<img alt="" src="https://secure.leadforensics.com/110471.png" style="display:none;">



Account Takeover Protection


Identify and remediate compromised accounts, even if the breach happened long ago.

Anti virus _ Security-47.svg


Avanan’s complete visibility leaves nowhere for attackers to hide

By nature, account takeovers are difficult to detect. Since the initial entry-point can be any cloud application, simply monitoring email is not enough. In addition to monitoring email, Avanan analyzes login events and end user activities across every cloud application used by your organization.

Looking for patterns to identify compromised accounts

By collecting numerous real-world incidents of account takeover events, the Avanan event analysis algorithm identifies behavior that can be a sign of malicious behavior or might lead to an insecure configuration. Such patterns include:

  • Logins from new devices, locations, or browsers
  • Suspicious mailbox configurations, such as deleting all incoming mail or forwarding to an outside address
  • Insecure or malicious mail configurations, such as filters, forwards, and secondary accounts.
  • Disabling of multi-factor authentication
  • Suspicious internal emails, often with multiple recipients
  • Multiple password resets in short period of time
  • Changes in contact groupings (BCC, mixed role, unusual relationships)
  • Changes in session characteristics (length, time-of-day, behavior, and applications used)

Once a compromised account is identified, Avanan responds in real-time with effective remedies to lock out the attacker before the damage is done.

Account Takeover Protection Avanan



Cloud Account Takeover

Cloud Account Takeover Cover (shadow).png


account takeover myths

9 Myths of Account Takeover

Account Takeover Attacks are the invisible threat of cyber espionage. It is important to understand how they work and how to defend against them.

account takeover security

Account Takeover: A Critical Layer Of Your Email Security

Account takeover protection is the security layer that protects you after a successful attack, when hackers are finding a way into the compromised account.

Alternate Inbox Method

When Phishing Succeeds: The Alternate Inbox Method

The tactic of using an email folder, within a compromised email account, in order to send and receive emails in a way that is invisible to the owner.



  • Lastline
  • McAfee
  • GTB
  • checkpoint
  • FireEye
  • palo alto
  • Symantec
  • arcsight
  • Splunk
  • smart-phish