Account Takeover Protection

Account Takeover

Identify and remediate compromised accounts, even if the breach happened long ago.

Account Takeover Protection

Avanan’s complete visibility leaves nowhere for attackers to hide

By nature, account takeovers are difficult to detect. Since the initial entry-point can be any cloud application, simply monitoring email is not enough. In addition to monitoring email, Avanan analyzes login events and end user activities across every cloud application used by your organization.

Looking for patterns to identify compromised accounts

By collecting numerous real-world incidents of account takeover events, the Avanan event analysis algorithm identifies behavior that can be a sign of malicious behavior or might lead to an insecure configuration. Such patterns include:

  • Logins from new devices, locations, or browsers
  • Suspicious mailbox configurations, such as deleting all incoming mail or forwarding to an outside address
  • Insecure or malicious mail configurations, such as filters, forwards, and secondary accounts.
  • Disabling of multi-factor authentication
  • Suspicious internal emails, often with multiple recipients
  • Multiple passwords resets in a short period of time
  • Changes in contact groupings (BCC, mixed role, unusual relationships)
  • Changes in session characteristics (length, time-of-day, behavior, and applications used)

Once a compromised account is identified, Avanan responds in real-time with effective remedies to lock out the attacker before the damage is done.

Account Takeover Protection



  • arcsight2
  • checkpoint2
  • FireEye
  • PaloAlto6
  • sophos2
  • Symantec4
  • Lastline2
  • McAfee-logo2
  • Splunk3
  • sandblast5
  • smart-phish3
  • GTB20Technologies
  • gfi3
  • F-Secure_Logo
  • avg4
  • VMRay-wide6
  • ESET_logo5
  • totaldefense
  • Trend-Micro-Logo1
  • AhnLab3


Cloud Account Takeover

Cloud Account Takeover
14-Day Free Trial – Experience the power and simplicity of Avanan Cloud Security.   Start Free Trial