Disciplined and Explainable ML for Email Security

February 16, 2021

The primary value that Abnormal brings to email security is an advanced, ML-based detection system that can extract and analyze thousands of signals, identify patterns, and adapt over time to detect important attacks–without relying exclusively on threat intel or signature approaches. A common pitfall with ML initiatives in general, though, is a focus on building more and more complex, advanced models and hoping they will magically solve a practical problem.

While Abnormal does spend a lot of time innovating on the model front, the team also has paid special attention to feature engineering—the creation of informative signals from raw data that encapsulate the real problem we are trying to solve. As such, Abnormal produces features and models pertaining to each key part of a message that we may process—ranging from payload analysis (e.g. does the attachment have Javascript?) to business context (e.g. does the body have RFQ language patterns?) to better detect attacks.

Furthermore, we believe it is critical to expose these system internals to our customers to open up “the black box” and give them a real understanding of why Abnormal’s detection system makes the decisions that it does. The rise of new methods in the field of ML explainability (see here and here), in conjunction with this highly intentional design of our system, enables Abnormal to effectively convey deep insights directly in our product.

Abnormal system insights

In particular, we have now introduced an anomaly and behavioral analysis chart on the Details page for every attack, showcasing the different surface areas of messages that we model and the key attributes therein, along with their actual values. In addition to improving confidence in the sophistication and comprehensiveness of the Abnormal detection engine, this visualization has real utility in terms of giving customers insights on specific patterns and risk factors at a more granular level.

Given that ML is the core of the Abnormal approach, we look forward to not only innovating to improve our systems day by day but also to channel these improvements into our product for better customer engagement and understanding.

See what the Abnormal portal could do for you with a free product demo today.


Prevent the Attacks That Matter Most

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Demo 2x 1

See the Abnormal Solution to the Email Security Problem

Protect your organization from the attacks that matter most with Abnormal Integrated Cloud Email Security.

Related Posts

B 10 3 22 Cobalt Terrapin Blog
Threat group Cobalt Terrapin uses sophisticated impersonation techniques with multiple steps to commit invoice fraud.
Read More
B 09 29 22 CISO Cybersecurity Awareness Month
October is here, which means Cybersecurity Awareness Month is officially in full swing! These five tips can help security leaders take full advantage of the month.
Read More
B Email Security Challenges Blog 09 26 22
Understanding common email security challenges caused by your legacy technology will help you determine the best solution to improve your security posture.
Read More
B 5 Crucial Tips
Retailers are a popular target for threat actors due to their wealth of customer data and availability of funds. Here are 5 cybersecurity tips to help retailers reduce their risk of attack.
Read More
B 3 Essential Elements
Legacy approaches to managing unwanted mail are neither practical nor scalable. Learn the 3 essential elements of modern, effective graymail management.
Read More
B Back to School
Discover how threat group Chiffon Herring leverages impersonation and spoofed email addresses to divert paychecks to mule accounts.
Read More
B 09 06 22 Rearchitecting a System Blog
We recently shared a look at how the Abnormal engineering team overhauled our Unwanted Mail service architecture to accommodate our rapid growth. Today, we’re diving into how the team migrated traffic to the new architecture—with zero downtime.
Read More
B Industry Leading CIS Os
Stay up to date on the latest cybersecurity trends, industry news, and best practices by following these 12 innovative and influential thought leaders on social media.
Read More
B Podcast Engineering 11 08 24 22
In episode 11 of Abnormal Engineering Stories, David Hagar, Director of Engineering and Abnormal Head of UK Engineering, continues his conversation with Zehan Wang, co-founder of Magic Pony.
Read More