November 4th sees Tessian’s sixth Human Layer Security Summit. Nearly 3000 people tuned in to our last summit in June, and the event is rapidly establishing itself as an industry ‘must attend’.    We started our flagship event summits with one goal in mind, to bring security leaders together to network, share learnings and discuss a new wave of security that is ‘Human First’. This Fall summit will be our biggest and best yet, and is packed with the latest insights from industry experts, all in just a few hours.    If you’ve not already reserved your place, do it now, because here’s what’s packed into just three hours on November 4th.

🎣 Fighting Phishing: Everything We Learned From Analyzing 2 Million Malicious Emails   Unless you’ve been at the beach this past month, you can’t have failed to notice Tessian’s recent Spear Phishing Threat Landscape 2021 report based on two million emails flagged by Tessian Defender as malicious.    Tessian’s CISO, Josh Yavor, is joined by two industry experts; James McQuiggan, Security Awareness Advocate at KnowBe4, and Jason Lang, from TrustedSec. Together they’ll dig into the report’s findings in greater detail, and identify the what, how, who, why, and when of today’s spear phishing landscape.    If you can only make one session, make it this one.       🏗 How to Build A High-Impact Security Culture For ‘Oh Sh*t’ Moments    You don’t have a cybersecurity issue… until you do. At Tessian, we call that an ‘Oh Sh*t’ moment.    Kim Burton, Security Education InfoSec Manager Cisco, details how the right culture in your company can help stop that from ever happening. She’ll explain how to create and enable a positive security culture so you can help people sort through information and be confident in their approach to security.    The result: your people become your greatest asset, and develop, as Kim puts it, a security spider sense!      🤖 Threats Of The Future Are Here: Hacking Humans with AI-as-a-Service   These days you can get seemingly everything as a service, and that includes Ai. Ed Bishop, our co-founder and CTO, discusses this new threat with the team from GovTech Singapore. Eugene Lim, Glenice Tan, Tan Kee Hock and Timothy Lee explain how their latest research repurposed easily-accessible personality analysis AIaaS products to generate persuasive phishing emails.   The emails were automatically personalized based on a target’s social media information and created by state-of-the-art natural language generators. The results mean that even low-skilled, limited resource actors could use these methods to execute effective AI-assisted phishing campaigns at scale.   And as Wired reported, an AI wrote better phishing emails than humans in a recent test. This is sure to be a fascinating technical session, so book your place now and learn how to protect your organisation from these emerging threats.    😩 DLP Has Failed The Enterprise. What Now?   Look someone has to say it… Legacy DLP solutions are complex, have limited visibility, give you a constant headache with false positives, and users hate it. And don’t get us started on the ROI…    In this session you’ll hear from leading experts including not-for-profit health care provider, PeaceHealth, on why now is the time to rip and replace your DLP solution.      👮Why Human Layer Security is the Missing Link in Enterprise Security    We’re thrilled to have guest speaker, Jess Burn, from Forrester joining us to offer up her insights on why human layer security is the missing link for Enterprises. She’ll offer her insights on what the top priorities for Enterprise Security and Risk Management leaders over the next 12 months, as well as tell us how Human Layer Security fits into the wider tech stack solutions. Jess brings with her a wealth of experience as a senior analyst at Forrester serving security and risk professionals. Hosted by Henry Trevelyan Thomas, VP of Customer Success at Tessian.         💭 Security Philosophies from Trailblazers; Q&A with leading CISOs   Closing out our summit, Tim Sadler, CEO and Co-Founder of Tessian, invites two security heavyweights center stage to discuss their guiding philosophies that have led them to security success in their organizations.    With decades of experience between them, Jerry Perullo (CISO, ICE NYSE) and DJ Goldsworthy (Director, Aflac) will discuss how they position security as a value driver, not a cost-center in their orgs, and how they keep their teams innovating and approaching security creatively to build agile models.      So what are you waiting for?   That’s a pretty awesome schedule full of world-class insights, advice, and experience from experts who’ve secured their people and business against attacks. We believe learning directly from others experiences’ is the best way to drive the security industry forward, so our aim is to bring as many diverse speakers together. The only thing missing is you. 

This list of cybersecurity events is updated every month and includes in-person events, virtual summits, and one-off webinars. Highlights for fall/winter include: Human Layer Security Summit — November 4, 2021 Black Hat Europe 2021 — November 8, 2021 CyberSecure — November 16-17, 2021 Hybrid Identity Protection (HIP) Conference — December 1-2, 2021 Keep reading for more 17 more events, and to learn more about each (including speakers, sessions, cost, and how to sign-up). SANS Webcast(s) – Ongoing If you don’t already know, SANS hosts daily webinars (sometimes several a day!). Topics include network security, insider risk management, to social engineering, bug bounties, risk management frameworks, ransomware, and more. Better still, these webinars are hosted by and feature some of security’s most prolific trailblazers like Dough Graham, AJ Yawn, Russel Eubanks, and more. Cost to Attend: Free Core BTS Security Conference, October 12, 2021 The Core BTS Security Conference focuses on fundamental cybersecurity issues as they relate to today’s threat landscape. This conference will provide practical sessions aimed at security and business executives, security architects, and data security managers. Subjects for panels and sessions include ransomware, zero-trust, and third-party risk. Speakers include Nat Smith, Senior Director Analyst at Gartner, Microsoft’s Chris Reinhold, and Leo Wentline, Director of Tech Support & Services at KidsPeace. Cost: Free Virtual Cybersecurity & Fraud Summit: Toronto, October 12-13, 2021 This conference from the Information Security Media Group (ISMG) offers a global perspective on the intersection between fraud and cybersecurity. On the agenda are fraud and breach prevention, zero-trust security, connected devices, and many more contemporary security issues. Speakers include Taher Elgamal, CTO Security at Salesforce, Nicole Ford, CISO and VP at Carrier, and Karim Rajwani, SVP and COO, Financial Crimes Risk Management at Scotiabank. Cost: Free SecureWorld Texas Virtual Conference: October 14, 2021 SecureWorld’s Texas conference turns digital with 20+ educational sessions aimed at security professionals of all levels of experience. Learn about zero-trust, security validation, the intersection between security and privacy, and more. Speakers include Nancy Rainosek, CISO for the State of Texas, Eve Maler, CTO at ForgeRock, and Jon Ehret, VP Strategy & Risk at RiskRecon (Mastercard). DevSecCon London — October 20-21, 2021 Integrating security into development is a critical front in the battle against cybercrime. DevSecCon showcases new ideas and approaches in DevSecOps—the collaboration of DevOps and security.  2021’s agenda is still in development—but expect some big industry names discussing issues from supply chain to customer experience. Cost to attend: TBA Women in Cybersecurity: A Special Careerbuilder Event — October 21, 2021 This event from George Washington University aims to champion female leaders in cybersecurity and help more women enter into this flourishing industry. Panelists include Teri Takai, Vice President at the Center for Digital Government, and Lydia Payne-Johnson, Director of IT Security, Information Management, and Risk at George Washington University. Cost: Free Virtual Houston CyberSecurity Conference — October 21, 2021 Aimed at C-suite executives and CISOs, FutureCon’s Virtual House CyberSecurity Conference will offer talks and guidance on how to tackle the global cybercrime epidemic. Speakers include Brian Contos VP & CISO Mandiant Advantage, Rachel Arnold “The Human API,” and Jonathan Kimmitt, Chief Information Security Officer at the University of Tulsa. And if you drink on weekdays (no judgment here), there’s even a private CISO happy hour featuring blind bourbon tasting at 5 pm CDT. Cost: $100 VIRTUAL Eastern CyberSecurity Conference — October 28, 2021 FutureCon’s VIRTUAL Eastern CyberSecurity Conference is for advanced cybersecurity professionals and includes training in cutting-edge tech to fight cyber threats. Sessions include a keynote on success as a cybersecurity leader, how to stop cyber threats against remote workers, and best practices in PAM security and data privacy. Speakers include Keith O’Sullivan, SVP, Chief Information Security Officer at Standard Industries, Otavio Freire, CTO and Co-Founder at SafeGuard Cyber, and Anthony Johnson Managing Partner at Delve Risk.  Cost: Free Tessian Human Layer Security Summit — November 4, 2021 Tessian’s 6th Summit will provide insights from top CISOs, Infosec leaders, and cyber visionaries leading with the new wave of Human Layer Security.  From fighting phishing to building a high-impact security culture, speakers will offer practical solutions to help protect employees from themselves using cutting-edge technical and organizational solutions. The event will benefit anyone involved in securing your organization—from data protection officers to CISOs. Speakers include Tim Sadler, CEO and Co-Founder of Tessian, James McQuiggan, Security Awareness Advocate at KnowBe4, and Eugene Lim, Associate Cybersecurity Specialist, GovTech Singapore. Learn more about the speakers and sessions here. Cost: Free CyberSec&AI Connected 2021 — November 4-5, 2021 AI is everywhere—and governments are increasingly keen to regulate it. But AI cybersecurity is an aspect of AI that many people overlook. Take the upcoming EU AI Regulation—many AI providers will need to provide an assessment of the security of their AI systems. But few people understand the implications of this requirement. The CyberSec&AI Connected conference will consider important issues in the AI context, like differential privacy, bias, and advanced persistent threats. Speakers include Alessandro Acquisti, Professor at Carnegie Mellon University, Jaya Baloo Chief Information Security Officer at Avast, and Nicholas Carlini, Research Scientist at Google Brain Cost to attend: €130 (standard), with discounts for groups, students, and academics. Black Hat Europe 2021 — November 8, 2021 Black Hat Europe is the European iteration of the Black Hat Briefings—a day filled with 30-40-minute cutting-edge presentations on security. The Black Hat Briefings have been running for over 24 years. These briefings are a chance for computer security leaders to share insights into the latest research, developments, and issues across industries. See you there! Cost to attend: TBA InfoSec World Digital — November 9-10, 2021 InfoSec World Digital features a broad range of sessions aimed at cybersecurity professionals of all levels, including cloud security, risk mitigation, and privacy. The event offers opportunities for learning, networking, and—of course—earning CPE credits. Speakers include Robert Herjavec Cybersecurity Expert & CEO of Herjavek Group, Cathy Lanier, SVP & Chief of Security at the NFL, and Roland Cloutier, TikTok Global CSO. Cost: $545 Miami Cybersecurity Conference — November 9-10, 2021 Data Connectors brings together industry leaders for a day of cybersecurity training and discussion, covering topics such as the state of secure identity, remote work, and rethinking data protection in the age of ransomware. Speakers include Merritt Baer. Principal Security Architect at Amazon Web Services, Jameeka Green Aaron, CISO at Auth0, and James J.W. Grant, Chief Information Officer of the State of Florida. Cost: Free Hack In Paris 2021 — November 15-19, 2021 Hack in Paris is a two-part event. From November 15-17, there are training sessions delivered by CISOs, CIOs, and other experts. Then between November 18-19, there are talks and workshops. This year’s schedule has yet to be announced, but the conference has been running for a decade and remains popular. Last year featured sessions on harnessing AI to accelerate machine exploits, hacking GPS trackers, and IoT reverse engineering. Cost to attend: €144.00 for the conference (early bird and student discounts available), with individual prices for training sessions. CyberSecure — November 16-17, 2021 CyberSecure is run by MIT Technology Review and this November the focus is on ransomware. The best defense against ransomware is taking a coordinated approach to developing your cyber-resilience. CyberSecure will explore how to take the first steps, incorporate AI into your security toolkit, and ensure your ransomware program is financially efficient. Speakers include Sandra Joyce, EVP, Head of Global Intelligence at FireEye Mandiant, Timothy Brown, CISO & Vice President of Security at SolarWinds, Caroline Wong, Chief Strategy Officer at Cobalt. Cost: $650 Cyber Security and Cloud Expo Amsterdam — November 23-24, 2021 The Cyber Security and Cloud Expo in Amsterdam is a large exposition covering areas such as security strategy, data protection, identity and trust, and more. The in-person event is followed by virtual content between November 30 – December 1 for those unable to attend in-person. Speakers include Angelos Varthalitis, CISO at Transdev Netherlands, Ariel Lemelson, Head of Cyber Detection & Response at Booking.com, and Daniela Almeida Lourenço, BISO at CarNext.com. Cost: Expo pass: Free; Day 1 or 2 Gold Pass: €499; Both Days Gold Pass: €699; Ultimate Pass: €949; Virtual Pass: €299 Canada West Region Virtual Cybersecurity Summit — November 23, 2021 This one-day conference brings together local CISOs and subject matter experts to deliver panels on a broad range of cybersecurity topics. The event will feature sessions on supply chain and third-party risk management, compliance and automation in cybersecurity, managing insider threats, and much more. Cost to attend: Free (subject to approval) Gartner Security & Risk Management Summit EMEA — November 29–December 1, 2021  Gartner’s EMEA security conference is available online this year and provides practical sessions for CISOs, security executives, risk management leaders, security architects and planners, and network, application, data security managers. The summit offers a huge variety of sessions built around 12 tracks, focusing on topics such as business enablement, infrastructure protection strategies, security and technology architecture, and more. Speakers include John Amaechi. Organizational Psychologist and Founder of APS, and a range of experts from Gartner, including Eric Ahlm, Mario de Boer, and Jon Amato. Cost: Standard price: €1,275; Public-sector price: €850 Hybrid Identity Protection (HIP) Conference — December 1-2, 2021 Hybrid workplaces are becoming the norm, and holding some data in the cloud is almost ubiquitous among modern organizations. With sessions on the future of cloud security, recovery in hybrid infrastructures, and deploying a zero-trust infrastructure, the Hybrid Identity Protection (HIP) Conference will help your security team learn cutting-edge techniques for protecting data in hybrid environments. Speakers include Andy Greenberg, Senior Writer at WIRED, Juliet Okafor CEO & Founder at RevolutionCyber, and Holger Zimmermann, Technical Specialist – Security & Compliance at Microsoft. Cost: Free International Conference on Cyber Security and Privacy in Communication Networks (ICCS) 2021 — December 9-10, 2021 The International Conference on Cyber Security and Privacy in Communication Networks (ICCS) presents the latest research on cyberthreat analysis, privacy, and security from academia, government, and industry thinkers. In the conference’s seventh year, delegates can expect talks on cloud security, databases security, digital signature techniques, and much more. Cost to attend: Various prices, with discounts available for student and faculty staff, ranging from £35 GBP to £240 GBP. Atlanta CyberSecurity Conference — December 15, 2021 FutureCon’s Atlanta CyberSecurity Conference will be held both in-person and online this year, and it aims to educate C-suite executives and CISOs on building cyber-resilient organizations that can thrive in the global cybercrime epidemic. The conference features presentations from some major names in tech, including Cisco, Axio, and Bitglass. Speakers include Kenneth Foster, Head Global Cyber Risk Governance Fiserv, and James Azar, Host of The CyberHub Podcast, CISO Talk Cost: Virtual: $100; In-person: $200

Millions of companies around the world depend daily on Microsoft 365, including yours. So to better understand its native security tools, and any gaps within them, we’ve partnered with Enterprise Strategy Group (ESG Global) to produce a new report exploring Microsoft 365’s security environments.  The report covers several topics of Microsoft 365, both E3 and E5, including capabilities and gaps for protecting against ransomware, phishing, accidental data loss and sensitive data exfiltration, as well as architectural challenges to consider. The full report, ESG Whitepaper: Closing Critical Gaps in Microsoft 365 Native Security Tools can be found here. Report highlights Phishing was involved in 43% of breaches in the past year Over two-thirds (69%) of respondents to the ESG research survey report that email security has become one of their top 5 cybersecurity priorities 18% cite email security as their most important cybersecurity priority 62% of organizations are reevaluating all security controls currently available natively Ransomware ranks as a top-3 risk concern, with 77% of organizations classifying ransomware as high or medium risk. 45% or organizations report that more than 40% of their sensitive data flows through their email application. Cloud-delivered email solutions aren’t a panacea. Moving on-prem email solutions to the cloud replaces the operational infrastructure but doesn’t necessarily fully replace security controls. Successful credential phishing attacks can lead to email account takeover (ATO), enabling hackers to appear as legitimate insiders, facilitating BEC, data exfiltration, and ransomware.

As the report states, email continues to be the backbone of enterprise communications and is considered the most critical infrastructure to daily operations for most. Cloud-delivered email infrastructure has rapidly become the preferred approach to enable email communications, with over 2.3m companies depending on Microsoft 365. For many, handing over email infrastructure to a cloud service provider means transferring and trusting email security and resilience to the provider. Yet as phishing, which was involved in 43% of breaches in the past year, continues at epidemic levels, over two-thirds (69%) of respondents to an ESG research survey report say that email security has become one of their top 5 cybersecurity priorities, with 18% citing email security as their most important cybersecurity priority. While cloud-delivered email providers promise security and resilience, most fall short of what many security and IT teams would consider adequate. Further, adversaries are capitalizing on these homogenous security systems to bypass controls. As a result, ESG research found that 62% of organizations are re-evaluating all security controls currently available natively, with many turning to third-party email security and resilience solutions to supplement native controls. Organizations that are planning to move or have recently moved to cloud-based email should strongly consider the use of third-party email security solutions to ensure that critical email infrastructure and data are adequately secured against the expanding email threat landscape.    Unpacking Microsoft 365 native security controls in E3 and E5 While Microsoft has invested significantly in strengthening security controls for Microsoft 365 (M365), organizations report continuing gaps in the controls included in both E3 and E5 licensing bundles.    Email security While EOP provides many valuable security features, it is limited in its ability to protect against more sophisticated email attacks, such as social engineering (or “spear-phishing”), business email compromise, account takeover, and many types of ransomware. Detecting these types of more sophisticated attacks requires both behavioral analytics and a contextual understanding of individual communication activities, which don’t exist in EOP. So, while native controls are effective at detecting mass/generic phishing campaigns, they are less effective at detecting highly targeted attacks. For example, EOP uses block lists to detect spam and known malware. Safe Links (available in E5) rewrites URLs and checks them against known lists of malicious URLs before allowing the user to visit the link. Microsoft 365 E5 bundle includes additional security features by adding the Microsoft 365 Defender endpoint security solution. Additional protection against phishing and ransomware is provided through more advanced malicious URL and attachment protection, including link re-writing and attachment sandboxing. Both approaches, however, can still be vulnerable to new URLs and attacks without “payloads.” Microsoft Defender depends on multiple scan engines to detect malware attachments and malicious URL links, leveraging both signature matching and machine learning to perform behavioral analysis. Because BEC and ATO impersonations often contain no malicious links or attachments, these threats can commonly escape this approach.    Data loss prevention Minimal data loss protection capabilities are included in the E3 bundle, relying on end-users to manually label documents as sensitive to protect them. Relying on end-users to accurately and consistently classify content puts organizations at risk. On the other hand, applying blanket policies and blocking sensitive information is highly disruptive to users’ productivity and can be an immense burden on security teams. Further, companies that opt for applying a default classification to all documents and emails end up with the same label being applied to everything, while lacking any new visibility into sensitive data. As a result, organizations most often resort to tracking and post remediation instead of proactive detection and real-time response. Additionally, E3 lacks capabilities natively to detect and manage insider risk (for example, preventing data theft by departing employees). Native controls also often lack the ability to properly classify non-Microsoft data and files, requiring admins to use workarounds to achieve consistent protection.  Data loss prevention is included in the E5 bundle for emails, Teams, and files. Advanced email encryption functionality is also provided, as well as email retention policies. Customer keys for Office 365 are also supported, and some level of insider risk management capabilities is also included.    Context matters in data loss prevention M365 Email DLP capabilities are, however, not context-aware (meaning that they lack context between parties exchanging email), resulting in an inability to proactively identify wrong recipients or unintended inclusion of attachments. M365 detection instead utilizes a rules-based approach to define DLP policies and classify data (regex pattern matches, proximity of certain keywords to the matching patterns, exact data matching, and fingerprinting). These techniques alone are often unable to detect when email recipients are misaddressed or when wrong attachments are involved.  Additionally, because these capabilities rely on rule-based techniques or trainable classifiers to align specific data types with DLP policies and to label data (using Azure Information Protection), effectively detecting sensitive information in unstructured data can be problematic (legal, mergers and acquisitions, work orders, bidding documents, and other non-Microsoft formatted files), resulting in users exfiltrating sensitive data and additional false positives. While encryption is often mistakenly perceived as a solution to solve for misdirected emails, recipients included by mistake can still often decrypt emails to gain access to sensitive data. User experience/friction when encrypting emails can also be a barrier to use. 

Email security has long been focused on inbound filtering and the monitoring of user activities looking for well-known patterns of misuse. Yet email usage patterns are more often unique to individual users, those that they communicate with, what they communicate, and how they communicate. This individual usage context is required to detect and stop many of today’s more sophisticated attacks such as spear phishing, BEC, and ATO.  Much of this personal context can be derived through behavioral analytics of historical email, including the analysis of who, what, and when emails were sent in the past. When individual historical patterns, along with context, can be matched against future activity, modern email threats can be detected and stopped, often with little to no user or administrator involvement.  Microsoft 365, the dominant cloud-delivered email solution adopted today, may lack critical security controls needed for certain organizations, therefore motivating many to add supplemental security solutions to close gaps. Whether in the planning stage, implementation stage, or post-implementation, third-party email security controls should be considered with all cloud-delivered email solutions.  To learn more, download the full report.

Gartner has released their Market Guide for Data Loss Prevention, and we are honored to be included as a Representative Vendor. According to the latest Market Guide for Data Loss Prevention “The enterprise DLP market is mature, but integrated DLP and cloud-provider-native DLP solutions offer emerging capabilities that are much needed by security and risk management leaders starting DLP programs.” “This research offers guidance on market trends and their impact on data security strategies.”.  You can get the entire report here. Key takeaways from the Gartner Market Guide for Data Loss Prevention According to Gartner, “The market for DLP technology includes offerings that provide visibility into data usage and movement across an organization, as well as dynamic enforcement of security policies based on content and context at the time of actions on data. DLP technology seeks to address data-related threats, including the risks of inadvertent or accidental data loss and the exposure of sensitive data, using monitoring, alerting, warning, blocking and other remediation features.” Accidental data loss is a problem that was often simply considered the cost of doing business and impossible to solve — until now. With Gartner’s acknowledgment of accidental data loss, we believe that the industry is seeing a fundamental shift in this thinking, and clearly shows that more enterprises understand that it represents a massive DLP risk. In addition to this broad overview of DLP technology capabilities, Gartner recommends security and risk management leaders with a responsibility for data security and compliance should: “Define a DLP strategy, select DLP products and execute proofs of concept with the objective of supporting a process, rather than finding solutions to address narrow needs.” “Identify pre-existing DLP capabilities in the security products that their organization already owns, and use these to fulfill DLP requirements. How has the DLP vendor landscape changed over the last year?  As Gartner states, since the previous 2020 edition of the Market Guide for Data Loss Prevention, there have been several notable changes in the vendor landscape. In fact, Gartner fielded “32% more client inquiries on the topic of DLP than in 2019”. Here at Tessian, we believe that this is due to more enterprises beginning to reevaluate their DLP programs with the move to Microsoft 365 and more cloud-based applications. They also found “many DLP vendors providing managed DLP services, which remain appealing to many organizations, specifically small and midsize enterprises and those with limited resources to allocate to the implementation of a DLP program.”  Likewise, “Many DLP vendors also provide data classification services, which are essential for successful DLP implementation. The labeling and tagging of data simplifies the DLP process, as organizations can easily distinguish sensitive data from nonsensitive data”.

This fits well with our observations of the industry and aligns with what our customers express as well.  Tessian’s approach for the new era of data loss prevention Forward-thinking enterprises increasingly view legacy DLP tools as a strategic risk and are looking for alternatives. In fact, 85% of security leaders say DLP is admin-intensive.  Recent M&A activity has led to uncertainty in the market (Symantec acquired by Broadcom, Forcepoint acquired by PE firm) and enterprise DLP has seen little innovation in the last few years. For example, we see Microsoft’s strategy as providing “baseline” DLP across all interfaces in their ecosystem (Email, Chat, File-sharing, Web, Endpoint) and this is commoditizing the rule-based approach offered by legacy tools.  As a result, enterprises are phasing out irrelevant legacy DLP tools and are considering what to replicate, remove, or re-think. This includes Microsoft 365, as many organizations are now assessing Microsoft DLP overlap with their existing legacy DLP stack. Many enterprises will use some vendors’ built-in DLP to address basic use cases but look to Tessian to solve critical and advanced human-centric risks to solve the bulk of their DLP challenges, including data loss caused by human error which Legacy DLP is unable to prevent. Over time, enterprises will adopt a hybrid approach and leverage integrations to get the most out of their investments in each product. Tessian’s Data Loss Prevention in our Human Layer Security Platform offers outbound protection on email (the threat vector most security leaders are concerned about protecting) and satisfies criteria outlined in the report — anomaly detection, data protection, post delivery protection, and offers these protection for both web and mobile devices. Here’s how. Powered by machine learning, our Human Layer Security platform understands normal email behavior by analyzing content, context, and communication patterns from historical email data to establish trusted relationship graphs. Tessian can then detect anomalies in real-time using those employee relationship graphs alongside deep content analysis, natural language processing, and behavioral analysis.  Tessian Guardian automatically detects and prevents accidental data loss from misdirected emails Tessian Enforcer automatically detects and prevents data exfiltration attempts and ensures compliant email activity

Importantly, in addition to threat prevention, Tessian offers several features that help ease the burden on SOC and compliance teams, and give key stakeholders peace of mind.  Automated protection: Tessian automatically detects and prevents data loss. No rules, re-configuration, maintenance of allow/denylists, or manual investigation required.   Data-rich dashboards: With Tessian, security teams have clear visibility of data loss incidents, who triggered them, and what data was involved. This demonstrates clear ROI and makes auditing and reporting easy.  In-the-moment training: When a potential data loss incident is detected, real-time warnings are triggered that explain exactly why the email was flagged. These warnings are written in plain, easy-to-understand language which reinforce training and policies and help employees improve their security reflexes over time

Gartner, Market Guide for Data Loss Prevention, June 2021 Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Today, comprehensive visibility into employee risk is one of the biggest challenges security and risk management leaders face.  Why? Because most security solutions offer a limited view of risk and don’t offer any insights into the likelihood of an employee falling for a phishing attack or exfiltrating data.  Worse still, when it is available, risk information is siloed and hard to interpret.  Insights around security awareness training exist in seperate systems from insights related to threats that have been detected and prevented. There’s no integration which means security leaders can’t get a full view of their risk profile. Without integration and visibility, it’s impossible to take a tailored, proactive approach to preventing threats. It’s an uphill battle. You may not even know where to start… But, we have a solution.  With Tessian Human Layer Risk Hub, our customers can now deeply understand their organization’s security posture with granular visibility into employee risk and insights into individual user risk levels and drivers.

This is the only solution that offers protection, training, and risk analytics all in one platform, giving you a clear picture of your organization’s risk and the tools needed to reduce that risk.  How does Tessian Human Layer Risk Hub work? With Tessian Human Layer Risk Hub, security leaders can quantify risk, take targeted actions, and offer the right training to continuously lower the risks posed by employees’ poor security decisions.  Let’s look at an example.  1. An employee in the Finance department is flagged as a high-risk user based on their access to sensitive information, their low level of security awareness training, and how frequently they’re targeted by spear phishing attacks.  Tessian looks at five risk drivers – accidental data loss, data exfiltration, social engineering, sensitive data handling, and security awareness – to generate individual risk scores. Each employee’s risk score is dynamically updated, decreasing when an employee makes the correct security decision, and increasing when they do something risky, such as clicking on a phishing email or sending company data to personal email accounts. 

2. Based on these insights, Tessian intelligently and automatically identifies actions teams can take within the platform (for example, custom protections for certain user groups) to reinforce policies, improve security awareness, and change behavior to help drive down risk.  Security teams can also implement additional processes and controls outside of Tessian to exercise better control over specific risks. 

3. With custom protections enabled, Tessian’s in-the-moment warnings help nudge employees towards safer behavior. For example, you could quickly and easily configure a trigger that always warns and educates users when they receive an email from a new domain, mentioning a wire transfer. But, even without custom protections,  Tessian Defender can detect spear phishing attacks with incredible accuracy. And, because the warnings are written in clear, easy-to-understand language, employees are continusouly learning and leveling up their security awareness. If targeted by a spear phishing attack, employees would receive a warning that looks something like this. 

4. With continuous protection and in-the-moment training, security leaders will see employees move from high-risk users to low-risk users over time. Risk scores and drivers are aggregated at employee, department, and company-level and are benchmarked against peers. This makes tracking and reporting on progress simple and effective. 

Benefits of Tessian Human Layer Risk Hub Tessian Human Layer Risk Hub enables security leaders to reduce risk and improve their organization’s security posture with unique insights you can’t get anywhere else. Targeted remediation at scale. With a bird’s eye view of your most risky and at-risk user groups, security leaders can make better decisions about how to distribute budget and resources, what mitigation measures to prioritize, and when to intervene. This goes beyond email. If you can see who has access to sensitive information – and how they’re handling that sensitive information – you’ll be able to create and update policies that really work.  More effective training. Every year, businesses spend nearly $300,000 and 276 hours on security awareness training. But, training is only effective when the messages are tailored and the employee is engaged. Tessian Human Layer Risk Hub gives security, risk management, and compliance leaders the insights they need to create tailored training programs that cut through. And, Tessian in-the-moment warnings help nudge employees towards safer behavior in real-time.  Clear ROI. Many solutions simply report risk; they don’t actually reduce risk. Tessian is different. Security leaders can easily measure and demonstrate how risk has changed over time, how the platform has proactively helped improve the organization’s security posture, and can even apply learnings from the platform to inform future decisions. The benefit? You’ll become a trusted partner across your organization.   Defensible audit. Tessian’s detailed reports and audit logs provide defensible proof against data breaches. If a risk is identified, you’ll be able to formally document all associated events, and track exposure, owner, mitigation decisions, and actions.  The bottom line: Tessian Human Layer Risk Hub gives security teams a unified view and a shared language to communicate risk to business, demonstrate progress towards lowering risk, and effectively secure their human layer.  Learn more about Tessian Interested in learning more about Tessian Human Layer Risk Hub? Current Tessian customers can get in touch with their Customer Success Manager. Not yet a Tessian customer? Learn more about the new Human Layer Risk Hub, explore our customer stories, or book a demo now. And, to be the first to hear about new product updates, sign-up for our newsletter below.

Today, a comprehensive email security strategy needs to do more more than just secure an organization’s own email platform and users. Why? Because more and more often, bad actors are gaining access to the email accounts of trusted senders (suppliers, customers, and other third-parties) to breach a target company. This is called account takeover (ATO) and one in seven organizations have experienced this kind of attack. And, since legitimate business email accounts are used to carry out these attacks, it is one of the most difficult impersonation attacks to detect, making most organizations vulnerable to ATO.  But, not Tessian customers. Tessian Defender can now detect and prevent ATO. How does Tessian Defender detect ATO? Unlike Secure Email Gateways (SEGs) – which rely almost exclusively on domain authentication and payload inspection – Tessian Defender uses machine learning (ML), anomaly detection, behavioral analysis, and natural language processing (NLP) to detect a variety of ATO signals:  Unusual sender characteristics: This includes anomalous geophysical locations, IP addresses, email clients, and reply-to addresses  Anomalous email sending patterns: Based on historical email analysis, Tessian can identity unusual recipients, unusual send times, and emails sent to an unusual number of recipients Malicious payloads: Tessian uses URL match patterns to spot suspicious URLs and ML to identify red flags indicative of suspicious attachments  Deep content inspection: Looking at the email content – for example, language that conveys suspicious intent – Tessian can detect zero-payload attacks, too

Importantly, Tessian’s ML algorithm gets smarter as it continuously analyzes email communications across its global network. This way, it can build profiles of organizations (and their employees) to understand what “normal” email communications look like at a granular level.  This allows Tessian Defender to catch even the most subtle ATO attacks. Once it detects a threat, Tessian alerts employees and admins that an email might be unsafe. The warnings are written in easy-to-understand language and explain why an email has been flagged, which prevents the users from responding to the email or clicking on malicious links or attachments. These warnings also act as in-the-moment training and help improve email behavior over time.  Administrators get real-time alerts of ATO and can track events in the Human Layer Security Intelligence portal. You can learn more about how Tessian detects and prevents ATO here. Keep reading to see an admin’s view of the portal and what a warning looks like for employees.

What are the benefits of Tessian ATO threat protection?  The consequences of ATO are far-reaching.  Attackers could gain access to credentials, employee data, and computer data. They could initiate fraudulent wire transfers, conduct bank fraud, and sell data. That means organizations could suffer significant financial loss, reputational damage, and lose customers (and their trust). And this doesn’t even account for lost productivity, data loss, or regulatory fines.  Between 2013 and 2015, Facebook and Google were scammed out of $121 million after a hacker impersonated a trusted vendor. And that’s just one example.  Tessian’s ATO threat protection minimizes these risks by preventing successful attacks. But, detecting and preventing threats is just one of the benefits of Tessian.   For security teams

Detection is automated, which means it’s not just effective, but also effortless for security teams Real-time alerts of ATO events and robust tools (like single-click quarantine) allow for rapid investigation and remediation directly in the portal  Tessian’s API can be integrated with SIEMs like Splunk and Rapid7, allowing security analysts and SOC teams to analyze Tessian data alongside insights from other solutions In-the-moment warnings reinforce security awareness training and help nudge employees towards safer email behavior For the C-suite

ATO protection doesn’t just keep your organization safe and compliant (and help you avoid reputational damage or financial loss). It’s a competitive differentiator and can help build trust with existing customers, clients, and your supply chain. Multi-layer threat insights, visualized data, and industry benchmarks help CISOs understand their organization’s security posture compared to their industry peers Automated reports make it easy to communicate success to the board and other key stakeholders For employees

Contextual warnings are helpful – not annoying – and act as in-the-moment training. This helps employees improve their security reflexes over time for safer email behavior. Flag rates are low (and false positives are rare) which means employees can do the job they were hired to do, without security getting in the way Learn more about Tessian Interested in learning more about Tessian Defender and ATO Protection? Current Tessian customers can get in touch with their Customer Success Manager. Not yet a Tessian customer? Learn more about our technology, explore our customer stories, or book a demo now.

tl;dr: The Cybersecurity and Infrastructure Security Agency (CISA) has warned of a string of successful phishing attacks exploiting weak cyber hygiene in remote work environments to access companies’ cloud services via employees’ corporate laptops and personal devices.*  According to the report, “the cyber actors designed emails that included a link to what appeared to be a secure message and also emails that looked like a legitimate file hosting service account login. After a targeted recipient provided their credentials, the threat actors then used the stolen credentials to gain Initial Access to the user’s cloud service account. … A variety of tactics and techniques—including phishing, brute force login attempts, and possibly a “pass-the-cookie” attack—to attempt to exploit weaknesses in the victim organizations’ cloud security practices.” 

Once the hackers had access an employee’s account, they were able to: Send other phishing emails to contacts in the employee’s network.  Modify existing forwarding rules so that emails that would normally automatically be forwarded to personal accounts were instead forwarded directly to the hacker’s inbox.  Create new mailbox rules to have emails containing specific keywords (i.e. finance-related terms) forwarded to the hacker’s account. This type of malicious activity targeting remote workers isn’t new. Henry Trevelyan Thomas, Tessian’s VP of Customer Success has seen many instances this year. “The shift to remote work has resulted in people needing more flexibility, and personal accounts provide that—for example, access to home printers or working from a partner’s computer. Personal accounts are easier to compromise as they almost always have less security controls, are outside organizations’ secure environments, and your guard is down when logging on to your personal account. Attackers have realized this and are seeing it as a soft underbelly and entry point into a full corporate account takeover.” Learn more about Account Takeover (ATO), and take a look at some real-life examples of phishing attacks we spotted last year.  CISA recommends the following steps for organizations to strengthen their cloud security practices: Establish a baseline for normal network activity within your environment Implement MFA for all users, without exception Routinely review user-created email forwarding rules and alerts, or restrict forwarding Have a mitigation plan or procedures in place; understand when, how, and why to reset passwords and to revoke session tokens Consider a policy that does not allow employees to use personal devices for work. At a minimum, use a trusted mobile device management solution. Consider restricting users from forwarding emails to accounts outside of your domain Focus on awareness and training. Make employees aware of the threats—such as phishing scams—and how they are delivered. Additionally, provide users training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities. Establish blame-free employee reporting and ensure that employees know who to contact when they see suspicious activity or when they believe they have been a victim of a cyberattack. This will ensure that the proper established mitigation strategy can be employed quickly and efficiently. For more practical advice on how to avoid falling for a phishing scam, download Tessian’s guide to Remote Work and Cybersecurity. What Tessian’s Experts Say

Free resources to help keep your employees and organization secure.

*Note: the activity and information in this Analysis Report is not explicitly tied to any one threat actor or known to be specifically associated with the advanced persistent threat actor attributed with the compromise of SolarWinds Orion Platform software and other recent activity.

Over the last several months, Tessian has published a ton of articles related to data compliance, the business value of cybersecurity, and the importance of executive buy-in when it comes to security strategies.  We’ve combined all of that information to create our latest eBook: CEO’s Guide to Data Protection and Compliance.  We know what you’re thinking. A guide for CEOs? Why? Let us explain by telling you why you should download it.  1. We explain why business leaders should care about cybersecurity While we don’t want to fear monger, it’s important to know that, according to Gartner, CEOs will be held personally liable for data breaches by 2024. But that’s not the only reason why business leaders should care about cybersecurity. They should care because cybersecurity can actually be a business enabler and competitive differentiator. More on this in point six.  2. We offer resources that will help bridge the gap between security and commercial teams Cybersecurity is a team sport and in order for strategies to be truly effective, the C-suite has to be on board. But, communicating risk, opportunity, and cybersecurity ROI can be tough….especially when – in most organizations – CISOs don’t have a seat at the table. We created this eBook to mitigate that disconnect. We considered both the CEOs and the CISOs perspective, avoided the “curse of knowledge”, and provided dozens of resources that will help security and commercial teams communicate better. Like what? A checklist for ensuring compliance A detailed breakdown of the steps organizations must take post-breach A shareable infographic of relevant statistics An industry-specific “worksheet” to help you understand the cost of a breach A list of the biggest breaches (and fines) under the GDPR, CCPA, HIPAA, GLBA, and PCI DSS Over 15 additional resources to help answer your questions  3. We share a high-level overview of 25 compliance standards While the GDPR and HIPAA tend to make headlines, there are actually dozens of regional and industry-specific data privacy regulations that you may be obligated to satisfy. Not sure where to start? We offer a high-level overview of 25 different compliance standards and explain who must comply and what data is protected.  4. We break down five compliance standards (in layman’s terms) While the high-level overview mentioned above will help business (and security!) leaders understand the broader compliance landscape, we wanted to double-click on a few. In the eBook we answer the following eight questions about GDPR, CCPA, HIPAA, GLBA, and PCI DSS: What is it? Who enforces it? When was it enacted? Who is obligated to comply? What are the penalties for non-compliance? What data is protected? What are the data requirements? What have been the biggest breaches? 5. We highlight the biggest breaches in recent history and how they could have been avoided As they say “history is a great teacher”. So, to help CEOs and CISOs understand potential vulnerabilities, the consequences of breaches, and how to prevent them, we outline the three biggest breaches (and fines) for each compliance standard.  Note: While – yes – some of this information is easy to find with a simple Google search, other information has been pulled from case dockets and breach notifications. That means we’ve done the heavy lifting for you.  6. We list the benefits of compliance from a business perspective This is what CEOs care about. Business value. Revenue drivers. And, while cybersecurity has historically not been viewed as a business enabler, this eBook proves that it is. We list 4 clear benefits of compliance beyond avoiding fines and explain how strong cybersecurity can help you build (and maintain) customer trust, attract investment, and help you streamline business operations.  Ready to learn more? Download the eBook and toolkit now.

Gartner recently released its Market Guide for Email Security and Tessian is thrilled to have been included as a representative vendor for Cloud Email Security Supplement Solutions. So, what does that mean? According to the report, representative vendors offer “email security capabilities in ways that are unique, innovative, and/or demonstrate forward-looking product strategies.”  How has the threat landscape changed? According to Gartner’s guide, there are a number of factors related to the market’s direction that security leaders need to consider, including the ways in which hackers are targeting organizations and how (and where) we work. Keep reading to learn more. Email is the #1 threat vector

As noted in the report, “According to the 2020 Verizon Data Breach report, 22% of breaches involved social engineering, and 96% of those breaches came through email. In the same report, another 22% of breaches were a result of “human failure” errors, where sensitive data was accidentally sent to the wrong recipient.” “Business email compromise (BEC), the takeover or fraudulent use of a legitimate account to divert funds, continues to grow, and simple payroll diversion scams accounted for  $8 million in 2019.” The bottom line: Whether it’s protecting against inbound threats like ransomware attacks, business email compromise (BEC), or account takeover (ATO) or outbound threats like accidental and malicious data exfiltration, security leaders need to prioritize email security and reevaluate the effectiveness of current solutions. This is especially pertinent as many organizations have moved to the cloud.    Increased cloud office adoption According to Gartner, “Enterprise adoption of cloud office systems, for which cloud email is a key capability, is continuing to grow, with 71% of companies using cloud or hybrid cloud email.” We can expect these numbers to rise, especially given the sudden shift to remote working set-ups in response to COVID-19 and the steep and steady rise in the use of mobile devices for work. But, there’s a problem. Despite G Suite and O365’s basic security controls as well as anti-spam, anti-phishing, and anti-malware services; advanced attachment; and URL-based threat defenses, “email threats have become sophisticated to evade detection by common email security technologies, particularly those that rely only on standard antivirus and reputation.”

What capabilities set vendors apart?  So, what capabilities set vendors apart? In other words what capabilities should security leaders be looking for? Gartner recommends that security leaders “invest in anti-phishing technology that can accurately detect BEC and account takeover attacks. In particular, seek solutions that use AI to create a baseline for communication patterns and conversation style and detect anomalies in these patterns. For account take over attacks, seek solutions that use computer vision when reviewing suspect URLs. Adjacent technologies such as multifactor authentication are used to protect against account takeover attacks.”.   Gartner also says “the following capabilities can be used as primary differentiators and selection criteria for email”. These include the ability to: “Protect against attachment-based threats” “Protect against URL-based advanced threats”  “Protect Against Impersonation and Social Engineering Tactics Used in URL-Based, Attachment-Based and Payloadless Advanced Threats” And, to help security leaders narrow down their search, Gartner identified specific categories of vendors that provide some of the above email capabilities. Tessian is recognized as a representative vendor for CESSs.  Keep reading to learn more about our products and technology.  Why Tessian?  Tessian Human Layer Security offers both inbound and outbound protection on email and satisfies criteria outlined in the report, including display name spoof detection, lookalike domain detection, anomaly detection, data protection, post delivery protection, and offers these protection for both web and mobile devices. Here’s how. Powered by machine learning, our Human Layer Security platform understands normal email behavior by analyzing content, context, and communication patterns from historical email data to establish trusted relationship graphs. Tessian can then detect anomalies in real-time using those employee relationship graphs alongside deep content analysis, natural language processing, and behavioral analysis. Tessian Guardian automatically detects and prevents accidental data loss from misdirected emails Tessian Enforcer automatically detects and prevents data exfiltration attempts and ensures compliant email activity Tessian Defender automatically detects and prevents spear phishing, Business Email Compromise and other advanced targeted impersonation attacks. Tessian’s technology updates its understanding of human behavior and evolving relationships through continuous analysis and learning of the organization’s email network without hands-on maintenance from security teams. That means it gets smarter over time to keep you protected, wherever and however you work, whether that’s a desktop computer in the office or a mobile device, tablet, or laptop at home. But Tessian doesn’t just detect and prevent threats.  When a security threat is triggered, contextual warnings provide employees with in-the-moment training on why an email was flagged unsafe (or an impersonation attempt)  or reinforce data security policies and procedures and improve their security reflexes. This nudges employees towards safer behavior in the long-term.  And, with Human Layer Security Intelligence, security and compliance leaders can get greater visibility into the threats prevented, track trends, and benchmark their organization’s security posture against others. This way, they can continuously reduce Human Layer risks over time. To learn more about how Tessian protects world-leading organizations across G Suite, O365, and Outlook, check out our customer stories or book a demo. 

Gartner, Market Guide for Email Security, September 2020 Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.