Request a Demo of Tessian Today.
Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

See a sneak peek of Tessian in action featuring admin and end user experiences. Watch the Product Tour →

Integrated Cloud Email Security

Integrated Cloud Email Security solutions were introduced as a new category, and positioned as the best defense against advanced phishing threats that evade traditional email security controls.  Learn more about what they are, the benefits of using them, and how you can best evaluate those on offer.

Integrated Cloud Email Security
Tessian Wins Best Cybersecurity Service at Prestigious Hedge Fund Awards
29 March 2019
Tessian was named the Best Cybersecurity Service at the HMF European Hedge Fund Services Awards, in light of our innovative work to secure the human layer and prevent data breaches in hedge funds. Hosted at the Natural History Museum, the spectacular awards ceremony celebrated hedge fund service providers that have demonstrated exceptional client service, innovative product development and strong and sustainable business growth over the past 12 months. Tessian was shortlisted along with six other cybersecurity comapnies that provide solutions to protect hedge funds from cyber attacks.
We were thrilled to be rewarded by the judges – a panel of leading hedge fund COOs, CFOs, GCs and CTOs – as the best-in-class cybersecurity solution for this industry. The award recognized how Tessian has fundamentally changed the way hedge funds approach cybersecurity – focusing on protecting the human layer, rather than just securing a company’s networks and devices. This is incredibly important because 86% of data breaches can be attributed to human error, whether that’s accidentally sending an email containing sensitive data to the wrong person or falling victim to a phishing attack. When you consider that 60% of the organizations hit with phishing attacks during Q4 of 2017 were financial institutions, the threat in this particular industry is not one to be ignored. By using machine learning to analyze historical email data – the leading indicator of human behavior in the enterprise – our technology can automatically understand relationships, context and communication patterns of people. By understanding normal communication, we can automatically identify and prevent email threats before they occur.  
Customer Stories
Safeguarding a Reputation with Intelligent Data Loss Prevention
12 March 2019
Boult Wade Tennant is a leading patent and trademark attorneys firm with offices in London, Madrid, Munich, Cambridge, Reading and Oxford, specializing in intellectual property law. Their patent, trademark, and design teams specialise in advising clients over the full life-cycle of brands, products or systems; from acquisition, exploitation and protection to commercial use, infringement or contentious issues. Boult Wade Tenannt is protecting employees with Tessian Guardian.
Working with their clients’ proprietary information and other confidential data as a matter of course, the firm wanted to augment the protection they provide their clients, and further safeguard any confidential information they may process on clients’ behalf. Boult Wade Tennant picked Tessian because it was easy to install, required minimal configuration, and is unobtrusive to employees. Tessian has allowed Boult Wade Tennant to mitigate the risk of misaddressed emails and inadvertent IP loss, safeguarding their reputation as one of the best in the business. Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
Customer Stories
Ensuring Data Loss Protection
12 March 2019
Com Laude, an ICANN accredited registrar, is a specialist domain name management company that helps businesses manage their domain name portfolios throughout the full life cycle. Com Laude is protecting employees with Tessian Guardian, Tessian Enforcer and Tessian Constructor.
The problem As a trusted strategic partner of leading global brands, Com Laude recognized that there was a direct correlation between the security of their clients’ information and the security of their business – something that they were keen not only to protect but enhance, so as to facilitate further growth. Having identified the significance of the threat at hand, they were keen to find a solution – and with misdirected emails being the most common type of data security incident, there was no time to waste. Attracted by the intelligence of our AI and machine learning based software, the Com Laude team actively sought out Tessian Guardian, combining this with the additional protection provided by Tessian Constructor to implement an effective regulatory framework for their internal communication policies. The solution Tessian was rolled out to 30 employees across a number of departments at Com Laude. After an initial period of time exploring Tessian’s functionality, Com Laude built a variety of rules specifically for their organisation using Constructor and had Guardian successfully running in the background. Soon after, Com Laude were presented with a detailed threat report from Tessian, including a high-level overview of their email statistics along with a deep-dive analysis of the specific threats identified via the Guardian – specifically, flagged misdirected emails. The results from this report provided Com Laude with “proof” not only of the value of their investment, but of the scale of the problem. Having indicated that Guardian was able to detect and prevent email threats in the form of misdirected emails, the report also provided the company with some significant insights via these email statistics. This had a direct impact on Com Laude’s business model, allowing the firm to use these findings to set key rules designed to further protect their customers. Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
Customer Stories
Securing the Email Environment from Human Error
12 March 2019
Travers Smith is a leading corporate law firm headquartered in London. It advises national and multinational companies across the full range of corporate and commercial matters. Travers Smith is protecting employees with Tessian Guardian and Tessian Constructor.
Given the highly sensitive nature of the work performed and the client confidentiality requirements outlined by the Solicitors Regulation Authority, securing their email environment from human error was a key priority for the firm. Risk and IT teams were acutely aware of the potential risks from misdirected emails and chose Tessian Guardian because of the admin – free nature of the product and minimal disruption and effort that it requires from end users at the organization. Travers Smith successfully deployed Tessian firm wide with minimal effort from the firm’s IT team. After a set period of time using the software, Travers Smith was presented with a comprehensive report containing details of Tessian’s performance and examples of misdirected emails that had been prevented. Thanks to Tessian, Travers Smith is now better equipped to protect clients’ sensitive information and avoid the scenario of confidential information accidentally being sent to the wrong people. Moreover, Tessian allows the firm to demonstrate diligence to clients and regulators by showing that the risk is being measured and managed appropriately. Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
Customer Stories
Seamlessly Implementing Email Security
12 March 2019
Grosvenor Law is a specialist personal and business dispute resolution firm based in Mayfair, London. They work on significant and complex disputes worldwide across a range of business sectors, on behalf of corporate clients and high net worth individuals. Grosvenor Law is protecting employees with Tessian Guardian and Tessian Constructor.
Given the highly sensitive nature of the work performed and the client confidentiality requirements outlined by the Solicitors Regulation Authority, securing their email environment from human error is a key priority for the firm. There has been an increasing number of high profile losses of confidential data in the legal sector in recent years and months. The Chief Executive of Grosvenor Law had already taken a number of measures to reduce the risk of inadvertent data loss over email, but chose to add to their existing risk management measures by working with Tessian given the unique machine learning intelligence of the system. The firm opted to use Guardian to prevent and detect misdirected emails, as well as Constructor to implement some of their own custom communication policies. After some time, Tessian issued the Chief Executive with a report detailing the findings of how the software had successfully prevented misaddressed emails for Grosvenor Law. It also showed how Tessian’s machine learning algorithms had developed an understanding of the organization’s regular email patterns and behavior in order to accurately detect anomalies. By having outgoing email content from their organization automatically checked by Tessian software, Grosvenor Law is able to protect their client data from one of the most common causes of data loss. They are also able to demonstrate diligence to clients and regulators that this risk is being measured and controlled. Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
Integrated Cloud Email Security
Human Error is Incredibly Difficult to Understand, Let Alone Predict
04 March 2019
Email still remains the main communication channel for enterprises. Despite its incredible efficiencies and economies of scale, email as a communication tool is reliant on human interaction and judgement. This makes human error particularly prevalent on email. One example of a mistake that can occur over email due to human error is an email being directed to the wrong person. A misdirected email might happen for any number of reasons, just a few of which include stress, alertness, being in a hurry or simply bad luck. For example, staff members at a major Australian bank mistakenly sent emails that contained data from over 10,000 customers to the wrong recipient due to an error that changed the email’s domain name. Over the past few years the workforce has become more mobile, meaning that more data now exits organizations’ premises and networks. Many employees manage their inbox on the move, replying to an urgent email after work while commuting or messaging international clients in the early hours of the morning. While this flexibility is advantageous for employees and businesses, different diligence levels outside working hours and on mobile devices raise the chance of a misdirected email being sent. Let’s take a small-scale example. Even for a small organization where each employee sends a moderate number of emails per day, Tessian data shows that the likelihood of a misdirected email leaving the organization in a given month is high. That risk increases dramatically with the size of an organization. No matter how many Secure Email Gateways and firewalls you employ, failing to address this risk could mean your organization’s data being compromised. Mistakes due to human error are not limited only to outbound email. Over the past few years, inbound attacks such as spear phishing have become more frequent and more sophisticated. For example, someone may receive an email from an attacker impersonating a supplier requesting a transfer for an outstanding payment. The degree of urgency included in the email and the fact that the attacker utilizes a legitimate relationship makes the likelihood of the recipient falling for the attack more likely. In order to stay vigilant in this changing environment, security officers and business leaders should focus on two simple questions: 1. What’s the most likely cause of data loss for our organization? 2. What’s the maximum damage that a human error could cause? This awareness can help security leaders gain a better understanding of the risks they need to manage on an ongoing basis. Ultimately, this awareness could help mitigate the likelihood of data loss, and associated consequences like financial penalties or reputational damage. Mistakes due to human error are inevitable, but the negative consequences are not. Tessian’s machine-intelligent email filters use machine learning to understand relationships and behaviors on email, identifying in real time when people are about to make a mistake – whether it’s entering the wrong reply-to address or potentially falling for a spear phishing attack. Thoughtful, intelligent notifications located within the email client stop the threat before it can cause damage to your organization. Take action against misdirected emails and spear phishing today.  
Integrated Cloud Email Security
Announcing our Partnership with Sequoia and a New Era of Cybersecurity
By Tim Sadler
27 February 2019
I’m delighted to officially share with the world today that Tessian’s raised $42m in Series B funding led by Sequoia and partner Matt Miller is joining the board. I got to properly know Sequoia and Matt last year after a destiny-crafting introduction from the legendary CyLon. We’ve been fortunate to have a lot of interest from investors, but I try not to take meetings unless we’re actually fundraising. Sequoia was different. Instead of spending time talking about ARR and our metrics, Matt was interested in our vision, founding story, team and challenges. Sequoia call themselves company-builders, and that’s exactly how it felt from day one. We couldn’t be more excited to welcome Matt to the Tessian board and to work with him to create a new category of enterprise cybersecurity. When Tom, Ed and I started Tessian in our apartment in 2013, we started with a grand vision but laser focus on trying to execute one thing extremely well—preventing sensitive data loss caused by human error. Over the past three years, we’ve been quietly expanding the capabilities of our machine learning engine to address other gaping holes in enterprise security. Today, we’re also delighted to share our vision with the world for the very first Human Layer Security platform for the enterprise. Enterprises have spent the past two decades protecting their networks with firewalls, their devices with endpoint security but have completely neglected the most important data processors of all—their people. The new capital raised in our Series B will allow us to leverage the technology we’ve applied to email security and expand this to provide automatic protection for the myriad platforms and applications in use everyday by people in global organizations. Of course, none of this would have been possible without our most important allies. First, I’d like to thank all of our customers for their incredible support and belief in us over the years. Cybersecurity, by definition, is a risk-averse industry. It’s been inspiring to see how many enterprises are willing to adopt new technology to solve their greatest problems. Second, and to whom we owe the greatest thanks—the employees of Tessian. It’s because of your brilliance, creativity and relentless grit that we’ve achieved what we have today. As I’m sure any founder will attest, fundraising is a necessary part of company building but not the ultimate goal. We now have a huge amount of work ahead as we execute against our plans for 2019—a year that’s shaping up to be our biggest yet.
ATO/BEC Integrated Cloud Email Security
Why Rule-Based Approaches to Spear Phishing is Failing
19 September 2018
  Introducing Defender Business Email Compromise scams were responsible for over $5.3 billion in global losses from 2013 to 2017. According to the FBI, these types of attacks are also becoming more prolific, jumping 2,370% from 2015 to 2016 alone. Most enterprises have anti-spam and anti-phishing filters in place to protect their emails. Unfortunately, bad actors are outpacing these safeguards and are finding more intelligent ways to break through to their targets. This is where Tessian comes in. Since 2013, we have been developing machine intelligent technology to prevent threats that rule-based legacy gateways and platforms cannot. Tessian Defender is our latest advancement. Defender protects from threats executed by humans rather than just code, using the Tessian’s Parallax Engine and natural language processing technology to keep the most sensitive data and systems private and secure. The Problem Spear phishing is effective because of its highly targeted approach. When it successfully dupes individuals into sending money, sharing data, or downloading malware, it brings significant reputational and monetary risk. Defender protects against these threats through comprehensive safeguards against weak and strong-form impersonation alike. Weak-form impersonation can generally be detected and prevented through the rule-based controls that many enterprises already use. Often this is done by authenticating SPF, DKIM, and DMARC records to estimate the legitimacy of the sender. This entails cross-referencing IP addresses, scouring for invisible signatures, and linking senders to their domain names and broader email protocols. Rule-based defences also perform checks to find matches with known display names, modifications to “reply-to” addresses, and newly registered domains. Unfortunately, this is not enough. These systems are limited in scope and not always implemented. DMARC authentication, for example, only protects a domain against direct impersonation, where a bad actor is trying to spoof someone’s actual email address. It fails to address domain or display name lookalike impersonation. Furthermore, global DMARC adoption rates are low. Legacy technology stacks find it difficult to query large datasets in real-time, which means it is often a challenge for systems to quickly recognise and filter phishing emails. Even where these systems are sufficient, weak-form spear phishing is now evolving into a more advanced threat: strong-form spear phishing. This type of spear phishing subverts legacy email security systems by turning to tactics that are difficult for humans and rule-based email security processes to detect. Traditional, pre-defined rule sets cannot fend off strong-form spear phishing because of the almost infinite number of domain and sub-domain, display name and address, and freemail permutations impersonation allows for. Even where they do detect certain impersonations, legacy systems cannot capture the evolving dynamics of email networks, with enterprises developing new relationships every day over email. A rule set would need to constantly be updated in order to remain effective. This is time consuming and resource intensive and inefficient. The Solution Tessian Defender is specifically designed to tackle strong-form impersonation spear phishing. Due to the complexity of strong-form impersonation techniques, having an understanding of email relationships based on historical data and user behavior is critical. Using stateful machine intelligence, Tessian has developed a new approach to thwart spear phishing. Tessian’s Parallax Engine can predict for this user, at this point in time, does this email look like a security threat? Tessian Defender also uses natural language processing (NLP) to understand content within an email and will automatically classify its intent, so it can provide more context to the end user within a warning message, and also highlight the specific risk to security teams.  
Data Exfiltration Email DLP Integrated Cloud Email Security
What is an Insider Threat? Insider Threat Definition, Examples, and Solutions
By Maddie Rosenthal
29 June 0201
Organizations often focus their security efforts on threats from outside. But increasingly, it’s people inside the organization who cause data breaches. There was a 47% increase in Insider Threat incidents between 2018 and 2020, including via malicious data exfiltration and accidental data loss. And the comprehensive Verizon 2021 Data Breach Investigations Report suggests that Insiders are directly responsible for around 22% of security incidents. So, what is an insider threat and how can organizations protect themselves from their own people?
Importantly, there are two distinct types of insider threats, and understanding different motives and methods of exfiltration is key for detection and prevention. Types of Insider Threats The Malicious Insider
Malicious Insiders knowingly and intentionally steal data, money, or other assets. For example, an employee or contractor exfiltrating intellectual property, personal information, or financial information for personal gain. What’s in it for the insider? It depends.   Financial Incentives   Data is extremely valuable.Malicious insiders can sell customer’s information on the dark web. There’s a huge market for personal information—research suggests you can steal a person’s identity for around $1,010.   Malicious Insiders can steal leads, intellectual property, or other confidential information for their own financial gain—causing serious damage to an organization in the process.   Competitive Edge Malicious Insiders can steal company data to get a competitive edge in a new venture. This is more common than you might think. For example, a General Electric employee was imprisoned in 2020 for stealing thousands of proprietary files for use in a rival business. Unsurprisingly, stealing data to gain a competitive edge is most common in competitive industries, like finance and entertainment.   The Negligent (or Unaware) Insider 
Negligent Insiders are just “average” employees doing their jobs. Unfortunately, “to err is human”… which means people can—and do—make mistakes.   Sending a misdirected email   Sending an email to the wrong person is one of the most common ways a negligent insider can lose control of company data. Indeed, the UK’s Information Commissioner’s Office reports misdirected emails as the number one cause of data breaches.    And according to Tessian platform data, organizations with over 1,000 employees send around 800 misdirected emails every year. We’ve put together 11 Examples of Data Breaches Caused By Misdirected Emails if you want to see how bad this type of Insider Threat can get.   Phishing attacks   Last year, 66% of organizations worldwide experienced spear phishing attacks. Like all social engineering attacks, phishing involves tricking a person into clicking a link, downloading malware, or taking some other action to compromise a company’s security.   A successful phishing attack requires an employee to fall for it. And practically any of your employees could fall for a sophisticated spear phishing attack.Want to know more about this type of Negligent Insider threat? Read Who Are the Most Likely Targets of Spear Phishing Attacks?   Physical data loss    Whether it’s a phone, laptop, or a paper file, losing devices or hard-copy data can constitute a data breach.Indeed, in June 2021, a member of the public top-secret British military documents in a “soggy heap” behind a bus stop.   Looking for more examples of Insider Threats (both malicious and negligent?) Check out this article: 17 Real-World Examples of Insider Threats   How can I protect against Insider Threats?   As we’ve seen, common Insider Threats are common. So why is so hard to prevent them? Detecting and preventing Insider Threats is such a challenge because it requires full visibility over your data—including who has access to it.   This means fully mapping your company’s data, finding all entry and exit points, and identifying all the employees, contractors, and third parties who have access to it. From there, it comes down to training, monitoring, and security.   Training   While security awareness training isn’t the only measure you need to take to improve security, it is important. Security awareness training can help you work towards legal compliance, build threat awareness, and foster a security culture among your employees. Looking for resources to help train your employees? Check out this blog with a shareable PDF.   Monitoring   Insider Threats can be difficult to detect because insiders normally leverage their legitimate access to data. That’s why it’s important to monitor data for signs of potentially suspicious activity.   Telltale signs of an insider threat include: Large data or file transfers Multiple failed logins (or other unusual login activity) Incorrect software access requests Machine’s take over Abuse by Service Accounts Email Security The vast majority of data exfiltration attempts, accidental data loss incidents, and phishing attacks take place via email. Therefore, the best action you can take to prevent insider threats is to implement an email security solution.   Tessian is a machine learning-powered email security solution that uses anomaly detection, behavioral analysis, and natural language processing to detect data loss.   Tessian Enforcer detects data exfiltration attempts and non-compliant emails Tessian Guardian detects misdirected emails and misattached files Tessian Defender detects and prevents spear phishing attacks How does Tessian detect and prevent Insider Threats? Tessian’s machine learning algorithms analyze your company’s email data. The software learns every employee’s normal communication patterns and maps their trusted email relationships — both inside and outside your organization. Tessian inspects the content and metadata of inbound emails for any signals suggestive of phishing—like suspicious payloads, geophysical locations, IP addresses, email clients—or data exfiltration—like anomalous attachments, content, or sending patterns. Once it detects a threat, Tessian alerts employees and administrators with clear, concise, contextual warnings that reinforce security awareness training
Page