chat
expand_more

Fall 2022 Detection Enhancements: BERT, Spam, and D360° Visibility

This quarter, Abnormal launched new features to help security teams enhance detection. Take a deep dive into all of the latest product updates.
November 1, 2022

With the increasing sophistication and uniqueness of inbound email threats, Abnormal's efforts to improve detection efficacy have taken many different paths. During this past quarter, Abnormal integrated BERT, the large language model (LLM) that improves our ability to assess context; and behavioral learning models that leverage more known-good behaviors to combat burgeoning forms of unwanted mail into Inbound Email Security. In addition, Detection 360°'s ability to communicate remediation and insights into reported emails has improved with faster response times and more transparency.

At our core, Abnormal baselines what normal email interaction looks like in our customer environments by learning the normal behavior of every identity, understanding context, and assessing the risk of every email. Our models work to understand the context within which these identities normally interact, including the frequency and location of typical communication or events. When emails arrive, Abnormal assesses their risk by applying behavioral insight and content and intent analysis that can detect specific threats in our customer email ecosystems.

Here, we take a deeper dive into the most recent enhancements in the Abnormal detection engine which continue to improve our ability to identify and block threats from landing in customer inboxes.

Enhancing Our Detection Platform with BERT Large Language Models (LLMs)

BERT, the high-performance large language model (LLM) from Google, applies deep learning to interpret and evaluate text based on context. This model has the capability to assess and learn words which Abnormal has applied to our detection toolset, training and fine-tuning it on our own unique data sets with additional models built on top of it.

With payloadless (text-only)-schemes being used in BEC attacks more frequently, extracting the context of the email itself helps us reduce false positives (FPs) and understand how permutations of the content may be used to get past email filters.

In the socially engineered email attack example below, a bad actor uses brand impersonation to trick people into giving up personal information via email or phone. Computers and humans often see things quite differently. By making small changes to the spelling of Geek Squad, like Geeks Protect 360, and by including false information, like a randomly generated subscription number and renewal date, this type of email may pass through less robust detection models that don’t recognize these types of permutations as a threat.

Detection Recap2

Incorporating the BERT model has made Abnormal’s industry-leading detection faster, more accurate, and more efficient. By improving our detection models’ ability to identify permutations and combinations and better understanding the context and intent of these types of inbound text-based emails, customers will benefit from not having to engage with as many of these malicious emails.

Improved Spam Detection

To battle the 91% year-over-year increase in the volume of unwanted email we've seen across our customer base, Abnormal's Inbound Email Security now detects twice as many spam messages.

Below is a screenshot showing the type of modern spam our enhanced model will detect and remediate. In this case, an email promoting a fake job opportunity targeting college students is not the type of email that a “University Student” is likely to respond to, but it’s still a nuisance.

Detection Recap3

Our enhanced detection model leverages behavioral intelligence that identifies more known-good behaviors to suss out abnormalities that indicate spam. Existing customers are already benefiting from enhanced spam detection and will find additional spam emails in the Threat Log. While preventing modern forms of spam from landing in your primary inbox continues to be a challenge, leveraging advanced behavioral AI to effectively filter out this proliferation of newer spam can help you and your team gain back productivity.

More Transparency and Improved UX in D360°

Abnormal’s Detection 360° also received many improvements this past quarter. In addition to the new REST API endpoint, allowing developers to extract case report information from Detection 360°and corresponding details for each submitted case (including report summaries, statuses, message analyses, and more), customers will now enjoy improved visibility helping reduce the time and the transparency of the response to case reports.

In the new interface, customers can now see more in-depth insights and information on a submitted case.

Detection Recap1

The new UI provides a more detailed Analysis and Insights, updated timeline view, and also adds campaign and remediation status updates.

As cases are tagged with the attack type identified, our attack catalogue can provide more information about the type of attack, why it was missed, and what steps were taken to remediate it, and additional steps that will be taken to remediate them in the future.

This improved visibility and transparency helps customers get cases addressed and resolved more quickly while also accelerating our ability to patch our detection models.

To learn more about Inbound Email Security and our unique approach to threat detection, visit our solutions page.

Want to see Abnormal in-action? Request a personalized demo today.

Fall 2022 Detection Enhancements: BERT, Spam, and D360° Visibility

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Proofpoint Customer Story Blog 8
A Fortune 500 transportation and logistics leader blocked more than 6,700 attacks missed by Proofpoint and reclaimed 350 SOC hours per month by adding Abnormal to its security stack.
Read More
B Gartner MQ 2024 Announcement Blog
Abnormal Security was named a Leader in the 2024 Gartner Magic Quadrant for Email Security Platforms and positioned furthest for Completeness of Vision.
Read More
B Gift Card Scams Tricker to Spot Blog
Learn why gift card scams are becoming more difficult to identify, how cybercriminals evolve their tactics, and strategies to protect your organization.
Read More
B Offensive AI 12 16 24
Learn how AI is used in cybersecurity, what defensive AI vs. offensive AI means, and how to use defensive AI to combat offensive AI.
Read More
B Proofpoint Customer Story Blog 7
See how Abnormal's AI helped a Fortune 500 insurance provider detect 27,847 threats missed by Proofpoint and save 6,600+ hours in employee productivity.
Read More
B Cyberattack Forecast Emerging Threats Blog
Uncover the latest email threats and strategies to strengthen your cybersecurity and prepare for 2025.
Read More