Adaptive ML for Abnormal’s Inbound Protection - Abnormal Security

Adaptive ML for Abnormal’s Inbound Protection

One of the primary challenges in email security is handling the rapidly changing threat landscape. As defenses improve, attackers get more creative, leveraging new strategies and vectors to compromise organizations. The advantage of using machine learning to tackle difficult problems such as BEC is that these systems can learn new attack patterns. However, this process oftentimes requires lots of data and therefore time—time in which malicious actors can continue to pull off damaging attacks that target enterprises large and small.

To combat this issue, Abnormal’s detection engine now utilizes two new approaches for stopping novel attacks in their tracks: rapid-training of text models and intelligent signatures. In the former case, we take in known attacks or ones that were not correctly identified, perform text augmentation (e.g. small changes and permutations to the message body or subject), and update models on an intra-daily basis. In the latter case, we learn numerical representations of incoming messages which we can use to group attacks of a similar type and structure and categorize them accurately, despite having limited prior data. 

While still in the early days of these new approaches, our improvements here have already paid dividends for our customers in the form of improved recall (i.e. true positive rate) and the ability to preemptively respond to threats. We look forward to piloting more of these detection improvements in the future as we fulfill our mission to protect our customers and maintain a technical edge over attackers.