Abnormal Email Security
API-native behavioral AI email security for BEC, phishing, and account takeover prevention.
Vendor Information
Abnormal Email Security Overview
Abnormal is an AI-native email security platform that protects enterprises from advanced email threats through behavioral analysis of identity, communication patterns, and content. Unlike traditional secure email gateways that rely on threat intelligence and static rules, Abnormal deploys via API-based architecture that connects directly to Microsoft 365 and Google Workspace without requiring MX record changes, enabling deployment in under 60 seconds while accessing 10x more behavioral data than legacy solutions.
The platform automatically baselines normal activity through its Abnormal Behavior Platform to understand identity, relationships, and communication patterns across people, vendors, apps, and tenants. This behavioral AI foundation enables precise detection of never-before-seen attacks including Business Email Compromise (BEC), vendor fraud, credential phishing, and account takeovers by identifying deviations from established patterns, with automated remediation that removes threats within milliseconds and reduces SOC workload by 95%.
Founded in 2018 and headquartered in San Francisco, Abnormal has raised $557M in funding with a $5.1B valuation and serves over 5% of Fortune 1000 companies. The platform holds SOC 2 Type II, ISO 27001, ISO 27701, ISO 42001, and FedRAMP Moderate certifications, and is recognized as a Leader in the 2024 Gartner Magic Quadrant for Email Security Platforms with "Most Completeness of Vision" and a 99% customer "Would Recommend" rating on Gartner Peer Insights.
Key Capabilities
Standardized capabilities mapped to this product's security niche
Detects signs of internal mailbox compromise (anomalous login geography, mail forwarding rule creation, unusual send volume), and can trigger automated session revocation.
Integrates via Microsoft 365 or Google Workspace APIs without requiring MX record changes, enabling parallel deployment alongside an existing SEG and post-delivery remediation.
Builds per-user and per-vendor communication baselines from historical email patterns to detect anomalous content, timing, or sender behavior without relying on signatures or blocklists.
Classifies newsletters, marketing email, and bulk communications as a separate category from threats, reducing analyst noise without suppressing legitimate business email.
Analyzes email body text semantically to detect social engineering, pretexting, and urgency manipulation in messages that contain no malicious attachments or URLs.
Automates the intake, deduplication, and triage of user-submitted suspicious emails, cross-references against in-flight campaigns and triggers retroactive remediation across all recipients.
Detects compromised or spoofed third-party supplier accounts by analyzing communication pattern deviations, domain aging, and content signals, targeting invoice fraud and payment redirection attacks.
Integrations
Compatible tools and platforms
Solution Details
Compliance & Certifications
Regulatory frameworks and security certifications
Deployment Options
Where and how this solution can be deployed
Support Channels
Available support and communication options
Pricing Model
How this solution is priced
How to buy
This profile hasn’t been claimed yet. Contact the vendor directly for pricing and purchasing options.
Is this your company?
Claim Your Profile