Multistage analysis of emails to identify security threats

Assignee

• Abnormal Security Corporation · US

Inventors

• Sanjay Jeyakumar · Berkeley, US
• Jeshua Alexis Bratman · San Francisco, US
• Dmitry Chechik · Redwood City, US
• Abhijit Bagri · San Francisco, US
• Evan James Reiser · San Francisco, US
• Sanny Xiao Lang Liao · San Francisco, US
• Yu Zhou Lee · San Francisco, US
• Carlos Daniel Gasperi · New York, US
• Kevin Lau · Brown Center, US
• Kai Jing Jiang · San Francisco, US
• Su Li Debbie Tan · San Mateo, US
• Jeremy Kao · San Francisco, US
• Cheng-Lin Yeh · San Francisco, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/1483
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Conventional email filtering services are not suitable for recognizing sophisticated malicious emails, and therefore may allow sophisticated malicious emails to reach inboxes by mistake. Introduced here are threat detection platforms designed to take an integrative approach to detecting security threats. For example, after receiving input indicative of an approval from an individual to access past email received by employees of an enterprise, a threat detection platform can download past emails to build a machine learning (ML) model that understands the norms of communication with internal contacts (e.g., other employees) and/or external contacts (e.g., vendors). By applying the ML model to incoming email, the threat detection platform can identify security threats in real time in a targeted manner.