Proofpoint in detecting fraudulent, spam, and malicious emails. The use of machine learning sets Abnormal Security apart, making it more effective in identifying various types of harmful emails.

I would strongly recommend using Abnormal Security. I would rate the product as a nine out of ten. While it excels in functionality and effectively filters out bad emails, it is not a perfect ten due to identified bugs in the console and integration issues with other tools. Overall, it is a highly effective security solution.