Evaluating behavioral AI email security and trying to understand what the baselining period means for detection coverage
Mid-evaluation on a few platforms that take a behavioral approach rather than signature-based detection. The concept makes sense for the attack categories we are most worried about, BEC and account takeover specifically. Though I dont quite get what the baselining period means for detection coverage during those first few weeks.
The concern is not that it takes time to learn, it's whether there is a period where the model has not seen enough of our communication patterns to accurately flag deviations, and if so how long that window is and what it looks like empirically in production environments.
Would be helpful if someone has run one of these through the initial learning period can share what the false negative rate looked like in the first 30 to 60 days. Thnx.