Abnormal Email Security
Abnormal Security, the leading behavioral AI-based security platform that protects against the full spectrum of inbound email and email platform attacks. The solution provides a fundamentally different approach to email security by building a picture of what ‘normal’ email behavior looks like based on usage within an organization.
Features
- Inbound Email Security
- Abuse Mailbox Automation
- Email Account Takeover Protection
- Email Productivity
- Email Security Posture Management
- Email Like Messaging Security (Teams, Slack, Zoom)
- Email Like Account Takeover Protection (Teams, Slack, Zoom)
- Reduced Invoice Fraud and BEC
- Email Like messaging security for Teams, Slack, Zoom
- Vendor Base
Benefits
- Improves SOC Productivity - Empower teams to do more
- Improves Staff Email Productivity
- Deploys in minutes via API; no configuration needed
- Reduced Invoice Fraud and BEC
- Precisely blocks all email attacks using behavioral AI
- Protects from internal and external compromised accounts
- Secures the Human Vulnerability
- Protects Against Modern AI Attacks - QR Codes, text based
- Protects against lateral phishing
Pricing
£17 a licence a year
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 14
Service ID
4 8 3 6 9 5 4 4 6 9 8 3 6 5 1
Contact
Geode Networks Ltd
Marc Sollars
Telephone: 01189 838620
Email: msollars@geodeservices.com
Service scope
- Software add-on or extension
- Yes
- What software services is the service an extension to
- Abnormal Security provides API Behavioral Analytics Email Security to Office 365 and Google Workspaces environments
- Cloud deployment model
- Public cloud
- Service constraints
- Abnormal Email Security is only applicable to businesses utilizing O365 and Google Workspaces email environments.
- System requirements
-
- O365
- Google Workspaces
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Our support system is 24x7 and we have response times are set to the priority of the ticket.
P1 - initial response within 1hr - 24x7x365
8AM-5PM GMT Monday to Friday
P2 - initial response within 4hrs
P3 - initial response within 8hrs
P4 - initial response within 24hrs - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- No
- Web chat support
- No
- Onsite support
- No
- Support levels
-
SEV 1 - Urgent
Sev 1 incidents are an Error that causes a (a) service disruption or (b) degraded condition that renders the Service inoperable. We’ll respond to a Priority 1 incident within one hour, our most urgent response time.
Sev 2 - HIGH
An Error that (a) causes the Service to operate in a degraded condition with a high impact to key portions of the Service or (b) seriously impairs Customer’s use of material function(s) of the Service and Customer cannot reasonably circumvent or avoid the Error without the expenditure of significant time or effort.
We’ll respond within two business hours following receipt of a P2 incident.
Sev 3 - Normal
An Error that has a medium-to-low impact on the Service. The Service is (a) running with limited functionality in one or more areas or (b) experiencing intermittent issues. Customer can access and use the material functionality of the Service.. We’ll respond within eight Business hours following the receipt of a P3 incident.
Sev 4 – Low
How-to questions and Service issues with no Service degradation. We’ll respond to you within 24 business hours following the receipt of a P4 request. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
At the beginning of your Email Security deployment, an Internal Kick-Off Meeting will be run by your allocated Installation Manager. The outcome of this meeting will be to:
• Allocate roles and responsibilities
• Agree task ownership and a target implementation date
• Agree stakeholders
Pre-Service Workshop:
Your Project Manager will schedule an pre-service workshop prior to going live to ensure you have a full understanding of what the solution includes and to confirm our understanding of the measures needed to complete the implementation such as SEG Migration. A sample agenda for this session is:
• Introductions to the team
• Service Enablement process overview
• Explanation of expected timescales
• Installation Process
• SEG Migration - Service documentation
- Yes
- Documentation formats
- HTML
- End-of-contract data extraction
- There is no data to be extracted, the API into the O365 or Google Environment is removed and the customer Abnormal Security Tenant de-commissioned.
- End-of-contract process
-
At the end of the contract all customer access will be disabled, and the customer will be required to disconnect the API integration.
Once the contract has been ended Abnormal Security will at the appropriate time purge all data from the backend systems.
Using the service
- Web browser interface
- Yes
- Supported browsers
-
- Internet Explorer 11
- Microsoft Edge
- Firefox
- Chrome
- Application to install
- No
- Designed for use on mobile devices
- No
- Service interface
- No
- User support accessibility
- None or don’t know
- API
- Yes
- What users can and can't do using the API
-
The Abnormal REST API enables Abnormal customers and partners to use other tools and utilities to programmatically integrate the Abnormal platform into the rest of their security ecosystem.
The Abnormal platform is an API-first platform, which means that APIs are core to the product and its administrative portal (the Abnormal Portal). The same set of APIs powers internal and external access to the data. This ensures that as functionality is added to the platform, the corresponding API endpoints are also automatically added.
To integrate with the Abnormal REST API, you must first use the Abnormal Portal to get your organization’s unique API access token that should be used when making programmatic calls to any of the Abnormal REST API endpoints.
You must also use the Portal to safelist IP addresses for your organization. IP safelisting ensures that API access is possible from IP addresses belonging to your organization and prevents users from unauthorized networks from accessing your threat data. This second layer of security helps keep your data safe from unauthorized users and protects you in the event of a token compromise. - API documentation
- Yes
- API documentation formats
-
- HTML
- API sandbox or test environment
- No
- Customisation available
- No
Scaling
- Independence of resources
- https://abnormalsecurity.com/trust-center
Analytics
- Service usage metrics
- Yes
- Metrics types
-
Attacks Stopped
Attack Frequency
Threat Log
Abuse Mailbox
Vendor Fraud
Vendor Base
People Base
App Base - Reporting types
- Real-time dashboards
Resellers
- Supplier type
- Reseller providing extra support
- Organisation whose services are being resold
- Abnormal Security
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
- Other
- Other data at rest protection approach
-
The Service retains the data types that it stores for the applicable default retention time indicated in the table above. During infrequent occurrences where an email requires additional analysis by the by the Service or an Abnormal Security researcher, personal
information may be stored temporarily by the Service until the malicious indicators identified by the Service within the message are validated, which is designed to occur within three hours of receiving such message. - Data sanitisation process
- No
- Equipment disposal approach
- A third-party destruction service
Data importing and exporting
- Data export approach
- Abnormal Security is able to export data via pdf, csv or Via API to solutions such as Splunk
- Data export formats
-
- CSV
- Other
- Other data export formats
- Data import formats
- Other
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- Other
- Other protection between networks
-
Cloud Native API Integration within O365 and Google Workspaces.
The Service encrypts the data it processes while those data are in transit and at rest. While data are in- transit, the Service leverages industry standard secure data transmission protocols with session authentication and encryption; all data in transit are encrypted using TLS 1.2 sessions with a 2048-bit RSA asymmetric key, and HTTPS is required for all traffic. The Service employs industry standard AES 256 encryption protocol and multi- factor encryption technologies on all data stores, including production databases, big data files used for data processing, database backups, read-replicas,
and snapshots. - Data protection within supplier network
- Other
- Other protection within supplier network
- The solution is deployed within the O365 and GoogleWorkspaces API.
Availability and resilience
- Guaranteed availability
- 99%
- Approach to resilience
- Available on request
- Outage reporting
- There is a public dashboard available that provides this information.
Identity and authentication
- User authentication needed
- Yes
- User authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
- Access restrictions in management interfaces and support channels
- Access control within management interfaces are assured by an independent validation of assertion Administrator permissions assured by independent validation of assertion
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Identity federation with existing provider (for example Google Apps)
- Username or password
Audit information for users
- Access to user activity audit information
- No audit information available
- Access to supplier activity audit information
- No audit information available
- How long system logs are stored for
- Between 6 months and 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Coalfire ISO, Inc.
- ISO/IEC 27001 accreditation date
- Certificate Issuance Date: September 30, 2021
- What the ISO/IEC 27001 doesn’t cover
- Outsourced Development
- ISO 28000:2007 certification
- No
- CSA STAR certification
- Yes
- CSA STAR accreditation date
- 26/01/2023
- CSA STAR certification level
- Level 1: CSA STAR Self-Assessment
- What the CSA STAR doesn’t cover
- N/a
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
-
- CCPA
- SOC2
- TX-RAMP
- PIPEDA
- VPAT
- Geode parent company Teneo Ltd holds ISO27001
- Geode parent company Teneo Ltd achieved Cyber Essentials
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
Abnormal has an appointed DPO who is responsible for ensuring appropriate data protection controls and requirements are in place and operating effectively.
Abnormal employees receive privacy training and onboarding and annually thereafter. Additional role-based training also occurs in a similar manner with targeted training, including topics such as the GDPR, privacy in marketing, and privacy by design.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- Geode’s Configuration and Change Management processes follow ITIL's Service Management best practice framework, including the guidance for building, deploying, and transitioning new or changed IT services into operation. Geode provide lifecycle services including the planning and management of changes, while minimizing risk. The components of the service are monitored for upgrades and updates provided by the relevant vendors. Within the Change Management process, each change requested will follow a pre-defined workflow, reflecting the various stages of assessment, approval and implementation of the change as well as a security policy impact assessment.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
-
We are committed to providing secure products that support compliance and build trust. Use this Trust Center to learn about our security and trust initiatives.
https://security.abnormalsecurity.com/ - Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
We are committed to providing secure products that support compliance and build trust. Use this Trust Center to learn about our security and trust initiatives.
https://security.abnormalsecurity.com/ - Incident management type
- Undisclosed
- Incident management approach
-
We are committed to providing secure products that support compliance and build trust. Use this Trust Center to learn about our security and trust initiatives.
https://security.abnormalsecurity.com/
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Public sector networks
- Connection to public sector networks
- No
Social Value
- Social Value
-
Social Value
Tackling economic inequalityTackling economic inequality
Geode and its parent company Teneo take CSR very seriously and have a purpose to improve the lives of 1 million children worldwide. We have built several schools in Africa as part of this journey. More can be found on our website www.teneo.net
Pricing
- Price
- £17 a licence a year
- Discount for educational organisations
- No
- Free trial available
- Yes
- Description of free trial
- 30 day read only deployment