Abnormal Security Redefines Cloud Email Security with the Launch of Security Posture Management to Protect Against Email Platform Attacks

Abnormal | November 16, 2022 | Read time : 03:50 min

Abnormal Security Redefines Cloud Email Security
Abnormal Security, the leading behavioral AI-based security platform, announced today its newest addition to the product portfolio as the company progresses toward delivering the most comprehensive cloud email security in the market. The latest innovation protects customers from emerging email platform attacks that are increasing in volume and severity as attackers find new ways to target organizations.

The open, interconnected nature of cloud email platforms creates new entry points for attackers to exploit and manipulate—increasing the need for security tools that protect organizations from attacks beyond those that are delivered through inbound email. While advanced inbound email attacks like business email compromise and credential phishing remain the primary cloud email attack vector, accounting for $43 billion in exposed losses since 2016, this addition to the Abnormal product portfolio expands the capabilities of cloud email security to protect against side-channel attacks that directly target the entire email platform. In recent headlines, cybercriminals have exploited unguarded entry and exit points to carry out sophisticated platform attacks, including:

  • Compromising user and administrator accounts by bypassing MFA policies
  • Exploiting global administrator privileges by setting up tenant-wide email forwarding rules that send company emails to attacker inboxes
  • Tricking employees into installing malicious OAuth applications through consent phishing email links disguised as file-sharing links

These examples showcase the need for security tools that can detect changes to the cloud email environment and provide full visibility into the current posture. But because security teams often share responsibility for these platforms alongside IT and messaging teams, it is operationally difficult and manual to understand the full scope of potential configurations across thousands of users, third-party applications and email tenants, and manage them accordingly.

“As we’ve spoken to our customers, we’ve heard increasing concerns about this next generation of attacks. Since they have implemented Abnormal to secure the inbound channel against advanced attacks such as BEC, attackers are looking for new ways to access their inboxes and email platforms. “Implementing a solution that can alert security teams to new integrated applications, over-permissioned users, and other potentially risky events will be extremely helpful to security leaders, and Abnormal is excited to evolve our inbound email security platform to provide this capability and better protect our customers from the full spectrum of attacks.”

Mike Britton, chief information security officer at Abnormal Security

The new Security Posture Management product from Abnormal gives security teams immediate visibility to each of the potential entry and exit points to the cloud email platform. Increased visibility begins with three new Knowledge Bases, in addition to the existing VendorBase, which present comprehensive databases of employees, third-party applications, and email tenants. Each of the three new Knowledge Bases provides the foundational visibility security teams need to understand potentially exposed surface areas in Microsoft 365 and conduct security investigations.

  • AppBase: Provides a running inventory of all of the third-party applications that have access to data within Microsoft 365. It provides a summary of important information about application permissions and data access, as well as an activity timeline of recent events.
  • PeopleBase: Provides a directory of each active user in the environment. It uses contextual, behavioral data to build a dynamic user genome. PeopleBase also provides an activity timeline of recent events, including sign-on patterns, suspicious email activity, and more.
  • TenantBase: Provides a catalog of each of the email tenants Abnormal Security protects and relevant permissions governing access to them.

Taking the information derived from these Knowledge Bases, the new Security Posture Management product then monitors each entity for potentially risky configuration changes. Key changes may include the escalation of administrator privileges or the integration of new unverified applications with read-write access to mailboxes. When changes occur, Security Posture Management alerts administrators so they can understand the impact and take appropriate downstream action to protect their cloud email platform from insider threats or attacker infiltration.

While the monitoring and alerting capabilities of Security Posture Management are available as an add-on purchase to Inbound Email Security, Abnormal is providing the foundational visibility of its new Knowledge Bases at no cost to all customers with Microsoft 365.

New Product Continues to Drive Abnormal Growth in the Email Security Market

The posture management offering underscores Abnormal’s commitment to providing its customers with the most effective email security platform on the market. In recent weeks, Abnormal was named to the CNBC Top 25 Startups for the Enterprise list of companies that are best suited to meet the needs of large enterprises, as well as the Madrona Intelligent Applications 40 list for the platform’s superior capabilities in using machine learning to extract useful information from real-time and historical data.

These awards highlight the continued success of the company as Abnormal continues to experience more than 2x growth per year, with notable customers including Xerox, Urban Outfitters, Royal Caribbean International, and Groupon. The company maintains a 4.8-star review on Gartner Peer Insights, with 100% recommendation from participating companies. This continued growth is driven by the recent Series C funding round in which Abnormal raised $210 million with backing from Insight Partners, Greylock Partners, and Menlo Ventures.

Security Posture Management is the second major product launch in the past six months, with Abnormal releasing the Email Productivity module in August 2022. The Email Productivity add-on uses behavioral AI to filter time-wasting promotional emails away from employee and executive inboxes, automatically personalizing protection to each user based on behavior cues like folder moves. By shielding employees and executives from the growing barrage of promotional emails, including vendor cold calls, newsletters, and marketing promotions, Email Productivity saves enterprises multiple hours per employee per month. Both new products are part of the Abnormal Cloud Email Security platform, which stops the full spectrum of email-borne attacks.

About Abnormal
Abnormal Security provides the leading behavioral AI-based security platform that leverages machine learning to stop sophisticated inbound email attacks and dangerous email platform attacks that evade traditional solutions. The anomaly detection engine leverages identity and context to analyze the risk of every cloud email event, preventing inbound email attacks, detecting compromised accounts, and remediating emails in milliseconds—all while providing visibility into configuration drifts across your environment. You can deploy Abnormal in minutes with an API integration for Microsoft 365 or Google Workspace and experience the full value of the platform instantly.


Hybrid work changes the way people use applications. In this video, learn about how Netskope Cloud Firewall delivers the protection you need everywhere your business operates.


Hybrid work changes the way people use applications. In this video, learn about how Netskope Cloud Firewall delivers the protection you need everywhere your business operates.

Related News


ZeroFox Announces Generative AI Capabilities, Develops FoxGPT

Globenewswire | May 11, 2023

ZeroFox (Nasdaq: ZFOX), a leading external cybersecurity provider, announced its plans for releasing generative AI into its External Cybersecurity Platform with the preview of FoxGPT. FoxGPT capabilities will optimize intelligence analyst workflows with the ability to analyze and contextualize malicious content online, enhancing the ability to combat the growing sophistication of cybercriminals. Built by cybersecurity and intelligence professionals, for cybersecurity and intelligence professionals, ZeroFox commits to AI transparency, security, and privacy of information. Recent cutting-edge advancements in AI, including the release of GPT 3.5, followed by GPT 4.0, are part of a larger, fast-paced AI revolution poised to change how humans and technology interact. As companies embrace these advancements to streamline and automate certain aspects of their business, threat actors are also embracing generative AI capabilities for more sophisticated phishing and fraud, social engineering, spam, and the production of malicious content. ZeroFox's adaptation of generative AI, FoxGPT, accelerates the analysis and summarization of intelligence across large datasets, allowing the identification of malicious content, phishing attacks, and potential account takeovers. "We at ZeroFox are consistently dedicated to external cybersecurity innovation, and I'm thrilled to share the next step in our innovation roadmap with the development of generative AI capabilities within our platform, FoxGPT," said Mike Price, CTO at ZeroFox. "We understand the impact of generative AI and the risks of threat actors abusing it. We're committed to harnessing this technology while capturing explainable results and the security and confidentiality of customer data." ZeroFox has steadily integrated other machine learning capabilities into its platform over the past few years, enhancing its ability to keep pace with emerging technologies. FoxGPT is a significant advancement for ZeroFox, enabling it to provide even more powerful external cybersecurity platform capabilities. ZeroFox is committed to AI transparency, security, and privacy of information in order to give customers the confidence that their data is secure. ZeroFox plans to responsibly release FoxGPT to opt-in customers throughout the year. About ZeroFox ZeroFox (Nasdaq: ZFOX), an enterprise software-as-a-service leader in external cybersecurity, has redefined security outside the corporate perimeter on the internet, where businesses operate, and threat actors thrive. The ZeroFox platform combines advanced AI analytics, digital risk and privacy protection, full-spectrum threat intelligence, and a robust portfolio of breach, incident and takedown response capabilities to expose and disrupt phishing and fraud campaigns, botnet exposures, credential theft, impersonations, data breaches, and physical threats that target your brands, domains, people, and assets. Join thousands of customers, including some of the largest public sector organizations as well as finance, media, technology and retail companies to stay ahead of adversaries and address the entire lifecycle of external cyber risks. ZeroFox and the ZeroFox logo are trademarks or registered trademarks of ZeroFox, Inc. and/or its affiliates in the U.S. and other countries. Visit for more information.

Read More


CyberMaxx Launches Next Generation Managed Detection and Response (MDR) Solution MaxxMDR

Prnewswire | May 19, 2023

CyberMaxx, Inc., a tech-enabled cybersecurity services company, today introduced MaxxMDR, its revamped managed detection and response (MDR) solution. MaxxMDR provides enhanced protection through an advanced detection library proprietary to CyberMaxx developed through the company's comprehensive DFIR, offensive security, and threat hunting research. Traditional MDR tools and processes only provide a base-level of protection. By supplementing a SIEM or EDR tool's default detections library with advanced insights gained from its offensive and DFIR work, MaxxMDR strengthens an organization's defenses and enables them to catch more advanced threats. This provides customers with a strong partnership for a comprehensive offensive and defensive approach to securing their environments. MaxxMDR empowers organizations to monitor and manage cyber risk through: 24 x 7 x 365 SOC: around-the-clock monitoring and response by CyberMaxx Security Operations Center of experts Custom Detection Library: derived from years of experience and working closely with our DFIR and Offensive security teams across a diverse set of customers Purpose-built: purpose-built platforms designed with SOAR in mind Endpoint security (EDR): partnership with industry-leading endpoint security providers like SentinelOne and Crowdstrike Proprietary Advanced Analytics Platform: cloud-native analytics platform for better integration with SAAS and IAAS Full Visibility: full stack visibility of your assets both on-premise and in the cloud Faster & Better Quality: improved mean time to recovery (MTTR) and reduced false positives through automation and orchestration Additionally, MaxxMDR is offered through a flexible deployment model available in both managed and co-managed environments. The managed solution is delivered on a proprietary analytics engine for organizations looking for a fully outsourced solution. The co-managed solution is delivered on a third-party SIEM either licensed by CyberMaxx or the customer and allows the customer more control and access. "The speed and pace of evolving threats today requires a new approach to defensive security," said Michael Quattrochi, CyberMaxx's SVP of Defensive Security. "Traditional MDR solutions too often aren't able to detect modern threats because they are based on legacy insights. By empowering MaxxMDR with real-time insights into active threats from our offensive and DFIR work we are enabling customers to better keep pace with their adversaries and strengthen their defensive posture." MaxxMDR bundles CyberMaxx helps customers strengthen their security posture by offering both offensive and defensive security solutions together. The MDR bundles strengthen MDR detection with insights from offensive solutions and provides a uniform customer experience at a competitive investment level. MaxxMDR: provides monitoring + Alert Escalation and containment through EDR API. MaxxMDR Advanced: builds on monitoring, alerting, and containment by including an annual Security Configuration Assessment (M365/Azure, Active Directory, AWS & GCP), semi-annual Hunt & Detect in EDR, annual IR or BCDR Tabletop, Password Hash Strength Testing, Deception Tokens Deployment and Monitoring, and Discounted Advanced DFIR Rates. MaxxMDR Premium: builds on MaxxMDR Advanced and includes monthly Hunt & Detect in EDR, Endpoint Purple Team, annual External Penetration Test, annual VIP Public Data Reconnaissance, additional discounts on advanced DFIR Rates. You can learn more about the MaxxMDR solution at and learn about MaxxMDR bundles here: About CyberMaxx CyberMaxx, Inc., founded in 2002, is a tech-enabled cybersecurity service provider headquartered in Nashville, TN. Through a comprehensive set of services CyberMaxx empowers customers to Assess, Monitor, and Manage cyber risk and stay ahead of emerging threats. CyberMaxx expanded its capabilities through the 2022 acquisition of CipherTechs, an international cybersecurity company providing a complete cybersecurity portfolio across MDR Services, Offensive Security, Governance, Risk & Compliance, DFIR, and 3rd party security product sourcing. CyberMaxx's managed detection and response solution (MAXX MDR) is designed to be scalable for clients of all sizes, providing protection and improving the organization's security posture, ultimately giving customers peace of mind that their systems and data are secure.

Read More


Vade Joins the Pax8 Marketplace to Offer MSPs AI Microsoft 365 Email Security Solutions

Globenewswire | June 01, 2023

Pax8, the leading cloud commerce marketplace, announced today it has added Vade, a global cybersecurity company specializing in AI-based cybersecurity, to its cloud marketplace. Vade's Microsoft 365 (M365) security solutions combine AI and human-powered detection and response, designed specifically for Managed Service Providers (MSPs). This collaboration enables MSPs to offer a comprehensive suite of email security services to prevent advanced cyber-attacks and improve email security for their customers. “According to Forbes, during the past 12 months, 34.5% of polled executives report their organizations' accounting and financial data were targeted by cyber adversaries. This is an alarming trend that opens the door for businesses to reprioritize cybersecurity as a business requirement and partner with an MSP to prevent and protect their customers’ email infrastructure,” said Nikki Meyer, CVP of Vendor Global Alliances at Pax8. “The cybersecurity space is growing, and Pax8 is committed to provide our partners with access to best-in-class cloud solutions like Vade, enabling them to proactively protect their customers from threats effectively.” Established in 2009, Vade originated in the town of Hem, near the city of Lille in northern France. From its beginnings as a French startup specializing in email security for internet service providers (ISPs), Vade has evolved into a global cybersecurity company. Their extensive portfolio now includes AI-based cybersecurity solutions tailored for businesses of all sizes and industries. With a presence in seven locations worldwide, including the US, France, Japan, and Canada, Vade has established itself as an international leader in the cybersecurity field. Vade for M365 is an AI-powered, collaborative security solution that is powered by AI, enhanced by people, and made for MSPs. Featuring Vade’s AI detection and response engine that protects 1.4 billion mailboxes worldwide, Vade for M365 blocks and remediates the advanced threats that slip through Microsoft's defenses. Combining powerful protection with integrated features, including automated awareness training, cross-tenant incident response, and auto-remediation, Vade combines powerful, AI-based protection with integrated, no-cost features that help MSPs save time, reduce administrative workload, and generate more ROI from cybersecurity. “As a channel-first company, Vade recognized Pax8’s unique relationship with and commitment to the MSP community,” said Georges Lotigier, CEO of Vade. “Pax8 is not only the premier distributor for MSPs but also a trusted resource with significant cybersecurity expertise, making this partnership a perfect fit. We are thrilled to bring Vade for M365 to Pax8’s MSP community and look forward to the new partnerships the marketplace integration will bring.” The integration of Vade into the Pax8 marketplace provides significant benefits to MSPs and their customers looking to enhance their email security posture. Customers will now have easy access to Vade's state-of-the-art email protection solutions, which can be seamlessly integrated into their existing email infrastructure. Vade M365 offerings include: Phishing, spear phishing, and malware/ransomware protection Auto- and assisted remediation Cross-tenant incident response Automated user awareness training SIEM integration Error-free configuration Deploy in minutes No MX record change Layers with EOP/ATP To learn more about Pax8 and Vade, please visit About Pax8 Pax8 is the world’s favorite cloud marketplace for IT professionals to buy, sell, and manage best-in-class technology solutions. Pioneering the future of modern business, Pax8 has cloud-enabled more than 400,000 enterprises through its channel partners and processes one million monthly transactions. Pax8’s award-winning technology enables managed service providers (MSPs) to accelerate growth, increase efficiency, and reduce risk so their businesses can thrive. The innovative company has ranked in the Inc. 5000 for five years in a row. Join the revolution at About Vade Vade is a global cybersecurity company that secures human collaboration with a combination of AI and human-powered detection and response. Vade’s products and solutions protect consumers, businesses, and organizations from email-borne cyberattacks, including malware/ransomware, spear phishing/business email compromise, and phishing. Vade is a fast-growing, channel-first company with a growing network of MSP and MSSP partners, as well as distribution agreements with leading distributors and aggregators in North America, EMEA, and Asia. Founded in 2009, Vade protects more than 1.4 billion corporate and consumer mailboxes and serves the ISP, SMB, and MSP markets with award-winning products and solutions that help increase cybersecurity and maximize IT efficiency. To learn more, please visit

Read More