At Abnormal, we take pride in our fundamentally different approach to cybersecurity, which allows us to deliver a solution that protects worldwide organizations from advanced email attacks. That said, we recognize the way we do it is a little, say, abnormal, and we know how important it is to definitively prove our value to prospective customers.

A few months ago, we had an opportunity to demonstrate Abnormal’s differentiators during a head-to-head competition conducted by Coal Services.

Coal Services is a specialized organization that provides workplace health and safety, workers' compensation, emergency response, and training services to the New South Wales coal mining community. Through an integrated suite of preventative and responsive solutions, the company supports NSW coal mine workers by helping identify, assess, monitor, and control the many risks inherent in the industry.

For 18 months, Coal Services utilized a Mimecast secure email gateway (SEG) in tandem with Darktrace for Email for protection against simple and more advanced email attacks, respectively. However, the security team at Coal Services noticed Darktrace was allowing a worryingly high number of malicious emails to be delivered to employee inboxes. And rather than automatically remediating suspicious emails, Darktrace was simply redirecting the messages to Junk folders.

As a result, the organization had to dedicate significant resources to examining and remediating malicious emails, manually pulling them from junk folders before employees could click on or respond to them. To better understand the issue, Matthew Townend, Information Security Manager at Coal Services, performed a thorough review of Darktrace’s performance in the last quarter of 2021.

While the Darktrace platform had initially been deemed adequately effective in identifying suspicious emails and applying automated actions to reduce the risk of sophisticated cyberattacks, Townend’s evaluation uncovered three critical technical limitations.

Because Darktrace uses journal-based email monitoring, the system can take up to 30 seconds to remove a malicious email from the recipient’s inbox. This is more than enough time for a user to see the email and engage with it. Further, Darktrace is unable to profile threats for users across all associated mailboxes, which means a suspicious email might be blocked from one inbox but not another. Accordingly, the inbox experience isn’t consistent for all employees, making it difficult to know who is being targeted and when.

Lastly, although Darktrace offers insight into which response has been applied to a malicious email, its reports don’t provide additional context on attack type, trends, common threats, or targeted employees. Subsequently, it was difficult for Coal Services to understand why the platform responded how it did and feel confident it would continue taking the same action moving forward.

Following a payment fraud incident (which was preceded by a successful phishing attack), Townend initiated a test to compare Darktrace with Abnormal Security and Avanan.

During the proof of value, Darktrace for Email remained active while Abnormal and Avanan ran in a “passive” mode for 31 days. This allowed Coal Services to understand how each product would identify and respond to advanced email attacks in a live environment. Then, the security team could compare the approaches and efficacy of the platforms to each other and to Darktrace.

Once the test was complete, Townend reviewed the data and concluded the following:

• API-based solutions, such as Abnormal, are able to identify and remediate suspicious emails faster than Darktrace.

• The reporting provided by API-based solutions is more detailed, relevant, and relatable, as it contained industry-standard technology and included trends over time.

• Abnormal produced the best results with the highest efficacy. Darktrace demonstrated low efficacy as many attacks were observed to evade it, while Avanan had a high rate of false positives.

After weighing the organization’s options, Townend ultimately decided Abnormal was the best choice for three key reasons.

First, Abnormal positively identified advanced email attacks with the highest precision. “Abnormal was the only solution to have zero false positives during the evaluation. There was no tuning required,” said Townend. Additionally, Townend appreciated the speed of remediation Abnormal offered compared to Darktrace—two to three seconds vs. thirty—as this reduced the likelihood of employees interacting with malicious emails.

Second, Townend liked that Abnormal’s reporting capabilities provided more detailed insights into each threat, as well as targeted employees and vendors. Visibility into who was being targeted and by what type of attack provides opportunities to improve the company’s security posture, ensuring that those attacked most understand the threat(s) they face. Townend also appreciated “the transparency into how the system works and the consistency we could provide users in terms of their inbox experience.”

Finally, with Abnormal, the security team would no longer have to spend hours manually reviewing suspicious emails or resolving issues caused by advanced email attacks. Instead, they can allocate resources more efficiently and effectively.

Townend and the security team at Coal Services are already reaping the benefits of their newly upgraded email security system and are excited for what’s on the horizon. "We're very interested in seeing further development of the Abnormal platform and looking forward to what is next," said Townend.

See why Abnormal beats out the competition and request your own proof of value today.