Release Notes
January 2021
New
- New Internal Spoof Filter: Abnormal has improved its authentication parsing logic and anomaly detection to determine if an email is truly internal or an external email in disguise. The new filter catches more internal spoof attacks, meaning that customers will benefit from improved detection accuracy.
Updated
- Account Takeover Detection Improvements: We've made the following account takeover improvements:
- ATO Detection Speed Improvement: Significantly improved detection speed on ATO cases for users with heavy login activity from hours to minutes.
- Impossible Travel Model: Rolled out a higher precision impossible travel model. We expect this to improve the precision of ATO cases and ultimately to catch more attacks.
- Improved Location Risk Model: Abnormal has improved its ability to detect account takeover attacks based on malicious signals from location login behavior. This enhanced model catches 18% more attacks than previously. Customers benefit from more accurate ATO detections via the model improvement.
- Improved Google Workspace Support: Abnormal improved our ability to remediate mass mailing-list campaigns and improved onboarding support to reduce time to POV integration. Customers benefit from lowered risk for mailing-list type of attack campaigns from residing in their email environment. New Abnormal customers also benefit from reduced time to integrate their G Suite tenant.
- Improved Splunk Integration: Abnormal added sender display name for each attack and attachment name for each attack containing an attachment payload. Customers benefit from increased visibility for each attack via Splunk integration.
- Improved Malicious Spoof Model: Abnormal has improved its ability to detect internal spoof messages with a forged sender address. This model catches an order of magnitude more internal spoofs than previous models. Customers benefit from improved detection of catching these types of attacks.
- Improved Attack Facet Model: Abnormal has improved its ability to correctly classify emails into different types of attacks. Customers benefit from more precise classification of payment fraud, credential phishing, gift card fraud, and more.