Request a Demo of Tessian Today.

Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

Prepare for the next wave of email attacks at Fwd: Thinking on Nov 2 | Save Your Seat →

Integrated Cloud Email Security, Advanced Email Threats
Product Update: Enhanced Security Event Filtering and Reporting
by Tessian Thursday, September 22nd, 2022
Our latest product update for our Advanced Email Threat Prevention module, Tessian Defender, improves the efficiency of security event filtering through new and easy-to-navigate event filters. We have also improved malicious email reporting, resulting in improvements to our detection efficacy.
New and enhanced filters for more efficient event filtering The enhanced event filtering interface will improve confidence and control for security admin using Tessian’s portal. It enables security admins to  efficiently filter and find security events, enabling security teams to respond faster.
Some of the new and enhanced filters include: Original filter location: Folder location of the email at the time of delivery to the end-user’s mailbox. Attachment filter: Contains attachments or not. Phishing simulation filtering: To exclude/include phishing simulations. Confidence level filtering: To filter on high/medium/low confidence interval events.
Improved end-user reporting capability Improvements to malicious email reporting will further improve the ability to recall malicious emails from inboxes, as well as improving detection efficacy. After a security admin reports a malicious email, future emails that share the same characteristics will automatically be quarantined in the portal – reducing cyber risk.
Why these updates matter: Quicker response time and improved detection efficacy In a hypothetical example of attempted Account Takeover (ATO), Tessian will flag suspicious emails as potentially malicious. After receiving an alert, security admins using the Tessian Cloud Email Security Platform, analyze all suspicious emails marked with a high degree of confidence and take appropriate action.  The new event filtering capability further speeds up this process, enabling security admins to filter all the security events by event type, confidence level, user response and quarantine status, while also allowing security admins to exclude events classified for example as phishing simulations – improving response times.   The new labeling feature incentivizes customers to report malicious emails. This, in turn, improves the detection efficacy of the platform’s algorithms with each reported email. 
Every minute counts to reducing cyber risk Time is of the essence in triaging security events on email. Our engineering teams are working relentlessly to cut response times and give time back to security teams. These latest product updates do just that, enabling our customers to reduce the time spent on event triaging while also improving detection efficacy. To see how the Tessian Cloud Email Security platform intelligently prevents ransomware attacks, and protects against data loss, watch a product overview video or book a demo.
For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn
Read Blog Post
Integrated Cloud Email Security, Data & Trends, Advanced Email Threats
Product Update: Improvement to Algorithms Sees 15% Increase in Detection of Advanced Email Threats
by Jhamat Mahbubani Tuesday, September 13th, 2022
Innovations in machine learning have fundamentally changed the email security landscape.  And in order to stay ahead, and to ensure that we are protecting our customers from new and advanced email threats, we need to continually improve our machine learning algorithms. Most recently, Tessian’s data science team updated our platform’s Behavioral Intelligence Modeling algorithms to detect advanced social engineering threats. The result? A 15% increase in the detection of advanced email threats including impersonation spear phishing and account takeover (ATO) attacks.
The growing threat of advanced social engineering attacks  Social engineering attacks like impersonation and ATO attacks are a growing threat, with ATO attacks witnessing +300% growth over the last three years.  Impersonation and ATO attacks are a notoriously difficult type of advanced email threat to detect and prevent. This is because the threat actors either impersonate a trusted party or, in the case of ATO, the emails originate from a legitimate source, either within the organization from an already compromised account, or from a compromised vendor in the supply chain.  Traditional, rule-based email security solutions, like Secure Email Gateways (SEGs), which enterprises have been reliant on for decades, offer little protection against these types of attack. Why? Because legacy solutions like SEGs and built-in security from cloud providers are unable to detect adaptive and unknown threats with no prior indicators of compromise reported.  This makes the case for why security and risk management teams must move away from a rule-based approach to one that analyzes behavior instead.  This behavioral approach should leverage machine learning, Natural Language Processing (NLP), Behavioral Intelligence and Global Threat Feeds to automatically determine whether an email sent to an end-user at a particular time is an advanced threat.
A machine intelligent approach to email security Encouragingly, an increasing number of security leaders are realizing the need to adopt machine intelligent solutions to tackle the persistent threat of advanced email attacks. In fact, over half of cybersecurity leaders (58%) surveyed in a 2022 Forrester Consulting report said that they are actively looking to displace SEGs for the next generation of email security solutions. These solutions, like Tessian, leverage machine learning to help organizations mitigate risk on email.  The importance of machine learning powered cybersecurity solutions was similarly recognized by IBM’s Cost of Data Breach Report for 2022. IBM reported that the average cost of a data breach was $3.05 million less in organizations that deployed security artificial intelligence (AI) versus those that had not. What’s more, 66% of security leaders from across the world believe that AI and Machine Learning enables faster threat detection on email and 56% say it makes threat detection more accurate.  Continual improvements to our algorithms are important to ensuring we quickly and accurately detect new and unknown threats on email – keeping our customers and their data safe and secure.  Learn more by speaking to our experts and seeing our machine learning algorithms in action. 
Read Blog Post
Integrated Cloud Email Security
Product Update: Enhanced Event Triage to Speed Up Detection and Response to Malicious Emails
by Tessian Thursday, September 1st, 2022
Introducing our latest product update, designed to improve security event triaging efficiencies for security admins using the advanced email threat prevention module, Tessian Defender, in the Tessian portal.  The enhanced event triage update not only provides security admins with greater control and confidence in preventing advanced threats coming into corporate inboxes, but it also gives valuable time back to security teams. How does it work?  When Tessian flags an email as potentially malicious, security admins quickly analyze the email within the Tessian portal. After analyzing the email, they can assess whether the email is malicious or not. If the email is deemed safe, the security admin can release it to all of the end-user’s inboxes with a single click and if it’s malicious, they can delete the email from the end-user’s quarantine as well as delete the released copy from the user’s inbox with a single click. As a result, security teams can significantly reduce the risk of an end-user interacting with a malicious email.    This capability extends to bulk remediation of large scale phishing attacks – a.k.a. burst attacks – that affect multiple end-users.
The update builds on our previous update which improved the visibility for security admins to view the full body of flagged emails and label workflow.
Greater efficiency and control for the Security Operations Center Triaging security incidents on email is a time intensive task. In fact, research shows security teams that rely on legacy email security software spend as much as 9-12 hours detecting and responding to each email security incident.  With this latest product update in the Tessian portal, our customers are able to cut the time spent on event triaging down to minutes, significantly reducing the risk of an end-user engaging with a malicious email and reducing the administrative burden for security admins
Every one of our product updates are part of our continuous effort to improve the experience we provide our customers and give security teams peace of mind and confidence in their email security solution.  To see how the Tessian Cloud Email Security platform intelligently prevents ransomware attacks, and protects against data loss, watch a product overview video or book a demo
Read Blog Post
Integrated Cloud Email Security
Product Update: Tessian Enhances Portal Navigation to Help Security Teams Respond to Incidents Faster
by James Alliband Monday, August 22nd, 2022
We are always looking at ways we can improve product efficacy and user experience for our customers. Our latest update – a new and enhanced portal navigation system – achieves just this. It enables security teams to prevent, detect and respond to threats coming into and out of the inbox in a much more efficient way. 
New and enhanced portal navigation system This new navigation system in the Tessian Cloud Email Security Platform significantly improves security team incident response time, making them more efficient in triaging email security incidents.  Today, security teams that rely on traditional email security defenses spend as much as 9-12 hours detecting and responding to each email security incident. New navigation enhancements The enhanced portal navigation reduces this administrative burden, helping security teams to work smarter, not harder, by giving them time back to spend on more important tasks. The navigation has been restructured to the two main use cases of the Tessian Cloud Email Security Platform:  Email Threat Prevention   Data Loss Prevention 
Accelerating response times with new navigation bar We have also updated the portal with a new navigation bar allowing quick navigation between insights and security events, so that teams can get to the content they need, faster.  We have also updated the portal’s overall design to give it a fresh and more appealing look and feel. This latest enhancement to the user experience is a testament to our continuous investment in innovation to deliver a first-class customer experience. Don’t just take our word for it, read these Gartner Peer Insights…  The new and improved portal navigation and user interface has been rolled out to all of our existing customers.
To see how Tessian prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo. For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn  
Read Blog Post
Integrated Cloud Email Security
Phishing, Email Breaches and Multi-Factor Authentication Compromise Take Center Stage at Black Hat 2022
by Tessian Tuesday, August 16th, 2022
After almost three years of pandemic induced disruption, Black Hat 2022 marked the return to a semblance of normalcy in Las Vegas. The number one hot take from 2022’s show was the hope for the pandemic to finally be behind us.  One aspect, however, that will never be the same again is the rapid shift to distributed computing environments, across the world. This explains why cloud adoption is growing at an unprecedented scale, with Gartner forecasting almost $500 billion will be spent on cloud services in 2022, with the figure rising to nearly $600 billion by 2023.  Increasing complexity and a rapidly expanding attack surface area are some of the main drivers, according to former CISA director Chris Krebs in his opening keynote, of why cyber risk is going to get worse before it gets better. Krebs also called on the cyber community and the government to continue bolstering efforts to address cyber risk.
Phishing and multi-factor authentication compromise Phishing and multi-factor authentication (MFA) compromise were among the dominant threats covered by established and emerging security vendors at Black Hat 2022. Trying to stay relevant, one of the legacy email security solutions unveiled machine learning capabilities in an attempt to address cyber threats that are increasingly able to bypass secure email gateways (SEGs). Tessian’s CISO, Josh Yavor and KnowBe4’s Roger Grimes both focussed their Black Hat presentations on the how threat actors are leveraging social engineering to compromise MFA, with Roger underscoring that 70-90% of all breaches are attributed to social engineering, including MFA compromises. Although MFA remains an important security control, organizations have been prone to placing too much faith in this one particular security measure. Although underscoring the importance of MFA, Roger cautioned against the overstated claims that by adopting MFA an organization is near impenetrable.   Tessian’s Josh illustrated how MFA has become an important security control, but that threat actors are able to compromise it via a range of social engineering attacks. Josh ended his presentation with an appeal – only by adopting advanced anti-phishing solutions, that leverage machine learning powered behavioral intelligence to detect threats as they manifest, can the risk of a credential compromise be reduced. Some of the other themes observed at Black Hat 2022 included a focus on addressing cloud and end-user cyber risk, with a range of solutions that included contextually aware API security, intelligent vulnerability management, end-user isolation for a hybrid workforce, as well as ensuring that security awareness training actually strengthens security culture.  
Cyber risks caused by human error  Coinciding with the annual security conference, several high-profile breaches were trending, including a Lapsus$ ransomware attack on Cisco in early August, as well as Marriott International suffering a third breach since 2018. Both attacks were attributed to employee credential compromise.  In the case of Cisco, the threat actors compromised an employee’s personal Gmail account and gained access to stored credentials in that account. In the case of Marriott, a month prior to the 2022 Black Hat conference, an employee at one of its hotels provided credentials to a threat actor. Both instances underscore the reality that people make mistakes and that a layered security strategy is no longer a nice to have but is essential to reducing the risk of a breach. These instances also validate findings from recent seminal industry security reports including IBM’s Cost of a Data Breach 2022 and Verizon’s DBIR 2022 demonstrating that compromise credentials and phishing are the leading threat vectors.  Similar findings have been echoed in the vendor community, most recently by Palo Alto’s Unit 42, showing that 70% of its incident response is attributed to business email compromise and ransomware related attacks.
The future of cybersecurity is in the cloud Breaches are increasing in frequency as well as costs associated with a compromise, with the average breach cost now costing victims an average of $4.35m. That number jumps to $10.1m if you happen to be in healthcare. Only by leveraging best-in-breed cloud native security solutions will increasingly advanced attacks be detected and prevented. Cloud native security solutions benefit from not carrying technical debt from an on-premise world, but rather have the advantage of being engineered from the ground-up for adaptive, cloud-based threats. For example, Tessian’s Intelligent Cloud Email Security Platform has behavioral intelligence at its core – enabled by machine learning, using Natural Language Processing (NLP) and Natural Language Understanding (NLU) – is able to detect threats as they manifest, in real-time. This includes threats that have been able to circumvent initial security controls such as MFA or legacy static, rule-based email security solutions like SEGs.
To see how Tessian prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo.   For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn
Read Blog Post
Podcast, Compliance, Interviews With CISOs
Lola Obamehinti on What Good Security Awareness Training Looks Like
by Tessian Saturday, August 13th, 2022
With a wealth of experience in developing and leading security and awareness programs at companies including eBay and TIAA, Lola Obamehinti knows what makes a good program. Lola, the founder of Nigerian Techie and former ,  joined Tim Sadler, Tessian CEO and co-founder, on the RE:Human Layer Security podcast to discuss security and awareness training – why it matters, how to make it effective, and the secret to keeping employees engaged. Tim and Lola also discussed diversity in tech, with Lola reflecting on the work that remains and how to increase inclusivity and diversity in the industry. Listen to the whole episode or read on for some key Q&As from the interview. Q: Why is security awareness so important in organizations today? A: Security awareness and training are crucial for every organization because employees need to understand their role in protecting confidential company data and information. When cybercriminals target a company and attempt to gain access to networks and systems they do not only target IT or tech employees. Each and every employee has the potential to be a target, regardless of their role. So it is really important to equip employees with the proper tools to identify phishing attacks and other methods that cybercriminals may use to infiltrate an organization. Q: What does a good security awareness program look like? A: Effective security awareness and training programs require a multifaceted approach. It is not just training, and it is not just security awareness events or communications – it is all of those elements working together. You could even divide security training up further into phishing simulations, which then feed into additional security training, alongside required security training (that could also be role-specific). The communications pieces and events also play a big role because you need to let the employees know where they are missing the mark, and also lead effective security awareness events. Finally, you need to use data to track the progress of all of those particular programs. This well-tracked, multifaceted approach really helps to keep security at the forefront of employees’ minds, and in my opinion, is what works best.
Q: How do you improve a pre-existing program and engage employees? A: Additional funding is the best way to improve a pre-existing program. It may seem like the easy answer, but in my experience, I have noticed that security awareness and training is one of the parts of security that is often a bit underfunded. Companies often say that additional funding isn’t necessary, but whenever an incident happens security awareness and training is one of the first teams that is notified. Now when it comes to the content of the program, context is key. To engage employees and help them retain information, you need to provide context to the lessons you are teaching them. For example, when I was leading security awareness and training at eBay, we were entirely remote, so ensuring employees were well engaged was a key focus. One of the things we did was in January after the popular Coinbase advert that was shown at the Superbowl. The advert featured a QR code bouncing around the screen, similar to a bouncing DVD logo. So, I wrote an article about protecting yourself against QR code phishing, using the advert to provide context. The engagement was huge – a few of our engineers even created their own QR codes! Until then I didn’t think that level of engagement was possible, but it just goes to show what happens when employees are truly interested in a topic. You just need to make it relevant to them.
Q: What diversity and inclusion work is left and how can leaders help? A: Right now, there is a lot of work left to do in the industry when it comes to diversity and inclusion. The security industry reflects the greater technology industry where there is not a lot of representation. Even for San Fransisco-based companies, the representation of Black, Indigenous, and People of Color (BIPOC) teeters around 2-5%, which is really really disheartening. Particularly because in 2014 a lot of the major tech companies started releasing diversity reports, but the numbers really haven’t moved since. To change this I believe that the gatekeepers, from hiring managers to executives, need to give opportunities to individuals who might not have a traditional path. Maybe they just have a passion, maybe they have done a lot of extracurriculars like starting a podcast or YouTube or Discord to educate other individuals on security. They may not have the right certifications, but those individuals should be given more opportunities at entry-level or even management. Also, for the individuals who are already in the industry – if they don’t feel included or like there are proper opportunities for advancement they leave. We have all seen the lawsuits that are being brought against Google and other tech organizations where people have been discriminated against, experienced racial microaggressions, and were not promoted or compensated fairly. So the work doesn’t stop once you have a diverse workforce – you need to make them feel continually included. Finally, I would like to highlight that diversity is not just about BIPOC. It can be gender, background, or socioeconomic status, it can be anything. I think of diversity as diversity of perspective and thought – and it is so important for the overall success of a company.
Read Blog Post
Integrated Cloud Email Security, Interviews With CISOs
Hot Takes: 8 Ways to Strengthen the CISO and CFO Relationship
by Tessian Thursday, August 11th, 2022
As cyber risk continues to escalate, strategic collaboration between the Chief Information Security Officer (CISO) and Chief Financial Officer (CFO) is becoming more important.  In a recent webinar discussion between Tessian’s CFO, Daniel Kim, Jason Thomas, CIO at Cole, Scott and Kissane and Steve Kinman, CISO at Snyk, we talked about the key elements to addressing cyber risk at a strategic and fundamental level.  What did we uncover? Ultimately, the CISO and CFO roles are changing, and collaboration between these two important stakeholders is essential for businesses to mitigate cyber risk, while also driving business objectives forward. The panel also outlined some of the key principles necessary for enabling a dynamic risk mitigation and business value-led partnership.
1. Focusing on cybersecurity fundamentals  The risk for a cyber breach and the costs associated with breaches are increasing. In fact, the 2022 Cost of a Data Breach Report from IBM revealed that the cost of a data breach now stands at $4.35 million, up 13% from 2020.  According to Jason Thomas, CIO at Cole, Scott and Kissane, security leaders must focus on the security fundamentals as a starting point. This includes understanding your environment i.e. classifying your assets, knowing what you have from a technology and people standpoint, as well as the degree of cyber risk faced by your organization.  
2. Quantifying cyber risk  For Daniel Kim, CFO at Tessian, moving away from a binary quantification of cyber risk is the first and important step to addressing increasing cyber risk, so too is appreciating that “the risk is never going to be zero.”  As a next step, he says, it is important that companies also appoint C-suite steering committees that should operate in a similar fashion to disaster risk committees. This would move companies out of a reactive to a proactive position on cyber risk mitigation. 
3. Prioritize cybersecurity spending Prioritizing cybersecurity investments can often face questions of relevance from other business leaders on the value that these investments would add to the company. For Jason it is essential that company leaders ask themselves, “how much is one hour of downtime worth to the company.” For Steve Kinman, CISO at Snyk, many companies are still struggling to adequately prioritize cybersecurity program development, stating “what I hear a lot from teams is that they’re doing a lot of ad hoc security planning…and there’s no-rollup of that information to the C-suite or board.”  Every cybersecurity initiative, he says, must be aligned with the business and its objectives.    
4. Cyber risk as a financial risk On the growing importance of CFO and CISO relationship building, Tessian’s Dan underscores that the growing importance rests on two important aspects, namely the frequency and the impact of risk.  On frequency of risk, it is imperative that leaders understand what risks exist in their environment. This can range from natural, geopolitical, financial and cyber risk. On impact, the increasing costs associated with cybersecurity events, including loss of revenue, downtime, to the loss of data and IP, have rendered cyber risk as a financial risk, says Dan. Combined with regulatory changes that will result in the C-suite being held personally liable for cyber breaches is essentially elevating the importance of dealing adequately with cybersecurity risk – with Dan adding, “reacting to a breach after the fact is no longer a good business model.”    
5. Healthcheck on the CISO and CFO relationship Synk’s CISO Steve noted that for the majority of organizations a disconnect between the CISO and CFO is apparent, noting many CFOs don’t understand cybersecurity terminology and do not understand the real cyber risk facing their organizations. It’s important to shift the conversation from cyber risk to business risk. Touching on the evolution of the CISO role, Jason states it is critical that security leaders understand the fundamental financial aspects of the business in order to prioritize investments to address these risks.     
6. The importance of ROI Having measurable return on investment (ROI) from your security tools is non-negotiable for every business. For Jason, this entails conducting routine audits on the security tool efficacy. Not being able to get the data out of the tools and demonstrate what impact they are having leaves you unable to determine whether the tool is performing as expected and is delivering ROI. Using  a framework that categorizes the investment by the following criteria for Dan is helpful:   investments that generate revenue investments that cut cost investments that manage risk   Every business leader – including CISOs – need to be able to translate their area of expertise and programs underway to business outcomes, according to Dan. Learning how to speak the same risk language, being the catalyst for change and making it a collaborative journey is so important to achieving business outcome success.     
7. Become an effective C-suite communicator  It’s only once a breach has happened that cybersecurity programs are prioritized. This, according to Steve, is the well-known mantra of “not wasting a breach” to increase the cybersecurity budget.  Although this approach is commonly used in the industry, there is a need for a more proactive approach. Steve cautions, however, that security and risk leaders need to be tactical with their asks for additional cybersecurity investments – you need to have a well developed and well-communicated cybersecurity strategy in place first. Additionally, overcoming communication obstacles that may exist between the CISO and the C-suite, requires developing a set of metrics for reporting that conveys maturity of the program, rollout according to timeframes, and being able to show how risk is trending. The C-suite and board require a different type of language than most security practitioners are familiar with  – don’t go too deep on security jargon.    
8. Overcoming the cybersecurity perception problem In a 2022 Tessian study, we found that only 58% of employees believe that senior executives at their  company value cybersecurity. For Steve, recognizing that most companies recognize that cyber risk is the number 1 risk, and that’s where the acknowledgement stops.  Even large corporations don’t demonstrate how essential cybersecurity and cyber risk mitigation are to their overall growth strategies. Cyber risk needs to be intertwined in the business plan and commonly understood by all of the business units. When cybersecurity risk is not referenced in the business plan that is where the perception of cybersecurity not being valued manifests from. Jason and Dan agree that security awareness training needs to be ongoing and doesn’t need to be overly complex. Jason uses a constant messaging approach to drive security awareness on the risks being seen in the industry and measures his team have in place to safeguard his company.  
Building a Long-Term Relationship The importance of strategic collaboration between CFOs and CISOs is coming into sharper focus, particularly as cyber risk continues its upward trajectory.  For organizations that are behind the technology adoption curve, according to Dan, cybersecurity risk can no longer be seen as a standalone, siloed IT project, but rather it needs to be seen as key business risk facing the enterprise. Sharing information and intelligence i.e. constant communication on breaches threat trends in the industry as well as demonstrating what measures are in place helps Jason and his team build trust with the C-Suite.   Steve advises, it can be very intimidating to think that the CFO doesn’t care about cyber risk, get over that fear, go and speak to your CFO, build that relationship.  Building an effective relationship between the CFO and CISOs takes collective effort, as well as a shared view on the extent of cyber risk facing the organization. Having a well-oiled partnership between these two important business stakeholders can both mitigate cyber risk and as well as deliver success on business objectives.     
To see how Tessian prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo. For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn
Read Blog Post
Integrated Cloud Email Security, Email DLP
Tessian Recognized as a Representative Vendor in the 2022 GartnerⓇ Market Guide for Data Loss Prevention
by Negin Aminian Tuesday, August 9th, 2022
Tessian has been recognized by Gartner in the Market Guide for Data Loss Prevention (DLP) 2022 as a Representative Vendor for next generation DLP. Gartner makes the distinction that, “DLP is a mature technology, but the emergence of tools with a focus on cloud and insider risk management use cases has provided SRM leaders with the option to invest in a next-generation data security tool.”  State of the DLP market and why email matters The need for cloud native DLP tools is growing in-step with increased public cloud adoption, and the report mentions that, “In 2021, Gartner fielded 29% more client inquiries on the topic of DLP than in 2020.” In the latest Gartner forecast, “Worldwide end-user spending on public cloud services is forecast to grow 20.4% in 2022 to $494.7 billion, up from $410.9 billion in 2021, according to the latest forecast from Gartner. In 2023, end-user spending is expected to reach nearly $600 billion.” Email is a significant threat vector for data loss. In separate research conducted by Tessian (2022), the risk for a data loss event occurring via email is high, with nearly 60% of organizations surveyed having experienced an email data loss incident due to an employee mistake in the last 12 months. Email was also identified as the riskiest channel for data loss, followed by cloud file-sharing and instant messaging platforms.   Gartner underscores the importance of addressing data loss risk on email due to the fact that “email is one of the most prevalent means of sending information and a priority for most clients.” And in reference email security DLP capabilities, Gartner states:   “Some email security vendors’ solutions can also address accidental data loss use cases, such as the sending of email to the wrong recipients or the sending of wrong attachments. These solutions use artificial-intelligence- based algorithms to track users’ email patterns and notify users if they may be accidentally sending sensitive information.”   These intelligent email DLP capabilities are native to Tessian, having the ability to prevent misdelivered emails and misattached files from being sent, as well as preventing malicious attempts at email data exfiltration.   Key findings from the Gartner Market Guide for DLP The report identifies three key findings: “Data loss prevention programs that are not tied to specific initiatives and goals are indicative of immature data security governance. Traditional DLP vendors that focus on conventional and data specific content inspection methods, can lead to fatigue and a siloed view of data movement. Legacy DLP tools rely on detection methods that were developed for on-premises workloads. Cloud migration has complicated the vendor selection process for clients, since these legacy approaches to DLP often are no longer viable.”   Some of the key recommendations include: “Define a DLP strategy based on data risk and the needs of the business.” Invest in a DLP solution that not only provides content inspection capabilities but also offers extra features such as data lineage for visibility and classification, user and entity behavior analytics (UEBA), and rich context for incident response. Overcome the challenges presented by a cloud-first strategy by implementing a solution to map and secure sensitive data across the hybrid environment.”
How Tessian protects against accidental and intentional data loss on email Tessian’s unique approach to securing the email ecosystem and preventing email data loss hinges on three pillars: Enabling intelligent and automated email security that leverages machine learning powered behavioral intelligence to detect both known and unknown threats, in real time. This prevention capability extends to automatically preventing email data loss from both malicious insider and accidental data loss use cases. Improving security operations (SecOps) efficiency by preventing data loss events from becoming incidents, reducing the time spent triaging incidents, as well as time spent configuring static DLP rules. Strengthening security culture by creating a positive end-user experience by empowering end-users to make the right cybersecurity decisions.
An intelligent approach to cloud email security  By leveraging machine learning powered behavioral detection, Tessian’s cloud email security platform is able to prevent both accidental and malicious data loss attempts from becoming incidents – ensuring data security compliance, while reducing the burden on SecOps.  Combined with contextual, in-the-moment end-user warning banners, security culture is strengthened by empowering end-users – through a range of DLP policy enforcement options – to make the right security decisions. Want more information on how Tessian can protect your organization against email DLP? Click here to schedule a demo.
To see how the Tessian Intelligent Cloud Email Security platform prevents insider threats and protects against DLP, watch a product overview video or book a demo. For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn.       Gartner, “Market Guide For Data Loss Prevention”, Ravisha Chugh, Andrew Bales, July, 19, 2022. Gartner Disclaimer: GARTNER is registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Read Blog Post
Integrated Cloud Email Security
How to use phishing tests and in-the-moment cybersecurity awareness training to strengthen your cyber defenses
by Andrew Webb Tuesday, August 9th, 2022
The saying goes that your organization is only as strong as its weakest link. When it comes to cybersecurity, that weakest link could be an individual who inadvertently responds to a phishing email and exposes sensitive data to hackers. That’s why finding the weakest link within your organization and strengthening it is a top priority for IT leaders and CISOs. One of the most widespread methods of testing employees’ cybersecurity awareness is through phishing tests. However, these tests have gained some notoriety in recent years and are seen by many as punitive and ultimately ineffective. In this article, we take a look at the different types of phishing test used by organizations and explore best practice in how to conduct them. We ask whether phishing tests are the most appropriate way to identify cybersecurity weaknesses and educate your workforce – and offer an alternative solution. What are phishing tests? Phishing tests are used by IT teams to assess the cybersecurity awareness of employees. Mock phishing emails or webpages are created by the IT team and sent out to employees. They are intended to look like genuine emails, just like phishing emails sent by hackers. The hope is that employees will identify something suspicious about the email and report it. IT teams collect information about which employees report the suspicious emails and which open the email and click on the links or attachments within them. What is the purpose of phishing tests? The aim of phishing tests is to help employees understand the different ways phishing attacks may be conducted, so they learn to identify suspicious features and avoid clicking on malicious links. The results of phishing tests help IT teams to understand the level of cybersecurity resilience within their organization. They help to identify individuals that could benefit from further cybersecurity training. IT teams can use phishing tests to measure improvements in cybersecurity resilience over time. Initial tests can provide a baseline figure for the percentage of employees that were successfully phished, against which the results from further phishing tests can be measured. This enables IT teams to track improvements in phishing email detection, following cybersecurity training or other interventions.  What are the types of phishing test? Phishing link tests: This type of test involves an email with a misleading link. In a real phishing attack, this link would lead to a malicious website, but in a phishing test it leads to a secure landing page, which records the action and informs the user that they have clicked on a potentially malicious link. It may direct them to further training at this stage. Similarly, emails with suspicious attachments can also be sent, to see which employees click on these potentially insecure files. Data entry tests: These tests may trick users into entering sensitive information into an online form or website. A phishing test email will be sent, which directs the user to a website page designed to look like a genuine data entry form or login page. Reply-To-Test: This test prompts users to reply to the phishing email. In a real phishingattack, replying to the email could provide an entry point for the hacker. Spear phishing: This is an emerging tactic used by cyber criminals, who impersonate a trusted source within an organization, such as a senior director, to target employees within the company. Employees are much more likely to trust an email that appears to come from a director within their company, making spear phishing a particularly difficult fraud to detect. Organizations can simulate spear phishing emails to help raise awareness of the issue among employees, encouraging them to be even more vigilant. How to design and conduct effective phishing tests Ideally, phishing tests should be conducted as part of a structured campaign, so you can gauge the success of any training interventions and measure improvements in the security culture of your organization over time. Your phishing test campaign should progress in terms of difficulty, and mix up the various types of phishing attack mentioned above. The first phishing emails should be relatively simple for employees to identify. Subsequent phishing tests should increase in subtlety and complexity, testing the ability of employees to identify potentially malicious emails. Phishing tests should target people at all levels of the organization, so that no particular group feels unfairly targeted. Before your phishing test campaign begins, you should notify employees that you will be carrying out these tests, without giving away any timings. You want people to feel that these tests are for the benefit of the whole business, and that each individual has a key role to play in protecting the organization from cyber-attacks. You don’t want people to feel that you’re trying to catch them out, so ensure you provide good initial training in how to spot suspicious emails and the various phishing techniques used by hackers. Analyzing phishing test results Your initial phishing test will provide baseline figures for the number of employees that fail to detect the potential threat. In analyzing the results, you need to collate figures on the number of employees that click on the bogus links and the number who report the phishing email. Your aim is to increase the number of employees who report the fake attack. You can do this by running training programs for those who don’t detect the phishing emails, as well as rewarding those who do. As you provide the training required, you should see an improvement in detection rates over the course of your phishing test campaign. What are the problems associated with phishing tests? Phishing tests have begun to attract some criticism, following a number of high-profile examples of bad practice. You must always bear in mind that the aim of these tests is to help educate employees and bring them onside in your efforts to combat cybercrime. All too often, phishing tests adopt a ‘gotcha’ approach, followed by what is perceived as punishment training for those caught out. One high-profile example from website hosting company GoDaddy in 2021 saw the company send an email to 500 employees offering a $650 holiday bonus. Those who clicked on the link were rewarded not with a bonus, but with a dose of cybersecurity training. This type of phishing test seems designed simply to catch people out. It’s easy to see how this can have a detrimental impact on employee morale, rather than helping to foster a strong security culture. Our recent Security Cultures Report found that only 33% of respondents have had a positive experience with phishing simulations, and 18-24 year olds are up to three times as likely to have had a bad experience. So when we saw this tweet, we were hardly surprised. This is a classic example of a dysfunctional security culture. The result is fear and paralysis in the workforce that could affect people’s ability to do their work.  Thanks to research by Dr. Karen Renaud and Dr. Marc Dupuis we know that unleashing fear, uncertainty and doubt on a workforce doesn’t work. It cripples decision making, creative thought processes and the speed and agility businesses need to operate in today’s demanding world.  What are the most ethical and appropriate ways to use phishing tests? As we’ve discussed before, it’s extremely difficult to stop people clicking on links in emails – because responding quickly to emails is simply part of their job. Most employees’ in-boxes are a revolving door of links to documents, webpages, forms, and databases. Weeding out the malicious emails from this avalanche of messages is no easy feat. When done properly, phishing tests can be a powerful tool in building your security culture. They can offer valuable research insights and data to help your organization improve its suite of security measures. We believe phishing tests should be used as an opportunity to better tune your organization’s cybersecurity filters and defenses, not to single out individuals for further training. That’s because, in reality, a user failure is really a technical failure in your organization’s security defenses. With the proper IT security systems in place, those phishing emails should never get through to employees in the first place. Blaming busy employees for clicking on malicious links is really just passing the buck. What are the alternatives to phishing tests? How did you learn to swim? You probably didn’t sit through an hour-long presentation about it, watch a video, then do a ‘fun’ quiz. You got in the water and worked things out ‘in the moment’. Your senses and instincts flagged potential dangers like getting out of your depth or diving too deep. Good security training is the same. Training people away from their day-to-day working environment removes the connection between the danger, and where that danger is experienced. When Tessian detects a threat, like a spear-phishing email, it generates a security warning message that the recipient has to respond to. It’s written in plain English and explains why the email was flagged.   This type of in-the-moment training offers a far more user-friendly way to improve cybersecurity resilience than trying to catch employees out with phishing tests. It enables employees to learn as they work and raises awareness of the risks that may be lurking in their inbox.  Building a robust cybersecurity culture  It takes time and effort to develop a robust security culture that everyone subscribes to. It’s hard work for IT teams who are fighting many other issues and problems. But, according to our research, security leaders underestimate just how much they should be a part of the employee experience.  IT leaders need all the help they can get when it comes to getting employees on board in their efforts to combat cyber-crime. That’s why in-the-moment cybersecurity training can play such an important role in progressively enhancing your organization’s cyber defenses from within.  Our 2022 Security Culture Report is a good place to start your journey to a stronger security culture. Download it here.   
Read Blog Post
Integrated Cloud Email Security, Advanced Email Threats
How to Prepare for Increasing Cyber Risk
by Tessian Wednesday, July 13th, 2022
Each year it seems we are met with new complex challenges and risks that few could have predicted. In turbulent times, it is prudent to take stock of what business and security leaders can control. Allocating dedicated resources to more effectively manage both known and unknown risk is fast becoming essential to shore-up organizational resiliency.   Turning the focus to the sector that is germane to what we do at Tessian, effectively managing cybersecurity risk is now more critical than ever. In fact, cybersecurity risk is now considered the number 1 risk faced by businesses according to Allianz’s 2022 Global Risk Barometer, followed by business interruption (2) and natural disasters (3).   Read on to learn more about some of the key cyber risks organizations are faced with today, and how best to mitigate it.
Cybersecurity risk is increasing The costs associated with breaches are increasing each year. The global cost and impact of cybercrime damages is expected to reach $10.5 trillion in damages by 2025 – representing a 350%+ increase from 2015.    A sign of the worsening cyber risk can be seen in the cybersecurity insurance industry. Given the high number of recent claims, up by 500% in 2021, has resulted in cyber insurance premiums seeing significant escalations – essentially doubling over the past year. And as a result of recent developments in Ukraine, leading insurers are now excluding suspected nation-state cyber attacks from coverage provisions.  
Persistent and increasing email security risk   Due to its open nature, email remains the preferred method for delivering a malicious payload, including ransomware – responsible for up to 95% of breaches. Email also attracts the greatest investment in the attacker value chain and is the riskiest channel for data loss.    Until recently, detecting and preventing email threats relied on static, rule-based solutions like Secure Email Gateways (SEGs). These solutions are only able to detect known threats because they rely on a threat detection engine of already documented threat campaigns. But threats have become more advanced and are proliferating at an alarming rate, with the net result these threats are going undetected by SEGs and are reaching victims’ mailboxes.   According to Verizon’s DBIR 2022, email-delivered social engineering attacks are growing in complexity, with phishing responsible for 60% of these attacks. In addition, the FBI reported that $43 billion has been lost globally due to Business Email Compromises (BEC) in the past 5 years, with a 65% increase in BEC fraud related losses reported globally in the period 2019 to 2021.  
The growing ransomware challenge   Advanced cyber threats like ransomware are also trending in the wrong direction. Ransomware related damages exceeded $20 billion for 2021 – representing a 57x fold increase from 2015. By 2031 ransomware damages are expected to reach $265 billion. Responsible for 75% of cybersecurity insurance claims, Ransomware-as-a-Service offerings are mainstreaming the ability to carry out devastating ransomware attacks.    Russia-based Conti ransomware gang aka Wizard Spider has been linked to 50 incidents in April 2022 alone, including attacks on the Costa Rican and Peruvian governments. Currently there is a $15million bounty on Conti from the US government – indicative of the scale of the problem. The FBI estimates that over 1,000 Conti ransomware victims have paid in excess of $150 million in ransom in the past year.    Also concerning is the increasing proliferation of wiper-malware seen in 2022 in cyber attacks against the Ukraine in 2022. Disguised as ransomware, wiper-malware essentially wipes all data from infected hosts. In response to the growing ransomware threat, CISA announced the formation of a ransomware taskforce at the end of May 2022.   
Software supply chain vulnerability   Software supply chain cyber risk is another leading concern for CIOs and CISOs. The acceleration of digital transformation and cloud adoption, and increased speed of deployment through DevOps processes, have resulted in dramatically expanding the attack surface area with vulnerable code and applications exposed online.    Software supply chain attacks remain a vulnerable element given the high impact and high reward for the attackers as has been demonstrated in the SolarWinds and Kaseya attacks. 
Final thoughts for staying safe in a volatile cybersecurity environment   Prioritizing cybersecurity program development is now a core aspect of effective organizational risk management. There however remains a collective need in the vendor and the broader business community to elevate and educate executives particularly at the board level, on the importance of proactive cybersecurity risk management.    Assume you will suffer a breach. From this risk-aware position think about the proactive steps you can take to improve your cyber resilience. The escalating email, ransomware, wiper malware and supply chain vulnerability risks underscore the imperative for investing in intelligent and agile cybersecurity defenses.   Continuously seek out innovative solutions that keep your environment safe, while at the same time ensure high degrees of employee engagement on the importance of security awareness.  
To see how the Tessian Intelligent Cloud Email Security platform  prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo. For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn
Read Blog Post
Integrated Cloud Email Security, Email DLP, Advanced Email Threats
What is an Integrated Cloud Email Security (ICES) Solution?
Thursday, July 7th, 2022
In recent years, the shift away from on-prem email platforms to cloud-based platforms has been dramatic, with Gartner estimating that 70% of organizations now use cloud productivity suites like Microsoft 365 and Google Workspace. But as email migrates from legacy on-prem approaches to the cloud, securing these cloud based services becomes the next big challenge. Enter Integrated Cloud Email Security.
What is an Integrated Cloud Email Security (ICES) Solution? The term ‘Integrated Cloud Email Security (ICES)’ was coined in the Gartner 2021 Market Guide for Email Security. ICES solutions were introduced as a new category, and positioned as the best defense against advanced phishing threats that evade traditional email security controls.   ICES solutions are cloud-based, and use APIs to detect anomalies in emails with advanced techniques such as natural language understanding (NLU), natural language processing (NLP) and image recognition. Using API access to the cloud email provider, these solutions have much faster deployment and time to value, analyzing email content without the need to change the Mail Exchange (MX) record. Taking it one step further, ICES solutions can also provide in-the-moment prompts that can help reinforce security awareness training (SAT), and are able to detect compromised internal accounts. In the report, Gartner reflected on the future of ICES solutions, suggesting that they would eventually render SEGs redundant: “Initially, these solutions are deployed as a supplement to existing gateway solutions, but increasingly the combination of the cloud email providers’ native capabilities and an ICES is replacing the traditional SEG.”
Gartner predicts that by 2023, at least 40% of all organizations will use built-in protection capabilities from cloud email providers rather than a secure email gateway (SEG)… But why? In short, legacy SEGs are no match for the cyber threats of tomorrow. Email is responsible for 96% of cybersecurity breaches, making it the greatest threat vector. In fact, in the 12 months between July 2020 and July 2021, Tessian detected 2 million malicious emails that had bypassed SEGs. So why are traditional SEGs not fit for today’s cybersecurity landscape?
Rule-based approaches don’t cut it SEGs were developed in 2004 with on-premise email servers in mind and use a rule-based approach to threat detection. They use deny lists, allow lists and signatures for message authentication to help stop attacks – with these lists created using threat intelligence. They are reactive by design, and protect email data against threats that are already known. This means that SEGs offer no protection against zero-day attacks (a significant and growing threat vector), and are easily evaded by attackers using advanced social engineering campaigns. SEGs also fail to detect business email compromise (BEC), account takeover (ATO) and advanced spear phishing attacks.
The migration to the cloud More and more, organizations are adopting SaaS offerings like Microsoft 365 – which have SEG capabilities natively included. This shift was well underway before the pandemic, but has since been accelerated with data suggesting that ICES solutions are here to stay and will displace SEGs from the cybersecurity stack.. The rise of offerings like Microsoft 365 and Google Workspace and the move away from SEGs comes as no surprise, with enhanced functionality at the platform level that can include: Blocking emails from known bad senders Scanning attachments with AV Blocking emails with known bad URLs Content analysis to identify SPAM Given these native SEG-like capabilities in cloud productivity suites, makes ICES solutions the perfect supplement to ensuring comprehensive email protection. ICES solutions are so effective because they  provide protection against many of the threats SEGs fail to detect – when used in combination with SaaS offerings like Microsoft 365.
What are the benefits of ICES solutions? ICES solutions offer more than just threat detection. Key features of ICES solutions  can include: BEC and ATO Attack detection using NLU, NLP, social graph analysis and image recognition Context-aware banners to warn users Phish Reporting Mail Security Orchestration, Automation and Response (MSOAR) capabilities to assist in automatic reclassification of emails and removal from inboxes
How to evaluate ICES vendors The number of  ICES solutions available on the market is continually growing. There are a few key things you should consider when evaluating which ICES solution to use. Taking a look at your current email security framework and comparing it to your end goal, the following elements should be analyzed: Time-to-value, return-on-investment time horizon Cost of effort to install and manage False positive rate ML- and AI-based technology to detect advanced social engineering attacks including BEC and ATO attacks Ability to analyze and map conversation history Computer vision to analyze suspicious data and links in emails User education controls to reinforce training, including context-aware banners and/or in-line prompts Ability to analyze emails prior to delivery to the end user API integration  of email events into Extended Detection and Response (XDR) or Security Information and Event Management/Security Orchestration, Automation and Response (SIEM/SOAR) solutions Still struggling to decide? Have a look at the 2021 Gartner Market Guide to Email Security, which contains further information on ICES vendors, including Tessian.
Why choose Tessian? Tessian was recognized as a Representative Vendor for Integrated Cloud Email Security (ICES) in the recently released 2021 Gartner Market Guide for Email Security.   What sets Tessian apart from other ICES solutions is its advanced email security and email data loss prevention (DLP) capability, including: Advanced Spear Phishing Protection Advanced Attachment and URL Protection   Internal Impersonation & CEO Fraud Advanced Spoof Detection Counterparty & Vendor Impersonation  Brand Impersonation External Account Takeover  Invoice Fraud Bulk Remediation Automated Quarantine  Threat Intelligence Tessian also offers protection against both malicious and accidental data loss, in-the-moment security awareness training for suspected phishing emails and in-the-moment security awareness notifications. 
To summarize, there are four key Tessian differentiators: Threat prevention: Tessian protects against both known and unknown email attacks, including business email compromise, account takeover, spear-phishing, and all impersonation attacks that bypass SEGs, M365, and G Suite. Protection also includes class leading email DLP. Education and awareness: With Tessian’s in-the-moment training, organizations can educate and empower users to build continuous email security awareness  Reduced admin overhead: Tessian removes the burden on SOC and admins by automating repetitive tasks such as maintaining triage and review. This eliminates the need for human verification of email threats, reducing FTE requirements. Data-rich dashboards: With Tessian, security teams have clear visibility and the ability to demonstrate clear ROI   To find out more about Tessian as an ICES solution, and the key findings listed in the 2021 Gartner® Market Guide for Email Security, click here. 
Read Blog Post
Integrated Cloud Email Security, Email DLP, Advanced Email Threats
Buyer’s Guide to Integrated Cloud Email Security
by Tessian Tuesday, March 29th, 2022
The next generation of email security, referred to by Gartner as Integrated Cloud Email Security (ICES) solutions, bring a fresh approach to solving increasingly sophisticated and elusive email security threats. Here’s what to look for when choosing a ICES. Born in the cloud, for the cloud, ICES solutions are seen as an integral additional layer of email security to complement the native email security capabilities present in cloud productivity suites, such as Microsoft 365 and Google Workspace. At last count, according to the latest Gartner Market Guide for Email Security (2021) there were 13 ICES vendors – giving customers a lot of choice to choose from.  Not every ICES vendor however, offers the same completeness of vision, degree of protection, or intelligent capabilities. This short guide will bring insight on some of the key fundamentals that prospective buyers of an ICES solution should be aware of.
Why is there a need for ICES solutions in the first place? Evidence shows that email remains an important and attractive attack vector for threat actors; according to a recent study, it’s responsible for up to 90% of all breaches.  The fact that the vast majority of breaches are attributed to an email compromise, indicates that the current status quo regarding email security is incapable and insufficient at preventing breaches. This was confirmed in a Forrester survey conducted on behalf of Tessian, with over 75% of organizations reporting on average of 20% of email security incidents getting by their existing security controls. Threat actors are using more sophisticated email-based techniques, and attacks are achieving greater success. This is largely due to the commercialization of cybercrime, with Phishing-as-a-Service and Ransomware-as-a-Service offerings becoming more prevalent on the dark web.  In this new world, threat actors develop exploit kits and offer their services for sale. This has unfortunately led to a dramatic increase in the ability of attackers to find targets. And this explains why the cost of damages from cybercrime is expected to rocket to $10.5 trillion by 2025 – representing a +350% increase from 2015. Digital transformation is another key reason too. Cloud adoption was accelerating prior to the Covid-19 pandemic. In the wake of the pandemic, cloud adoption accelerated even more quickly. This dramatic shift to the cloud has significantly expanded attack surface risk, with employees working from home, and often on personal devices.  This structural shift in computing has also revealed the soft underbelly of legacy cybersecurity solutions built for an on-premise world, including the rule-based and static protection for email offered by Secure Email Gateways (SEGs). And this explains why 58% of cybersecurity leaders are actively looking to displace SEGs for the next generation of email security – with behavioral intelligence and machine learning at the core.
ICES fundamentals  Approach to threat detection and prevention The key differentiator between SEGs and ICES solutions from a threat detection standpoint is that ICES are underpinned by machine learning and utilize a behavioral intelligence approach to threat detection.  The algorithm of an ICES solution develops a historical behavioral map of an organization’s email ecosystem. This historical behavioral map is leveraged along with Natural Language Processing (NLP) and Natural Language Understanding (NLU) capabilities, to dynamically, and in-real-time, scan and detect any anomalous email behavior. Unlike SEGs, this enables these solutions to detect threats as they arise, in real time.  Deployment architecture There are also important differences in the architecture and configuration of ICES solutions from SEGs. ICES solutions do not sit in-line like SEGs, they also do not require MX re-routing, but rather connect either via connect or API and scan email either pre-delivery or post-delivery – detecting and quarantining any malicious email. 
Degree of security automation  ICES solutions also offer a high degree of email security automation, including triaging of security incidents, which significantly reduces alert fatigue and the SOC burden, ultimately improving security effectiveness.
Key differences between SEGs and ICES SEGs ICES Requires MX records changes, sits in-line, acts as a gateway for all email flow Requires no MX record changes and scans incoming email downstream from the MX record, either pre-delivery via a connector, or post-delivery via an API Designed to detect basic phishing attacks, spam, malware and graymail. No zero day protection Designed to detect advanced social engineering attacks including spear phishing, impersonation attacks, business email compromise (BEC), and account takeover (ATO). Advanced zero day protection Static, rule and policy based protection. No intelligent component to threat detection for inbound or outbound, resulting in high false positives and significant triaging of email security incidents  Behavioral and machine learning detection engine for advanced inbound and outbound threats, resulting in greater detection efficacy and lower false positives i.e. less business interruption and more SOC optimization Limited insider threat detection and no lateral attack detection capability. Once the threat has bypassed the gateway the threat actor as unlimited access to the victims’ data and information systems Advanced insider and lateral attack detection capability, stopping threats where and when they arise Basic email field scanning capability. Relies a threat engine of previously identified threats, and static rules and policies All of the email fields are analyzed using machine learning and compared against a historical mapping of email correspondence. Fields scanned include the sender, recipient, subject line, body, URL and attachments Advanced malicious emails go undetected and reach target inboxes. Some of the less sophisticated malicious emails end up in the spam or junk folder – enabling users to accidentally interact with it Advanced malicious emails are detected and automatically hidden from users’ inboxes. With the pre-delivery option, only email that is determined to be safe is delivered. Post-delivery solutions will in nanoseconds claw-back a suspected email determined to be malicious.  No in-the-moment employee security warnings. Security alerts are retroactive and aimed at SecOps, offering no context to employees or the ability to improve the security culture An in-the-moment security notification banner can be added to an incoming or outgoing email indicating the level of risk of the scanned email and the context. These real-time security notifications lead to improved security culture, by empowering employees to take safe action, in real time Basic DLP capability Some ICES like Tessian have advanced DLP capability
Five market differentiators for ICES solutions Not all ICES solutions however, offer the same degree of completeness in product and protection. It is important that prospective customers of ICES solutions understand and interrogate the following key differentiators during the vendor selection process: 1: Completeness of the product offering and product roadmap Does the solution cover inbound and outbound email protection (i.e. does it prevent email data loss events from occurring?) Does it have pre-built integrations with other cybersecurity tools such as SIEMs? 2: Degree of protection offered During the POV it is important to test the efficacy of the algorithm and determine a true baseline of detection, including the % of false positives. Verify the actual results from the POV against the vendors stated claims. 3: Deployment and management overhead Some vendors have unrealistic claims of “protection within seconds” – understanding the actual amount of FTE resources and time needed for deployment is crucial, as well as the product’s ability to scale. Determining the degree of management FTE required for managing the tool on a day-to-day basis is equally important. 4: UX and reporting capability The overall UX including UI for SecOps teams, and feedback from employees after using the product during the POV is essential. Evidence shows that if the UX is poor, the security effectiveness of the tool will be diminished.  Having the ability to on-demand pull or automate risk metric reporting down to the employee level, for inbound and outbound email, is crucial for cybersecurity and risk compliance leaders. 5: Degree of automation Automation is fast becoming a buzzword in cybersecurity. Here buyers need to be aware of the degree of automation that the ICES solution actually delivers, ranging from threat detection to the triaging of threats, as well as risk reporting.
The final word All it takes is one click on malicious content for a breach to take place. When assessing and selecting an ICES solution, it is important that customers consider the above listed criteria as part of their general vendor assessment criteria.   The considerations on the completeness of the product offering and the degree of protection offered should be weighed carefully.  Finally, it’s the human-side that often never gets mentioned in vendor assessments. The experience interacting with the vendor from the first interaction through to the end of the POV should provide key insight into what the future partnership with the vendor will look and feel like.
About Tessian Tessian is one of the few ICES vendors that offers comprehensive protection for inbound threats like advanced spear phishing attacks, as well as outbound protection, preventing malicious and accidental data loss.  Unlike many of our ICES competitors, we don’t treat our customers as test subjects – our algorithm was developed and fine tuned for 4 years before we went live. Due to this level of product maturity, we boast among the lowest percentage of false positives in our industry. We have among the most attractive UI, delivering a phenomenal UX. This includes advanced and automated cyber risk reporting, making security and risk leaders lives’ easier. We never make claims that we can’t back up. We deploy in seconds and protect within hours. Both the deployment and management overhead are extremely efficient due to product maturity and the degree of automation inherent in our product. Finally it’s worthwhile mentioning we take our customers seriously. Here’s what some of them have to about using our product:
Read Blog Post