Abnormal Security Reviews

The main use case for Abnormal Security is as a spam filter and for mail hygiene. This use case is for the finance industry.

Abnormal Security's AI capabilities are what we like most, as they can categorize and classify the emails, and based on the context of the email, understand if it's a graymail, a bulk mail, or a phish. Some valuable insights and analytics from the dashboard include productivity-level and threat-level metrics, such as time spans and emails recalled.

Ease of use is important, and Abnormal Security's responsiveness and ability to deliver solutions when issues arise are crucial. However, there is always room for improvement, as achieving a perfect 10 means there is no more room for enhancement. For Abnormal Security, it's about leveraging AI even more, which they are already working on in their roadmap.

We have been using this product for two years.

I would rate their overall support, including account representatives, sales, and technical support, as an eight.

Positive

The integration process with Abnormal Security into our existing infrastructure was pretty easy.

We do have experience with Abnormal Security, and we are currently using it. For Abnormal Security as a product, I would say probably somewhere around a seven, as there are some other areas where they can improve to achieve a higher rating. The review rating for Abnormal Security is an 8.

We have a separate Proofpoint email gateway, so Abnormal is what we consider to be defense in depth. It catches malicious emails that our primary email gateway misses, so we're depending on Abnormal to detect them for us. It also gives us trickier stuff, like zero-day threats. 

We also use Abnormal for our abuse mailbox. Our users have a "report phishing" button in Outlook. If they get any suspicious email that they think is malicious or spammy, they can click that button and report it to Abnormal. The Abnormal abuse mailbox automatically analyzes it and responds to the user as to whether it is safe spam or malicious. If it is safe, it sends a copy of the email back to the user so they don't have to look for it in their deleted items. 

We have close to 24,000 users. Not all of those are users because a large percentage of those work mainly in Salesforce, but many mailboxes. It's also three different Microsoft tenants because we acquired or merged with other companies throughout the years. 

Abnormal helps increase the level of our email security. I would be uncomfortable if we did not have that second layer of defense. I think it's super important. Having Abnormal helps me sleep better at night by keeping an eye on the emails that Proofpoint logs in. 

The solution's AI/ML features broaden the types of email attacks it can stop by learning employee behaviors. I recently got numbers from the Proofpoint and Abnormal sides, and the fact that Abnormal was still catching so many specific types of attacks that Proofpoint missed is kind of crazy. It says that Abnormal detected almost 7,000 attacks in the past 30 days. That's a huge number of emails. 

Abnormal Security has reduced the time my team spends on those email incidents. I work on the admin side, so I'm not involved in running down the incidents on the SOC side, but we would need more people if we didn't have Abnormal automatically remediating so many of these attacks. 

I didn't even realize it was stopping this many attacks. You let it go and do its thing. That's a lot of emails, and it takes a lot of time for a person to hunt down this volume of attacks. Even if it took only half an hour per attack, that's more than a full-time employee could deal with. If we didn't have Abnormal doing this, it would take at least two FTEs. 

The solution helps reduce the costs of account takeover detection tools. We have it integrated with CrowdStrike, and Abnormal sends alerts back and forth. The integration with CrowdStrike helps us better monitor the environment and produces more alerts for the SOC to investigate. 

I like Abnormal's threat protection with auto-remediation, but I also love its abuse mailbox feature, which automatically responds to the end user. That feature has a super-valuable security component and helps improve the user experience.

I also like the dashboard. It's easy to get information. For example, when my director asked for numbers, finding all these graphs on the dashboard was great. 

We have an API setup with our automation software, so Abnormal gets alerts about spam and malicious threats. This sends alerts to our SOC, notifying them to take a closer look. From an API perspective, integration with our security automation software is extremely important to help draw attention to those sorts of things.

We've got some of those integrations set up, so it can get help from those feeds from an account takeover perspective. Abnormal can monitor many different inputs to draw attention to when an account might be compromised. We have started implementing those integrations to give Abnormal more signals to alert us about possible account takeover. We don't have it set up yet to monitor things going on in Slack or Zoom to be able to tell us when a conversation might be malicious.

Abnormal should add more automatic reports. I have an open request to our account team for more notification and report types that can be sent automatically. For example, they have an awesome report that gets sent weekly, and I also want them monthly, so I don't need to do so much adding up when my director wants numbers over time. 

The company has been using Abnormal for a couple of years, but I've only worked here since last August. 

I rate Abnormal eight out of 10 for stability. Periodically, we'll have an incident with the portal. They sent me updates about it, so I knew something was happening, but it didn't affect my daily work. Every once in a while, they have some back-end issues, but they communicate about it really well, which is something that I appreciate.

My company has acquired or merged with other companies, and it doesn't seem like Abnormal skips a beat, whereas with the Proofpoint layer, we've had issues with how it performed some upgrades to our cluster lately because we were having issues with email delays. I worry about the Proofpoint layer, not the abnormal layer. Abnormal seems to be so rock solid and scalable that I think it can handle whatever we throw at it. 

I rate Abnormal support nine out of 10. Their support has gotten better. When I started, it seemed like there were a few hiccups, but it has markedly improved in recent months. I had found a support person that I absolutely loved. She was awesome. And she got promoted, and I was like, "I know you deserve this promotion because you are great." It's the support that got me even more excited about the product. 

They're so good at following up on unusual cases and strange things that we were seeing in our environment that other customers weren't even noticing. She did a fantastic job with communication and following up with the back-end support. Since she moved on, it sometimes takes a little longer to get back to me when I open a support case. For the most part, they're still highly responsive and do a good job with communication.

Positive

They had been using Proofpoint Track, which was expensive. They were trying to save money because Abnormal has much of that same functionality. Also, I think it's a good idea to have two different vendors. Each has different threat intel that they can base their catches on. We can save money and get that defense in-depth because there were things the main email gateway was missing. 

It only takes one malicious email that one user interacts with incorrectly to cause company-wide problems, so it's critical to have this area locked down as much as possible. At the last place I worked, we had the same kind of setup where we had an email gateway and a separate second layer. What I like about Abnormal is that it does a great job of automatically detecting and remediating threats. 

I wasn't here when Abnormal was deployed, but I've been told that it was quick and easy. According to the story I heard, they were planning to renew Track before they realized how much it cost. Abnormal was easy enough to integrate with low configuration requirements that they could get it done within a couple of weeks, which is almost unheard of for tools here.

After deployment, the solution doesn't require much maintenance so far, but it will as they add more integrations. That is something I will be spending more time and energy on. Periodically, I need to add something to the safe list, but I don't spend as much time as I did on Proofpoint because Abnormal doesn't have as many false positives. 

I can't put numbers to it, but our current environment needs to trim the budget as much as possible, and Abnormal has proven itself to offer such good value that no one has even mentioned not renewing it. It's considered an invaluable piece of our security fabric here, so it's such a good return on investment that even cost-cutters aren't looking to cut its cost.

It's cheaper than Proofpoint Track, the product Abnormal replaced. It saved us tens of thousands of dollars plus the cost of paying people to manually run down all of these malicious emails. 

Abnormal is cost-efficient for what it does, and it's getting better. They're now adding many new integration types, so we'll expand the scope of what it can do for account takeover. They've also got a new threat intel piece that's available that they're continuing to add functionality to. It was cost-effective when implemented, but they are working to make it a better value.

I rate Abnormal Security 10 out of 10. If someone had doubts about Abnormal's maturity, I would reassure them that it has been rock solid in my experience. They are continuing to build more into the product all the time, and if it's missing a specific feature, then it will probably happen because it's not a static product. 

While some products take a long time to build, Abnormal keeps things moving. They seem to have an excellent sprint cycle, with a solid focus on constant improvement. It would depend on what specifically they are looking for. To me, it acts like a mature product compared to other systems like this that I've used in the past.

We use Abnormal Security for blocking spam and email threats in a medium-sized manufacturing environment.

Abnormal Security is valuable because it features an automated scoring tool that doesn't require much intervention from our team. It enhances threat detection capabilities by making the process automated and is easy to scale to our entire environment. 

Additionally, it protects us from being business email compromised, which is invaluable for maintaining our security.

There could be more selectable options and more granular selections available.

I have had experience with Abnormal Security for a few years.

The stability of Abnormal Security is excellent. I rate it a ten out of ten with no issues encountered.

The solution is easy to scale across our entire environment, and I would rate it a ten out of ten for scalability.

I rate customer support a nine out of ten. They have been prompt in responding and are knowledgeable.

Positive

We switched to Abnormal Security from a previous solution due to its processing and ease of use.

The initial setup for Abnormal Security was straightforward and easy.

It was myself and one other person, an enterprise manager, who handled the deployment.

The return on investment is seen in the security it provides, preventing business email compromise, which is invaluable.

I find the pricing to be favorable, but I did not disclose the exact cost.

I do not wish to discuss other solutions.

I would recommend Abnormal Security. Overall, I rate it a ten out of ten.

We use Abnormal Security for our email protection in addition to Microsoft 365. Previously, we relied on another provider for many years to scan emails for malicious content, viruses, and spam. However, with the increasing sophistication of email attacks, our old provider simply couldn't keep up. Their system involved rerouting our emails to them for scanning before delivery to Microsoft 365. This approach proved ineffective, particularly for attacks like CEO impersonation emails or simple text messages requesting personal information. These attacks didn't contain any traditional malicious attachments.

Abnormal Security serves several key functions for us. Primarily, it excels at detecting malicious content. Additionally, it effectively isolates spam, preventing it from cluttering our inboxes. For legitimate but unwanted emails, such as newsletters, it creates a dedicated "Promotions" folder, keeping our inboxes organized. These are the main reasons we appreciate Abnormal Security.

Abnormal Security Portal Provides Comprehensive Email Security Management. We have access to a web portal provided by Abnormal Security. This portal grants us complete visibility into how Abnormal Security analyzes our incoming email. We can see everything it catches, how it classifies the emails as malicious, legitimate, etc., and the reasoning behind the classification. The portal is well-organized with dedicated sections for different threat types. We can easily identify account takeover attempts, vendor fraud attempts, and other threats. A particularly valuable feature is the search and respond functionality. In the past, we've encountered situations where employees accidentally sent out sensitive information or messages that shouldn't have been distributed. The portal allows us to quickly locate these emails and remove them from everyone's inbox, including deleted items. This ensures the emails vanish completely and never reach the intended recipients. Furthermore, the portal empowers us to manage our email security preferences. We can whitelist trusted senders and create custom blocklists for unwanted emails, providing a high level of control over our email environment.

While Abnormal Security has been effective in detecting a wide range of email threats, some emails have slipped through. To address this, we've educated our users. If they suspect spam, phishing, or an unusual email, they can report it directly through the "Report" button in Outlook which forwards to Abnormal, or by forwarding it to the "phishing" email address. This triggers a deeper analysis by Abnormal to identify any missed threats. According to our year-long data, users have submitted over 1,500 emails from 121 employees. Abnormal identified 4 percent as malicious and 9 percent as spam, with the remaining 87 percent deemed safe. These statistics indicate that Abnormal doesn't catch everything. However, by fostering a user base that remains vigilant and reports suspicious emails, we can leverage Abnormal's deep analysis to further enhance our email security.

During the pilot period, Abnormal Security's benefits became clear. We encountered an ongoing account takeover that we were initially unaware of. However, as Abnormal Security ran, it helped us organize and identify threats effectively. Feedback from the field has been very positive compared to our previous vendor. With our previous vendor, we received four daily emails notifying users about quarantined emails. These notifications cluttered inboxes and created confusion. There were instances where legitimate malware was quarantined, but the user received a message like "This email was quarantined for you. Do you want to investigate or recover it?" Unaware of the potential threat, some users might release the email, believing it to be a false positive. This could lead to compromising their credentials or infecting their computer. Abnormal Security takes a different approach. They automatically hide suspicious emails, preventing them from reaching user inboxes. This eliminates confusion and protects users from inadvertently engaging with malicious content.

We encounter AI in various ways. For example, it can be involved in filtering emails. For example, if I am receiving an email in my inbox that I prefer not to see there every day. I might move it to my promotions folder. Conversely, an email might land in promotions that I want to see in my inbox, perhaps because it's considered graymail. In that case, I can move it back to my inbox. The AI can learn from my actions and apply those preferences in the future. AI also plays a crucial role in defending against certain cyberattacks. Traditional methods might not be sufficient to catch these threats. AI can analyze incoming emails for a multitude of factors, performing a kind of predictive analysis on potential threats. These factors might include a sense of urgency in the email's tone, an email supposedly from the CEO but with an unrecognized sender address, or a domain that's a month old. Humans might not readily pick up on such red flags, but AI can effectively identify them.

My colleagues tell me that since we implemented this change, the number of attacks has decreased. I can confirm this by checking the dashboard, which shows the current attack volume. Even more importantly, by filtering out greymail into a promotions folder, everyone saves time by not having to sort through irrelevant emails in their inboxes.

There have been fewer IT tickets lately concerning suspicious activity. People used to report things like clicking on something malicious or questioning if an email was spam. Now, if something seems abnormal, it's sent directly to the Abnormal activity queue. Previously, we'd receive frequent reports about things like fake CEO emails or phishing attempts, but those types of tickets are becoming rare in our help desk.

Previously, we used a much more affordable email security solution. While Abnormal Security costs more, it outperforms or at least matches the capabilities of its competitors. We trialed Barracuda, but their pricing was prohibitive. Even if they lowered their prices now, I wouldn't consider them. Mimecast and Proofpoint, the other options we explored, were priced similarly. However, Abnormal's setup is significantly easier to use. While the initial configuration involves integrating it with our Microsoft 365 environment, Abnormal's day-to-day operation, configuration, and fine-tuning are much simpler compared to the other products.

The ideal scenario would be for Abnormal Security to work in tandem with Microsoft to analyze incoming emails. This means Abnormal Security would assess emails before they reach my inbox, even if it happens slightly after Microsoft's initial scan. Currently, the process isn't seamless. Microsoft analyzes emails and delivers legitimate ones to my inbox. Abnormal Security then scans these delivered emails, and if flagged as malicious, they disappear. This creates a problem for our ticketing system mailbox, which is a third-party service. Emails sent to the ticketing system address are automatically forwarded by Microsoft. However, if these emails are malicious, Abnormal Security only cleans them from my Outlook mailbox after they've been forwarded. Since we primarily rely on the ticketing system and not the Outlook mailbox, these malicious emails still reach the ticketing system.

I have been using Abnormal Security for eleven months.

I have never encountered any stability issues with Abnormal.

I don't know what would happen if we throw thousands of more users to Abnormal. However, based on our current usage and what we've observed with larger customers, there's likely no immediate issue. Abnormal seems to scale well for moderate growth. While substantial growth isn't on the horizon for us, it's worth considering scalability further down the line.

The technical support speed has been fantastic. They're very responsive. I usually get a same-day response on any tickets I submit. The representatives are knowledgeable and helpful, and they always jump right on any issues I bring to their attention. Overall, I haven't experienced any long wait times for support, although thankfully, nothing major has required fixing.

Positive

In the past, we utilized Mailroute for our email security. We simply configured our MX records to point to their servers. These servers would then collect and analyze our incoming emails for any threats. Only after deeming them safe would Mailroute forward the emails to our chosen provider, such as Microsoft or another service. We relied on Mailroute during the time we hosted our email on Exchange, before migrating to Microsoft 365. After a long-standing relationship of 15 years, we ultimately decided to switch to a different security solution.

The initial deployment was very easy. All I had to do was access the Abnormal service through the provided URL. It then requested my global administrator credentials for our Microsoft 365 environment, which I granted. This initial step simply integrated Abnormal with our 365 environment. After that, we configured the settings to determine what kind of alerts we wanted to receive. There were a few things that potentially needed to be done beforehand, such as setting up IT login access and establishing a process for handling the "abuse" mailbox and account takeovers. For account takeovers, we could choose to have Abnormal automatically remediate and lock out the user, or we could have it send an email notification to IT for manual intervention. All these configurations were done through simple checkboxes, which we reviewed with an Abnormal technician during our initial call. By following these steps, we were up and running within an hour.

It was super easy to integrate Abnormal via the API.

Barracuda offered a similar security solution, but with all the features we wanted, the cost came out to around $170,000. Abnormal Security, on the other hand, provides the same level of functionality for just over $60,000 – that's half the price! I'm getting even more value from Abnormal Security than I would have from Barracuda.

Last year, we explored alternative solutions. We evaluated Proofpoint, Barracuda, and Mimecast. All three offered API integration with our Microsoft 365 environment, enabling them to detect these types of threats. We piloted Barracuda but found it cost-prohibitive. While Proofpoint was appealing, we weren't impressed, and Mimecast proved overly complex to set up. Consequently, we stuck with our existing provider for another year.

Abnormal Security entered the picture later. We evaluated them and conducted a pilot program. Impressively, within a day of initiating the pilot, they identified a compromised account. Normally, they wouldn't reveal such findings until the pilot's conclusion. However, the urgency warranted immediate notification. They discovered that someone was accessing a low-level account from a location outside the user's usual login area in New York. This incident, coupled with Abnormal Security's overall capabilities, convinced us to switch providers.

I would rate Abnormal Security ten out of ten.

The previous solution had significant limitations. It functioned like a basic antivirus program from the 1990s. It would simply scan a file and determine if it was malicious or not. It lacked any context about the file or the sender. Abnormal Security takes a completely different approach. By integrating with our Microsoft 365 environment through an API, Abnormal Security understands our organization and communication patterns. It can identify important individuals and prioritize emails from them. This helps to prevent fraud attempts where someone might impersonate a VIP by using a spoofed email address. Abnormal Security goes beyond just checking attachments for malware. It analyzes various aspects of emails, including the sender's domain age, the language used, and other key factors. These elements are then factored into an algorithm that determines whether an email is malicious or legitimate. In contrast, the previous solution only focused on attachments. It didn't analyze the email content, sender identity, or any other contextual information. This made it vulnerable to phishing attacks and other email-borne threats.

This system is maintenance-free after deployment. It functions independently, even if I don't actively monitor it. Once deployed in our environment, it automatically adds new users to the portal and scans them. There's no need for further manual adjustments. While I only receive weekly reports outlining the number of attacks, actions taken, and breakdowns in graphs and percentages including most at-risk users, impersonation attempts, etc., the system itself operates autonomously.

There's very little setup involved with Abnormal. The installation and configuration process is virtually seamless. However, there's one key thing to keep in mind: make sure your email environment is clean before onboarding. This means having an accurate user count and keeping your mailboxes free of unnecessary data. Abnormal charges per user mailbox, so it's important to avoid migrating junk or accounts of terminated employees. These will inflate your bill unnecessarily. Beyond that, there's not much preparation needed for new users. Abnormal is a great product! One potential snag to consider is Abnormal's ticketing system integration. As of now, it doesn't directly integrate with Microsoft ticketing systems although they claim future compatibility. This might be an issue if your mailboxes automatically route emails to a ticketing system. Messages routed this way wouldn't be analyzed by Abnormal, potentially missing threats.

Our main goal is to use Abnormal Security as an additional shield against the increasingly advanced email threats targeting our organization. During our implementation, we've discovered additional benefits. Firstly, it dramatically reduces the time needed for investigations, giving our IT team more efficient access to search and discovery tools than our current system provides. Secondly, it empowers both our threat-hunting and incident response teams, especially frontline responders. This allows them to access crucial data points directly, without always needing to wait for escalations.

The biggest challenge we faced was sophisticated business email compromise attacks. These targeted our customers or vendors, with attackers gaining access to their legitimate email systems and impersonating users to send emails to our enterprise. Our existing security tools were ineffective at detecting this traffic, as it originated from legitimate mail servers and mailboxes of people we regularly communicate with. Traditional security analysis didn't have enough telemetry to detect the anomalies. We needed a solution to differentiate between genuine interactions with our customers and vendors and those disguised as them by attackers who had hijacked their mailboxes. This was the primary use case for Abnormal Security, and it's proven highly effective in addressing this challenge.

I'm impressed with their API architecture. One of the main reasons is its invisibility to threat actors trying to launch attacks. Unlike our traditional email security tools in the SEG, which attackers can easily detect before they even start emailing us, the API remains hidden until they've already begun their attack. This gives us valuable early visibility via the API, allowing us to easily pipe that data to other tools and stop advanced attacks more effectively. The improved visibility into our email infrastructure also benefits our IT teams. Using the API integration, they can now remediate issues in minutes, whereas before it could take hours. Previously, identifying an inbound cyber attack meant bouncing between several tools: one to identify the attack, another to track affected emails, and yet another to quarantine them. Abnormal's APIs streamline this process. With a single search, an IT technician can identify users who received the emails, track who clicked on them, see where the emails are located, and even delete them from everyone's inbox directly. This has drastically reduced our investigation and response time for phishing and BEC attacks, from hours to mere minutes.

Compared to many other vendors we considered, Abnormal Security stands out in its ability to detect the full spectrum of email threats. While our existing Secure Email Gateway handles traditional threats like spam and malware quite well, it often misses more sophisticated attacks. The SEG relies on static indicators like email flags, suspicious file hashes, or mass recipient lists. We can easily identify and filter out emails matching these criteria, but they do little to stop targeted attacks. Here's where Abnormal Security shines. Their anomaly detection engine excels at recognizing one-off attacks, including those where a threat actor infiltrates a vendor's mailbox and manipulates payment instructions or redirects transactions. Abnormal identifies these anomalies using behavioral analysis, effectively catching threats that traditional static methods typically miss.

The two main benefits Abnormal Security offers us are its ease of use and its powerful search capabilities. These features empower our internal teams to get more involved in the response process, helping us track down threats efficiently. Additionally, Abnormal's ability to stop advanced attacks significantly reduces our security team's workload. Security teams are consistently stretched thin, so minimizing wasted effort chasing false alarms is crucial. By keeping harmful emails out of user inboxes, Abnormal allows us to focus on other priorities. In summary, our primary gains from Abnormal are its effectiveness in blocking attacks and its ability to empower our internal teams, ultimately strengthening our overall security posture.

Abnormal Security's AI and machine learning capabilities significantly expand the range of email attacks they can block. This is crucial to optimizing their product's performance for us. Specifically, their ability to leverage AI indicators and extensive email telemetry is critical for stopping advanced threats, like compromised mailboxes sending disguised emails. Traditional methods often fall short in such scenarios. Our primary concern is identifying emails sent by a threat actor posing as a legitimate mailbox owner. AI-powered anomaly detection proves virtually indispensable in discerning the true sender's identity. Abnormal Security has identified and prevented several such sophisticated attacks in our own experience. One remarkable example involved a vendor's seemingly legitimate email flagged as suspicious by Abnormal. Initially dismissed as a false positive by our first responders, a deeper analysis of the email's telemetry revealed subtle anomalies. The email's sudden shift to a professional tone, unlike the typically casual communication with this vendor, was one such anomaly. As it turned out, Abnormal's suspicions were correct – the vendor's account had been compromised. This instance highlights the unparalleled effectiveness of AI in detecting sophisticated email threats. By focusing on abnormalities in email behavior, AI can uncover hidden dangers that might otherwise elude traditional security measures.

The deployment of AI has significantly reduced the number of internal attacks we encounter, and it has even extended its benefits beyond our perimeter. We've proactively alerted several customers and vendors about potential compromises before they even realized their systems were under attack. This proactive approach has been well-received, with many recipients expressing their appreciation for our timely intervention. Within our organization, AI has dramatically streamlined our security operations by automating the analysis of sophisticated attacks, freeing up valuable time and resources for our security teams.

Abnormal Security has dramatically reduced the time our team spends resolving email incidents. What used to consume hours or even days, depending on the attack and response complexity is now handled within minutes, often by less experienced team members. This has significantly improved our efficiency and freed up valuable time for other security tasks.

Although no product can eliminate attacks, we've been pleasantly surprised by the effectiveness of Abnormal Security. Initially, when we approached them with our use case and problem, we'd have been happy with a much lower catch rate. Stopping even a significant number of attacks would have been a success. But the actual results have been incredibly impressive. While some attacks still slip through, the features in Abnormal allow us to feed those cases back into their system. This feedback fuels the AI's learning process, helping it avoid repeating the same mistakes. Interestingly, the attacks that remain undetected are often difficult to define even for human analysts. They involve subtle cues that would be challenging for any AI to spot in the specific contexts we've encountered. One example involved a new customer with whom we had exchanged only a handful of emails. While this customer's account became compromised, the attacker wasn't the usual contact person. Since the AI had only profiled the communication style of the usual contact, the malicious email appeared normal compared to that limited baseline. In such cases, where the AI lacks sufficient data, even exceptional systems can be caught off guard. While no product is perfect, we're highly impressed by Abnormal's speed and efficiency in catching attacks. They've dramatically reduced the workload on our help desk compared to the past, with the results being clear and measurable.

Compared to our old solutions, Abnormal Security's incident response is like night and day. With our previous SEG, identifying and remediating a suspicious email was a cumbersome process. We'd flag the email, then jump through hoops to figure out who received it and if anyone clicked on it. With different modules and separate views, it was a mess. Once we confirmed the threat, another system hunt began, pulling emails from user inboxes. It was slow, fragmented, and frustrating. Abnormal is a breath of fresh air. If we spot a threat alert on the dashboard, we simply click on it to see all recipients, where the email sits, and who interacted with it. And then, the holy grail – a single button. Click 'Remediate', and those emails vanish from user inboxes, instantly neutralized. Just a button click from issue detection to resolution in seconds. All from one screen. That's the transformative power of Abnormal Security. Something our old solutions couldn't dream of.

Ease of use is undoubtedly one of the most valuable features of Abnormal Security. Its intuitive interface requires minimal training for our IT staff to extract significant value. It was practically plug-and-play, with minimal configuration needed on our end. The product itself has limited configuration options, as it leverages pre-built back-end tooling and algorithms to work its magic. This streamlined design makes it ridiculously easy to use and set up. Moreover, the Abnormal team provides phenomenal support whenever we encounter any issues, far exceeding the support we receive from many of our other tech vendors.

The biggest pain point for us is the lack of support for on-premise email systems. This would be a game-changer for our team. I haven't identified any other major areas for improvement. The platform is already streamlined and user-friendly for our users. Ideally, we would love to manage everything within the Abnormal console. It already addresses all the pain points our internal groups identified with our old SEG tooling. From our perspective, the main area for improvement would be adding support for on-premise email systems. If Abnormal offered such functionality, we wouldn't need any additional external tools.

I have been using Abnormal Security for almost two years.

Abnormal Security is stable. We have not encountered any downtime or issues that impact performance.

Abnormal Security offers excellent scalability, making it ideal for environments of various sizes. Our main enterprise setup with 12,000 mailboxes, operates seamlessly. Additionally, when we acquire smaller companies with, say, just 50 mailboxes, we can easily integrate them as subtenants, granting them immediate access. Regardless of the mailbox count, be it 50 or 10,000, Abnormal Security scales effortlessly to accommodate their needs.

Abnormal's technical support is incredibly responsive when we encounter issues. We first used them shortly after our initial deployment when we hit a snag with an email we thought should have been blocked. It was just a single email, and they resolved the issue within five minutes. They promptly stopped another attack just a few minutes later. Their response times are truly impressive, and they avoid unnecessary back-and-forth communication. Unlike many tech support teams who spend long periods gathering information before handing things off to another technician for a callback, Abnormal takes ownership and resolves issues swiftly. We always feel heard and valued when we contact them. They get it right, and they get it done quickly.

Positive

Before adopting Abnormal Security, we relied on Microsoft Office 365's security suite, including Defender and Exchange Online Protection, along with Mimecast Secure Email Gateway. However, these traditional tools proved ineffective against advanced attacks that slipped through the cracks. This vulnerability prompted us to seek a more robust solution, leading us to Abnormal Security. The rationale behind this shift was twofold. Firstly, we needed a tool capable of intercepting the sophisticated threats bypassing our existing defenses, attacks with severe financial repercussions if successful. Secondly, we aimed to minimize the operational burden on our IT and security teams. By deploying an automated platform capable of handling routine incident detection and containment, we could refocus our personnel on higher-level tasks.

We've implemented Abnormal Security for our main enterprise and a few of our acquired companies that already had cloud email systems. The process is incredibly user-friendly. Authorization involves only two clicks once their support team sends the necessary links for adding them to our enterprise tenants. It's a breeze to set up and eliminates the substantial configuration work required by traditional SEGs, which surprised us greatly. We're glad to be free from policy creation, allowlist, and blocklist maintenance, and even bypass configurations for SPF headers. The tool's elegance lies in its automated backend processes, eliminating the need for manual allowlist/blocklist adjustments, as the technology intelligently manages these aspects.

Integrating Abnormal Security through their API was incredibly straightforward. It took only two clicks! We've even combined it with one of our existing security platforms, and that too was just a single click within each platform thanks to the well-designed API. Honestly, it's one of the simplest security product deployments I've ever experienced in our company.

Only one IT team member, possessing the necessary permissions, could deploy the change.

The implementation was completed in-house with the help of Abnormal's deployment team.

Overall, we'd certainly prefer lower pricing, but Abnormal Security doesn't seem unreasonable compared to similar offerings in the market. Notably, if we replaced our Mimecast email protection with Abnormal Security, we'd save money. Given their strong features and competitive pricing, I believe they're well-positioned. While I understand the appeal of lower prices, I think Abnormal's current pricing is fair for what they offer.

While evaluating solutions back then, Abnormal Security stood out with its advanced AI capabilities in the email security space. While a few other players existed, none matched their level of sophistication. Today, there are new contenders like Avanan. We did consider Proofpoint, impressed by their AI initiatives and user-centric approach. However, similar to Mimecast, they seemed adept at catching signature-based threats but struggled with advanced business email compromise attempts. During our Abnormal Security proof-of-concept, the detections lit up like a Christmas tree, highlighting their effectiveness against these sophisticated attacks.

I would rate Abnormal Security a ten out of ten.

It is not that important that Abnormal Security can detect threats in cloud collaboration applications because we are a Microsoft team shop so we are not using a lot of the other collaboration tools. So exploring new frontiers isn't a high priority for us right now. While I'm curious to see what innovations emerge in that space, it's not something we're actively looking to deploy at this time.

While Abnormal Security offers strong capabilities, it hasn't eliminated the need for our existing secure email gateway solution entirely. Our situation is unique due to our merger and acquisition activity. We initially hoped Abnormal could replace our SEG and reduce costs. In terms of features and performance, it outperforms our current solution for specific tasks. However, we couldn't fully switch because our existing SEG provides crucial protection for both on-premise and cloud-based emails. In our acquisition scenario, Abnormal wouldn't immediately protect acquired companies using non-cloud email systems. The migration process would be lengthy, delaying security coverage. Conversely, our current SEG allows us to quickly add protection by simply repointing DNS records, offering immediate security for acquired companies within an hour. Therefore, while Abnormal is a compelling alternative, it doesn't address our specific on-premise email needs due to their current product offerings. If not for this factor, we would readily consider migrating entirely to Abnormal Security.

Although Abnormal Security has delivered cost savings in managing account takeover incidents, the key driver behind its implementation wasn't cost reduction. We didn't have a separate solution focused solely on account takeover before, so Abnormal filled a critical gap in our security posture.

While the platform itself requires no active maintenance, it's still essential to provide some basic care. This involves regularly reviewing audit logs and threat dashboards to ensure their continued functionality. The key difference compared to other platforms lies in the lack of constant updates. Unlike systems plagued by frequent firmware updates, signature refreshes, and hash revisions, this one quietly hums in the background, needing only oversight to confirm its smooth operation.

Our initial internal debate about Abnormal Security's maturity stemmed from the specific problem we wanted to solve by adopting their platform. Our threat actors are highly sophisticated and constantly evolving their tactics, outpacing traditional security solutions. While classic methods are excellent for known threats with established patterns (think signatures based on 20 years of historical data), they struggle to keep up with rapidly changing attackers. This is where AI-powered solutions like Abnormal shine. The significant advancements in AI have only recently matured enough to meaningfully impact security, and companies like Abnormal, focused on cutting-edge solutions, can't boast long-standing track records because the technology itself is barely five years old. So, for those facing novel, bleeding-edge threats, partnering with a provider like Abnormal, operating in the same bleeding-edge space as the attackers, becomes crucial. Our initial hesitation about Abnormal seems rather silly in retrospect, especially considering we only planned to use it as an initial augmentation to our existing defenses. My advice for anyone with similar doubts is to, clearly define what they need to protect and they will realize that tackling cutting-edge problems requires solutions that meet their opponents on their bleeding-edge turf.

We use Abnormal Security for our email security.

Abnormal Security's visibility into internal spam attacks, thanks to its API-based architecture, has been exceptional. It's incredibly fast, with no delays, unlike other solutions that can introduce lag times of up to ten minutes. For executives, this is unacceptable. Having direct API integration is a game-changer. It provides clear visibility into messages and is remarkably user-friendly. There's no need for days of training on the admin dashboard; it's intuitive and straightforward. Clicking here and there is all it takes to search for emails. The interface displays delivery details, current location, and the processing outcome, indicating whether the email was deemed spam and moved to junk or considered legitimate.

Abnormal Security's full-spectrum email attack detection has proven effective in protecting us against various threats, including credential phishing, invoice fraud, extortion attempts, and name impersonation. On rare occasions where emails slip through the cracks, reporting them leads to swift remediation within two hours, accompanied by training updates to prevent similar occurrences. I haven't encountered similar emails after submitting reports.

It is important that threats can be detected in cloud collaboration applications such as Slack Teams and Zoom. Anything that will help protect our organization is valuable.

The Proof of Concept for Abnormal Security demonstrated its effectiveness by catching threats that Mimecast missed.

Its AI and machine learning expand the range of email attacks it can stop, while also reducing false positives. We had significant issues with our previous provider, Mimecast, experiencing numerous false positives reported by various teams. When I suggested that the system should be smarter, the response was usually dismissive. Thankfully, I don't encounter this issue with Abnormal Security. The biggest example I can give involves impersonation attacks. With Mimecast, any new employee creating an account on Thursday and then receiving emails from our recruiting team on the same day would trigger an impersonation alert, despite the recruiting team having prior interactions with that person. Abnormal Security, however, recognizes that the new account was recently created, the older account has a history of sending emails, and there was prior communication between the two accounts, accurately concluding that this is not an impersonation attempt. While we could potentially collect flight data to further solidify this, Abnormal Security's intelligence allows it to understand that such activity from a new employee is legitimate. We haven't experienced any false positives or false negatives with Abnormal Security.

The AI and machine learning capabilities have helped reduce the number of attacks that get through.

We have another solution that we placed in front of Abnormal Security for added security and we found that Abnormal Security is catching emails that were phishing extortion invoice fraud that the other solution didn't recognize as a threat.

Abnormal Security has reduced the amount of time our team spends on email incidents by a minimum of four to five hours per week.

It helped reduce the cost of redundant security email gateway solutions.

Previously, our solution lacked warnings about potential security issues. Abnormal Security, however, has identified a couple of instances where it flagged suspicious activity. For example, it might alert us that someone's account seems compromised and suggest taking action. If we don't intervene, Abnormal Security will automatically handle the situation. Importantly, these alerts provide valuable insights we never had before, such as identifying VPN usage. This increased visibility significantly enhances our security posture.

The features that appeal to me most are the combination of auto-remediation and Detection 360. The latter allows us to submit emails that seem to have been missed by the system. Within a few hours, a human expert reviews the submission and determines if it represents a missed attack. If so, they explain why it went undetected and then automatically remediate the issue. Additionally, the submitted email is used to train the AI, improving its ability to detect similar threats in the future.

One feature I'd love to see is outbound scanning. Currently, the system detects malicious outbound messages originating from my end. For example, if someone hacks into an account on my network and sends a malicious file to one of our clients, Abnormal Security alerts me about the message, but it doesn't prevent it from being sent. I'd like the ability to prevent such occurrences in the future.

I have been using Abnormal Security for three months.

Abnormal Security has been stable with zero issues.

Scaling Abnormal Security is not a problem.

Their technical support is incredibly fast and provides detailed responses, which is rare in my experience. Often, support representatives try to close tickets quickly and move on, which is understandable. However, I appreciate receiving thorough explanations, especially for complex issues like Detection 360.

For example, with Detection 360, they might say: "The most recent attack has been contained, and we've implemented a new feature to detect similar messages in the future. Business attacks occurred due to a gap in sender and recipient frequency analysis. To address this, we'll be incorporating a new general model."

This kind of information is valuable because it explains the problem and the solution. Similarly, if we have questions about phishing campaigns, they provide clear answers. For example, if we wanted to run a phishing campaign, Abnormal Security would already know it was a campaign based on our settings and would allow us to continue, which is unlike Mimecast and the other solutions I am aware of that would require digging deep through the settings and do test after test.

Positive

Previously, we relied on Mimecast for email security, but we found their product underperforming and their account team unhelpful. The support staff lacked expertise, leaving us vulnerable to phishing attempts and impersonations. We would receive phishing emails from scammers claiming to be the CEO of the company requesting gift cards, and some employees unfortunately fell victim. The need for robust email security, encompassing both phishing and malicious link protection, prompted us to switch to Abnormal Security.

Mimecast is so much of a problem that I have blocked its domain in Abnormal Security from emailing me.

Abnormal Security is the easiest solution I have ever deployed. Integrating Abnormal Security via the API is simple. I would be comfortable allowing a junior member of my team to deploy the solution.

The deployment took one minute to complete and required one person.

We implemented Abnormal Security with the help of one of their engineers on a call who walked us through the steps. After the deployment we continued to have regular weekly calls to check in and see how things were running and if we had any questions or concerns.

The pricing appears fair, and they demonstrate a genuine willingness to work with us on it. The media and entertainment industry has been impacted by recent strikes. They were quite understanding of our unique situation, given the significant impact on our industry, and they're always open to discussing how they can tailor their pricing to suit our needs. We feel a positive connection with them, and the feeling seems mutual. So, while pricing isn't typically a major hurdle, they are always looking at ways to further collaborate to make this work for both parties.

I would rate Abnormal Security nine out of ten.

Minimal maintenance is required.

While some may have concerns about Abnormal Security's relative newness, I'm curious what specific aspects of its youth are causing apprehension. The product is demonstrably performing well for our needs, and I'd encourage those with reservations to consider trying it firsthand. If not, I'm happy to move on from the discussion unless they're open to a hands-on evaluation. I'm always transparent about my experience with Mimecast and other solutions we explored before choosing Abnormal Security. Ultimately, as long as a product delivers results, its age shouldn't be the primary factor in our decision-making.

It's worth checking the Abnormal app store for potential integrations with other platforms your organization already uses, such as Teams, Slack, Zoom, Microsoft 365, Okta, or CrowdStrike. During the proof-of-concept, if Abnormal Security identifies existing integrations with these tools, it can further enhance its functionality.

We use Abnormal Security to protect us against phishing.

We implemented Abnormal Security to reduce the number of phishing attacks that reach users, internal customers, and other users in our organization. This automated AI-driven technology replaces the need for multiple resources to review, identify, and block malicious emails.

The ability to quickly spin up a Proof of Concept is one of the easiest things I have ever done. POCs can integrate with our Outlook and Active Directory environment within 15 minutes. This is because they are API-driven. This allows them to easily go back in time and look for past emails that were missed, as well as show us the remediation option for any new emails that come to our organization.

Abnormal Security also allows us to assess the risk of our partners. When partners send us emails, Abnormal Security can identify whether they are potentially high-risk based on data from other customers or on certain trends that it sees in emails coming our way. This allows me to assess both internal and external risks.

Abnormal Security's ability to detect threats in cloud collaboration applications is critical. These applications, such as Slack and Teams, are increasingly being used for communication, and they can be leveraged by attackers to send malicious links and attachments. For example, an external attacker could reach out to us on Teams and send us a link in the same way as they would in an email. This is why it is important to have security solutions in place to protect against these threats.

The biggest benefit of Abnormal Security is the visibility it provides in the full-blown email environment. At my previous company, we were able to reduce our number of phishing-driven events by 70 percent in the first six months of use. As a result, my team was able to move away from dedicated phishing resources and into a more proactive stance, which has allowed our security organization to mature quickly. We realized the benefits of switching from a high-touch to a low-touch solution almost immediately. Every tool needs some maintenance, but Abnormal Security is much more hands-off. It just works, with minimal care and feeding required. The benefits, or ROI, were evident to everyone, up to and including leadership. Abnormal Security not only reduced spam thanks to its graymail feature, but it also allowed us to reduce noise from advertisements and sales engineers, and to provide better cost-oriented feedback because users now receive feedback when they submit phishing emails.

The AI and machine learning functionality improves visibility into broader attacks. With the advancement of AI, threat actors are now leveraging it to create spear-phishing emails that are quicker to put together and send to specific leaders and executives within organizations. AI can handle upwards of 20 languages, so emails now look cleaner. Typically, if an email is written by someone who doesn't speak English as their native language, we'll find grammatical errors. With AI, these errors are fixed. Abnormal Security's AI and ML technologies can see the patterns, adjust their AI models, and adjust much quicker than a person could at this point. 

The trained AI model can quickly adjust to new attack patterns and update its models accordingly, providing more visibility and quicker adjustments to new types of attacks. Typically, threat actors will change their approach once they see that we have stopped them. They will change the look of their attacks. And while I trust my analysts to figure out and catch the new ones, I would rather trust an AI model that can adjust much quicker on the fly than a human analyst. So I think Abnormal Security provides a good balance between machine learning and human judgment. Their tools are always being updated with customer feedback and input to ensure that they are as effective as possible.

Abnormal Security has helped us reduce the time we spend on email incidents. In my current organization, we are just implementing it, but in my previous organization, Abnormal Security significantly reduced the time we spent on email incidents. When we turned it on, my team was asking me what they should be doing now. This is a good problem to have in my world because I had plenty of stuff for them to do. It has also allowed them to grow, learn, and develop as security leaders. My team used to spend hours each day on email incidents and it turned to 15 to 30 minutes a day after we implemented Abnormal Security.

Abnormal Security helped to reduce the cost of redundant secure email gateway solutions by 50 percent. Abnormal Security integrates well with Microsoft and works very well with the Microsoft email protection tool, as well as others like Mimecast. It reduces the need for an additional SEG or Proofpoint-like solution. The cost is user-based, and I think it's been affordable at both organizations for the value it brings.

It helps reduce the cost of account takeover detection tools, especially for fraud.

Initial auto-remediation allows us to auto-remediate before the email lands in the end user's inbox for a split second. At that point, they identify if it's malicious or not. The auto-remediation feature is as important as the ability to report a phishing email to an abusive mailbox. If something does land in our inbox, and we think it's phishing, we can report it through the phishing button. The solution assesses to see if it's benign spam or legitimately phishing email.

Abnormal Security needs to continue to grow in all directions, partnering with other key players such as CrowdStrike, an EDR solution. I think it is key to continue to partner with these tech leaders and bring all of that telemetry into a single pane of glass.

I have been using Abnormal Security for two years.

We have not had any stability issues with Abnormal Security.

Abnormal Security is scalable and adjusts to our environment.

I am greatly satisfied with the technical support.

Positive

I previously used Proofpoint Email Protection and Armorblox. I switched to Abnormal Security because the proof of concept was easy to set up and the evidence of its effectiveness was clear. I also trusted the recommendations of my peers in the industry who had used Abnormal Security and put it into production. The POC showed us what Abnormal Security could catch that my current tool was missing, which was huge. We also did an apples-to-apples comparison of Abnormal Security to other solutions and asked our peers about their experiences. All of the feedback was positive.

Abnormal Security can be deployed quickly, providing rapid visibility into the environment. We can use AI models to identify patterns and adapt quickly to new types of phishing emails. Our abuse-mailbox allows us to be customer-focused, and we also provide insights to our partners on a daily and weekly basis.

The only con I see with Abnormal Security is the lack of customization.

Deployment is seamless. It took less than 30 minutes to get on a call with Abnormal Security to ensure that we had the right people with the right access on our side, and then to grant Abnormal Security access to integrate their API. From there, the Abnormal Security tool imported almost everything, and setting up users is easy. As an administrator of the solution, I can add more users to it and tweak the console and system to our liking, to a certain extent.

Abnormal Security provides an onboarding engineer, whom they call a success manager, to work with us during implementation.

The license is based on the user count, so the number of users that have an email address in the organization. Compared to other solutions the price is fair.

I would rate Abnormal Security nine out of ten.

We have 1,000 users.

The maintenance required is minimal. 

With its ability to utilize technology, AI, and other tools, Abnormal Security has caught up to or even surpassed its competitors that have been around for longer.

I recommend conducting a proof of concept of Abnormal Security, which is very easy for customers to do and is likely to provide them with more insights.

At a high level, we leverage Abnormal Security for all spam filtering, but it is more than that. It is not your basic old spam filtering. They are finding things or phishing attempts that are very targeted, such as spear phishing emails that come through the pipeline and may look innocent or innocuous to most email security tools. Abnormal Security is able to spot them and essentially, mitigate and remediate them so that the users do not accidentally fall for something they should not.

Abnormal Security provides visibility into internal spam attacks due to its API-based architecture. At a high level, they have a bunch of dashboards and things like that that let you view who are the most targeted people and who are they auto-remediating. That is one of the key features. They reach into the box and pull these sorts of emails out before people start responding to them. All the information about who is being attacked and what sort of attacks are occurring is there in dashboards.

Abnormal Security can detect the full spectrum of email attacks. Because they have this AI-based model, they seem to be able to find things that other spam filters using just the basic algorithms cannot find. Abnormal Security is then able to auto-remediate that. It can pull that stuff right out of the box.

It learns from what employees are doing and what is standard procedure versus not, so the intent is to broaden the types of email attacks it can stop. Its AI and ML capabilities have helped big time to reduce the number of attacks that get through. We have a small team. Without it, they would have to actively work through various types of spear phishing or phishing that get through to our employees. That has been greatly reduced, so the team can work on higher-value tasks. Because of all the auto-remediation, people are more productive, and we can work on more proactive things. In the past, it took anywhere from 40 to 80 hours a week working on these sorts of things. It has gone to less than a day or eight hours of a work week.

Abnormal Security has reduced the amount of time our team spends on email incidents.

Abnormal Security will help to reduce the costs of redundant Secure Email Gateway solutions. All of our contracts have not expired yet. 

Its core function or the ability to catch spear phishing that uses certain types of social engineering techniques is valuable. For example, they might send an email to the payroll saying, "I am a former employee, and I need my last check sent to this other address. Can you help me?" They are super innocuous like that. In such situations, someone might get involved in a social engineering error where they go ahead and email back. Abnormal Security catches this type of social engineering behavior through its AI-based spam filtering.

One of the things that I love about them is that the setup and installation are super easy. All you do is give them access to your Microsoft 365 tenant, and through APIs, they are able to do their work. They are doing all this through APIs, so you do not have to install the software and take a month to get it all set up to even see the value of the solution. You could be up and running in less than an hour.

I, as such, do not have anything that I do not like or would like to add, but you could argue that because they are doing it API-based, there is a chance that something could slip through temporarily before they are able to pull it out. In theory, it could happen just because of the nature of the system. They are not in line with the delivery of the mail. They are kind of asynchronous, which is a pro as well as a con. If it is synchronous, then I know it would always stop them, but because it is asynchronous, things could get through temporarily or because of some system issues on the Microsoft side or their side. It is the nature of the beast, but it is a little bit of a con.

We have been using Abnormal Security for a year and three quarters.

It is stable. If there were any issues, they were very little. The one time we needed some support was when we were trying to do phishing tests on our own employees. We were getting help from them to be able to make sure that they were allowed-listed to happen. That was probably the only time when we really needed their help because otherwise, they would have caught it.

It handles us just fine. Because it is on the cloud, I get a feeling that it is very scalable, but we have a small number of accounts. We are at about 1,600 or 2,000. It is not a giant footprint. It has no problems with us. They have much bigger installations than ours.

My team has contacted them but I have not. 

We were using something else for spam filtering. It was pretty much a spam filter. We were using Cisco IronPort. They are not even on the same plane. We left Cisco IronPort running while running Abnormal Security. There were things that got through Cisco IronPort but could not get through Abnormal Security, so in line together, it found things that the other one could not.

It is on the cloud. I was not involved in the initial deployment, but my team was. My team did the deployment, which consisted of us giving them API credentials to hit the Office 365 tenant, and it was deployed.

It was super easy to connect or integrate Abnormal Security via API. We literally just gave them an API key to be able to hit Office 365. It has the fastest time to value that I have ever seen for a product. You set up an account in Office 365 and hand in the credentials, and they can start scanning your environment in a split second.

In terms of maintenance, the integration requires no maintenance. There is no maintenance there, but you should be looking at the system and seeing if there is anything that gets through or does not get through. You need to make sure that your team is looking at it actively to see if there is anything that is getting through or if there is something that got overblocked. That can happen on occasion. There could be a false positive, but other than that, typically, your security team looks at your Secure Email Gateway on a regular basis.

We got an enterprise deal, but I do not know how their pricing works. 

We had been looking at a host of other options, but nobody had really put in the time. When we saw Abnormal Security, it became obvious that these guys were next-generation, and we should just do it.

To someone who is considering using Abnormal Security but is concerned that it is not as mature or established as other solutions, I would say that many of the new solutions that come out are much better than old solutions because they are coming at the problem from the new modern way they need to. Because Abnormal Security is 100% API-based, they are able to install it super fast and handle the solution much better and easier than the old-school way of doing things. Many times, some of the solutions that are established are still doing things the old way, and they have not kept up with the things that have changed in the cloud or things that have changed in the API or AI and ML. Abnormal Security is surely new, but the capabilities that they have are beyond what many of the current vendors are capable of. It comes down to whether you want to try and stay ahead of the curve, or you want to stay behind it and then you have the wave crash on you because you did not stay ahead of it.

To those researching or evaluating this solution, I would advise doing a PoC with other solutions and seeing how long it takes to get it set up and how much email or time it reduces for your team. I do not think they are even going to be close. When you see how fast you can get Abnormal Security up and running and the novel things that they can find, that alone should make you realize that you need some of this. They do all the basics, and then they find things that nobody else can find. One of the biggest challenges that we have in the industry is the spearfishing of people who sign paychecks or move money around. If you can protect them because they have the keys to the castle, it is worth the money.

Abnormal Security can detect threats in cloud collaboration applications such as Slack, Teams, and Zoom, but we are not leveraging any of that today. It would be valuable for us, especially because attacks on Teams are becoming a thing.

Overall, I would rate Abnormal Security a 10 out of 10.

The primary need for the product, what drove us to that product, was a need for greater email security. We had been experiencing a series of executive impersonation attacks that our current email gateway was not able to pick up. People were pretending to be an executive at our organization and trying to get people to buy gift cards or send them the codes or complete an action or something along those lines for them. We did a proof of concept with Abnormal, and it did a really good job of preventing those attacks from happening.

With Abnormal, I've gotten my weekends back. In my case, I was getting paid every weekend to do email remediation, and I was having to pull in on-call administrators. We were doing search and destroy and forward attacks. That was every single weekend basically that we were dealing with some type of attack. Usually, the attack was an executive impersonation that required us to move quickly. Once I put Abnormal in and we got it into Active Protection, it was almost like magic. Those attacks just went away.

The net result for the business is that we get to focus on more proactive things. We stopped firefighting, and we started doing things that helped us holistically improve our security posture. The automation really, really helped us focus on more important work.

The time to value was immediate. We put it into a passive mode for a month or so as part of a proof of concept. We liked what we saw. When we turned it into active mode, it was immediate.

Email is the primary attack factor on humans, and we needed something that could protect our staff.

Artificial intelligence does an incredible job of identifying an attack and auto-remediating it before it hits our users' inboxes. That for us is huge. It keeps problems from ever hitting the inbox. It's done a very good job of it.

It is giving us visibility into internal spam attacks due to its API-based architecture. It's really our primary tool for email defense. We have visibility into attacks now. We can see what's been remediated or not remediated. We've had very good and responsive tech support in the process. The fidelity has been very high. If it identifies an attack, it's very rarely wrong. It also does an incredible job of identifying compromised accounts. We don't get a lot of false positives.

The solution overall is fantastic for detecting the full spectrum of email attacks due to its API-based architecture.

The solution's AI and ML for learning employee behavior broadens the type of email attacks it can stop. It's not just looking at basic things, either. It's really taking a look at things like the address that's used in the email. It does some really cool stuff that other tools aren't doing. We found it to be really effective, and the  AI/ML functionality is really what differentiates them. It's reduced the number of attacks by maybe 60% or 70% at a minimum. It's likely higher. There was a significant drop in attacks once the solution was implemented. 

The solution's AI and ML capabilities help to eliminate the type of attacks that get through, like, credential phishing and account takeovers. A majority of attacks no longer end up in anyone's inbox. 

Overall, Abnormal Security reduces the amount of time our team spends on email incidents by maybe 60%. It's had a major impact. It's allowed us to do more proactive work. 

The solution saves time. The amount of time saved is likely at least half of a full-time employee. 

There's nothing we need to improve at this time. Their team has been great with us. Their technical teams talk to us often. We've had the opportunity to serve on advisory committees; we even had a call with the CEO of the company, asking about how the product is working for us. They have been and continue to be super attentive to our needs. As a result, I don't really have any gaps in the product as they've been listening all along the way and adjusting.

That said, the pricing for academic institutions and student mailboxes is challenging. We have a lot of vendors who, when we purchase for faculty and staff, we get student licenses for free. We typically don't have IT budgets at universities like major corporations do. It makes this product very expensive for us. In the end, we came to a fair result, however, there's room for adjustments in that licensing model.

I've been using the solution for about two years right now. In January, we will start our renewal process for the third year.

We've never had stability issues. I'd rate stability nine or ten out of ten. 

We are protecting our entire mail environment, which is Google and Microsoft. We are protecting students, faculty, and staff, and we are protecting a healthcare environment since we have a university hospital system that we are protecting. Overall, we've got over 25,000 employees and over 30,000 students.

The solution is cloud-based, so it is pretty scalable. I'd rate scalability ten out of ten.

We may expand usage in terms of product expansion. They have another product that is on our roadmap to look at. They also have some integrations with Crowdstrike that look interesting. 

Technical support is excellent. 

I've never had a vendor engaged like this. They're really passionate about improving the product, and whenever we've had an issue, we've got great support. I've never had to escalate anything. They've been great.

Positive

We use Microsoft Advanced Threat Protection. It's complimentary. Advanced Threat Protection is still in place. This sits on top of that and provides an additional layer of security. It catches a lot of things that Advanced Threat Protection does not catch. 

It was easy to integrate Abnormal Security via API. It was a lot harder to get through things like contracts and business associate agreements. The actual part of turning the tech on took less than a day.

We monitored everything in a proof of concept. We monitored the results for about a month before we turned it on and active; however, that was just a toggle. The actual part of hooking it up to our systems took a day.

We had security and mail administrators involved in the deployment. We had four people involved; however, it wasn't a massive thing. It was more just to make sure that everyone's voice was included. 

Not much maintenance is needed. We don't have to spend a lot of time on the tool to get value out of it. We use it for reporting. We use it to investigate incidents, et cetera, however, there's no hands-on maintenance due to the way that it's deployed. There's no patching or updating VMs or anything like that. That's all handled by the vendor.

I can't speak to a direct ROI. However, we did have staff time returned to us, and we have been able to focus on other initiatives around email. It has been a net positive, however, I don't have any specific statistics related to ROI.

The pricing is fair. We've worked with Abnormal on pricing as we're an educational institution and have a different makeup than a typical organization with a specific number of employees.

We chose Advanced Threat Protection from Microsoft several years prior. At the time, we also evaluated Proofpoint and chose Microsoft. We did not directly evaluate any other solutions beyond Abnormal. 

I'm a customer and end-user.

While I understand Abnormal security can detect threats in cloud collaboration applications like Slack, Teams, and Zoom, we have not expanded into that. We've used it really only for email so far. That said, I'm very interested in that. After all, with email it's been very effective for us.

If a company that's considering using Abnormal says they are concerned about it not being as mature or established as other solutions on the market, I would just tell them to do a POC. We had a remarkable POC. It's really easy to set up. You can do it in a read-only mode, and you'll get a really good idea of what the tool can or cannot do, and then you can make a good decision. I've participated in several reference calls for others in higher education who had questions about the product. I've referred multiple customers to them. It solved so many problems for me, and it allowed me to focus on more high-priority tasks.

I would absolutely recommend the product. 

I'd rate it ten out of ten. It's one of the very few products that I would not want to be ripped out of my environment. It really does solve so many problems.

Our use case was to pull malicious emails that were getting through our secure email gateway and making it to our inboxes. We were trying to shrink that footprint from a typical 85% to less than 5%.

It protects us. It's something that I can trust. I've gone from trying to get things done on a regular basis to I can set it and forget it due to the quality of the app. The platform is very trustworthy.

The most valuable aspect of the solution is the ability to pull out threats from mailboxes quickly instead of going through Microsoft's content query.

Their ability to take things out of the mailbox and catch things much faster than users is excellent. 

It is extremely efficient and quick, giving us visibility into internal spam attacks due to its API-based architecture.

The solution is great for detecting the full spectrum of email attacks.

It's important to have normal architect threats in cloud collaboration applications. My ecosystem is my ecosystem. If we are accepting just from outside of the business, and they are coming in through methods such as Slack, Teams, or Zoom, then they're absolutely a concern.

The AI and ML broaden the types of email attacks it can stop. It learns employee behavior. So far, it has helped us to reduce the number of attacks that get through. While it doesn't completely remove threats, it does bring threats down to a manageable level for small companies or small security teams.

It reduces the amount of time spent on managing threats. It also gives us a little bit more flexibility in some instances. It'll mark something as a threat, or it'll start to monitor things naturally. And then some of the integrations such as the CrowdStrike Integration, put these users on a watchlist. That way, if something strange does happen, extra scrutiny is done on those individuals to ensure that there are no account compromises or anything like that.

Abnormal helped us to reduce the cost of redundant, secure email gateway solutions. We went from Mimecast as a secure email gateway, which was a cost per year, to Microsoft's secure email gateway, which is baked into our existing Office 365, and so that was a cost savings immediately. We've saved probably about $50,000. I spent about $180,000 total for the services and tools that we had. However, then saved $50,000 for the secure email gateway, and then on top of that, I have a much, much better product that catches a lot more - which is limiting my exposure at the user level.

They misclassified extortion quite frequently, however, it still catches it. It's still a threat in some way, shape, or form. They just miscategorize it.

Adding an ideas button inside the console would be helpful. When we're working on something as engineers, and we find an idea or a method of doing something that would be greatly improved by doing it another way, there should be an ability for me to click the ideas button, type in an idea that I have, and submit it to a product review team or developers to have them think through the process a little bit more. This would also give them the ability to have instant input into the console and instant input into the services so that they would have a more agile response to providing better value to the customer.

I've been using the solution for six or seven years.

We've had zero issues with stability. Their uptime is almost 100%.

The solution is completely scalable. 

I regularly communicate with technical support. It's extremely quick. They are very accurate and thorough. They listen to my concerns, and they repeat them back to me as they understand them. They usually have some type of answer. They understand when I'm looking for something, and I'm not getting what I want.

Positive

We previously used Mimecast.

Mimecast just wasn't getting the job done. There were so many threats going into the inbox. I would spend most of my day chasing after threats.

I was involved in the initial deployment. It took more time to have introductions on the call than it did to actually do the API integration. The process was very straightforward. The first ten minutes would have been introduction and conversation, and the last four minutes would have been flow integration.

I mostly handled the setup myself. 

There is no maintenance needed on my end. 

We implemented the product with the help of Abnormal. They have a very hands-on approach.

While the solution is pricey, I get a lot of value from the services I receive. 

I'm a customer. 

I'd rate the solution nine out of ten overall. 

I would advise others to get experience with Abnormal. Do the demo. The proof is in the pudding. It's one of the very few products that works exactly as it's designed to work. The quality of the output is right there. The service speaks for itself. 

Talk to their staff and their team and look at their metrics. Then, turn on Abnormal and see what it catches. Do a side-by-side comparison.