Fall 2022 Detection Enhancements: BERT, Spam, and D360° Visibility

This quarter, Abnormal launched new features to help security teams enhance detection. Take a deep dive into all of the latest product updates.
November 1, 2022

With the increasing sophistication and uniqueness of inbound email threats, Abnormal's efforts to improve detection efficacy have taken many different paths. During this past quarter, Abnormal integrated BERT, the large language model (LLM) that improves our ability to assess context; and behavioral learning models that leverage more known-good behaviors to combat burgeoning forms of unwanted mail into Inbound Email Security. In addition, Detection 360°'s ability to communicate remediation and insights into reported emails has improved with faster response times and more transparency.

At our core, Abnormal baselines what normal email interaction looks like in our customer environments by learning the normal behavior of every identity, understanding context, and assessing the risk of every email. Our models work to understand the context within which these identities normally interact, including the frequency and location of typical communication or events. When emails arrive, Abnormal assesses their risk by applying behavioral insight and content and intent analysis that can detect specific threats in our customer email ecosystems.

Here, we take a deeper dive into the most recent enhancements in the Abnormal detection engine which continue to improve our ability to identify and block threats from landing in customer inboxes.

Enhancing Our Detection Platform with BERT Large Language Models (LLMs)

BERT, the high-performance large language model (LLM) from Google, applies deep learning to interpret and evaluate text based on context. This model has the capability to assess and learn words which Abnormal has applied to our detection toolset, training and fine-tuning it on our own unique data sets with additional models built on top of it.

With payloadless (text-only)-schemes being used in BEC attacks more frequently, extracting the context of the email itself helps us reduce false positives (FPs) and understand how permutations of the content may be used to get past email filters.

In the socially engineered email attack example below, a bad actor uses brand impersonation to trick people into giving up personal information via email or phone. Computers and humans often see things quite differently. By making small changes to the spelling of Geek Squad, like Geeks Protect 360, and by including false information, like a randomly generated subscription number and renewal date, this type of email may pass through less robust detection models that don’t recognize these types of permutations as a threat.

Detection Recap2

Incorporating the BERT model has made Abnormal’s industry-leading detection faster, more accurate, and more efficient. By improving our detection models’ ability to identify permutations and combinations and better understanding the context and intent of these types of inbound text-based emails, customers will benefit from not having to engage with as many of these malicious emails.

Improved Spam Detection

To battle the 91% year-over-year increase in the volume of unwanted email we've seen across our customer base, Abnormal's Inbound Email Security now detects twice as many spam messages.

Below is a screenshot showing the type of modern spam our enhanced model will detect and remediate. In this case, an email promoting a fake job opportunity targeting college students is not the type of email that a “University Student” is likely to respond to, but it’s still a nuisance.

Detection Recap3

Our enhanced detection model leverages behavioral intelligence that identifies more known-good behaviors to suss out abnormalities that indicate spam. Existing customers are already benefiting from enhanced spam detection and will find additional spam emails in the Threat Log. While preventing modern forms of spam from landing in your primary inbox continues to be a challenge, leveraging advanced behavioral AI to effectively filter out this proliferation of newer spam can help you and your team gain back productivity.

More Transparency and Improved UX in D360°

Abnormal’s Detection 360° also received many improvements this past quarter. In addition to the new REST API endpoint, allowing developers to extract case report information from Detection 360°and corresponding details for each submitted case (including report summaries, statuses, message analyses, and more), customers will now enjoy improved visibility helping reduce the time and the transparency of the response to case reports.

In the new interface, customers can now see more in-depth insights and information on a submitted case.

Detection Recap1

The new UI provides a more detailed Analysis and Insights, updated timeline view, and also adds campaign and remediation status updates.

As cases are tagged with the attack type identified, our attack catalogue can provide more information about the type of attack, why it was missed, and what steps were taken to remediate it, and additional steps that will be taken to remediate them in the future.

This improved visibility and transparency helps customers get cases addressed and resolved more quickly while also accelerating our ability to patch our detection models.

To learn more about Inbound Email Security and our unique approach to threat detection, visit our solutions page.

Want to see Abnormal in-action? Request a personalized demo today.

Fall 2022 Detection Enhancements: BERT, Spam, and D360° Visibility

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

Integrates Insights Reporting 09 08 22

Related Posts

B 1500x1500 MKT477 Energy Infrastructure Data Blog
Energy and infrastructure organizations face an increased risk of business email compromise and vendor email compromise attacks. Learn more.
Read More
B Mr Wonderful Talks AI
Explore the future of AI and cybersecurity and learn why prioritizing security investments is crucial with Kevin O’Leary of Shark Tank fame.
Read More
B 1500x1500 MKT468a Open Graph Images for Phishing Subjects Blog
Discover the most engaging phishing email subjects, according to Abnormal data, and how to protect your organization from these scams.
Read More
B Threat Report BEC VEC Blog
Our H1 2024 Email Threat Report revealed significant year-over-year increases in both business email compromise and vendor email compromise. Learn more.
Read More
B 2 7 24 Product Update
Abnormal product enhancements improve detection efficacy, reporting on QR code attacks, productivity, and protection from account takeover.
Read More
B 1500x1500 Quishing Stats Blog 02 05 24
Today we released our H1 2024 Email Threat Report, which examines the threat landscape and dives into the latest evolution in phishing: QR code attacks.
Read More