Abstract Seafoam Wavy

Fall 2022 Detection Enhancements: BERT, Spam, and D360° Visibility

November 1, 2022

With the increasing sophistication and uniqueness of inbound email threats, Abnormal's efforts to improve detection efficacy have taken many different paths. During this past quarter, Abnormal integrated BERT, the large language model (LLM) that improves our ability to assess context; and behavioral learning models that leverage more known-good behaviors to combat burgeoning forms of unwanted mail into Inbound Email Security. In addition, Detection 360°'s ability to communicate remediation and insights into reported emails has improved with faster response times and more transparency.

At our core, Abnormal baselines what normal email interaction looks like in our customer environments by learning the normal behavior of every identity, understanding context, and assessing the risk of every email. Our models work to understand the context within which these identities normally interact, including the frequency and location of typical communication or events. When emails arrive, Abnormal assesses their risk by applying behavioral insight and content and intent analysis that can detect specific threats in our customer email ecosystems.

Here, we take a deeper dive into the most recent enhancements in the Abnormal detection engine which continue to improve our ability to identify and block threats from landing in customer inboxes.

Enhancing Our Detection Platform with BERT Large Language Models (LLMs)

BERT, the high-performance large language model (LLM) from Google, applies deep learning to interpret and evaluate text based on context. This model has the capability to assess and learn words which Abnormal has applied to our detection toolset, training and fine-tuning it on our own unique data sets with additional models built on top of it.

With payloadless (text-only)-schemes being used in BEC attacks more frequently, extracting the context of the email itself helps us reduce false positives (FPs) and understand how permutations of the content may be used to get past email filters.

In the socially engineered email attack example below, a bad actor uses brand impersonation to trick people into giving up personal information via email or phone. Computers and humans often see things quite differently. By making small changes to the spelling of Geek Squad, like Geeks Protect 360, and by including false information, like a randomly generated subscription number and renewal date, this type of email may pass through less robust detection models that don’t recognize these types of permutations as a threat.

Detection Recap2

Incorporating the BERT model has made Abnormal’s industry-leading detection faster, more accurate, and more efficient. By improving our detection models’ ability to identify permutations and combinations and better understanding the context and intent of these types of inbound text-based emails, customers will benefit from not having to engage with as many of these malicious emails.

Improved Spam Detection

To battle the 91% year-over-year increase in the volume of unwanted email we've seen across our customer base, Abnormal's Inbound Email Security now detects twice as many spam messages.

Below is a screenshot showing the type of modern spam our enhanced model will detect and remediate. In this case, an email promoting a fake job opportunity targeting college students is not the type of email that a “University Student” is likely to respond to, but it’s still a nuisance.

Detection Recap3

Our enhanced detection model leverages behavioral intelligence that identifies more known-good behaviors to suss out abnormalities that indicate spam. Existing customers are already benefiting from enhanced spam detection and will find additional spam emails in the Threat Log. While preventing modern forms of spam from landing in your primary inbox continues to be a challenge, leveraging advanced behavioral AI to effectively filter out this proliferation of newer spam can help you and your team gain back productivity.

More Transparency and Improved UX in D360°

Abnormal’s Detection 360° also received many improvements this past quarter. In addition to the new REST API endpoint, allowing developers to extract case report information from Detection 360°and corresponding details for each submitted case (including report summaries, statuses, message analyses, and more), customers will now enjoy improved visibility helping reduce the time and the transparency of the response to case reports.

In the new interface, customers can now see more in-depth insights and information on a submitted case.

Detection Recap1

The new UI provides a more detailed Analysis and Insights, updated timeline view, and also adds campaign and remediation status updates.

As cases are tagged with the attack type identified, our attack catalogue can provide more information about the type of attack, why it was missed, and what steps were taken to remediate it, and additional steps that will be taken to remediate them in the future.

This improved visibility and transparency helps customers get cases addressed and resolved more quickly while also accelerating our ability to patch our detection models.

To learn more about Inbound Email Security and our unique approach to threat detection, visit our solutions page.

Want to see Abnormal in-action? Request a personalized demo today.

 

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

See a Demo
 
Integrates Insights Reporting 09 08 22

Related Posts

B 1500x1500 Types of Email Platform Attacks L1 R2
Discover the most common types of email platform attacks in your cloud network and how you can prevent them.
Read More
B 1500x1500 Lilac Wolverine L1 R1
Threat group Lilac Wolverine is fine-tuning the art of exploiting people’s willingness to help others in some of the largest gift card attacks we've seen.
Read More
B 1500x1500 Modern Email Attacks Webinar Series L4 R2
Our Modern Email Attacks series has wrapped! Here are some of the biggest takeaways from Chris Krebs, Troy Hunt, and Theresa Payton.
Read More
B 1500x1500 Gartner Insights L1 R1
See our commitment to providing our customers with the best possible solution and support with these reviews from Gartner® Peer Insights™.
Read More
B 11 14 22 SPM Launch Blog Graphics
Security Posture Management gives organizations insight into cloud configuration risks and gaps across user and app privileges.
Read More
B 11 14 22 SPM Launch Blog 2
Cloud email platforms enable better collaboration, but they also create new entry points, making sensitive data more accessible to attackers.
Read More
B 1500x1500 Q3 Ransomeware L1 R2
This post explores the continuation of the sharp decline in ransomware attacks as well as a few other notable data points from Q3 2022.
Read More
B 10 05 22 Cloud Email Security Platform Essentials
Learn the 7 key capabilities a cloud email security platform should have in order to address and resolve common email security challenges.
Read More
B 11 07 22 Valimail
Discover the benefits of a modern, best-of-breed solution to email security with Abnormal Security and Valimail’s New Partnership.
Read More