Cloud-based email security provider Abnormal Security has announced three new capabilities focusing on threat detection for Slack, Microsoft Teams, and Zoom.The company \u2014 focused on protecting enterprises from targeted email attacks, such as phishing, social engineering, and business email compromise\u00a0\u2014 is also adding data ingestion from new sources to better its AI model, which maps user identity behavior.\u201cAbnormal\u2019s platform uses an anomaly detection engine that ingests and correlates 45,000 plus behavioral signals from email platforms (Microsoft 365, Google Workplace), EDR platforms (CrowdStrike), authentication platforms (Okta), and email-like applications such as Slack, Microsoft Teams, and Zoom,\u201d said Evan Reiser, chief executive officer at Abnormal Security. \u201cSignals include sign-in events, geo-location, compromised identities, and communication patterns in messaging.\u201dThe new capabilities are included as add-on products to the Abnormal Inbound Email Security offering and are generally available at launch.Abnormal now secures three new cloud communication servicesAbnormal has introduced three new products designed to detect suspicious messages, remediate compromised accounts, and provide insights into security posture across three cloud communication applications \u2014 Slack, Microsoft Teams, and Zoom.The products include \u201cEmail-like messaging security\u201d, \u201cEmail-like account takeover protection\u201d, and \u201cEmail-like security posture management.\u201dEmail-like messaging security allows administrators to monitor and take action against suspicious activities in Slack, Teams, and Zoom, by scanning messages for suspicious URLs and flagging potential threats for further review. This support covers messages sent from internal employees as well as external contractors.Email-like account takeover protection will analyze authentication activity in Slack, Teams, and Zoom, alerting security teams to suspicious sign-in events, including sign-ins from a blocked browser, from a risky location, or from a known bad IP address.Each event is automatically flagged for immediate investigation, with single sign-on activity from Okta and Azure Active Directory included for additional evidence.Email-like security posture management provides a central view of user privilege changes in Slack, Microsoft Teams, and Zoom to ensure only the appropriate users have admin rights.\u201cWe have been seeing a growing level of concern about email-like phishing and data breach attacks in channels beyond email,\u201d said Michael Sampson, senior analyst at Osterman Research. \u201cMonitoring additional platforms extends the protections that users have come to rely on which is ensuring email is a safe environment for work. With threat actors pivoting their attacks to extend into new channels, failing to ensure equivalent protections is short-sighted.\u201dAlongside new products, Abnormal has added new data ingestion capabilities available at no cost that will collect signals from CrowdStrike, Okta, Slack, Teams, and Zoom.\u201cCombining discrete small signals of potential compromise into higher level situations with unified visibility reduces the disconnected noise that is easy for security analysts to overlook. It gives security analysts early warnings of potential problems,\u201d Sampson said.The core technology is an AI capabilityAbnormal Inbound Email Security is the company\u2019s core offering, leveraging a cloud-native API architecture that helps the platform integrate with cloud email platforms, EDR, authentication services, and cloud collaboration applications via API.This allows Abnormal to ingest a huge number of useful signals that help identify suspicious activities across users and tenants.\u201cAdvanced AI and ML models, including natural language processing and natural language understanding leverage these signals to baseline user behavior and better understand identity and relationships across the organization,\u201d Reiser said. \u201cBy understanding what is normal for each employee, vendor, application, and email tenant, Abnormal can detect and prevent the malicious and unwanted emails or email-like messages that bypass traditional solutions.\u201dWhile scanning suspicious URLs and domains for phishes, the AI model tries to detect if a link is using too many redirects when clicked, the identity of the redirecting service providers, whether the eventual landing page presents webform indicators potentially attempting to steal information, age and Alexa ranking of the domain used, and the reputation of the registrar.