In this latest enhancement of Abnormal Email Account Takeover Protection, Abnormal Cases have been enriched with contextual insights detailing why an event triggered a case and which signals helped determine that event was suspicious. Abnormal Cases will now highlight how frequently a user (and in certain cases, the company itself) was associated with analyzed signals such as IP addresses, ISPs, browsers, locations, etc.
Additionally, Cases will now be assigned a Confidence Score: A High score requires immediate attention, a Medium score indicates a “potential risk” that should be investigated, and a Low score is attributed to notable or suspicious events that may be unusual but are not anomalous enough to label as an urgent threat.
To reduce noise, Cases in the Account Takeover Protection list view will be segmented based on confidence to give immediate visibility into the highest priority Cases, while still providing quick access to the other suspicious user cases that are not considered active account takeovers.