Abnormal Security is a company with a mission to stop cybercrime, starting with email, using AI to disrupt the industry and detect far more attacks than traditional solutions. The advent of generative AI, and the risks it poses to the world’s enterprises, has meant a significant increase in demand.
“The velocity of deals was increasing,” said Abnormal’s CISO Mike Britton. “In my first year at Abnormal, we grew 3x. In my second year, we grew 2x.”
Because of the nature of Abnormal’s business, the strength of their security stance is a foundational part of the company’s sales pitch. Every buyer requires a security review. As a result, the security and sales teams work together to put their “best foot forward” when communicating their commitment to security to buyers and customers.
“We have two goals when it comes to demonstrating our security stance to customers,” Mike said. “One, we want to always provide the most updated and accurate information, and two, we will answer their questions accurately and consistently.”
One major challenge was the traditional security review process. According to Mike, Abnormal’s incumbent security review process was “bifurcated,” requiring many different players and methods of communication to provide buyers with required documentation and responses to relatively rote customer questions. This method was lengthy, and ripe for mistakes and miscommunication, which could be detrimental to customer trust.
The process wasn’t just frustrating for everyone involved, including buyers, but was also made up of a host of liabilities, including the potential for out of date documentation, incorrect or suboptimal responses to questions, and even non-secure transmission of artifacts, including email. For Mike, and for the sales team, this buyer experience was a non-starter.
“With a bifurcated security review process, you’re taking a chance that the documentation that’s shared is out of date. Someone might not know the right answer,” said Mike. “Customer trust is hard to obtain and easy to lose. We’re not interested in walking things back.”
To flip this process on its head, Mike and his team at Abnormal implemented SafeBase, building a customer-facing Trust Center to house all of their security documentation and artifacts in one beautifully-presented and secure location for the sales team and for buyers. This means no more sending sensitive documentation over email, no more “thrash” among sellers, the security team, and buyers, and no more reactiveness.
“SafeBase helps us live and breathe our security principles,” said Mike. “I would never send a SOC2 over email. When a customer requests this type of documentation, I send them to the Trust Center every time, no matter what.”
Reflecting the criticality of security to Abnormal, sellers are trained to share the Trust Center with prospective buyers early in the sales cycle. Rather than wait for a buyer to ask about security, prospective customers receive a secure link to SafeBase after the second call. This demonstrates the company’s confidence in its security stance. It also acts as a signal of intent that supports the sales team’s efforts.
The SafeBase platform is integrated with Abnormal’s Salesforce instance, allowing sellers to track progress and impact of buyer security reviews within the flow of their work.
“The key fundamental difference is, [without SafeBase,] you wouldn’t put security front and center,” said Jake Yount, VP of North America Sales at Abnormal. “The beauty of SafeBase to us is that it makes us proud of our security stance, so we can put security at the forefront, which, as a security company, you have to. What’s more, being able to automate it in our platform, being able to tie in our contract vehicle engine, being able to watermark documents, it up-levels the experience for our team and the buyer.”
Since the implementation of SafeBase, Abnormal sales reps have received a continuous stream of praise from buyers, who express that it’s the most professional, organized, and easy to use demonstration of security they’ve ever seen. Buyers thank their sales reps for their proactivity and often are able to bypass security questionnaires as a result.
“I have multiple anecdotes where… I’m at the tail end of a deal and that’s typically when security comes up,” said Jake. “In the old days, you’d rush to fill out a questionnaire. And many times I’ve had customers say, ‘You guys have already accomplished that.’ or ‘I’m not worried about your security review, I’ve already been to your Trust Center and you guys have it. It’s honestly the best security stance I’ve ever seen.’”
And while the demands on the security team have continued to increase rapidly due to the massive increase in velocity, Mike says he and his team “haven’t killed ourselves to get there.” Streamlining the security review means the security team only engages with prospective customers when necessary.
Meanwhile, sales cycles are seeing the impact of eliminating the traditional security assessment rigamarole — including time savings of 80% when it comes to sharing secure documentation with prospective customers. The Trust Center has been viewed more than 16,000 times in the past year alone, with 7,300 engagements with Abnormal’s security documentation.
“Beyond a shadow of a doubt, SafeBase streamlines our process. Nearly every customer requires some type of security review of their vendors,” said Jake. “That security review takes some amount of time… SafeBase has completely streamlined and simplified that process. There’s an inherent benefit to our acceleration.”
Mike and his team feel that the way they handle the security process is and should be a reflection of how Abnormal does everything when it comes to customers. The frictionless security reviews they provide buyers is the first glimpse into Abnormal’s above-and-beyond partnership ethos – and to its excellent commitment to security.
Said Mike, “For a company so laser-focused on security, our Trust Center is an enabler. This is differentiation.”
"The beauty of SafeBase to us is that it makes us proud of our security stance, so we can put security at the forefront, which, as a security company, you have to."