Torq + Abnormal: Key Use Cases for More Secure Email

At Torq, we like to say “if it talks, we can connect to it.” Our limitless integrations are what set us apart from the pack. 

Our hyperautomation platform connects to any system seamlessly, no matter its complexity. It’s our open architecture that empowers this dramatic unification of your tech stack, and lets you maximize your security investment while enhancing efficiency and effectiveness of your security operations.

One of our key tech partners is Abnormal Security, the leader in email security. With Torq and Abnormal, you can orchestrate and automate response to email security events, analyze emails and their attachments, and automatically perform remediation actions. 

Here’s a look at two use cases in which Torq and Abnormal combine powers:

Account Takeover

This use case is simple, but effective, and is designed to help you protect your organization in the event of an account takeover.

When Abnormal Security detects a compromised email account, Torq sends an alert to the chosen collaboration platform – Slack or Teams – to notify response teams and the user that their account is suspended. In some instances, Torq can also request clarification from the user regarding the alert. From there, the account can be suspended or locked in Okta or in Microsoft Entra ID.

This use case also gives the option to communicate with the user first to give them a heads up of the compromise and that their account will be locked or suspended. There is an option in the workflow to kill all of the users authorized sessions to the organization’s resources, as well.

This use case is designed specifically to ensure that a compromised account can’t cause more damage. 

Without Torq, the time from detection to remediation would be longer, giving the bad actor more time to impersonate a valid authorized user. With Torq, the response is immediate. 

Post-Breach Remediation

This use case solves an all too common problem: an email is classified as malicious after a user has already interacted with it. 

It works like this: Torq fetches all of the pertinent details, such as the user affected, the device, and the geography. 

If there was a malicious file in the email that was opened or downloaded, Torq triggers a scan in the EDR, determines if other users received or interacted with the email, and isolate and delete that file. From there, you can add the file hash to your EDR block list or, if it’s a link, you can search for communication to the bad actor and if it happened in other places in the organization. activities from the organization.

Those are just two ways Torq and Abnormal work together to automate and improve email security. If you’d like to see this integration in action, schedule a demo.