Disciplined and Explainable ML for Email Security

The primary value that Abnormal brings to email security is an advanced, ML-based detection system that can extract and analyze thousands of signals, identify patterns, and adapt over time to detect important attacks–without relying exclusively on threat intel or...
February 16, 2021

The primary value that Abnormal brings to email security is an advanced, ML-based detection system that can extract and analyze thousands of signals, identify patterns, and adapt over time to detect important attacks–without relying exclusively on threat intel or signature approaches. A common pitfall with ML initiatives in general, though, is a focus on building more and more complex, advanced models and hoping they will magically solve a practical problem.

While Abnormal does spend a lot of time innovating on the model front, the team also has paid special attention to feature engineering—the creation of informative signals from raw data that encapsulate the real problem we are trying to solve. As such, Abnormal produces features and models pertaining to each key part of a message that we may process—ranging from payload analysis (e.g. does the attachment have Javascript?) to business context (e.g. does the body have RFQ language patterns?) to better detect attacks.

Furthermore, we believe it is critical to expose these system internals to our customers to open up “the black box” and give them a real understanding of why Abnormal’s detection system makes the decisions that it does. The rise of new methods in the field of ML explainability (see here and here), in conjunction with this highly intentional design of our system, enables Abnormal to effectively convey deep insights directly in our product.

Abnormal system insights

In particular, we have now introduced an anomaly and behavioral analysis chart on the Details page for every attack, showcasing the different surface areas of messages that we model and the key attributes therein, along with their actual values. In addition to improving confidence in the sophistication and comprehensiveness of the Abnormal detection engine, this visualization has real utility in terms of giving customers insights on specific patterns and risk factors at a more granular level.

Given that ML is the core of the Abnormal approach, we look forward to not only innovating to improve our systems day by day but also to channel these improvements into our product for better customer engagement and understanding.

See what the Abnormal portal could do for you with a free product demo today.

Disciplined and Explainable ML for Email Security

See Abnormal in Action

Schedule a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

 

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

See a Demo
 
Integrates Insights Reporting 09 08 22

Related Posts

Zoom BC
Discover how Abnormal protects your Zoom messages and prevents attackers from using the application to breach your business.
Read More
B 5 22 23 SOC
Discover how Abnormal simplifies detection, enhances investigation, and automates remediation, increasing threat investigation efficacy at the SOC level.
Read More
B Phishing
Knowing what to do after receiving a phishing attack is essential for preventing costly consequences. Learn how to respond to Phishing attacks.
Read More
B 5 15 23 Israel BEC
Abnormal research into an advanced Israel-based threat group puts a spotlight on the continuing rise of BEC attacks.
Read More
B Slack
Discover how Abnormal secures your Slack and keeps collaborative apps from becoming entry points for attackers.
Read More
Copy of Blog Cover Template DO NOT EDIT OR DELETE
Discover key security risks present across collaborative cloud applications and how cybersecurity experts are responding based on ESG survey results.
Read More