Abstract: Conventional email filtering services are not suitable for recognizing sophisticated malicious emails, and therefore may allow sophisticated malicious emails to reach inboxes by mistake. Introduced here are threat detection platforms designed to take an integrative approach to detecting security threats. For example, after receiving input indicative of an approval from an individual to access past email received by employees of an enterprise, a threat detection platform can download past emails to build a machine learning (ML) model that understands the norms of communication with internal contacts (e.g., other employees) and/or external contacts (e.g., vendors). By applying the ML model to incoming email, the threat detection platform can identify security threats in real time in a targeted manner.

Abstract: Deriving and surfacing insights regarding security threats is disclosed. A plurality of features associated with a message is determined. A plurality of facet models is used to analyze the determined features. Based at least in part on the analysis, it is determined that the message poses a security threat. A prioritized set of information is determined to be provided as output that is representative of why the message was determined to pose a security threat. At least a portion of the prioritized set of information is provided as output.

Abstract: Deriving and surfacing insights regarding security threats is disclosed. A plurality of features associated with a message is determined. A plurality of facet models is used to analyze the determined features. Based at least in part on the analysis, it is determined that the message poses a security threat. A prioritized set of information is determined to be provided as output that is representative of why the message was determined to pose a security threat. At least a portion of the prioritized set of information is provided as output.

Abstract: Deriving and surfacing insights regarding security threats is disclosed. A plurality of features associated with a message is determined. A plurality of facet models is used to analyze the determined features. Based at least in part on the analysis, it is determined that the message poses a security threat. A prioritized set of information is determined to be provided as output that is representative of why the message was determined to pose a security threat. At least a portion of the prioritized set of information is provided as output.

Abstract: Conventional email filtering services are not suitable for recognizing sophisticated malicious emails, and therefore may allow sophisticated malicious emails to reach inboxes by mistake. Introduced here are threat detection platforms designed to take an integrative approach to detecting security threats. For example, after receiving input indicative of an approval from an individual to access past email received by employees of an enterprise, a threat detection platform can download past emails to build a machine learning (ML) model that understands the norms of communication with internal contacts (e.g., other employees) and/or external contacts (e.g., vendors). By applying the ML model to incoming email, the threat detection platform can identify security threats in real time in a targeted manner.

Abstract: Introduced here are threat detection platforms designed to discover possible instances of email account compromise in order to identify threats to an enterprise. In particular, a threat detection platform can examine the digital activities performed with the email accounts associated with employees of the enterprise to determine whether any email accounts are exhibiting abnormal behavior. Examples of digital activities include the reception of an incoming email, transmission of an outgoing email, creation of a mail filter, and occurrence of a sign-in event (also referred to as a “login event”). Thus, the threat detection platform can monitor the digital activities performed with a given email account to determine the likelihood that the given email account has been compromised.

Abstract: Introduced here are threat detection platforms designed to discover possible instances of email account compromise in order to identify threats to an enterprise. In particular, a threat detection platform can examine the digital activities performed with the email accounts associated with employees of the enterprise to determine whether any email accounts are exhibiting abnormal behavior. Examples of digital activities include the reception of an incoming email, transmission of an outgoing email, creation of a mail filter, and occurrence of a sign-in event (also referred to as a “login event”). Thus, the threat detection platform can monitor the digital activities performed with a given email account to determine the likelihood that the given email account has been compromised.

Abstract: Conventional email filtering services are not suitable for recognizing sophisticated malicious emails, and therefore may allow sophisticated malicious emails to reach inboxes by mistake. Introduced here are threat detection platforms designed to take an integrative approach to detecting security threats. For example, after receiving input indicative of an approval from an individual to access past email received by employees of an enterprise, a threat detection platform can download past emails to build a machine learning (ML) model that understands the norms of communication with internal contacts (e.g., other employees) and/or external contacts (e.g., vendors). By applying the ML model to incoming email, the threat detection platform can identify security threats in real time in a targeted manner.

Abstract: Deriving and surfacing insights regarding security threats is disclosed. A plurality of features associated with a message is determined. A plurality of facet models is used to analyze the determined features. Based at least in part on the analysis, it is determined that the message poses a security threat. A prioritized set of information is determined to be provided as output that is representative of why the message was determined to pose a security threat. At least a portion of the prioritized set of information is provided as output.

Abstract: Conventional email filtering services are not suitable for recognizing sophisticated malicious emails, and therefore may allow sophisticated malicious emails to reach inboxes by mistake. Introduced here are threat detection platforms designed to take an integrative approach to detecting security threats. For example, after receiving input indicative of an approval from an individual to access past email received by employees of an enterprise, a threat detection platform can download past emails to build a machine learning (ML) model that understands the norms of communication with internal contacts (e.g., other employees) and/or external contacts (e.g., vendors). By applying the ML model to incoming email, the threat detection platform can identify security threats in real time in a targeted manner.

Abstract: Introduced here are threat detection platforms designed to discover possible instances of email account compromise in order to identify threats to an enterprise. In particular, a threat detection platform can examine the digital activities performed with the email accounts associated with employees of the enterprise to determine whether any email accounts are exhibiting abnormal behavior. Examples of digital activities include the reception of an incoming email, transmission of an outgoing email, creation of a mail filter, and occurrence of a sign-in event (also referred to as a “login event”). Thus, the threat detection platform can monitor the digital activities performed with a given email account to determine the likelihood that the given email account has been compromised.

Abstract: Introduced here are threat detection platforms designed to discover possible instances of email account compromise in order to identify threats to an enterprise. In particular, a threat detection platform can examine the digital activities performed with the email accounts associated with employees of the enterprise to determine whether any email accounts are exhibiting abnormal behavior. Examples of digital activities include the reception of an incoming email, transmission of an outgoing email, creation of a mail filter, and occurrence of a sign-in event (also referred to as a “login event”). Thus, the threat detection platform can monitor the digital activities performed with a given email account to determine the likelihood that the given email account has been compromised.