Attachment Modeling Enhancements - Abnormal Security

Attachment Modeling Enhancements

From invoice fraud to malware, attachments are a common vector for high-impact email attacks (including the ransomware ones that have increased in scope and frequency over the course of 2020). Rule-based approaches for detection are helpful but incomplete, often failing to flexibly model message characteristics, resulting in missed attacks and false positives that can impede normal business communication.  

As such, we have rolled out attachment modeling improvements centered around both extracting better features through more comprehensive message processing and building robust ML models that operate with high accuracy. In terms of features, we now derive high-signal attributes including new ones that blend detailed information about attachments with notable patterns in the message body or subject. In addition, we have developed a new set of models that couple this information with Abnormal’s trademark behavioral and content analysis to holistically assess and flag attacks, leading to significant performance improvements for our systems. This is the first of many updates to this functionality, so stay tuned for updates!