Abstract: Introduced here is a network-accessible platform (or simply “platform”) that is designed to monitor digital activities that are performed across different services to ascertain, in real time, threats to the security of an enterprise. In order to surface insights into the threats posed to an enterprise, the platform can apply machine learning models to data that is representative of digital activities performed on different services with respective accounts. Each model may be trained to understand what constitutes normal behavior for a corresponding employee with respect to a single service or multiple services. Not only can these models be autonomously trained for the employees of the enterprise, but they can also be autonomously applied to detect, characterize, and catalog those digital activities that are indicative of a threat.

Abstract: Introduced here is a network-accessible platform (or simply “platform”) that is designed to monitor digital activities that are performed across different services to ascertain, in real time, threats to the security of an enterprise. In order to surface insights into the threats posed to an enterprise, the platform can apply machine learning models to data that is representative of digital activities performed on different services with respective accounts. Each model may be trained to understand what constitutes normal behavior for a corresponding employee with respect to a single service or multiple services. Not only can these models be autonomously trained for the employees of the enterprise, but they can also be autonomously applied to detect, characterize, and catalog those digital activities that are indicative of a threat.

Abstract: Introduced here is a network-accessible platform (or simply “platform”) that is designed to monitor digital activities that are performed across different services to ascertain, in real time, threats to the security of an enterprise. In order to surface insights into the threats posed to an enterprise, the platform can apply machine learning models to data that is representative of digital activities performed on different services with respective accounts. Each model may be trained to understand what constitutes normal behavior for a corresponding employee with respect to a single service or multiple services. Not only can these models be autonomously trained for the employees of the enterprise, but they can also be autonomously applied to detect, characterize, and catalog those digital activities that are indicative of a threat.

Abstract: Introduced here is a network-accessible platform (or simply “platform”) that is designed to monitor digital activities that are performed across different services to ascertain, in real time, threats to the security of an enterprise. In order to surface insights into the threats posed to an enterprise, the platform can apply machine learning models to data that is representative of digital activities performed on different services with respective accounts. Each model may be trained to understand what constitutes normal behavior for a corresponding employee with respect to a single service or multiple services. Not only can these models be autonomously trained for the employees of the enterprise, but they can also be autonomously applied to detect, characterize, and catalog those digital activities that are indicative of a threat.

Abstract: Introduced here are threat detection platforms designed to discover possible instances of email account compromise in order to identify threats to an enterprise. In particular, a threat detection platform can examine the digital activities performed with the email accounts associated with employees of the enterprise to determine whether any email accounts are exhibiting abnormal behavior. Examples of digital activities include the reception of an incoming email, transmission of an outgoing email, creation of a mail filter, and occurrence of a sign-in event (also referred to as a “login event”). Thus, the threat detection platform can monitor the digital activities performed with a given email account to determine the likelihood that the given email account has been compromised.

Abstract: A plurality of features associated with a message are determined. At least one feature included in the plurality of features is associated with a payload of the message. A determination is made that supplemental analysis should be performed on the message. The determination is based at least in part on performing behavioral analysis using at least some of the features included in the plurality of features. Supplemental analysis is performed.

Abstract: Introduced here are computer programs and computer-implemented techniques for building, training, or otherwise developing models of the behavior of employees across more than one channel used for communication. These models can be stored in profiles that are associated with the employees. At a high level, these profiles allow behavior to be monitored across multiple channels so that deviations can be detected and then examined. Moreover, remediation may be performed if an account is determined to be compromised based on its recent activity.

Abstract: Techniques for building, training, or otherwise developing models of the behavior of employees across more than one channel used for communication are disclosed. These models can be stored in profiles that are associated with the employees. Such profiles allow behavior to be monitored across multiple channels so that deviations can be detected and then examined. Remediation can be performed if an account is determined to be compromised based on its recent activity.

Abstract: A plurality of features associated with a message are determined. At least one feature included in the plurality of features is associated with a payload of the message. A determination is made that supplemental analysis should be performed on the message. The determination is based at least in part on performing behavioral analysis using at least some of the features included in the plurality of features. Supplemental analysis is performed.

Abstract: Techniques for building, training, or otherwise developing models of the behavior of employees across more than one channel used for communication are disclosed. These models can be stored in profiles that are associated with the employees. Such profiles allow behavior to be monitored across multiple channels so that deviations can be detected and then examined. Remediation can be performed if an account is determined to be compromised based on its recent activity.

Abstract: Introduced here are threat detection platforms designed to discover possible instances of email account compromise in order to identify threats to an enterprise. In particular, a threat detection platform can examine the digital activities performed with the email accounts associated with employees of the enterprise to determine whether any email accounts are exhibiting abnormal behavior. Examples of digital activities include the reception of an incoming email, transmission of an outgoing email, creation of a mail filter, and occurrence of a sign-in event (also referred to as a “login event”). Thus, the threat detection platform can monitor the digital activities performed with a given email account to determine the likelihood that the given email account has been compromised.

Abstract: Introduced here are threat detection platforms designed to discover possible instances of email account compromise in order to identify threats to an enterprise. In particular, a threat detection platform can examine the digital activities performed with the email accounts associated with employees of the enterprise to determine whether any email accounts are exhibiting abnormal behavior. Examples of digital activities include the reception of an incoming email, transmission of an outgoing email, creation of a mail filter, and occurrence of a sign-in event (also referred to as a “login event”). Thus, the threat detection platform can monitor the digital activities performed with a given email account to determine the likelihood that the given email account has been compromised.

Abstract: Introduced here are computer programs and computer-implemented techniques for building, training, or otherwise developing models of the behavior of employees across more than one channel used for communication. These models can be stored in profiles that are associated with the employees. At a high level, these profiles allow behavior to be monitored across multiple channels so that deviations can be detected and then examined. Moreover, remediation may be performed if an account is determined to be compromised based on its recent activity.

Abstract: Introduced here are threat detection platforms designed to discover possible instances of email account compromise in order to identify threats to an enterprise. In particular, a threat detection platform can examine the digital activities performed with the email accounts associated with employees of the enterprise to determine whether any email accounts are exhibiting abnormal behavior. Examples of digital activities include the reception of an incoming email, transmission of an outgoing email, creation of a mail filter, and occurrence of a sign-in event (also referred to as a “login event”). Thus, the threat detection platform can monitor the digital activities performed with a given email account to determine the likelihood that the given email account has been compromised.

Abstract: Introduced here are threat detection platforms designed to discover possible instances of email account compromise in order to identify threats to an enterprise. In particular, a threat detection platform can examine the digital activities performed with the email accounts associated with employees of the enterprise to determine whether any email accounts are exhibiting abnormal behavior. Examples of digital activities include the reception of an incoming email, transmission of an outgoing email, creation of a mail filter, and occurrence of a sign-in event (also referred to as a “login event”). Thus, the threat detection platform can monitor the digital activities performed with a given email account to determine the likelihood that the given email account has been compromised.