How does Abnormal differ from Proofpoint TAP?

Abnormal operates post-delivery (analysing email after it has arrived in the mailbox and remediating threats by removing them from mailboxes after the fact) using behavioural-AI to model organisational communication patterns. TAP operates pre-delivery (scanning email at the gateway before it reaches the mailbox) using URL-rewriting, sandboxing, and rule-based detection. The two approaches are complementary and frequently deployed together in mature enterprise architectures.

What happened with Tessian and IRONSCALES?

Tessian, a similar behavioural-AI email-security vendor, was acquired by Proofpoint in November 2024. The acquisition consolidated the behavioural-AI category around Abnormal as the leading independent vendor and Tessian-now-Proofpoint as the bundled-with-TAP alternative. IRONSCALES is a continuing independent vendor in the category with similar functional positioning at a lower price point.

Filing 06.02.00Field 27 APR 2026Classification PublicStatus Open

Abnormal Security cost: $42 to $96 per mailbox per year

Q: How much does Abnormal Security cost?

Estimated $42 to $96 per mailbox per year depending on tier and organisation size. Mid-market typically lands $50 to $75 per mailbox; enterprise volume-discounted typically $42 to $60.

Q: What is behavioural-AI email security?

Behavioural-AI email security models the typical communication patterns within an organisation (who emails whom, with what frequency, with what language patterns, on what topics) and flags messages that deviate from the learned baseline. The model is purpose-built to catch attack patterns that grammatically-correct lures pass through legacy gateway-style scanning.

Q: Why does Abnormal command a premium?

Abnormal's behavioural-AI catches a category of attack (sophisticated BEC, AitM lures from compromised legitimate domains, vendor-impersonation through compromised supplier mailboxes) that legacy gateway-style scanning fundamentally cannot catch. For organisations facing material exposure to these attack patterns, Abnormal is one of few products that meaningfully reduces residual risk, which justifies the premium.

Q: Do I need both Abnormal and a gateway product?

In most mature enterprise architectures, yes. The gateway product (TAP, Defender for Office 365, Mimecast) catches the bulk and lower-sophistication attacks at lower per-mailbox cost; Abnormal catches the residual sophisticated attacks. Running both is the typical pattern. Some organisations have moved to Abnormal-only deployments but this approach is best suited to organisations primarily exposed to sophisticated attacks rather than high-volume bulk attacks.

Abnormal is the leading independent behavioural-AI email-security vendor in 2026. The behavioural-AI post-delivery model catches a category of sophisticated phishing that legacy gateway-style scanning fundamentally cannot catch, which justifies the price premium versus traditional alternatives.

Exhibit A

Behavioural-AI email security as a category

Behavioural-AI email security emerged as a distinct product category through 2018-2022 as the limitations of gateway-style scanning became visible against sophisticated phishing attacks. The premise of behavioural-AI is that an attack pattern can be detected not by examining the email content for malicious-indicator patterns but by examining the email metadata (sender-recipient relationship history, communication frequency, language pattern, topic novelty) for behavioural-anomaly patterns that signal something is wrong even when the content passes content-based scanning.

The category leaders in 2026 are Abnormal Security (independent, founded 2018), Tessian (acquired by Proofpoint November 2024, now bundled with TAP), and IRONSCALES (independent, founded 2014). Sublime Security has emerged through 2023-2025 as a newer entrant with detection-as-code positioning. The functional positioning across vendors is similar; the differentiation is in modelling depth, deployment ease, and pricing.

The attack patterns behavioural-AI catches best are sophisticated BEC (where the lure is grammatically perfect and refers to real organisational context), AitM lures from compromised legitimate domains (where reputation-lookup passes because the domain is legitimate), and vendor-impersonation through compromised supplier mailboxes (where the sender is real but the message intent is fraudulent). For organisations facing material exposure to these patterns, behavioural-AI is one of few product categories that meaningfully reduces residual risk. The post-delivery operating model (analysing email after it has arrived in the mailbox) means the product can use full-mailbox context for detection rather than just the inbound-stream view that gateway-style products see.[Gartner Magic Quadrant Email Security 2024 + Forrester Wave Enterprise Email Security 2024]

Exhibit B

Abnormal Security pricing and the premium justification

REFERENCE

Abnormal Security pricing in 2026 sits at an estimated $42 to $96 per mailbox per year. The wide band reflects substantial variation by tier and organisation size. Mid-market typically lands $50 to $75 per mailbox; enterprise volume-discounted typically $42 to $60. The pricing is materially higher than gateway-style alternatives (Microsoft Defender for Office 365 Plan 2 at near-zero incremental cost for M365 E5 customers, Proofpoint TAP at $36 to $108 per user year) but the value proposition is different.

The premium justification rests on attack-pattern coverage. Gateway-style products are highly effective against bulk and lower-sophistication phishing at low per-mailbox cost. The limit of gateway-style effectiveness is the residual sophisticated-attack category that bypasses reputation-lookup and rule-based scanning because the lure is grammatically perfect, uses a legitimate (or compromised-legitimate) sender domain, and references real organisational context. This residual category produces the highest per-event cost (because sophisticated attacks are typically targeted at high-value identities and high-value transactions) and is exactly what Abnormal's behavioural-AI is designed to catch.

The ROI calculation reflects this. For a mid-market organisation paying $96,000 per year for TAP plus $120,000 per year for Abnormal (2,000 mailboxes at $48 and $60 respectively), total email-security spend is $216,000 per year. Against the modelled $4.20M average mid-market breach cost (see /by-scale/mid-market), the combined program pays back on a single avoided sophisticated-attack event. The dual-product architecture is now the standard for mid-market and enterprise organisations facing meaningful sophisticated-attack exposure.[Abnormal Security pricing triangulation from USASpending + reseller catalogues + buyer-community reports 2024-2025]

Exhibit C

Worked examples by organisation profile

Organisation profile	Deployment model	Per-mailbox cost	Annual total
500-mailbox mid-market mature program	Abnormal alongside Defender	$65	$32,500
2,000-mailbox mid-market	Abnormal alongside TAP	$60	$120,000
5,000-mailbox upper mid-market	Abnormal alongside Defender	$55	$275,000
10,000-mailbox enterprise	Abnormal alongside TAP / Defender	$50	$500,000
25,000-mailbox large enterprise	Abnormal alongside Defender	$45	$1,125,000
50,000-mailbox Fortune 500	Abnormal alongside Defender	$42	$2,100,000

Examples assume the typical dual-product architecture (Abnormal alongside a gateway-style product). Abnormal-only deployments are possible and produce lower total spend but are best suited to organisations primarily exposed to sophisticated rather than bulk attacks.[Triangulated from Abnormal public contract records + reseller catalogue data]

Exhibit D

The Tessian-into-Proofpoint consolidation

In November 2024, Proofpoint announced its acquisition of Tessian, the second-largest independent behavioural-AI email-security vendor at the time. The acquisition consolidated the behavioural-AI category in a way that has reshaped buyer decision-making through 2025-2026. Pre-acquisition, Tessian competed with Abnormal as the independent-vendor alternative; post-acquisition, Tessian operates as the bundled-with-TAP behavioural-AI layer in Proofpoint's stack, with Abnormal as the leading independent option.

The acquisition's effect on Abnormal pricing has been measurable. With one fewer independent competitor in the category, Abnormal's pricing power has firmed; the bottom-of-band pricing has compressed slightly. The acquisition also created a strategic-decision point for buyers who were previously running Tessian alongside a non-Proofpoint gateway product. The post-acquisition Tessian product is integrated more tightly into the Proofpoint stack, which makes it more attractive for existing Proofpoint customers and less attractive for non-Proofpoint customers who wanted Tessian-independent.

The current independent-vendor competitive landscape includes Abnormal (clear category leader by customer count), IRONSCALES (lower-priced alternative with similar functional positioning), Sublime Security (newer entrant with detection-as-code differentiation), and a handful of smaller players. For most buyers in 2026, the practical decision is between Abnormal and IRONSCALES on price-versus-feature, with Tessian-via-Proofpoint as the bundled alternative for existing Proofpoint customers.[Proofpoint-Tessian acquisition announcement November 2024 + post-acquisition product-integration analysis 2025]

Exhibit E

What Abnormal actually catches: attack-pattern coverage

Sophisticated BEC against finance and treasury

Grammatically-perfect impersonation of executives, vendors, or counsel where the lure references real organisational context. Catches sub-types that pass display-name and lookalike-domain detection because the sender appears legitimate in metadata. Strongest single use case for the product.

Vendor-mailbox-compromise BEC

Real supplier sender, real invoice format, real payment-cycle timing, but with redirected banking details. Catches the pattern that produces the largest per-event losses in manufacturing and legal-services sectors (see /by-industry/manufacturing and /by-industry/legal).

AitM lures from compromised legitimate domains

When the attacker has compromised a legitimate domain and is using it to host AitM lure infrastructure, reputation-lookup at the gateway passes because the domain is legitimate. Behavioural-AI catches the lure because the recipient has no history of receiving messages of this type from this sender.

Account-takeover detection and remediation

When an internal account is compromised and the attacker uses it to send onward phishing or data-exfil emails, behavioural-AI detects the abnormal outbound pattern (typical mailbox sends 30 messages per day, suddenly sending 500 to external recipients, with attachment content unusual for the sender). Catches the post-compromise pivot in addition to inbound attacks.

OAuth consent phishing detection

OAuth consent phishing tricks users into granting the attacker app access to their mailbox via legitimate OAuth flow. Abnormal detects the abnormal consent-grant pattern and alerts security team. Niche but valuable for organisations targeted by OAuth-consent threat actors.

Post-delivery remediation across all mailboxes

When Abnormal identifies a malicious email in one mailbox, it removes the same email from all other mailboxes that received it. The post-delivery remediation closes the lateral-spread window that gateway products cannot address.

Exhibit F

What buyers should ask before signing the Abnormal contract

What is the per-mailbox pricing including volume discount?

Compare against IRONSCALES and Sublime Security at the same volume. Abnormal is typically the premium-priced option; the premium needs to be justified on detection-quality grounds.

What is the typical detection-rate improvement over my existing stack?

Request a 30-60 day proof-of-value deployment where Abnormal runs in parallel with your existing email security and reports on attacks it catches that the incumbent missed. The detection-rate delta is the central evaluation criterion.

Is post-delivery remediation enabled?

Confirm the remediation feature is included and properly configured. The lateral-spread-closure value depends on remediation being active not just detection.

What is the integration with my SOC and SIEM?

Abnormal produces high-quality detection data that should feed into SOC workflows. Confirm integration with SIEM, SOAR, and ticketing platforms.

What is the data-residency and processing posture?

For EU operations, confirm EU-hosted deployment availability. For US-government contracts, confirm FedRAMP or equivalent authorisation status.

What is the multi-year discount and renewal-price cap?

Standard procurement questions. Multi-year commitments yield meaningful discount but optionality cost is real in a rapidly-evolving product category.

Exhibit G

Frequently filed questions

ON RECORD

How much does Abnormal Security cost?[open]

Estimated $42-$96 per mailbox per year. Mid-market typically $50-$75; enterprise volume-discounted $42-$60.

What is behavioural-AI email security?[open]

Models typical organisational communication patterns and flags messages that deviate from baseline. Catches sophisticated attacks that pass gateway-style content scanning.

How is Abnormal different from Proofpoint TAP?[open]

TAP is gateway-style (pre-delivery scanning); Abnormal is post-delivery behavioural-AI. Frequently deployed together in mature enterprise architectures.

What happened with Tessian?[open]

Acquired by Proofpoint November 2024. Now bundled with TAP. Abnormal is the leading independent vendor; IRONSCALES is the lower-priced alternative.

Why does Abnormal command a premium?[open]

Catches a category of sophisticated attacks that legacy gateway-style scanning fundamentally cannot catch. For organisations facing material sophisticated-attack exposure, Abnormal is one of few products that meaningfully reduces residual risk.

Do I need both Abnormal and a gateway product?[open]

In mature enterprise architectures, yes. Gateway catches bulk at low per-mailbox cost; Abnormal catches residual sophisticated. Abnormal-only deployments possible but suited to organisations primarily exposed to sophisticated rather than bulk attacks.

What is the proof-of-value evaluation?[open]

Request a 30-60 day parallel deployment where Abnormal reports on attacks it catches that your incumbent missed. The detection-rate delta is the central evaluation criterion.

Exhibit H