Enhancements and UI updates
timestamp1659022115828
Classifier Enhancements:
Over the last couple of months, we have worked to improve our efficacy by improving detections and reducing false positives. Here are a few examples:
Introduced a new classifier that identifies emails containing bad URLs from services utilizing IPFS links, which increased phishing detections.
HTML has now replaced PDF as the most weaponized artifact. We have added improvements to HTML attachment classifier as well as HTML classifier to further improve phishing detections.
ATO classifier enhancements to include impossible travel and other features to improve ATO detections and reduce false positives.
While most of our classifiers are language independent, there are some classifiers that perform better when trained in different languages. Our CEO Fraud classifier is one such classifier which has been enhanced through native Spanish, German, Italian, French, Portuguese, and Dutch support. In addition, Simple CEO classifier and BAIT (reconnaissance) classifiers have also been added to improve BEC detections.
A new classifier has been added to detect fake invoices which are embedded in emails.
Phish masking is a common technique used by attackers to hide malicious URLs behind link forwarding or shortening services. Many attackers use multiple forwarders (bit.ly, goo.gl or tiny URL for example) to evade detection. For example, a phishing_link.com maybe wrapped x number of times before the malicious link is finally opened. Attackers are also known to utilize well known services like Salesforce and SendGrid (just to name a couple) to mask their URLs. Ability to dynamically resolve and expand URLs has been greatly enhanced.
UI Enhancements:
In addition to the improvements to our classifiers we are pleased to announce that our migration efforts to the new, more engaging technology is now complete. This allows us to quickly build and iterate on new features that you have asked for. One such feature is the addition of the “Statistics Tab”. To help you better understand why an email was blocked, we now have Sender Analysis and Sender Authentication details in addition to Confidence & Severity level, and Key Indicators when you click on more details to review an alert.
Did you like this update?
Leave your name and email so that we can reply to you (both fields are optional):