chat
expand_more

Disciplined and Explainable ML for Email Security

The primary value that Abnormal brings to email security is an advanced, ML-based detection system that can extract and analyze thousands of signals, identify patterns, and adapt over time to detect important attacks–without relying exclusively on threat intel or...
February 16, 2021

The primary value that Abnormal brings to email security is an advanced, ML-based detection system that can extract and analyze thousands of signals, identify patterns, and adapt over time to detect important attacks–without relying exclusively on threat intel or signature approaches. A common pitfall with ML initiatives in general, though, is a focus on building more and more complex, advanced models and hoping they will magically solve a practical problem.

While Abnormal does spend a lot of time innovating on the model front, the team also has paid special attention to feature engineering—the creation of informative signals from raw data that encapsulate the real problem we are trying to solve. As such, Abnormal produces features and models pertaining to each key part of a message that we may process—ranging from payload analysis (e.g. does the attachment have Javascript?) to business context (e.g. does the body have RFQ language patterns?) to better detect attacks.

Furthermore, we believe it is critical to expose these system internals to our customers to open up “the black box” and give them a real understanding of why Abnormal’s detection system makes the decisions that it does. The rise of new methods in the field of ML explainability (see here and here), in conjunction with this highly intentional design of our system, enables Abnormal to effectively convey deep insights directly in our product.

Abnormal system insights

In particular, we have now introduced an anomaly and behavioral analysis chart on the Details page for every attack, showcasing the different surface areas of messages that we model and the key attributes therein, along with their actual values. In addition to improving confidence in the sophistication and comprehensiveness of the Abnormal detection engine, this visualization has real utility in terms of giving customers insights on specific patterns and risk factors at a more granular level.

Given that ML is the core of the Abnormal approach, we look forward to not only innovating to improve our systems day by day but also to channel these improvements into our product for better customer engagement and understanding.

See what the Abnormal portal could do for you with a free product demo today.

Disciplined and Explainable ML for Email Security

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

 

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

 
Integrates Insights Reporting 09 08 22

Related Posts

B Earn Your CPE Credits with Abnormal
Earn your continuing education credits with ISC2 by viewing cybersecurity content from Abnormal Security.
Read More
B Seg Lessons
Discover key insights gleaned from replacing 100+ SEGs for Abnormal customers.
Read More
B Europe Attack Data Blog
Discover what our research uncovered about the European threat landscape and attack trends for organizations in the region.
Read More
B SAT
Abnormal aims to provide superior detection of email attacks while also directly and indirectly influencing the security awareness of your employees.
Read More
B 6 3 24 BEC Attacks
Discover how cybercriminals obtain corporate data from brokers like ZoomInfo and Apollo to enable targeted business email compromise (BEC) attacks.
Read More
B Addressing Account Takeovers Blog
Discover how security leaders are protecting their organizations against account takeover with insights from our survey of 300 cybersecurity stakeholders.
Read More