Abnormal Improves Email Attack Detection Efficacy by 20%

One of the key objectives of the Abnormal platform is to provide the highest precision detection to block all never-before-seen attacks. This ranges from socially-engineered attacks to account takeovers to everyday spam, and the platform does it without customers needing to create countless rules like with traditional secure email gateways.

We are constantly improving our differentiated technology and superior efficacy when it comes to stopping email attacks. As a result, we have created and trained a new machine learning model that quickly eliminates identified false negatives, particularly for payloadless attacks like advanced socially-engineered emails and those attempting invoice or payment fraud. The new and improved model can rapidly be retrained to automatically identify novel attacks that evade traditional email solutions to provide our customers with the most effective email protection.

Our new model, now available in the Abnormal product, reduced the false-negative rate by a staggering 20%.

The tremendous impact of reducing noise from incorrectly flagged email messages saves customers a tremendous amount of time while showing only the most relevant contextual information.

In order to protect against modern social engineering attacks, IT security teams need to analyze a broader set of data in order to better understand the context of communications that is constantly learning and improving as bad actors adapt their tactics and techniques. Our full analysis is illustrated in the email content image.

This analysis allows customers to:

• Perform identity modeling of both internal and external (partners, vendors, customers) entities, and analyze more data sources as a part of that modeling.

• Create relationship graphs to understand, not only the strength of each connection and the frequency of communication, but also the content and tone of the communication.

• Perform email content analysis using computer vision techniques, natural language processing, deep URL analysis, and threat intelligence.

Abnormal is committed to rapidly innovating to improve our detection capabilities, built-in automation, and processes to help security teams stay ahead of attackers. The updated algorithm brings these innovations, specifically those related to its detection improvements, to the forefront and provides a better experience for our customers.

Want to learn more about how our algorithms stop advanced attacks? Request a demo today.