ESG's Dave Gruber talks with Kenneth Liao of Abnormal Security about email security. This is part 2 of a 2-part series.
Watch the related ESG video(s):
Dave: Hi, I'm Dave Gruber. I'm here in ESG Studios with Ken Liao from Abnormal Security. And this is Part 2 of a conversation we've been having about modern email security and the threat landscape. In our last Part 1 of this episode, we talked about BEC threats, other phishing-based threats and other attack types.
Let's now shift gears a little bit and talk about Abnormal Security. Talk to me about the platform. Talk to me about how the platform approaches solving these types of problems and what makes it unique.
Ken: So one of the very unique aspects of Abnormal Security was that the founders didn't come from security. They actually came from the advertising technology space. But they brought it decades of experience on behavioral profiling and analysis and really understanding, sort of, human interactions and social behaviors. It turns out that that experience has been super important and super critical for us to be able to identify socially engineered attacks as well.
So the foundation of our platform is something that we call ABX or Abnormal Behavior Technology. And there's three real big components that make up ABX. It's the identity model, it's the relationship graph, and then the content analysis itself. So the identify model is all about identifying who are these two parties that are talking to each other. And it's more than just a name but we're really understanding, like, what is their role in the organization? We're looking at more information about a particular employee than a typical email system would look at. But we're also modeling the external entities as well. We understand who the vendors are. We understand who the customers are. We build identify models around that to understand what are the kind of interactions that those two people would have?
We then move into the relationship graph. So here, you know, you've heard of solutions that really begin to monitor who's talking to who, and we certainly do that as well. But it goes beyond that. It's not just the frequency of communication, but it's what are they talking about, how often are they talking? So all of the tone and topic and sentiment factors into fully understanding what the relationship between two people are.
And then the third part of it is the actual content analysis. Of course, you need to look at what is actually being communicated as part of that. But when you bring all three of those together, it allows us to be very, very accurate in identifying these types of social-engineered attacks.
Dave: It's very, very interesting. Reminds me, as I think about this, about how we, as humans and individuals, when we walk into a room and we meet somebody new, we build those relationships in our own minds, before we build a level of trust with the kinds of people that we're speaking with. If I've met you for the first time, I might relate to who do you know that I know, who might trust you and understand the relationships that you have before I'm willing to have a more in-depth conversation or share some sensitive information.
Sounds like you've automated much of those types of capabilities to a level where the system can help protect people from making mistakes there.
Ken: That's right. I would say one great way to think about it is when you have a breach and you trace it back to an email, think about all of the activities that the security analysts are going to go through to really understand what happened, right? They're going to go back and review to see if two people have talked to each other, or if that particular email address actually belongs to who they say it is, right?
If there's an executive impersonation, they're going to ask the executive, "What is your personal email address?" so they can begin to piece it all together. So we're doing all of that, but in an automated fashion, which allows us to kind of pre-empt the attack in the first place.
Dave: Great, that's super powerful. So is this a layered control? And specifically, does this replace all other email security or how does this fit in with the rest of the security stack?
Ken: Yeah, Abnormal is really built around augmenting those native capabilities that come with the cloud email platforms themselves. So this does not replace any OP, it really plugs in and covers those blind spots that the traditional email gateways are not covering today. So it really becomes that perfect augmentation so you can have Office 365 with its native capabilities, add Abnormal and really have very comprehensive protection across the whole spectrum of email threats in a very, sort of, price-efficient manner as well, because there's no overlapping functionality between the things that we're doing versus the things that the OP are doing.
Dave: That's fairly unique in the industry too, as I think about all the other email security solutions, there is an awful lot of overlap. And as a buyer, I now need to rationalize my investments and looking at overlapping technology. Great to hear that you guys have focused on being a pure value add and recognized the need to deliver on top of what security controls are already in place there.
Ken, thank you so much. Abnormal Security assisting with business email compromise. Look forward to seeing more from you, from Abnormal Security and how you can help companies protect themselves. Thank you very much.
Ken: Thank you for having me.
Dave: Appreciate it. Bye.
