Request a Demo of Tessian Today.

Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

State of Email Security 2022: Every Company’s Riskiest Channel |  Read the Full Report →

Customer Stories
Australia’s Oldest Law Firm Invests in Human Layer Security
Saturday, September 28th, 2019
Allens is one of Australia’s leading commercial law firms with offices throughout Australia and 28 international locations through a global alliance with Linklaters. For almost 200 years, Allens has prided itself on providing excellent client service. The firm has worked with many of the world’s leading organizations both within Australia and abroad. Allens is protecting 1,100 employees with Tessian Defender, Tessian Guardian, and Tessian Enforcer. 
Looking for better data security oversight Allens is the oldest law firm in Australia, and has a proud heritage of supporting its clients through important matters. Bill Tanner is the Chief Information Officer at Allens and looks after endto-end IT delivery for the firm across Australia and South East Asian territories. Law firms like Allens receive sensitive company and client data on a daily basis. For Bill, ensuring the firm’s technical stack remains up to date and secure is a top priority. As Bill says, “Allens wants to help our people identify potential threats but also ensure our people don’t inadvertently expose our systems.” Searching for a solution that could simultaneously protect their people from security threats, while building awareness within the workforce as to how threats manifest on email, Allens turned to Tessian.
Mitigating inbound and outbound threats Tessian’s Guardian, Enforcer and Defender filters were seamlessly integrated into Allens’ security stack. After deployment, Bill and his team were able to immediately see the filters’ success in eliminating threats from both inbound and outbound emails. The high accuracy of the Tessian platform meant employees could still be protected while continuing their day to day business without interruption. Mail being sent to the firm has increased 57% over the past six months. Whilst there has been a 74% increase in the volume of mail rejections, this correlated with an 8% improvement in rejection rate. Mail-based attacks continue to rise, and attackers are getting more sophisticated with their techniques. Allens was looking to bolster its existing defences by providing additional context around the potential threats landing in employees’ inboxes. Tessian’s Defender module detects anomalous incoming emails in real time, delivering warnings to employees that both prevent the attack having any impact and educate them as to why the email looks suspicious. To Bill, Defender’s intelligent notifications “provide that context in the moment that is so important for our people.”
Creating a conscious security culture As data security threats continue to threaten the legal sector, it will be vital for firms like Allens to invest in cutting-edge technology to mitigate the risk of data loss and spear phishing attacks, and the potentially disastrous repercussions of data breaches. With Tessian’s filters protecting Allens employees in multiple territories, Allens has increased the protection of the sensitive data held by the firm as it continues to deliver the high standard of service the firm has provided for almost 200 years.
Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
Allens Linklaters Case Study hbspt.cta.load(1670277, '088f48a8-3560-405c-810b-d0cc67fef572', {"region":"na1"});
Read Blog Post
Customer Stories, Integrated Cloud Email Security
Hill Dickinson Adopts Tessian to Prevent Sensitive Client Data from Falling into the Wrong Hands
Tuesday, September 17th, 2019
London, UK. 17 September, 2019 – International law firm Hill Dickinson has selected cybersecurity company Tessian to prevent accidental data loss caused by misdirected emails and data exfiltration to non-business email accounts, in order to protect sensitive client data. With a number of clients in the financial services and healthcare sectors, data security is a number one priority for Hill Dickinson. The firm’s health practice works with some of the UK’s largest healthcare providers, and the team proactively sought out an email security solution that could ensure the safety and privacy of sensitive data, such as patient records, while not impairing productivity. Keith Feeny, Director of IT and Operations at Hill Dickinson said, “Data breaches are a huge concern from a client perspective. Having big directories of contacts with similar names can increase the chance of an email containing sensitive data being accidentally sent to the wrong person. This could have serious consequences. We wanted a solution that could stop people making a potentially costly mistake without restricting business as usual.” Using machine learning technology, Tessian is able to predict whether an outgoing email is about to go to the wrong person. The solution sits quietly in the background and automatically alerts an individual only when a mistake is about to be made. Hill Dickinson is also working with Tessian to stop sensitive information from being exfiltrated to unauthorized, non-business accounts. The firm’s IT team found that, despite each employee being issued with a company laptop, staff were still sending documents to personal email accounts in order to work on them at home. While some companies opt to blacklist all freemail domains to solve this problem, this approach can impede productivity and stop the firm engaging with private clients, small businesses or contractors that use freemail domains. Hill Dickinson, therefore, required a solution that would pose minimal disruption to business as usual but that could automatically prevent unauthorized emails. Feeny added, “We needed our staff to understand that data was at greater risk if sent outside the network. With Tessian in place, we are able to better control the flow of data in the firm and we can ask people to think twice before sending potentially sensitive information to their personal accounts.” Tim Sadler, CEO at Tessian, said, “With high client expectations and a stricter regulatory landscape, there is no margin for error in law firms when it comes to securing the data they hold and process. But that doesn’t mean security should restrict the way partners and employees want to work. Hill Dickinson can ensure its people are able to work effectively and efficiently, without putting client data at risk.”
Read Blog Post
Integrated Cloud Email Security
Email Security Tips for an Enterprise
Monday, September 16th, 2019
In today’s changing business environment, 70% of organizations believe their security risk has increased significantly. The idea of data breaches being more a question of “when” rather than “if” has become mainstream. That being said, there are a number of ways for enterprises to mitigate the security risks that they could be exposed to. 1. Educate your employees The main cause of security failure within an organization is often employees, as they are responsible for handling and sending sensitive data. Educating employees on the risks that they could be exposed to through training programs is a common strategy that organizations adopt in order to try and mitigate some of these risks. While they can be beneficial, one issue with training programs is the dangerous assumption that once training is completed, all employees retain information equally well. This is an unrealistic expectation, as even the most advanced training programs have gaps that do not account for human error. Having technology that can prevent security issues before they happen – while educating your employees in real time – is potentially a more nuanced and intelligent solution for your enterprise. With Tessian’s Guardian and Defender filters, users are shown a pop-up if an inbound email looks suspicious. The pop up explains why the email could represent a threat, leaving the employee to make the final decision on which action to take, with the benefit of having all the salient information to hand. tEmployees are educated as to the threats they face, while the industry-leading technology prevents threatening emails from causing damage to your organization. 2. Be proactive Of course, data loss over email becomes becomes much more difficult to handle once it’s already happened. Having a plan in place for what to do in the event that an employee does leak data over email is important, and having a strategy for preventing the leak from occurring in the first place is even better. Invest in technologies and platforms that will enable your organization to better understand how your employees communicate with each other, and people outside the organization. 3. Get the basics right Getting the basics right is a critical step, as it will allow you to build an information security infrastructure on a great foundation. Best security practices include utilizing encryption, being careful when using a corporate email account from public and or a shared computer, and not opening emails from unknown sources. That being said, don’t let these steps lull you into a false sense of security. Research suggests that 30% of cybersecurity incidents are caused by current employees Confidence comes hand in hand with the capability of your security stack. If you’re still using legacy security software, the extent to which your organization can guard itself against internal and external attacks is already inherently limited. With this in mind, it is no surprise that confident IT security professionals are more than twice as likely to think that C-suite involvement in email security strategy as “very appropriate” and 1.4x more likely to actually obtain that engagement. Therefore, why wait until something goes wrong to implement much-needed change? Arm’s, CISO Tim Fitzgerald wanted to perfect the firm’s email security basics and find a platform that would complement the security culture that he wanted to create. Tessian helps thousands of Arm employees get the basics right on email while ensuring that their systems remain secure. (Read the case study.) 4. Don’t forget about mobile devices Email communication has become more mobile. Using email on the go and on various devices (laptops, tablets, smartphones) greatly increases the potential for mistakes. A data breach caused by a misdirected email could very easily occur on your daily commute by accidentally picking the wrong recipient from a “helpful” autocomplete list. Many email DLP platforms can only ensure protection on desktop computers, or only for Microsoft email environments. It’s important that you find a way to secure your email network, regardless of how employees might be accessing it. It’s more difficult than ever for security leaders to feel like they’re on top of everything. Fortunately, Tessian’s solutions help organizations get the basics right, while stopping even the most sophisticated outbound and inbound email threats. To learn more about Tessian, contact us here.
Read Blog Post
Customer Stories
Preventing Data Exfiltration at a FTSE 100 Tech Company
Monday, August 12th, 2019
Rightmove is the UK’s largest online real estate portal and property website. For over 15 years, the organization’s aim has been to empower the UK’s decisions around property. Rightmove is listed on the London Stock Exchange and is a constituent of the FTSE 100 Index. Rightmove is protecting 530 employees with Tessian Guardian and Tessian Enforcer.
Seeking a seamless security system For David Cray, Rightmove’s Head of Customer Experience and Product Development, making sure the UK’s number one property portal has a proactive cybersecurity strategy is vitally important. Rightmove was searching for a flexible solution to the problem of accidental data loss and unauthorized email activity. David needed a product would work across all systems and devices. Rightmove turned to Tessian for answers. Prompt deployment and threat detection Rightmove was able to quickly and easily deploy Tessian’s Guardian and Enforcer filters across all UK team members. Tessian’s machine learning enabled Rightmove to benefit from minimal disruption to staff and their day-to-day work, while still equipping the organization with best-in-class email security technology. The Guardian filter’s machine intelligence prevents emails being sent from Rightmove employees to the wrong person as a result of human error, while Enforcer identifies and stops sensitive emails from being deliberately sent to unauthorized email accounts. Building an agile security culture Email will continue to remain one of the biggest security concerns for many organizations. By deploying Tessian across the organization, David has taken the necessary steps to ensure that Rightmove is prepared to combat the most advanced email security challenges. Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
Rightmove Case Study    hbspt.cta.load(1670277, '98a11710-15e1-45d6-aeae-9c7dbb3cb1bd', {"region":"na1"});
Read More
Customer Stories
Solidifying Security in Investment Management
Tuesday, August 6th, 2019
Man Group is one of the world’s largest independent alternative investment management groups with $114.4bn of client capital in liquid and private markets. Man Group’s managers (Man AHL, Man FRM, Man GLG, Man Numeric and Man GPM) have diverse long/short and long only strategies spanning equity, credit, managed futures, convertibles, emerging markets and multi-managers. Man Group is protecting 1,700 employees with Tessian Guardian, Tessian Enforcer and Tessian Constructor.
Evolving beyond data loss prevention Financial organization like Man Group encounter large quantities of highly sensitive information on a daily basis. Neil Wellard, Man Group’s Head of Information Security, recognizes that in large, complex organizations the risk of inadvertent data loss is high. The repercussions could undermine organizations’ reputations within their industries. Email is the most used communication tool within enterprises. To Neil, it was vital for Man Group to continue looking beyond its existing security technologies like Data Loss Prevention. Aware of the potential risks and the limitations of legacy email security products, Neil and his team progressed with Tessian. Best-in-class security, without disrupting business After successfully deploying Tessian across the entire firm, Man Group’s information security professionals were quickly able to familiarize themselves with Tessian’s products and access detailed organizationwide security analytics through the Tessian dashboard. Tessian’s machine learning helped Man Group automatically identify and prevent inadvertent data loss over email while ensuring minimum disruption to employees at the organization. With a low false positive rate, Tessian’s warnings effectively minimized unauthorized emails and accidental data loss without disrupting people’s regular workflows. Staying vigilant in a changing environment With Man Group and other multinational investment managers having to deal with constantly changing regulatory and commercial environments, the need to invest in agile and customizable security solutions will only grow over time. With Tessian in place, Man Group can mitigate the risk of misaddressed and unauthorized emails without disrupting business as usual. Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
Read Blog Post
Integrated Cloud Email Security
Q&A: Tim Sadler, Tessian CEO
Thursday, July 4th, 2019
Tim Sadler, Tessian CEO and co-founder, summarizes his journey from founding Tessian to raising $60m from leading investors. Why did you decide to found Tessian, and why was email security the problem you focused on? Tessian was founded in 2013 by myself, Ed Bishop and Tom Adams. We all studied engineering together at university before moving into banking. Working at these multinational organizations, we saw how much sensitive data was put at risk by people sending emails. Modern organizations process vast amounts of information, and they have a lot of controls to keep that data safe. But even with NDAs, project code names, and policies advocating security best practices, enterprises still face risks from many, many misdirected emails. Today, organizations have to allocate budget to keeping their data safe, and they understand the importance of reputation management. So we asked ourselves, ‘Why is this a problem?’ We realized that there had to be a technological solution that could help improve email security within complex organizations. When we started the company we didn’t really have security backgrounds, but we did have the first-hand knowledge of how big a problem this was. When we got in front of our first customers – predominantly law firms and banks – and started talking about the threat of human error in email communication, that was when we knew Tessian had value to offer. So why is human error such a huge threat? Email is something we all do. We send 40 emails a day, and generally speaking it feels incredibly safe. It’s a little bit like our own personal safety: we don’t think twice about getting into a car or driving a car, but statistically speaking it’s actually one of the most dangerous things that you can do in your life. We’re scared by the headline-grabbing stuff, like plane crashes or shark attacks, but it’s actually the unremarkable things we do every day without thinking that are most likely to cause harm. That’s exactly the problem with email, and in particular with misdirected emails. That why the first piece of software we built was targeted at helping enterprises automatically deal with the risk of misdirected email communications. How important is it that security products don’t disrupt people’s work? It became clear to us when we were building Tessian that employees wanted a completely automated process. Security leaders understand the risk of misdirected emails and know that a technological solution is needed. However, they want to deploy technology that doesn’t require laborious maintenance or pre-configuration. It has to work ‘as if by magic’. Preserving the user experience is essential. It was imperative that the technology wouldn’t get in the way of people doing their jobs: no-one wants a pop-up asking them to confirm the validity of every single email they send. Organizations wanted something that just completely blended in with regular workflows. These were some of the key learnings we got from those early meetings. We’ve worked hard to create something that doesn’t need an enormous IT team to implement. Tessian’s products are completely automated, and the deployment is seamless: it simply integrates with existing infrastructure. So what are the different problems Tessian solves today? Cybersecurity previously focused on computer networks before moving on to endpoints, or device-level security. In the world we’re in today, we believe that the next step is to protect people. This progress is reflected in our development of different email filters. We don’t solely focus on preventing misdirected emails with our Guardian filter any more. We also focus on other areas of security. Tessian Enforcer prevents unauthorized emails, which is where people send highly sensitive information to (for example) personal Gmail or Hotmail accounts. Our most recent launch is Tessian Defender, which focuses on preventing inbound spear phishing emails. This is a defense against malicious outsiders trying to trick humans within your enterprise, whether it’s encouraging them to click on a suspect link or to make an erroneous payment. This is why we need a security platform covering the whole human layer. Tessian’s mission (and it’s an ambitious one) is to protect firms against any security threat executed by a human. To get closer to fulfilling that mission, we’re investing in R&D and software engineering. We continue to work on new solutions that address all organizations’ human layer risks. We are constantly working on innovative ways to deal with security risks that don’t require hiring an additional 10 people to run the software or conduct analysis. This is something that we focus on very heavily at Tessian – to offer software that can be deployed simply and quickly to automatically prevent security risks to people. Tessian’s Human Layer Security platform is unique in the market. Why do you think you’re the only company offering this solution? It seems obvious, doesn’t it, to focus on Human Layer Security as the solution to the problems we’ve discussed. The issue is that these problems are incredibly difficult to solve in a manner that provides best-in-class user experience and is completely automated. That’s why machine learning lies at the core of our technology. The products and the underlying tech takes time to get right, and I think that’s why we’re out there alone at the moment. The challenges we’ve had to work to overcome require intense and rapid analysis of historical data in order to understand conventional communication patterns and behaviors. We have a very short window of time to check an email and make a conclusion about whether it’s going to be OK to send or reply to. Developing that software has taken time and R&D investment. Another benefit to Tessian – and our clients – is that we’re a relatively young company, so we’ve been able to build the entire system on very modern architecture. This has allowed us to leverage increased speed in the system and an abundance of flexible computing power. In this respect we think we’re ahead of any other company in our space. We are on a mission to bring Human Layer Security to as many enterprises around the world as possible. We want to keep the world’s most sensitive information and systems private and secure, building technology that allows enterprises to do that by delivering amazing experience both for security teams and also the people that directly interact with the product. What do you think Tessian will look like in a few years’ time? I’m currently speaking from our New York office, which we established in 2018. We’re now investing heavily in the US market, and to help us do that we raised $42 million worth of funding in a round earlier this year led by Sequoia Capital. Sequoia invests in the best security technology companies in the world. We raised the capital to move into new markets as well as significantly expand our R&D activities. Our goal at Tessian is to protect the human layer in the same way that firewalls protect the network layer and endpoint security protects the device layer. We are focused on the automatic protection of any person processing data within the enterprise. In the future, I see Human Layer Security being a concept that is brought up at board level, exactly the same way that these other concepts in cybersecurity are discussed. Ultimately, humans make mistakes, they break the rules and they are easily deceived. These three problems are huge security vulnerabilities for people and organizations. It’s also much harder to protect people, but it’s also much more important that they are protected. Every organization has some kind of firewall protection against the network. They will have some kind of endpoint security protection on their devices. We see Human Layer Security really being the third piece of the jigsaw puzzle that’s currently missing from these organizations. Tessian wants to be the layer that protects the most important part of any enterprise – your people. *Interview condensed from Modern Law Magazine supplement, May 2019.
Read Blog Post
Integrated Cloud Email Security
Why Wednesday is Your Business’ Riskiest Day
Monday, June 24th, 2019
They call it the Hump Day for a reason; our latest research has revealed that workers feel the most tired on Wednesday afternoon and this could be putting your data and systems at risk. This is because when we are tired, we become more error-prone. In fact over three quarters of people (76%) we surveyed say that they make more mistakes when they are feeling sleepy. The problem is that is just takes one mistake – one email accidentally going to the wrong person or one click on a phishing scam – to compromise sensitive data and ruin a company’s reputation. No rest for the wicked Phishing is becoming a persistent hazard for businesses to deal with. The number of phishing attacks continue to rise year on year and today, around 6.4 billion fake emails are sent worldwide every day. Furthermore, Verizon revealed that a staggering 94% of malware is now delivered by email. Therefore, it’s never been more important for employees to spot the good from the bad to avoid falling for the scams. But given that 91% of UK workers told us they feel tired during the working week, with one in five feeling tired every day, can we really expect employees to make the right decision 100% of the time when faced with a cybersecurity threat on email? The thing is, when we are tired and stressed, we may overlook cues present in a cyber threat. This is according to cyber-psychologists Dr Helen Jones and Prof. John Towse who recently shared their insight in our latest report – Why Do People Make Mistakes. Tiredness affects our ability to question the legitimacy of messages and makes us more likely to miss something that signals a threat, simply because we have less cognitive capacity available to dedicate to evaluating new information. Tired employees also pose another risk; fatigue makes it harder for people to resist the impulsive urge to respond to a persuasive request in a potentially malicious email. A study by Washington State University, for example, found that sleep deprivation not only increases the likelihood of someone making risky decisions but also decreases a person’s awareness about why they were taking risks. With email being so quick and easy to use, tired employees may not even register the risk their inbox could pose. What’s more, it’s not hard to imagine that a smart hacker could even start to target your most tired employees at certain times of the day in a bid to trick them to click. Waking up to the threat We cannot expect people to make the right cybersecurity decisions 100% of the time; tiredness and overwhelming workloads lead to risky decisions on email and this poses a threat to your business. Rather than seeing employees as the first line of defence, you instead need to consider how to use technology to limit the number of costly mistakes that are just waiting to happen. By alerting employees to potential threats and advising them on the action to take, you can mitigate the risk and encourage people to think before they hit ‘send’ – especially during that Wednesday afternoon slump.
Read Blog Post
Integrated Cloud Email Security
Tired and Overworked Employees Pose a Huge Risk to Business’ Data
Wednesday, June 12th, 2019
New Tessian report reveals that working environments stop people making safe cybersecurity decisions at work. Today’s working environments are making it impossible for employees to make the right decision 100% of the time when faced with a potential cyber threat on email, reveals a new report from cybersecurity company Tessian. The report – Why Do People Make Mistakes? – presents findings from a new survey, conducted by Tessian, in which 1,000 UK employees were asked about their working environment and practices. Additionally, the report includes insights from cyber-psychologists Dr Helen Jones, University of Central Lancashire and Professor John Towse, Lancaster University, which further explains how certain factors in the workplace can cause people to make suboptimal decisions, leading to dangerous behaviour on email. The research reveals how overwhelming workloads, office distractions, fatigue and stress affect a person’s cognitive capacity, potentially impairing an employee’s ability to identify signs of a potential cyber threat – such as a phishing scam or sending an email to the wrong address. This, Tessian argues, puts businesses’ data and systems at risk given that 52% of UK employees say they’ve accidentally sent a work email to the wrong person. Tim Sadler, CEO at Tessian said, “Every time someone sends or receives an email, they are making a decision. When you consider how much time we spend on email, it’s little wonder that sometimes those decisions result in mistakes. However, it takes just one mistake – one email being sent to the wrong person or falling for one convincing message – to compromise your company’s data and ruin its reputation. Businesses, therefore, need to consider how they can protect their employees on email.” The factors that affect people’s ability to make the right cybersecurity decisions at work include: 1. Quick-to-click cultures Over half of UK employees (58%) say there is an expectation within their organisation to respond to emails quickly. Dependency on mobile phones isn’t helping the situation; nearly six in ten (59%) respondents say they use their mobile phones to send work emails out of office hours, with nearly a third doing so at least 2-3 times a week. Two in five respondents (39%) admit they respond to emails much more quickly on their phones. Dr Helen Jones said, “Studies have repeatedly shown that time pressures significantly impact decision accuracy. Under pressure, we are more likely to rely on impulsive, low-effort behavioural responses and dedicate less attention to the situation in front of us. What’s more, an increased pressure upon employees to be constantly connected on-the-go means there is a higher likelihood of distraction and, therefore, mistakes.” 2. Tired and stressed The majority of UK employees (92%) feel tired at work, with people feeling most tired on Wednesday afternoons. In addition, 91% say they feel stressed at work, with people feeling stressed, on average, half of the working week (2.4 days). Worryingly, over three quarters of respondents (76%) say they make more mistakes when they are tired, while 71% say they make more mistakes when stressed. “Tired and stressed employees pose a real risk to email security,” explains Jones. “When we are tired and stressed, we are less likely to question the legitimacy of messages and miss the cues that signal a threat. We are also much more impulsive when we are tired, making it harder to resist the urge to respond to a tempting or persuasive request in a phishing email.” 3. Information overload More than two in five UK employees (44%) describe their current workload as either ‘overwhelming’ or ‘heavy’. On top of a never-ending to-do list, employees are faced with many distractions, including: 1. Office noise (37%) 2. Colleagues ‘dropping by’ (34%) 3. Email notifications (30%) 4. Meetings (26%) 5. Notifications on their personal phones (20%) When juggling multiple tasks at once, employees will likely rely more on habitual behaviours rather than engaging in analytical thinking. This makes businesses more vulnerable to threats over email given that a person’s ability to focus is impaired. 4. Trickery and trust Hackers are becoming smarter in their approaches to phishing, often impersonating well-known brands or senior executives within an organisation. One in 10 respondents admitted to clicking on a phishing email at work. This figure was much higher in the financial services industry where nearly one in three (29%) respondents in this sector admitted to clicking on a phishing email. Sadler concludes, “Businesses cannot rely on employees being the first line of defence. Mistakes happen, especially when people are tired, stressed and overworked. Companies need to help people make conscious and safe cybersecurity decisions on email, putting a safety net in place to prevent the inevitable. Only then, can businesses protect their data and systems from human failure on email.”
Read Blog Post
Customer Stories
Mitigating Inbound and Outbound Email Threats
Wednesday, June 12th, 2019
Evercore is one of the world’s leading independent investment banking firms. Headquartered in New York City, and with over 2,000 employees and offices across major global financial centers, Evercore serves a global base of clients on a variety of highprofile transactions. These include M&A, strategic shareholder advisory, restructurings, capital raises, equity research, sales, trading, wealth management and trust services. Since its founding in 1995, Evercore has advised on over $3 trillion in M&A, recapitalization, and restructuring transactions. Evercore is protecting over 2,000 people with Tessian Defender, Tessian Guardian, Tessian Enforcer and Tessian Constructor.
Moving past manual solutions Evercore is a firm with exceptionally high standards. That extends to deploying new pieces of software. In heavily transactional environments like investment banking, any downtime or performance issues caused by a new software product is potentially damaging. IT teams often cite ease of deployment as a main priority for new software. Chris Turek, Evercore’s Chief Information Officer, understands just how important it is to deploy new systems quickly and smoothly.
Incredibly simple, uniquely effective For Chris, the beauty of the Tessian platform lay in its administrative simplicity. When Tessian is installed on an email network, it begins analyzing historic email communications retroactively to learn what constitutes ‘normal’ behavior for each user. Within hours, Tessian was up and running, protecting Chris and Evercore’s employees against misdirected emails due to human error. Tessian has also been instrumental in targeting spear phishing emails generated outside the organization. What’s more, Tessian’s platform doesn’t require large sets of pre-labeled data or complex integration processes. The add-in can be installed by simply downloading a file, and it can be rolled out to users at the IT team’s discretion. As Tessian integrates directly with Microsoft Outlook, Office365 and G Suite, all major enterprise email environments are catered for. Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
Evercore Case Study hbspt.cta.load(1670277, '64b7cdd7-d73a-4573-88ec-56e7cee61f20', {"region":"na1"});
Read Blog Post
Customer Stories
Data Loss Prevention in Healthcare: A Serious Business
Tuesday, June 11th, 2019
Laya Healthcare members have access to some of the most innovative health insurance benefits and services in the Irish health insurance market. Working with over half a million customers, its brand promise, Looking After You Always, represents laya healthcare’s member-centric approach, which is fundamental to its vision and values. Part of global insurer AIG since 2015, Laya healthcare also offers life and travel insurance policies. Laya Healthcare is protecting 550 employees with Tessian Guardian.
Security in healthcare: a serious business Health insurance is an intensely specialized industry and can be fragmented from a technology perspective. Significant amounts of information are constantly transferred between different practitioners, hospitals, other insurers and partner organizations. As one of Ireland’s largest health providers, Laya healthcare deals with extremely sensitive information. Ian Brennan, Director of IT at laya healthcare, and his team go above and beyond to ensure human error doesn’t contribute to breaches or put individuals’ data at risk. Ian is responsible for overseeing Laya healthcare’s security and privacy. Analysing their security data, he established that particular email productivity functions like Autocomplete were actually contributing to errors being made by people. As Ian says, “We always want to save our team time, but unfortunately there are negative consequences to these efficiency-led features too.” Ian needed to find a way to eradicate the possibility of these errors without disrupting employees’ productivity on email.
Minimizing disruption for the workforce Laya healthcare’s existing Data Loss Prevention tool was catching most mistakes being made by people on email. However, certain limitations meant that Ian was looking for a more intelligent solution that learned from users’ behaviour, and which required minimal time investment from the IT department. In Ian’s experience, “there are a million tools that say they’ll do exactly what I need. But if I need a performant product that runs unobtrusively when it’s not doing its job, there aren’t many solutions that really fit the bill. Ian is sensitive to the knock-on effects on his IT team when software doesn’t work as intended. Since Tessian deployed the Guardian product for Laya healthcare, it has needed minimal “care and feeding”, as Ian says, requiring no IT input to make sure Guardian was learning as expected. This freed his team up to tackle higher-value work. “I’ve seen very few products as light on IT admin as Tessian.”
Moving beyond rule-based systems Ian was eager to take advantage of Tessian’s ability to learn from employees’ behaviours, identifying which email conversations were ‘business as usual’ and which emails needed flagging. Ian is confident that leveraging Tessian’s machine learning will reduce overhead for his team and the wider business in the coming years. “As rule-based systems expand in complexity, the maintenance and service requirements often increase too. We anticipate that Tessian will scale much more smoothly.” Insurance companies are confronting a changing security climate. “People are now much more switched on to their rights as individuals, and security risks are always evolving too.” Tessian and laya healthcare will continue to work closely together in the coming months and years, helping eradicate human errors on email and helping laya healthcare members get the topclass service they deserve. Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
Laya Healthcare Case Study hbspt.cta.load(1670277, '6a36d064-618a-46aa-a821-1c527caf151a', {"region":"na1"});
Read Blog Post
Customer Stories
Tackling Spear Phishing when the Stakes are High
Tuesday, June 11th, 2019
Polarcus is the world leader in offshore geophysical services. Its fleet of green, hightech vessels conduct explorations from pole to pole, producing seismic survey data for global clients. Headquartered in Dubai, the company is listed on the Oslo stock exchange. Polarcus is protecting 350 employees with Tessian Defender. 
The spear phishing paradox Spear phishing is a relatively new and very different kind of security threat. For decades, spam and bulk phishing attacks have relied on unsophisticated mass messaging, effectively hoping that one or two people out of thousands don’t pay attention and make elementary mistakes. Spear phishing, by contrast, is far more malicious. Inbound emails targeting specific people, using social pressures to imply urgency, are a much more challenging threat for legacy security products. Erik Ruis joined Polarcus as Head of IT in early 2019. At that point the company was working out how to address sophisticated threats that could bypass its existing security infrastructure. He comments, “Threats like data theft and systems takeover can start from a single spear phishing email. Making things more complicated, companies in our sector have become targets for attackers seeking financial gain or trying to make an environmental or political statement.” This set of circumstances led Polarcus to Tessian.
Helping users make better judgments Spear phishing techniques like domain impersonation (when an attacker changes, for example, ‘tessian.com’ to ‘tesssian.co’ in order to trick a user into thinking an email is coming from a colleague) pose enormous risks to organizations. To effectively combat these threats, busy email users needed to understand in real time why an email might be suspicious. Defender, Tessian’s product built to combat spear phishing threats, was the natural solution. In Erik’s experience, “When you show someone a phishing email and tell them it’s an impersonation, they are still sometimes unable to understand why it’s fake.” This underscored the benefits of a product that leverages machine learning to automatically provide contextualised warning messages to users, a fundamental part of the Tessian offering. Now, Erik says, “we don’t get many alerts from Tessian, but when they happen people definitely notice them and benefit from them.”
What the future holds As Polarcus continues to innovate, Erik will keep looking for intelligent products that can tackle issues to do with human behavior on email, such as data exfiltration. The key will be identifying solutions that focus on “patterns of behavior, rather than rules.” In the meantime, attackers trying to circumvent legacy rule-based systems means that for Erik, “as perpetrators become more creative and more sophisticated over time, I expect Tessian’s products to keep adding even more value.” Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
Polarcus Case Study hbspt.cta.load(1670277, 'bc5ef259-cd9e-4061-b40d-e49fdae495b3', {"region":"na1"});
Read Blog Post
Customer Stories
Focusing on Security Basics with Game Changing Technology
Tuesday, June 11th, 2019
Arm technology is at the heart of a computing and connectivity revolution that is transforming the way people live and businesses operate. Together with 1,000+ technology partners, Arm is at the forefront of designing, securing and managing all areas of computing, from the chip to the cloud. Arm is protecting 6,000 employees with Tessian Defender and Tessian Guardian. 
Building a human layer security culture “Humans will make mistakes.” That’s the blunt assessment of Arm CISO Tim Fitzgerald. Tim joined Arm in 2017 after spending years working on IT and information security at KPMG and Symantec. Since being acquired by Softbank in 2016, Arm has been investing significantly in the organization’s growth. On joining Arm, Tim kicked off an ambitious plan to improve his workforce’s understanding of security risks, while retaining a “high-trust” culture that emphasises “sharing, communication and collaboration as the basis of Arm’s success”. When Tim first began speaking to Tessian, he was seeking a more intelligent way to respond to isolated incidents of data loss that resulted from people not having enough salient information surfaced for them in real time. “Getting the fundamentals right”, for Tim, meant looking at the most prominent channels of communication and catalyzing change by focusing on the most important threat vectors within these channels. That meant looking at email, and particularly at how people behave – and slip up – on email.
Tailored real-time threat detection Over an initial proof-of-concept period, Arm straight away began seeing results. Thanks to Tessian’s ability to retroactively analyze historic email data, Arm was “immediately able to look back and pinpoint particular events that could have been avoided with Tessian’s software. That was a huge influence in our decision to move forward.” For Tim, Tessian’s reinforcement of best practice through delivering crucial contextual insight – giving people a beat to stop and think – is critical. “The value for us is that we’re effectively retraining the organization to look again at how they’re interacting with email in real-time.”
Eradicating ‘garden-variety’ vulnerabilities Under Tim’s leadership, Arm is continuing to invest in its security infrastructure by focusing on its people, and on flawlessly executing the basics of information security. In Tim’s view, “The ugly truth is that most threats to organizations stem from ‘garden variety’ vulnerabilities, and that includes humans.” Today, Tessian protecting employees from human error on email is a crucial part of Arm’s security strategy. Sometimes, focusing on the basics is the most important thing you can do.
Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
Arm Case Study hbspt.cta.load(1670277, 'dc21b2ed-417f-498c-b2c0-c64e255b6143', {"region":"na1"});
Read Blog Post