In this article, we discuss how, on top of our probabilistic data-science based detection engine, Abnormal also employs signatures as a “safety net” to catch known attacks or known false positives that may have slipped through our first layer of detection. Classic email security signatures generally track high level threat intel dimensions such as IP and domain. At Abnormal we’ve developed intelligent signatures that leverage not only dimensions like IP, but additionally leverage our understanding of content and behavior to quickly memorize and adapt to known attacks.
Read the full article here.
The post Eng Blog: Intelligent Signatures using Embeddings and K-Nearest-Neighbors appeared first on Abnormal Security.