Request a Demo of Tessian Today.
Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

See a sneak peek of Tessian in action featuring admin and end user experiences. Watch the Product Tour →

Integrated Cloud Email Security

Integrated Cloud Email Security solutions were introduced as a new category, and positioned as the best defense against advanced phishing threats that evade traditional email security controls.  Learn more about what they are, the benefits of using them, and how you can best evaluate those on offer.

Integrated Cloud Email Security
New Technology Integration: Sumo Logic Tessian App
05 October 2021
Tessian is excited to announce a new integration with Sumo Logic that allows customers to understand their risk through out-of-the-box monitoring and analytics capabilities.
Benefits of the Sumo Logic integration Easily and instantly gain visibility into data loss, email security, and insider risks that could potentially lead to data breaches   Quickly analyze incidents in real time, enabling fast prioritization and remediation of threats posed by employee’s risky behavior Combine Tessian’s human risk intelligence with additional data sources to detect anomalies and gain a holistic picture of organizational risk Easily learn your top targeted employees or risky employees and take proactive remedial actions How to install and use the Sumo Logic Tessian App Security leaders who use both Tessian and Sumo Logic can access and install the app in the Sumo Logic app catalog. Pre-built dashboards include:  Tessian Overview Dashboard: visibility into all Tessian modules in one pane of glass
Tessian Defender Dashboard: visibility into inbound email security events and common threat types, along with your top targeted users
Tessian Guardian Dashboard: visibility into the number of prevented misdirected email, users and flag reasons
Tessian Enforcer Dashboard: visibility into sensitive data exfiltration by providing insights into attempted and prevented unauthorized email attempts including users behind these attempts
Learn more Want to learn more about Tessian’s integrations? Click here.
Data Exfiltration Email DLP Integrated Cloud Email Security Compliance
You Sent an Email to the Wrong Person. Now What?
By Maddie Rosenthal
04 October 2021
So, you’ve accidentally sent an email to the wrong person. Don’t worry, you’re not alone. According to Tessian research, over half (58%) of employees say they’ve sent an email to the wrong person.   We call this a misdirected email and it’s really, really easy to do. It could be a simple spelling mistake, it could be the fault of Autocomplete, or it could be an accidental “Reply All”. But, what are the consequences of firing off an email to the wrong person and what can you do to prevent it from happening?   We’ll get to that shortly. But first, let’s answer one of the internet’s most popular (and pressing) questions: Can I stop or “un-send” an email?
Can I un-send an email?   The short (and probably disappointing) answer is no. Once an email has been sent, it can’t be “un-sent”. But, with some email clients, you can recall unread messages that are sent to people within your organization.    Below, we’ll cover Outlook/Office 365 and Gmail. Recalling messages in Outlook & Office 365   Before reading any further, please note: these instructions will only work on the desktop client, not the web-based version. They also only apply if both you (the sender) and the recipient use a Microsoft Exchange account in the same organization or if you both use Microsoft 365.    In simple terms: You’ll only be able to recall unread emails to people you work with, not customers or clients. But, here’s how to do it.   Step 1: Open your “Sent Items” folder Step 2: Double-click on the email you want to recall Step 3: Click the “Message” tab in the upper left-hand corner of the navigation bar (next to “File”) → click “Move” → click “More Move Actions” → Click “Recall This Message” in the dropdown menu Step 4: A pop-up will appear, asking if you’d like to “Delete unread copies of the message” or “Delete unread copies and replace with a new message” Step 5: If you opt to draft a new message, a second window will open and you’ll be able to edit your original message   While this is easy enough to do, it’s not foolproof. The recipient may still receive the message. They may also receive a notification that a message has been deleted from their inbox. That means that, even if they aren’t able to view the botched message, they’ll still know it was sent. There’s more information about recalling emails in Outlook here.  
Recalling messages in Gmail   Again, we have to caveat our step-by-step instructions with an important disclaimer: this option to recall messages in Gmail only works if you’ve enabled the “Delay” function prior to fat fingering an email. The “Delay” function gives you a maximum of 30 seconds to “change your mind” and claw back the email.    Here’s how to enable the “Delay” function.   Step 1: Navigate to the “Settings” icon → click “See All Settings” Step 2: In the “General” tab, find “Undo Send” and choose between 5, 10, 20, and 30 seconds.  Step 3: Now, whenever you send a message, you’ll see “Undo” or “View Message” in the bottom left corner of your screen. You’ll have 5, 10, 20, or 30 seconds to click “Undo” to prevent it from being sent.    Note: If you haven’t set-up the “Delay” function, you will not be able to “Undo” or “Recall” the message. There’s more information about delaying and recalling emails in Gmail here.   So, what happens if you can’t recall the email? We’ve outlined the top six consequences of sending an email to the wrong person below. 
What are the consequences of sending a misdirected email?   According to Verizon’s 2021 DBIR, misdelivery is the most common type of error to cause a breach. But is a breach the biggest consequence?   We asked employees in the US and UK what they considered the biggest consequences of sending a misdirected email. Here’s what they had to say. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js");   Importantly, though, the consequences of sending a misdirected email depend on who the email was sent to and what information was contained within the email.   For example, if you accidentally sent a snarky email about your boss to your boss, you’ll have to suffer red-faced embarrassment (which 36% of employees were worried about).   If, on the other hand, the email contained sensitive customer, client, or company information and was sent to someone outside of the relevant team or outside of the organization entirely, the incident would be considered a data loss incident or data breach.   That means your organization could be in violation of data privacy and compliance standards and may be fined. But, incidents or breaches don’t just impact an organization’s bottom line. It could result in lost customer trust, a damaged reputation, and more.
Let’s take a closer look at each of these consequences.   Fines under compliance standards Both regional and industry-specific data protection laws outline fines and penalties for the failure to implement effective security controls that prevent data loss incidents. Yep, that includes sending misdirected emails.   Under GDPR, for example, organizations could face fines of up to 4% of annual global turnover, or €20 million, whichever is greater.    And these incidents are happening more often than you might think. Misdirected emails are the number one security incident reported to the Information Commissioner’s Office (ICO). They’re reported 20% more often than phishing attacks.  Lost customer trust and increased churn Today, data privacy is taken seriously, and not just by regulatory bodies.    Research shows that organizations see a 2-7% customer churn after a data breach and 20% of employees say that their company lost a customer after they sent a misdirected email.   A data breach can (and does) undermine the confidence that clients, shareholders, and partners have in an organization. Whether it’s via a formal report, word-of-mouth, negative press coverage, or social media, news of lost – or even misplaced – data can drive customers to jump ship. Revenue loss Naturally, customer churn + hefty fines = revenue loss. But, organizations will also have to pay out for investigation and remediation and for future security costs.   How much? According to IBM’s latest Cost of a Data Breach report, the average cost of a data breach today is $3.86 million. Reputation damage As an offshoot of lost customer trust and increased customer churn, organizations will – in the long-term – also suffer from a damaged reputation. Like we’ve said: people take data privacy seriously.   That’s why, today, strong cybersecurity actually enables businesses and has become a unique selling point in and of itself. It’s a competitive differentiator. Of course, that means that a cybersecurity strategy that’s proven ineffective will detract from your business.   But, individuals may also suffer from a damaged reputation or, at the very least, will be embarrassed. For example, the person who sent the misdirected email may be labeled careless and security leaders might be criticized for their lack of controls. This could lead to…. Job loss Unfortunately, data breaches – even those caused by a simple mistake – often lead to job losses. It could be the Chief Information Security Officer, a line manager, or even the person who sent the misdirected email. Our Psychology of Human report found 1 in 4 people who made email mistakes at work subsequently lost their jobs.   It goes to show that security really is about people. That’s why, at Tessian, we take a human-centric approach and, across three solutions, we prevent human error on email, including accidental data loss via misdirected emails.
How does Tessian prevent misdirected emails?   Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprises. It turns an organization’s email data into its best defense against human error on email.   Importantly, Tessian’s technology automatically updates its understanding of human behavior and evolving relationships through continuous analysis and learning of the organization’s email network.    That means that if, for example, you frequently worked with “Jim Morris” on one project but then stopped interacting with him over email, Tessian would understand that he probably isn’t the person you meant to send your most recent (highly confidential) project proposal to. Crisis averted.    Interested in learning more about how Tessian can help prevent accidental data loss and data exfiltration in your organization? You can read some of our customer stories here or book a demo.
Customer Stories Email DLP
Customer Story: How Tessian Helped a Private Equity Firm Achieve Threat Visibility Through A Platform Approach
By Maddie Rosenthal
28 September 2021
With over 35 years of investment history, this private equity firm headquartered in Boston, MA, currently has more than 130 investments and nearly 200 employees. Having been a customer since 2018, the firm’s Senior Security Administrator shared how Tessian Guardian and Tessian Enforcer have helped him and his team prevent outbound threats while reducing admin overhead.  Tessian Solutions Enforcer:  Automatically prevents data exfiltration and other non-compliant activities on email. Enforcer can be easily configured to silently track, warn, or block sensitive emails. Guardian: Automatically prevents accidental data loss via misdirected emails and misattached files. No rules required.
Security Environment After Deploying Tessian The benefits of the platform approach The less tools security teams have to manage, the better. Especially since it can be difficult to get a single view of risk when having to pull insights from multiple sources. That’s why the firm bought into Tessian; it solves multiple use cases across one platform, including data exfiltration, accidental data loss, and advanced impersonation attacks.  And, with Human Layer Risk Hub, their security team gets granular visibility into employee risk and insights into individual risk levels and drivers. Today, they can differentiate between employees at different levels of risk, and evolve to support each group in unique, personalized ways through training, policies, and in-platform tools.  Find answers faster with Tessian integrations Integrations with other tools are key. And, while Tessian integrates with well over a dozen products, including SIEM/SOARs, SSO tools, and directory management tools,  these are the two Tessian integrations that stand out for the firm’s Senior Security Administrator: Azure Directory: While Azure Directory (AD) groups are a source of truth, building and maintaining them takes a lot of time and effort. Worse still, many security solutions don’t connect with AD groups, which makes zeroing in on an incident or potential risk that applies to a wider group of users is impossible. This forces security teams to look at each individual mailbox or user and aggregate them, which can take days. But, because Tessian syncs with AD, all you need to do is select the group. That means you can find what you’re looking for and take action right away. SIEM Integrations:  Tessian seamlessly integrates with SIEMs like Splunk and Rapid7. In  future, this will allow the firm’s security team to import valuable Tessian data for a more complete picture of their security posture.  According to their security team, the key to effectively garnering insights from data platforms is to decide what data is the most meaningful. That way, SOC teams can reduce the noise, focus on what’s truly valuable, and make informed security decisions.
Empower users without getting in the way Because Tessian is powered by machine learning instead of rules, it’s able to detect data exfiltration attempts and misdirected emails with incredible accuracy. In fact, on average, employees receive just two warning messages per month. That means when an email is flagged, they pay attention. Better still, Tessian gets smarter over time, and evolves in tandem with changing relationships. As data becomes more accurate, false positives decrease. And with a decrease in false positives, comes an increase in trust.
hbspt.cta.load(1670277, 'fddca6cf-a773-4cc6-9e0a-70ff134bc49d', {"useNewLoader":"true","region":"na1"});   Want to learn more about how Tessian can help you prevent data loss on email? Book a demo now.
Customer Stories Email DLP
Customer Story: How Tessian Combines Data Loss Prevention With Education in Financial Services
20 September 2021
Having deployed Tessian at the end of 2020, Israel Bryski, Head of Information Security at an investment management firm headquartered in NYC, shared how Tessian has helped him and his team improve their security posture while changing employee behavior long-term.  The firm, which was formed in the early 1980s, has offices across Spain, Germany, the UK, and Singapore, and currently has 200 employees managing retirement plans and investments for roughly 30,000 current and former Mckinsey employees. Their journey to Tessian Before working with Tessian, the firm had their developers build a custom Outlook add-in to prevent accidental data loss via misdirected emails  Every time someone would send an outbound email to an external domain, they would get a pop-up asking them, “Are you sure to send to this domain?” But, because there was no context in the pop-up, it wasn’t as effective as it could have been immediately following roll-out. Employees were still blindly ignoring the warning, and accidentally sending emails to the wrong person.  At the same time, the security team was also struggling to make security awareness training engaging and relevant to employees Solution Guardian: Automatically prevents accidental data loss via misdirected emails and misattached files. No rules required. Human Layer Risk Hub: Enables security and risk management teams to deeply understand their organization’s email security posture, including individual user risk levels and drivers
Security Environment After Deploying Tessian Explaining the “why” behind policies to change behavior For Israel and his team, education is key.  Having learned from their custom-built Outlook Add-In which warned employees when an email was being sent to the wrong email address, but didn’t offer insight into the “why”, the team wanted to find a solution that offered context and that would bolster their security awareness training programs. They found that in Tessian and, since deployment, they’ve actually seen a change in behavior and a reduction in data loss incidents. 
Learn more about why in-the-moment warnings are so effective. Because Tessian is powered by machine learning instead of rules, it’s able to detect data exfiltration attempts and misdirected emails with incredible accuracy. In fact, on average, employees receive just two warning messages per month. That means when an email is flagged, they pay attention. Better still, Tessian gets smarter over time and evolves in tandem with changing relationships. As data becomes more accurate, false positives decrease. And with a decrease in false positives, comes an increase in trust.
Preventing accidental data loss without impeding productivity  Since deploying Tessian, over 100 data loss incidents have been prevented.  Israel shared an example:  Someone at the firm created a goodbye video for a senior exec who was retiring; they meant to send it to a colleague for them to play the video in the goodbye meeting. When the sender put the address in the To field, they typed in the first letters, and another external vendor’s email popped up that was cached. They didn’t pay attention, added that address to the email, and tried to send it.  When he went to send the email, he got the Guardian pop-up asking him if that vendor’s address was really meant to be part of the group of recipients. He read the contextualized warning, removed that particular vendor, and added the correct recipient.  It goes to show: Tessian does more than prevent breaches. It also saves employees from red-faced embarrassment. Israel and his team have gotten kudos from quite a few people in the firm. One exec in particular was always casting a shadow over the different security tools that had been deployed. He explained, saying “When we got kudos from him, that was a big win in my book! He actually sees the value of Tessian, why we’re purchasing new technology, and why we’re constantly evaluating new solutions on the market that can augment and complement our security program.” 
Interested in learning more about how Tessian can help prevent accidental data loss in your organization? You can read some of our customer stories here or book a demo.
Email DLP Integrated Cloud Email Security
Legacy Data Loss Prevention vs. Human Layer Security
By Jessica Cooper
09 September 2021
Email is the threat vector security leaders are most worried about protecting.  It’s the most common channel for data exfiltration, fraud, and targeted attacks such as impersonation and phishing, and it’s the major point of egress for sensitive data. And, in most cases, the root cause of these incidents is human error.  Employees break the rules, make mistakes, and can easily be tricked or hacked. This begs the question: what’s the best solution? This blog evaluates legacy data loss prevention (DLP) solutions and is based on an extensive whitepaper available for download. The whitepaper provides greater depth and compares human layer security (HLS) with the legacy security solutions discussed here.   Why Aren’t Legacy Data Loss Prevention (DLP) Solutions Effective? While DLP provides value in certain cases, it does not solve the fundamental problem facing organizations – how to keep data secure in the real world where the information and attachments in emails move and are always accessible to anyone.  Once data leaves the point of control, whether at the endpoint or the network, DLP no longer has control over that content.  If your emails contain information and files that are forwarded and accidentally exposed to the wrong people, there is very little that DLP can do. In this blog, we’ll focus on the five biggest problems with legacy DLP solutions. Remember: you can download the whitepaper for a more detailed analysis. Does Not Protect Against Accidental Data Loss Rules-based approaches simply cannot detect accidental data loss – for example, when emails are sent to the wrong people or the wrong file is attached – because there are no regex or pattern matches that can be applied. This level of protection requires context that DLP just doesn’t have. But, it’s important, especially when research shows at least 800 emails are sent to the wrong person every year in organizations with 1,000+ employees. The HLS Difference: Tessian Guardian automatically detects and prevents misdirected emails and misattached files.  DLP Focuses on a Negative Control Model Legacy DLP is very strict with a binary approach to protecting data. It either allows it or blocks it. In a post-perimeter architecture, this is highly disruptive to business and unsustainable. The HLS Difference: Tessian is frictionless; it’s invisible until you need it, which has helped enterprise customers across industries prevent data loss, without impeding productivity. Read our customer stories to learn more.   Slow, Cumbersome and Non-adaptive 85% of security leaders say DLP is admin-intensive.  Legacy DLP must analyze all content and try to match it to block lists. This requires extensive analysis and the matching can be wrong as enterprise email content is constantly changing.  As content and locations get more complex, legacy DLP can develop problems very quickly.  The HLS Difference: Tessian uses contextual machine learning, and our ML models have been trained on more than two billion emails – rich in information on the kind of data people send and receive every day. Importantly, they continue to automatically adapt and learn as human relationships evolve over time. Learn more about our technology.  Difficult and Expensive to Implement While DLP may be regarded as a check-the-box solution for compliance, it is incredibly cumbersome, complex, and expensive to deploy, often requiring huge spend in professional services to implement and maintain.  Typical deployments are at least 12 months which makes it hard to justify the return on investment vs. the security it provides. The HLS Difference: With Tessian, there is no pre-configuration required, and the platform starts preventing threats within 24 hours of deployment.
Limited Threat Visibility Legacy DLP, including Email DLP, Endpoint DLP, and Network DLP offer little to no visibility into employee risk is one of the biggest challenges security and risk management leaders face.  Worse still, when insights around risk are available, it’s siloed and hard to interpret.  Insights around security awareness training exist in separate systems from insights related to threats that have been detected and prevented. There’s no integration which means security leaders can’t get a full view of their risk profile. Without integration and visibility, it’s impossible to take a tailored, proactive approach to preventing threats.  The HLS Difference: With Tessian Human Layer Risk Hub, our customers can now deeply understand their organization’s security posture with granular visibility into employee risk and insights into individual user risk levels and drivers. Learn more about Human Layer Security Tessian uses contextual machine learning to address the problem of accidental or deliberate data loss by applying human understanding to email behavior. Guardian: Automatically prevents accidental data loss via misdirected emails and misattached files. No rules required. Enforcer: Automatically prevents data exfiltration and other non-compliant activities on email  Human Layer Security Intelligence: Comprehensive visibility into employee risks, threat insights, and tools that enable rapid threat investigation and proactive risk mitigation Human Layer Risk Hub: Enables security and risk management teams to deeply understand their organization’s email security posture, including individual user risk levels and drivers
ATO/BEC Integrated Cloud Email Security
Legacy Phishing Prevention Solutions vs. Human Layer Security
By Jessica Cooper
27 August 2021
Phishing – in its many varieties – is the threat most security leaders are concerned about protecting their organizations against. Why? Because attacks are frequent, hard-to-spot, time-consuming to investigate, and expensive to recover from.  And legacy solutions like Secure Email Gateways (SEGs), sandboxes, DMARC, and security awareness training out there just aren’t enough. With these methods, users aren’t engaged in a meaningful way and unknown anomalies aren’t accounted for. But there’s a better way.  This blog evaluates the shortcomings of legacy phishing prevention solutions, and proposes a different approach: Human Layer Security. Note: This article is based on an extensive whitepaper available for download. The whitepaper provides greater depth as it compares Human Layer Security with the legacy security solutions discussed here. The problem with SEGs & native tools SEGs lack the intelligence to learn user behavior or rapidly adapt.  The backbone of a SEG is traditional email security approaches – static rules, signature based detection, library of known threats, etc. Meanwhile, attackers consistently evolve their techniques, email networks are dynamic in nature, and human behavior is inconsistent and unpredictable. That means rules are out of date as soon as they are created and signature-based approaches are ineffective. They can’t detect advanced impersonation, account takeover (ATO), third-party supply chain risk, or wire fraud. Worse still, SEGs don’t address other entry points like Microsoft SharePoint, OneDrive, and ShareFile, which are some of the most hacked cloud tools.  What about native controls like Microsoft ATP? O365’s native security controls do protect users against bulk phishing scams, spam, malware, and domain spoofing. And these tools are great when it comes to stopping broad-based, high-volume, low-effort attacks – they offer a baseline protection.  But, today’s email attacks have mutated to become more sophisticated and targeted.  Attackers use automation to make small, random modifications to existing malware signatures and use transformation techniques to bypass these native O365 security tools. Unsuspecting – and often untrained – users fall prey to socially engineered attacks that would be hard for even a security expert to spot.  To learn more about why Office 365 accounts are vulnerable to attack, click here. Why sandboxes fail to detect phishing attacks One of the primary ways sandboxes can fail is in phishing attempts.  Any detection made by the sandbox is dependent on a file exhibiting malicious behavior. This is easy to work around. Hackers will often send a PDF that contains a link to a malicious form to avoid detection.  Likewise, documents with a URI (Uniform Resource Identifier) have an extremely low footprint for sandboxes to detect. And the short TTL domain doesn’t leave much evidence for event analysis or threat intelligence. There are issues with latency, too. Emails, communications, downloads, and important files can take several minutes to reach their destination because of the bottleneck sandboxes can create. This is not an option in today’s modern enterprises where real-time communication and collaboration is paramount. Why DMARC isn’t enough Domain-Based Message Authentication Reporting and Conformance (DMARC), is an added authentication method that uses both SPF and DKIM to verify whether or not an email was actually sent by the owner of the domain that the user sees.  In order for DMARC to pass, both SPF and DKIM must pass, and at least one of them must be aligned. While impersonating a given domain is a common method used for phishing and other malicious activities, there are other attack vectors that DMARC does not address. For example, DMARC does not address domain impersonation attacks (i.e. sending from a domain that looks like the target being abused – e.g. exampl3.com vs. example.com), or display name impersonation (i.e. modifying the “From” field to look as if it comes from the target being abused). The other misunderstood aspect of DMARC is that enabling DMARC on your domain protects your domain from being used in a phishing attack. But to protect your organization against phishing and spear phishing attacks, all domains used in communication with your employees should have DMARC enabled on them.  But still, only one-third of businesses employ DMARC.  This makes the security of your organization dependent on other companies communicating with your organization and vulnerable to supply chain risk, especially since DMARC records are publicly available, meaning attackers can easily identify and target domains that are not registered, and thus are vulnerable to impersonation. Finally, in addition to their own internal domains, organizations are likely to use some combination of Office 365, Gmail, MailChimp, Salesforce.com and other third-party email services. But it’s a challenge to then retrofit them all with DMARC. Want to learn more? We explore the limitations of DMARC in more detail here. The limitations of security awareness training Security Awareness Training (SAT) is seen as a “quick win” when it comes to security – a box-ticking exercise that companies can do in order to tell their shareholders, regulators and customers that they’re taking security seriously.  Sadly, the evidence of these initiatives being conducted is much more important than the effectiveness of them.  And engagement is a big problem. Too many SAT programs are delivered once or twice a year in lengthy sessions. This makes it really hard for employees to remember the training they were given, and the sessions themselves have to cram in too much content to be memorable.  It’s also difficult for security leaders to trains their employees to spot today’s sophisticated attacks. That’s because SAT platforms rely on simulating phishing threats by using pre-defined templates of common threats. This is a fair approach for generic phishing awareness (e.g. beware the fake O365 password login page), but it’s ineffective at driving awareness and preparing employees for the highly targeted and continuously evolving phishing threats they’re increasingly likely to see today (e.g. an email impersonating their CFO with a spoofed domain). We explore the pros and cons of phishing awareness training here. What is Human Layer Security?  The only question left to answer is: When legacy solutions and training programs aren’t enough, how can we prevent employees from interacting with the malicious emails that land in their inbox? The answer is Human Layer Security (HLS). SEGS and native tools like O365 provide basic phishing protection, but organizations need an intelligent solution like Tessian to detect and prevent advanced inbound attacks like BEC, ATO, and CEO Fraud that make it through inbuilt bulk phishing and spam filters. Tessian Defender uses machine learning (ML) to protect your people from even the most advanced inbound threats.  Here’s how: Tessian’s machine learning algorithms analyze your company’s email data, learn employees’ normal communication patterns, and map their trusted email relationships — both inside and outside your organization. Tessian inspects both the content and metadata of inbound emails for any suspicious or unusual signals pointing to a potential impersonation, ATO, or BEC threat. For example, payloads, anomalous geophysical locations, IP addresses, email clients, and sending patterns.  Once it detects a threat, Tessian alerts employees that an email might be unsafe, explaining the threat in easy-to-understand language via an interactive notification.
Integrated Cloud Email Security
Tessian Partners with Optiv Security and Moves to a 100% Channel Model
By Tessian
24 August 2021
Today, we announce the news that Tessian is moving to a 100% channel model, partnering with leading cybersecurity partners like Optiv Security to help enterprises secure the human layer and protect against threats caused by human error. There’s currently a gap in enterprise email security. Nearly 50% of advanced phishing emails bypass secure email gateways while legacy email solutions and data loss prevention (DLP) controls aren’t stopping employees from leaking data, accidentally or otherwise. Using machine learning, Tessian is solving these problems in a way that current technology providers can’t – opening up a huge opportunity for security-focused partners. 
Led by the company’s Chief Strategy Officer, Matt Smith, and the team who successfully built and scaled the Duo Security channel program, Tessian’s channel team has launched a best of breed, invite-only partner program and has also signed partnerships with the likes of Altinet and CTS in the UK, Asystec and Kontex in Ireland, and Nclose in South Africa. It is now looking to bring more security-centric and strategic go-to-market partners onboard to help holistically solve one of the biggest problems in enterprise security today.
“A 100% channel model means the Tessian team is ‘all-in’ on partners,” says Smith. “We’re committed to helping our partners differentiate their offerings, design new service packages and increase their profitability. Channel partners play a critical role in advising and helping CISOs and CIOs solve major security challenges – which today includes data loss and breaches caused by people. With trusted partners like Optiv, we can truly accelerate our mission of securing the human layer in the enterprise.”  “A solid cybersecurity infrastructure is a core asset to every organization. As companies become increasingly vulnerable to security threats, both intentional and unintentional, it’s vital that tested and trusted security solutions are in place,” says Ahmed Shah, senior vice president of alliances and strategic partnerships at Optiv. “We welcome the opportunity to partner with companies like Tessian that provide these types of services to enterprise clients.” To find out more about Tessian’s channel program, click here. 
Email DLP Integrated Cloud Email Security
What is Email DLP? Overview of DLP on Email
19 August 2021
Data loss prevention (DLP) and insider threat management are both top priorities for security leaders to protect data and meet compliance requirements.   And, while there are literally thousands of threat vectors – from devices to file sharing applications to physical security – email is the threat vector security leaders are most concerned about protecting.   It makes sense, especially with remote or hybrid working environments. According to Tessian platform data, employees send nearly 400 emails a month. When you think about the total for an organization with 1,000+ employees, that’s 400,000 emails, many of which contain sensitive data. That’s 400,000 opportunities for a data breach. The solution? Email data loss prevention.
This article will explain how email DLP works, consider the different types of email DLP, and help you decide whether you need to consider it as a part of your overall data protection strategy. 
What is email data loss prevention?   Essentially, email DLP tools monitor a company’s email communications to determine whether data is at risk of loss or theft. There are several methods of email DLP, which we’ll look at below. But they all attempt to: Monitor data sent and received via email Detect suspicious email activity Flag or block email activity that leads to data loss Do I need email data loss prevention?   Unless you’re working with a limitless security budget (lucky you!), it’s important to prioritize your company’s resources and target areas that represent key security vulnerabilities.   Implementing security controls is mandatory under data protection laws and cybersecurity frameworks, like the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Health Insurance Portability and Accountability Act (HIPAA).   And there’s a good reason to prioritize preventing data loss on email. As we’ve said, email is the threat vector security leaders are most concerned about. We’ll explain why.    Inbound email security threats   How can malicious external actors use email to steal data? There are many methods.   Phishing—social engineering attacks designed to trick your employees into handing over sensitive data. According to the FBI, phishing is the leading cause of internet crime, and the number of phishing incidents doubled in 2020. Spear phishing—like phishing, but targeted at a specific individual. Spear phishing attacks are more sophisticated than the “bulk” phishing attacks many employees are used to. Malware—phishing emails can contain a “malicious payload”, such as a trojan, that installs itself on a user’s device and exfiltrates or corrupts data.   Email DLP can help prevent criminals from exfiltrating your company’s data. Internal email security threats While it’s crucial to guard against external security threats, security teams are increasingly concerned with protecting company data from internal actors. There are two types of internal security threats: accidental and malicious.  Accidental data loss Accidents happen. Don’t believe us?  Human error is the leading cause of data breaches. Tessian platform data shows that in organizations with 1,000 or more employees, people send an average of 800 misdirected emails (emails sent to the wrong recipient) every year. That’s two every day.    How can a misdirected email cause data loss? Misspelling the recipient’s address, attaching the wrong file, accidental “reply-all”—any of these common issues can lead to sensitive company data being emailed to the wrong person.   And remember—if the email contains information about an individual (personal data), this might be a data breach. Misdirected emails are the top cause of information security incidents according to the UK’s data regulator.   We can’t forget that misattached files are also a big problem. In fact, nearly half (48%) of employees say they’ve attached the wrong file to an email. Worse will, according to survey data:   42% of documents sent in error contained company research and data 39% contained security information like passwords and passcodes 38% contained financial information and client information 36% contained employee data   But, not all data loss incidents are an accident.   Insider threats   Employees or contractors can steal company data from the inside. While less common than accidental data loss, employees that steal data—or simply overstep the mark—are more common than you might think.   Some employees steal company data to gain a competitive advantage in a new venture—or for the benefit of a third party. We covered some of these incidents in our article, 11 Real Insider Threats.   But more commonly, employees are breaking the rules for less nefarious reasons. For example, employees send company data to a personal email address for convenience. For example, to work on a project at home or on another device.   Sending unauthorized emails is a security risk, though. Tessian platform data shows that it occurs over 27,500 times per year in companies with 1,000 employees or more. And, while – yes – it’s often not done maliciously, the consequences are no less dire, especially in highly regulated industries. So, how do you prevent these things from happening?   Email DLP solutions to consider   Research shows that the majority of security leaders say that security awareness training and the implementation of policies and procedures are the best ways to prevent data loss. And both are very important.   !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js");   But – as well-intentioned as most employees are – mistakes still happen despite frequent training and despite stringent policies. That means a more holistic approach to email DLP – including technology – is your best bet. Broadly, there are two “types” of DLP technology: ruled-based DLP and machine learning DLP.   Rule-based email DLP   Using rule-based DLP, IT administrators can tag sensitive domains, activities, or types of data. When the DLP software detects blacklisted data or behavior, it can flag it or block it.   Like training and policies, rule-based DLP certainly has its place in security strategies. But there are limitations of ruled-based DLP. This “data-centric” model does not fully account for the range of behavior that is appropriate in different situations.   For example, say an IT administrator asks email DLP software to block all correspondence arriving from “freemail” domains (such as gmail.com), which are often used to launch cyberattacks. What happens when you need to communicate with a contractor or customer using a freemail address?   What’s more, rule-based DLP is very admin-intensive. Creating and managing rules and analyzing events takes a lot of time, which isn’t ideal for thinly-stretched security teams.   🤖 Machine learning email DLP   Machine learning email DLP is a “human-centric” approach. By learning how every member of your company communicates, machine learning DLP understands the context behind every human interaction with data.   How does machine learning email DLP work? This DLP model processes large amounts of data and learns your employees’ communications patterns.   The software understands when a communication is anomalous or suspicious by constantly reclassifying data according to the relationship between a business and customers, suppliers, and other third parties. No rules required.   This type of DLP solution enables employees to work unimpeded until something goes wrong, and makes preventing data loss effortless for security teams.
Learn more about how Tessian’s email DLP solutions   Tessian uses contextual machine learning to address the problem of accidental or deliberate data loss by applying human understanding to email behavior.   Our contextual machine learning models have been trained on more than two billion emails – rich in information on the kind of data people send and receive every day. And they continue to adapt and learn as human relationships evolve over time.   This enables Tessian Guardian to look at email communications and determine in real-time if particular emails look like they’re about to be sent to the wrong person or if an employee has attached the wrong file. Tessian Enforcer, meanwhile, can identify when sensitive data is about to be sent to an unsafe place outside an organization’s email network. And, finally, Tessiden Defender prevents inbound threats, like spear phishing, business email compromise, and CEO fraud.    To learn more about data exfiltration and how Tessian uses machine learning to keep data safe, check out our customer stories or talk to one of our experts today. You can also subscribe to our monthly newsletter below to get more updates about DLP, compliance, spear phishing, industry trends, and more. 
ATO/BEC Email DLP Integrated Cloud Email Security Compliance
7 Ways CFOs Can (And Should) Support Cybersecurity
By Maddie Rosenthal
29 July 2021
We’ve said it before and we’ll say it again: cybersecurity is a team sport. That means that (like it or not) the responsibility and burden sits with everyone, including the Chief Finance Officer (CFO).  That’s right: quantifying cyber risk, navigating cyber insurance policies, and negotiating ransom with hacking groups can all be part of the job spec.  If you’re a CFO who’s struggling to understand their role in cybersecurity, keep reading. We share 7 opportunities to get involved and protect your company’s assets.  Note: Every company is different. Size, revenue, industry, and reporting structures all play a role. This is general advice meant to provide a bird’s eye view of a CFO’s potential involvement in cybersecurity. 1. Quantify risk It can be hard for the C-suite to see the value of a solution when they haven’t yet experienced any consequences without it. As the saying goes, “If it ain’t broke, don’t fix it”.  That’s why it’s so important CFOs step in to quantify risk using specific “what-if” scenarios. The most basic formula is: probability x expected cost. Let’s use the example of an email being sent to the wrong person. We know at least 800 misdirected emails are sent every year in organizations with 1,000 employees. The expected cost, of course, depends on the email content and recipient, but let’s look at the worst-case scenario. What would the cost be if your press release for an upcoming, highly confidential merger and acquisition landed in a disgruntled former employee’s inbox? How would this impact the M&A itself? The company’s reputation? Revenue? Not a risk worth taking. Learn more about the key security challenges organizations face during M&A events. 2. Benchmark spending against other organizations Just like a marketing team should use a benchmark to determine whether or not their email list is engaged, CFOs should use a benchmark to determine how much they should be spending on cybersecurity. Think of it as your North Star. Fortunately, it’s relatively easy to determine how much your competitors or industry mavericks are shelling out. At least if they’re publicly traded.  A good place to start is their S-1. Here, you’ll be able to see what percentage of the company’s revenue goes towards Sales and Marketing, Research and Development, and General and Administrative.  This should give you a good idea of how to allocate your revenue.  You can also look at more general benchmark reports. For example, according to a Deloitte study, cybersecurity spending has increased YoY, from .34% of a company’s overall revenue in 2019 to .48% in 2020.  In 2020, that equated to $2,691 per full-time employee.   Bonus: Did you know you can also benchmark your security posture against your industry peers with Tessian Human Layer Security Intelligence? Learn more.  3. Vet cyber insurance policies Today, virtually every business needs cyber liability insurance. If you run a business that stores client, customer, or partner data…you need it. But it’s money wasted if you aren’t fully familiar with the policy terms. Check to make sure your first-party cyber insurance includes: Breach response recovery (including technical and legal advice) Forensic analysis for identifying the attack source Event management (including data recovery, PR services, and notification of clients) Cyber extortion Network/business interruption (including those that are the result of an attack on a third party) Dependent business interruption Credit monitoring services Consequential reputational loss or loss of income It’s also worth exploring third-party cyber insurance to protect your company’s assets from subsequent compliance penalties and settlement costs.  For example, Facebook settled a class-action lawsuit over its use of facial recognition technology. Illinois. The case reportedly settled for $550 million for a violation of the Biometric Information Privacy Act.  Third-party cyber insurance should include: Network security failures and privacy events Regulatory defense and penalties (including coverage for GDPR liabilities) PCI-DSS liabilities and costs Media content liability  4. Communicate with the board In a sentence, the CFO is responsible for the financial security of an organization. And, in the event of a breach, financial security simply isn’t guaranteed. Don’t believe us? Check out the consequences of a breach, according to IT leaders: !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); All of these will impact a company’s bottom line, including share value and rate of growth… two things the board doesn’t want to hear and news a CFO would hate to deliver.   But this isn’t a case of shooting the messenger. The responsibility and burden of cybersecurity sits with everyone, remember?  Post-breach, the board, auditors, and other third parties will be examining how effectively budgets were allocated to prevent the worst. That’s why it’s essential the CFO is actively involved in creating and implementing cybersecurity strategies; they have skin in the game.  5. Create secure processes for the finance team While – yes – the CFO holds the power of the purse and therefore influences the overall cybersecurity strategy, they also have a massive responsibility to secure their own team’s processes. After all, the finance department is one of the most targeted, specifically by invoice fraud, wire transfer fraud, and business email compromise.  Between June 2016 and July 2019, FBI statistics show that wire transfer fraud via BEC occurred 166,349 times, and cost businesses over $26 billion. In 2019, the number of bank transfer phishing scams occurring in the UK increased by 40%. In 2017, the FBI received 15,690 complaints about BEC (primarily involving wire transfer), resulting in over $675 million in losses. In 2019, this increased to 23,775 complaints and over $1.7 billion in losses. To protect against these incidents, CFOs should work with security teams to help train employees to spot scams, implement email security software to spot suspicious domains, and create fool-proof payment validation processes. For more tips, check out this article: Everything You Need to Know About Wire Transfer Phishing. 6. Negotiate ransom in the event of a ransomware attack  This is a position no CFO wants to be in. But, more and more, we’re seeing organizations being forced to comply with cyber criminals’ extortion demands. (7 Examples of Ransomware Attacks here.) While this may seem far beyond the scope of a finance director’s role, they’re heavily involved in the process. Of course, the first question to answer is: To pay? Or not to pay? This depends on an infinite number of factors, including the data being held, the hacking group who infiltrated the network, your cyber insurance policy, the company’s liquid assets….  The list goes on.  To avoid being put between a rock and a hard place, CFOs (along with the rest of the C-Suite and security team) should take prevention seriously, including anti-malware software, patching processes, and security for email, web, and other services. Tessian can help with email by preventing ransomware attacks at the source. 7. Know how to spot a phish CFO’s are generally among the most frequently targeted by phishing attacks. They’re also frequently impersonated. It makes sense. They have access to and control over the company’s money. It’s essential, then, that CFOs are especially vigilant, know how to spot a spear phishing attack, and know what to do if they suspect an email, text, or call is malicious.  Training, technology, and processes can help. If you want to learn more about how Nudge theory plays a role, check out this article about in-the-moment warnings. Looking for more resources? Check out the following: ⚡ Relationship 15: A Framework to Help Security Leaders Influence Change ⚡ CEO’s Guide to Data Protection and Compliance ⚡ Who Are the Most Likely Targets of Spear Phishing Attacks? ⚡ Why Information Security Must Be a Priority for GCs in 2021
Integrated Cloud Email Security
5 Challenges Enterprise Customers Face With Security Vendors
By Will Patterson
27 July 2021
When our three  founders, Tim, Ed, and Tom conceived of a company initially called “CheckRecipient” in their London apartment, the path to working with the largest and most prestigious companies on the planet would have felt a long way away.  Yet here we are, 9.5 years later, already growing our base of Fortune 500 customers while plotting our journey to 50k+ employee companies and beyond.
Of course, regardless of the size of our customers, our mission is the same. We continue to empower people to do their best work, without security getting in the way. But working relationships between customers and vendors change when you go upmarket. Based on my experience of working with our largest customers, here are five challenges enterprise customers face with security vendors, and tips to help CISOs and Heads of Infosec carefully navigate the often rewarding (and always noisy) world of vendor partnerships. Vendors, vendors everywhere… So you’re a CISO at a prestigious bank, law firm, or healthcare company.  Every security vendor under the sun wants a piece of your time. This is exhausting. And frequently counterproductive. Don’t they know you also have a job to do? So, what do you do about it? Go to every meeting your vendors book in and try to work around it? Go completely quiet on all your vendors and hope that you’re getting value from the partnerships anyhow? We’ve learned with our customers that it’s worth taking control of this situation early on. 1. Categorize your vendors into a quadrant based on the current value you’re seeing and their potential value. Work with your team to sketch out a framework for current value, and then challenge your vendors to supply you with the telemetry to feed that framework. Potential value is more of a judgement call, but here are a list of questions you may want to consider.  How fast is the vendor growing?  How innovative is their roadmap?  How many of their products/services are we currently not using that we could be?  By the way, this quadrant will also be really useful when it comes to budgeting season and renewal conversations with your vendors…  Think very critically about whether you should be continuing to partner with your “Low Performers”.
2. Based on the quadrant, communicate with your vendors how often you need to connect with them. (If you want to go a step further, you can even take the lead on scheduling so meetings go in at convenient times for you.). For example, you may want to meet with your magic quadrant and high potential vendors quarterly, but the “Steady Eddies” may only require your attention once a year. Longer time to value They say that time heals all. But in SaaS, time is the biggest killer for momentum, engagement, and ultimately ROI.  That’s why the onboarding process is critical to the long-term success of a partnership.  There’s two determining steps for onboarding:  Internal Processes: For the enterprise, there is plenty of red tape and change management when it comes to deploying new tech. The most successful deployments I’ve seen involved a proactive CISO or Head of Infosec pulling as much process management forward as possible. Technical Deployment Considerations. Rome wasn’t built in a day. Likewise, enterprise tech teams will often adopt a 1-9-90 approach to deployment (e.g. a pilot 1% group of friendly users getting the tech initially, then 9%, then the rest). Those security leaders who agree on and stick to a deployment plan, encourage deployment project leads to connect regularly with the vendor, and ensure roadblocks are identified and escalated early are the most successful.  Support tickets and feature request prioritization I’ve seen support processes and feature requests work really well and in all such cases, the key is communication. Encourage your technical leads to agree up front with your vendors how best to flag high priority tickets. It’s worth keeping oversight on this to ensure it aligns with what’s strategically important to you. This is the hymn sheet that both parties can sing from when it comes to escalation and helps everyone involved avoid the old fashioned (and slightly anarchical) “who shouts the loudest” method of prioritization. The same goes for feature requests. Agree a process for tracking these and allocating a scale all the way from “deal breaker” to “nice to have” (and what’s needed now vs in the future). Strength in numbers As 1997 UK trip-hop band Olive (niche reference?) once sang: “You’re not alone”. No enterprise CISO Head of Infosec is an island. There’s often a temptation to hoard ownership of the partnership with a vendor to prevent those pesky folks running wild throughout your business. In practice, this probably achieves the opposite effect. Our most successful Tessian customers involve a broad set of stakeholders in the ownership of the vendor partnership and outsource some of the heavy lifting of demonstrating the product ROI to the vendor’s CSM. For example, at Tessian, stakeholders from the security function, IT, HR, compliance, and legal will all have a say in the successful implementation of the product. The exact same process is going on internally at Tessian, with exec sponsors, product managers, CSMs, and account executives all aligned to each enterprise account.  Integration is king (and consolidation is… prince?) Finally, the enterprise space is becoming increasingly cluttered with more and more vendors seemingly popping up every day.  You may find yourself looking at the 10s or even 100s of vendors they partner with and asking, “Do I actually feel more secure?”. It’s a fine balancing act between the skyscraper of layered defenses and the modest bungalow of a lean stack.  And the wire that connects these two buildings is – you guessed it – integration. Now, I dislike the cliche of “Make 1+1=3” (it doesn’t). But pushing your key vendors to integrate will not only improve the value you get out of them individually, it will also bring clarity to any overlap or redundancies in functionality between them. Any opportunity to trim down bulky incumbent contracts where another vendor can pick up the slack has to be considered a win. I’d emphasize that this refers to integration not just in terms of functionality, but also reporting. Over half of our enterprise clients have already enabled the SIEM API to create a “single pane of glass” view of insights that becomes tool agnostic.  For example, Investec joined us for a webinar to explain how they’re using Splunk to centralize and correlate their Tessian reporting with other tools. You can check out a summary of their tips here]. Conclusion   If you’ve made it this far I commend your ability to put up with my penchant for a metaphor… Increasingly, we’re moving away from the classic, client-vendor relationships and towards a more symbiotic model of shared goals. This is vastly more conducive to getting holistic value for what you pay for.  The bottom line: the foundation for any halfway decent partnership is good communication. That’s not “communication” in the sense of spending hours on calls with a vendor every day. What it does mean is early alignment with them on what it is you hope to achieve through working together – that way we all really are singing from the same hymn sheet 🎼
Integrated Cloud Email Security
What are In-The-Moment Warnings and Why Are They Effective?
By Maddie Rosenthal
26 July 2021
Training is an essential part of every organization’s security strategy.  Monthly phishing simulations can help employees spot inbound attacks. Quarterly training sessions can help reinforce existing policies and procedures around data handling and password hygiene. And introducing new joiners to the cybersecurity team during onboarding is a great way to build a positive security culture. But sadly, even with all of this, employees still get phished, still ignore or workaround cybersecurity policies, and still mishandle data.  43% of employees say they’ve made a mistake at work that compromised cybersecurity 77% of employees reuse passwords  45% of employees say they’ve exfiltrated data before leaving or after being dismissed from a job Why? Because security just isn’t top of mind for the average person. That’s why security leaders have to find ways to consistently educate their people and reinforce policies. In-the-moment warnings can help.  What are in-the-moment warnings? When Tessian detects a threat (for example, a spear phishing email or an attempt at data exfiltration) employees see a warning message. It’s written in plain English, and offers context around why the email was flagged. A picture’s worth a thousand words, right? Here are a few examples.
Think of these as a sort of “yield” sign. They introduce a pause and give employees the information they need to make the right decision. If they realize “Oops! I certainly was about to send that email to the wrong person” or “Yes! This email does seem a little fishy”, they can easily change the recipient’s email address or mark the email as malicious. All it takes is a single click. Crisis (and breach) averted.  Importantly though, these in-the-moment warnings do more than just prevent threats in real-time. They help change employees’ security behavior long-term, and nudge them towards safer online behavior. Nudge theory 101 Without diving too deeply into behavioral economics, let’s look at Nudge theory.  There are 5 stages of behavior change: Precontemplation: The person is unaware of the problem. That means it’s your job to create awareness. Contemplation: The person is aware of the problem and the desired behavior change. The key here is to persuade and motivate them to act. Preparation: The person intends to take action. You just need to help them understand what to do and how. Action: If you facilitate it, the person can practice the desired behavior. Maintenance: Finally, by reinforcing the behavior regularly, the person can work to sustaining the behavior change In a sentence, Nudge theory uses indirect suggestions and positive reinforcement to influence behavior. 
So, what does this look like in the context of cybersecurity? And where do in-the-moment warnings come in? Let’s go back to the tried and tested example of phishing.  While Joe, your Accounts Payable Manager, is familiar with the term “phishing” and understands that bad actors do target people via email, he thinks the average attack is easy to spot. Poor formatting. Unpersonalized. Grammatical errors. A “too-good-to-be-true” offer.  Step 1 is to create awareness. This is generally done through “standard” training programs. (If you’re looking for a bank of spear phishing examples, check out our Threat Catalogue.) Now that Joe has a better idea of how sophisticated phishing attacks are, he’ll do his best to spot them and knows that – if he is targeted – he should report the email to the cybersecurity team.  ✅ Precontemplation ✅ Contemplation ✅ Preparation Next, you have to let Joe “practice”. A lot of security leaders rely on phishing simulations for this. The problem is, oftentimes, employees can feel like they’re being tricked instead of educated.  Take this for example. Or this. The bottom line: well-intentioned phishing simulations can have a negative impact on security culture.  It’s also worth pointing out that while phishing simulations can introduce employees to many different types of phishing attacks, they can’t possibly prepare them for every type of incident. Even the most cyber-savvy people can fall for advanced spear phishing attacks.  That’s where Tessian in-the-moment warnings come in. Tessian would enable Joe to “practice” every time he sends or receives an email – without feeling like he’s being tricked – by offering context and reinforcing phishing awareness. If Joe receives a potentially malicious email, he’s given the information he needs to determine whether to delete it, or open it. And this isn’t just once a month. Tessian is always working silently in the background to detect threats and help employees like Joe make the right decisions. Every warning is a learning opportunity. ✅ Action ✅ Maintenance How can in-the-moment warnings bolster your training program and improve your security posture? We’ll start by saying that in-the-moment warnings aren’t a silver bullet. (Silver bullets don’t exist in cybersecurity!) But, in concert with technology, policies, and processes, they’ll help you consistently improve your organization’s security posture
Tessian customers have seen click-through-rate on phishing simulations drop below 1% after deploying Tessian. And, on average, customers see an 84% reduction in data exfiltration. (For reference, according to KnowBe4’a 2021 Phishing By Industry Benchmarking Report, 31.4% of untrained employees fail phishing simulations…) But it’s not just about the numbers. It’s also about how employees interact with the tool. According to Else Ferreira, CISO at Evercore, “They say security is a thankless job. But Tessian was the first security platform that we deployed across the organization where I personally received “thank you’s” from employees who would have made a mistake with potentially dire consequences, but didn’t because of Tessian”. Looking for more customer stories? Click here.
Integrated Cloud Email Security
Tessian Recognized as a Representative Vendor in 2021 Gartner Market Guide for Data Loss Prevention
By Ed Bishop
22 July 2021
Gartner has released their Market Guide for Data Loss Prevention, and we are honored to be included as a Representative Vendor. According to the latest Market Guide for Data Loss Prevention “The enterprise DLP market is mature, but integrated DLP and cloud-provider-native DLP solutions offer emerging capabilities that are much needed by security and risk management leaders starting DLP programs.” “This research offers guidance on market trends and their impact on data security strategies.”.  You can get the entire report here. Key takeaways from the Gartner Market Guide for Data Loss Prevention According to Gartner, “The market for DLP technology includes offerings that provide visibility into data usage and movement across an organization, as well as dynamic enforcement of security policies based on content and context at the time of actions on data. DLP technology seeks to address data-related threats, including the risks of inadvertent or accidental data loss and the exposure of sensitive data, using monitoring, alerting, warning, blocking and other remediation features.” Accidental data loss is a problem that was often simply considered the cost of doing business and impossible to solve — until now. With Gartner’s acknowledgment of accidental data loss, we believe that the industry is seeing a fundamental shift in this thinking, and clearly shows that more enterprises understand that it represents a massive DLP risk. In addition to this broad overview of DLP technology capabilities, Gartner recommends security and risk management leaders with a responsibility for data security and compliance should: “Define a DLP strategy, select DLP products and execute proofs of concept with the objective of supporting a process, rather than finding solutions to address narrow needs.” “Identify pre-existing DLP capabilities in the security products that their organization already owns, and use these to fulfill DLP requirements. How has the DLP vendor landscape changed over the last year?  As Gartner states, since the previous 2020 edition of the Market Guide for Data Loss Prevention, there have been several notable changes in the vendor landscape. In fact, Gartner fielded “32% more client inquiries on the topic of DLP than in 2019”. Here at Tessian, we believe that this is due to more enterprises beginning to reevaluate their DLP programs with the move to Microsoft 365 and more cloud-based applications. They also found “many DLP vendors providing managed DLP services, which remain appealing to many organizations, specifically small and midsize enterprises and those with limited resources to allocate to the implementation of a DLP program.”  Likewise, “Many DLP vendors also provide data classification services, which are essential for successful DLP implementation. The labeling and tagging of data simplifies the DLP process, as organizations can easily distinguish sensitive data from nonsensitive data”.
This fits well with our observations of the industry and aligns with what our customers express as well.  Tessian’s approach for the new era of data loss prevention Forward-thinking enterprises increasingly view legacy DLP tools as a strategic risk and are looking for alternatives. In fact, 85% of security leaders say DLP is admin-intensive.  Recent M&A activity has led to uncertainty in the market (Symantec acquired by Broadcom, Forcepoint acquired by PE firm) and enterprise DLP has seen little innovation in the last few years. For example, we see Microsoft’s strategy as providing “baseline” DLP across all interfaces in their ecosystem (Email, Chat, File-sharing, Web, Endpoint) and this is commoditizing the rule-based approach offered by legacy tools.  As a result, enterprises are phasing out irrelevant legacy DLP tools and are considering what to replicate, remove, or re-think. This includes Microsoft 365, as many organizations are now assessing Microsoft DLP overlap with their existing legacy DLP stack. Many enterprises will use some vendors’ built-in DLP to address basic use cases but look to Tessian to solve critical and advanced human-centric risks to solve the bulk of their DLP challenges, including data loss caused by human error which Legacy DLP is unable to prevent. Over time, enterprises will adopt a hybrid approach and leverage integrations to get the most out of their investments in each product. Tessian’s Data Loss Prevention in our Human Layer Security Platform offers outbound protection on email (the threat vector most security leaders are concerned about protecting) and satisfies criteria outlined in the report — anomaly detection, data protection, post delivery protection, and offers these protection for both web and mobile devices. Here’s how. Powered by machine learning, our Human Layer Security platform understands normal email behavior by analyzing content, context, and communication patterns from historical email data to establish trusted relationship graphs. Tessian can then detect anomalies in real-time using those employee relationship graphs alongside deep content analysis, natural language processing, and behavioral analysis.  Tessian Guardian automatically detects and prevents accidental data loss from misdirected emails Tessian Enforcer automatically detects and prevents data exfiltration attempts and ensures compliant email activity
Importantly, in addition to threat prevention, Tessian offers several features that help ease the burden on SOC and compliance teams, and give key stakeholders peace of mind.  Automated protection: Tessian automatically detects and prevents data loss. No rules, re-configuration, maintenance of allow/denylists, or manual investigation required.   Data-rich dashboards: With Tessian, security teams have clear visibility of data loss incidents, who triggered them, and what data was involved. This demonstrates clear ROI and makes auditing and reporting easy.  In-the-moment training: When a potential data loss incident is detected, real-time warnings are triggered that explain exactly why the email was flagged. These warnings are written in plain, easy-to-understand language which reinforce training and policies and help employees improve their security reflexes over time
Gartner, Market Guide for Data Loss Prevention, June 2021 Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Page