Fall 2022 Detection Enhancements: BERT, Spam, and D360° Visibility

This quarter, Abnormal launched new features to help security teams enhance detection. Take a deep dive into all of the latest product updates.
November 1, 2022

With the increasing sophistication and uniqueness of inbound email threats, Abnormal's efforts to improve detection efficacy have taken many different paths. During this past quarter, Abnormal integrated BERT, the large language model (LLM) that improves our ability to assess context; and behavioral learning models that leverage more known-good behaviors to combat burgeoning forms of unwanted mail into Inbound Email Security. In addition, Detection 360°'s ability to communicate remediation and insights into reported emails has improved with faster response times and more transparency.

At our core, Abnormal baselines what normal email interaction looks like in our customer environments by learning the normal behavior of every identity, understanding context, and assessing the risk of every email. Our models work to understand the context within which these identities normally interact, including the frequency and location of typical communication or events. When emails arrive, Abnormal assesses their risk by applying behavioral insight and content and intent analysis that can detect specific threats in our customer email ecosystems.

Here, we take a deeper dive into the most recent enhancements in the Abnormal detection engine which continue to improve our ability to identify and block threats from landing in customer inboxes.

Enhancing Our Detection Platform with BERT Large Language Models (LLMs)

BERT, the high-performance large language model (LLM) from Google, applies deep learning to interpret and evaluate text based on context. This model has the capability to assess and learn words which Abnormal has applied to our detection toolset, training and fine-tuning it on our own unique data sets with additional models built on top of it.

With payloadless (text-only)-schemes being used in BEC attacks more frequently, extracting the context of the email itself helps us reduce false positives (FPs) and understand how permutations of the content may be used to get past email filters.

In the socially engineered email attack example below, a bad actor uses brand impersonation to trick people into giving up personal information via email or phone. Computers and humans often see things quite differently. By making small changes to the spelling of Geek Squad, like Geeks Protect 360, and by including false information, like a randomly generated subscription number and renewal date, this type of email may pass through less robust detection models that don’t recognize these types of permutations as a threat.

Detection Recap2

Incorporating the BERT model has made Abnormal’s industry-leading detection faster, more accurate, and more efficient. By improving our detection models’ ability to identify permutations and combinations and better understanding the context and intent of these types of inbound text-based emails, customers will benefit from not having to engage with as many of these malicious emails.

Improved Spam Detection

To battle the 91% year-over-year increase in the volume of unwanted email we've seen across our customer base, Abnormal's Inbound Email Security now detects twice as many spam messages.

Below is a screenshot showing the type of modern spam our enhanced model will detect and remediate. In this case, an email promoting a fake job opportunity targeting college students is not the type of email that a “University Student” is likely to respond to, but it’s still a nuisance.

Detection Recap3

Our enhanced detection model leverages behavioral intelligence that identifies more known-good behaviors to suss out abnormalities that indicate spam. Existing customers are already benefiting from enhanced spam detection and will find additional spam emails in the Threat Log. While preventing modern forms of spam from landing in your primary inbox continues to be a challenge, leveraging advanced behavioral AI to effectively filter out this proliferation of newer spam can help you and your team gain back productivity.

More Transparency and Improved UX in D360°

Abnormal’s Detection 360° also received many improvements this past quarter. In addition to the new REST API endpoint, allowing developers to extract case report information from Detection 360°and corresponding details for each submitted case (including report summaries, statuses, message analyses, and more), customers will now enjoy improved visibility helping reduce the time and the transparency of the response to case reports.

In the new interface, customers can now see more in-depth insights and information on a submitted case.

Detection Recap1

The new UI provides a more detailed Analysis and Insights, updated timeline view, and also adds campaign and remediation status updates.

As cases are tagged with the attack type identified, our attack catalogue can provide more information about the type of attack, why it was missed, and what steps were taken to remediate it, and additional steps that will be taken to remediate them in the future.

This improved visibility and transparency helps customers get cases addressed and resolved more quickly while also accelerating our ability to patch our detection models.

To learn more about Inbound Email Security and our unique approach to threat detection, visit our solutions page.

Want to see Abnormal in-action? Request a personalized demo today.

Fall 2022 Detection Enhancements: BERT, Spam, and D360° Visibility

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

Integrates Insights Reporting 09 08 22

Related Posts

B travelscams
Cybercriminals exploit stolen financial data to offer consumers heavily discounted travel deals. Learn how these email scams work and tips to avoid falling victim to them this summer travel season.
Read More
B Earn Your CPE Credits with Abnormal
Earn your continuing education credits with ISC2 by viewing cybersecurity content from Abnormal Security.
Read More
B Seg Lessons
Discover key insights gleaned from replacing 100+ SEGs for Abnormal customers.
Read More
B Europe Attack Data Blog
Discover what our research uncovered about the European threat landscape and attack trends for organizations in the region.
Read More
Abnormal aims to provide superior detection of email attacks while also directly and indirectly influencing the security awareness of your employees.
Read More
B 6 3 24 BEC Attacks
Discover how cybercriminals obtain corporate data from brokers like ZoomInfo and Apollo to enable targeted business email compromise (BEC) attacks.
Read More