We are very pleased to welcome Allen Lieberman as Tessian’s new Chief Product Officer who will head up the continued development of the industry’s first and leading Intelligent Cloud Email Security platform. Allen joins us from VMware Carbon Black, where he worked for nearly 9 years, and held roles including Senior Director of Product Marketing and VP of Product Management. He has spent the vast majority of the last 20 years in the Software-as-a-Service space. We took a few minutes to get to know Allen and find out what he’s looking forward to in his new role.    Allen, hi! Let’s start off with an easy question: why did you decide to join Tessian?  A combination of reasons, really.  First, the mission. Tessian is set out on a compelling mission that is critical to customers’ ability to scale and defend their enterprise in the modern threat and communications landscape. People can – and should – be a security team’s best asset. By enabling the employee community to help protect and defend the enterprise, security teams are better positioned to scale and protect their organizations. Until now, securing the human layer has been underserved. But as the enterprise and communications landscape evolves, putting people first is critical to the success of modern security programs. Tessian has set out on a mission to make this a reality.   Second, the culture and team at Tessian is world class. Having been in the trenches with key members of the team, I understand the culture that is being cultivated and feel good about the high level of diverse talent we have. At Tessian, there is a focus on doing the right thing, staying positive, persevering through challenges, and keeping people at the center of what we do. Having the culture aligned to my core values was critical in my decision.  And third, the time is right. Security teams, today, are dealing with unprecedented levels of cybercrime. As organizations have become more distributed and cloud-first, as employees communicate over emerging channels and as attackers evolve to meet employees where they are, now is the time for a better solution to help enable every employee to protect the enterprise.   It’s rare to find a company that has all these three things.    What do you see as the top benefit Tessian offers to customers?  The sea change that Tessian enables is turning the employee base into a security team’s best asset, while reducing overhead on the security teams.  Tessian automates the protection of critical communications channels like email while assisting people in understanding their role of protecting the enterprise – which is unlike so many other security solutions. The ability to embed security communication and training ‘in-the-moment’, when an employee needs it most, helps build a collaborative culture between staff and security teams while reducing breach responses. It’s great when employees really feel that security teams ‘have their back’ and that’s what Tessian enables.    What do you see as the biggest opportunity for Tessian?  Our biggest opportunity is to shift our customer’s mindset from security being seen as something that security teams do, to security being something that all employees do.  When we accomplish that – i.e. when employees become part of the new perimeter and when all employees are truly extended parts of security teams – we would’ve changed the security game. I think that’s the biggest opportunity we have.    What’s your focus for the next 3-6 months?  I’ll be very much focused on learning over the next few months. While I’m coming into Tessian with many years of experience, there is so much to take in, as with I think about prioritizing and executing on the opportunity to drive change ahead.  My intent is to learn from our team, from our customers and from our partners. I’m excited to understand more about the challenges that are faced by our customers, the opportunities we have to address them and, of course, I’m interested in learning much more about our team.     And finally, can you summarize Tessian’s mission in 25 words or less? sure, Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprises.

We’re thrilled to announce that Tessian is integrating with Okta to help organizations protect against the biggest threats to enterprise security – people’s identities and behaviors. The technical integration follows the strategic investment in Tessian, made by Okta Ventures. Okta will now integrate its identity platform with Tessian’s Human Layer Security platform to help enterprises better understand and manage cybersecurity risks posed and faced by employees. The integration will provide security and risk management teams granular visibility into their organization’s riskiest and most at-risk employees and consequently enable them to deploy policies that can help protect particular groups of users from threats like advanced spear phishing and account compromise and prevent accidental data leaks. Today, modern enterprises use Okta as their single source of truth for identity and access management, and the platform enables organizations to create specific security groups based on access. By combining Okta directory information and groups with the user profiles and real-time risk scores calculated by the Tessian Risk Hub, organizations can now deploy and enable specific security measures to individuals, depending on their level of risk. As a result, security and risk management teams can identify what is driving risk in their company and take proactive steps to reduce it.  The integration will bring welcomed relief to the growing number of enterprises struggling to prevent and remediate the threat posed by the rising number of advanced phishing attacks – a threat exacerbated by the COVID-19 pandemic. Last year, the FBI found that phishing attacks doubled in frequency, while 71% of businesses experienced malicious account takeover and companies reportedly lost over $1.8 billion in business email compromise attacks.  Austin Arensberg, Director, Okta Ventures said, “By integrating our solutions, customers will be able to automatically detect their most high risk employees and put in place stronger security measures and policies to keep them safe, without disrupting the normal flow of business. Securing the human layer in this way can reduce or not only stop threats like advanced phishing and account takeover, but it also improves the overall security posture of the enterprise.”  Tim Sadler, CEO and co-founder of Tessian said, “Hacking humans is the easiest way for cybercriminals to hack companies today – but not every employee carries the same level of risk. So, to fully understand and mitigate risk in your organization, you must understand the behaviors of your employees and provide additional protection to those that need it most. This is critical to securing the human layer in your organization and, with Okta and Tessian, this is now possible.”  You can find out more about the integration here.

The ground is shaking under one of cybersecurity’s favorite acronyms. Dr. Karen Renaud, Chancellor’s Fellow at the University of Strathclyde and Dr. Marc Dupuis, Assistant Professor at the University of Washington Bothell believe that fear, uncertainty and doubt (FUD) aren’t all they are cracked up to be.  In their recent Wall Street Journal Article, ‘Why Companies Should Stop Scaring Employees About Security’, they unpack the use of scaremongering in cybersecurity training and tell us how fear truly impacts decision making. Listen to the full podcast here, or read on for Dr. Karen Renaud’s & Dr. Marc Dupuis’s top three takeaways. Too much fear burns people out and makes them less responsive to fear appeals KR: The literature tells us that when people are targeted by a fear appeal they can respond in one of two ways. They can either engage in a danger-control response or a fear-control response.  A danger-control response is generally aligned with what the designer of the appeal intended. So if a fear appeal is trying to encourage a user to back up their files, a danger-control response would involve the user making the backup.  Alternatively, a fear-control response sees the user try to combat the fear. They don’t like the feeling of fear, so they act to stop feeling it – they attack the fear rather than the danger itself. This response is undesirable as the user might go into denial or become angry with the person or organisation who has exposed them to the fear appeal. Ultimately, the user is unlikely to take the recommended action. When we consider events such as the COVID-19 pandemic, you can see how adding cybersecurity fear appeals to people’s pre-existing fear runs the risk of users feeling overwhelmed and having a fear-control response. People are already seeing so many fear appeals that they are likely to go into denial and refuse to take the message on board.  Fear appeals can encourage people to take more risks MD: I have a three-and-a-half-year-old son. Unlike my daughter, if I tell him to not do something like stand on a chair, and explain that he might crack his head open if he does, he’ll do it. So, he’ll climb on the chair, and then if he doesn’t crack his head open he’ll say ‘See daddy, I didn’t crack my head open!’, and in his mind, my warning has been disproved. This scenario with my son speaks to another point on fear appeals – we scare people to try and get them to not do something, but when they do it anyway and nothing bad happens it only reinforces the idea that the consequences aren’t that bad. KR: You can see examples of this kind of thing throughout history. If you look back at the German bombings of London during the second world war, something similar happened. Though the goal of the Germans was to get Britain to capitulate, the bombings provoked a totally different response – the British people became more defiant. People get afraid of being afraid, and we need to consider this when designing cybersecurity training and messaging.

MD: We are all responsible for changing the narrative in cybersecurity away from fear, uncertainty, and doubt (FUD), and it starts with conversations like this. It is easy to criticize something, but the question we then need to answer is… what can we replace it with? We know self-efficacy is the major player – but what is that going to look like? I believe that approaches will vary between organisations but the underlying concepts will be the same, such as creating a less punitive system and building a sense of togetherness. KR: When you treat your users as a problem it informs the way you manage them. Currently, many organisations see their employees as a problem – they’ll train them, they’ll constrain them, and then they’ll blame them when things go wrong! Unfortunately, this method stops users from being part of the solution and creates the very problem you’re trying to solve.  To improve cybersecurity, it is crucial that you make everyone feel like they’re part of the defense of the organisation. My research with the Technical University of Darmstadt looked into what kind of things we could do to make this happen, and it really comes down to a few core principles: Encourage collaboration and communication between colleagues – So we can support each other. Build resilience as well as resistance – Currently, there is a huge focus on resisting security threats, but we also need to know how to bounce back when things do go wrong.  Flexible and responsive security training and awareness policies – We treat security training and awareness policies as a one-size-fits-all, but this is outdated. We need to ask people if what we are proposing is possible for them and the role that they do, and adapt accordingly.  Learn from successes, not just mistakes – What did some people spot in a phishing message that others didn’t? Teach other people those techniques. Recent examples in other industries, such as safety, have shown that putting the power into employees’ hands can be revolutionary. We are yet to see it done in cybersecurity, but I’m certain that it is right around the corner.   Want more insights like this? Make sure you subscribe to RE: Human Layer Security on Apple and Spotify.

November 4th sees Tessian’s sixth Human Layer Security Summit. Nearly 3000 people tuned in to our last summit in June, and the event is rapidly establishing itself as an industry ‘must attend’.    We started our flagship event summits with one goal in mind, to bring security leaders together to network, share learnings and discuss a new wave of security that is ‘Human First’. This Fall summit will be our biggest and best yet, and is packed with the latest insights from industry experts, all in just a few hours.    If you’ve not already reserved your place, do it now, because here’s what’s packed into just three hours on November 4th.

🎣 Fighting Phishing: Everything We Learned From Analyzing 2 Million Malicious Emails   Unless you’ve been at the beach this past month, you can’t have failed to notice Tessian’s recent Spear Phishing Threat Landscape 2021 report based on two million emails flagged by Tessian Defender as malicious.    Tessian’s CISO, Josh Yavor, is joined by two industry experts; James McQuiggan, Security Awareness Advocate at KnowBe4, and Jason Lang, from TrustedSec. Together they’ll dig into the report’s findings in greater detail, and identify the what, how, who, why, and when of today’s spear phishing landscape.    If you can only make one session, make it this one.       🏗 How to Build A High-Impact Security Culture For ‘Oh Sh*t’ Moments    You don’t have a cybersecurity issue… until you do. At Tessian, we call that an ‘Oh Sh*t’ moment.    Kim Burton, Security Education InfoSec Manager Cisco, details how the right culture in your company can help stop that from ever happening. She’ll explain how to create and enable a positive security culture so you can help people sort through information and be confident in their approach to security.    The result: your people become your greatest asset, and develop, as Kim puts it, a security spider sense!      🤖 Threats Of The Future Are Here: Hacking Humans with AI-as-a-Service   These days you can get seemingly everything as a service, and that includes Ai. Ed Bishop, our co-founder and CTO, discusses this new threat with the team from GovTech Singapore. Eugene Lim, Glenice Tan, Tan Kee Hock and Timothy Lee explain how their latest research repurposed easily-accessible personality analysis AIaaS products to generate persuasive phishing emails.   The emails were automatically personalized based on a target’s social media information and created by state-of-the-art natural language generators. The results mean that even low-skilled, limited resource actors could use these methods to execute effective AI-assisted phishing campaigns at scale.   And as Wired reported, an AI wrote better phishing emails than humans in a recent test. This is sure to be a fascinating technical session, so book your place now and learn how to protect your organisation from these emerging threats.    😩 DLP Has Failed The Enterprise. What Now?   Look someone has to say it… Legacy DLP solutions are complex, have limited visibility, give you a constant headache with false positives, and users hate it. And don’t get us started on the ROI…    In this session you’ll hear from leading experts including not-for-profit health care provider, PeaceHealth, on why now is the time to rip and replace your DLP solution.      👮Why Human Layer Security is the Missing Link in Enterprise Security    We’re thrilled to have guest speaker, Jess Burn, from Forrester joining us to offer up her insights on why human layer security is the missing link for Enterprises. She’ll offer her insights on what the top priorities for Enterprise Security and Risk Management leaders over the next 12 months, as well as tell us how Human Layer Security fits into the wider tech stack solutions. Jess brings with her a wealth of experience as a senior analyst at Forrester serving security and risk professionals. Hosted by Henry Trevelyan Thomas, VP of Customer Success at Tessian.         💭 Security Philosophies from Trailblazers; Q&A with leading CISOs   Closing out our summit, Tim Sadler, CEO and Co-Founder of Tessian, invites two security heavyweights center stage to discuss their guiding philosophies that have led them to security success in their organizations.    With decades of experience between them, Jerry Perullo (CISO, ICE NYSE) and DJ Goldsworthy (Director, Aflac) will discuss how they position security as a value driver, not a cost-center in their orgs, and how they keep their teams innovating and approaching security creatively to build agile models.      So what are you waiting for?   That’s a pretty awesome schedule full of world-class insights, advice, and experience from experts who’ve secured their people and business against attacks. We believe learning directly from others experiences’ is the best way to drive the security industry forward, so our aim is to bring as many diverse speakers together. The only thing missing is you. 

Tessian is excited to announce a new integration with Sumo Logic that allows customers to understand their risk through out-of-the-box monitoring and analytics capabilities.

Benefits of the Sumo Logic integration Easily and instantly gain visibility into data loss, email security, and insider risks that could potentially lead to data breaches   Quickly analyze incidents in real time, enabling fast prioritization and remediation of threats posed by employee’s risky behavior Combine Tessian’s human risk intelligence with additional data sources to detect anomalies and gain a holistic picture of organizational risk Easily learn your top targeted employees or risky employees and take proactive remedial actions How to install and use the Sumo Logic Tessian App Security leaders who use both Tessian and Sumo Logic can access and install the app in the Sumo Logic app catalog. Pre-built dashboards include:  Tessian Overview Dashboard: visibility into all Tessian modules in one pane of glass

Tessian Defender Dashboard: visibility into inbound email security events and common threat types, along with your top targeted users

Tessian Guardian Dashboard: visibility into the number of prevented misdirected email, users and flag reasons

Tessian Enforcer Dashboard: visibility into sensitive data exfiltration by providing insights into attempted and prevented unauthorized email attempts including users behind these attempts

Learn more Want to learn more about Tessian’s integrations? Click here.

So, you’ve accidentally sent an email to the wrong person. Don’t worry, you’re not alone. According to Tessian research, over half (58%) of employees say they’ve sent an email to the wrong person. We call this a misdirected email and it’s really, really easy to do. It could be a simple spelling mistake, it could be the fault of Autocomplete, or it could be an accidental “Reply All”. But, what are the consequences of firing off an email to the wrong person and what can you do to prevent it from happening? We’ll get to that shortly. But first, let’s answer one of the internet’s most popular (and pressing) questions: Can I stop or “un-send” an email?

Can I un-send an email? The short (and probably disappointing) answer is no. Once an email has been sent, it can’t be “un-sent”. But, with some email clients, you can recall unread messages that are sent to people within your organization.  Below, we’ll cover Outlook/Office 365 and Gmail. Recalling messages in Outlook & Office 365 Before reading any further, please note: these instructions will only work on the desktop client, not the web-based version. They also only apply if both you (the sender) and the recipient use a Microsoft Exchange account in the same organization or if you both use Microsoft 365.  In simple terms: You’ll only be able to recall unread emails to people you work with, not customers or clients. But, here’s how to do it. Step 1: Open your “Sent Items” folder Step 2: Double-click on the email you want to recall Step 3: Click the “Message” tab in the upper left-hand corner of the navigation bar (next to “File”) → click “Move” → click “More Move Actions” → Click “Recall This Message” in the dropdown menu Step 4: A pop-up will appear, asking if you’d like to “Delete unread copies of the message” or “Delete unread copies and replace with a new message” Step 5: If you opt to draft a new message, a second window will open and you’ll be able to edit your original message While this is easy enough to do, it’s not foolproof. The recipient may still receive the message. They may also receive a notification that a message has been deleted from their inbox. That means that, even if they aren’t able to view the botched message, they’ll still know it was sent. There’s more information about recalling emails in Outlook here.  

Recalling messages in Gmail Again, we have to caveat our step-by-step instructions with an important disclaimer: this option to recall messages in Gmail only works if you’ve enabled the “Delay” function prior to fat fingering an email. The “Delay” function gives you a maximum of 30 seconds to “change your mind” and claw back the email.  Here’s how to enable the “Delay” function. Step 1: Navigate to the “Settings” icon → click “See All Settings” Step 2: In the “General” tab, find “Undo Send” and choose between 5, 10, 20, and 30 seconds.  Step 3: Now, whenever you send a message, you’ll see “Undo” or “View Message” in the bottom left corner of your screen. You’ll have 5, 10, 20, or 30 seconds to click “Undo” to prevent it from being sent.  Note: If you haven’t set-up the “Delay” function, you will not be able to “Undo” or “Recall” the message. There’s more information about delaying and recalling emails in Gmail here. So, what happens if you can’t recall the email? We’ve outlined the top six consequences of sending an email to the wrong person below. 

What are the consequences of sending a misdirected email? According to Verizon’s 2021 DBIR, misdelivery is the most common type of error to cause a breach. But is a breach the biggest consequence? We asked employees in the US and UK what they considered the biggest consequences of sending a misdirected email. Here’s what they had to say. !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); Importantly, though, the consequences of sending a misdirected email depend on who the email was sent to and what information was contained within the email. For example, if you accidentally sent a snarky email about your boss to your boss, you’ll have to suffer red-faced embarrassment (which 36% of employees were worried about). If, on the other hand, the email contained sensitive customer, client, or company information and was sent to someone outside of the relevant team or outside of the organization entirely, the incident would be considered a data loss incident or data breach. That means your organization could be in violation of data privacy and compliance standards and may be fined. But, incidents or breaches don’t just impact an organization’s bottom line. It could result in lost customer trust, a damaged reputation, and more.

Let’s take a closer look at each of these consequences. Fines under compliance standards Both regional and industry-specific data protection laws outline fines and penalties for the failure to implement effective security controls that prevent data loss incidents. Yep, that includes sending misdirected emails. Under GDPR, for example, organizations could face fines of up to 4% of annual global turnover, or €20 million, whichever is greater.  And these incidents are happening more often than you might think. Misdirected emails are the number one security incident reported to the Information Commissioner’s Office (ICO). They’re reported 20% more often than phishing attacks.  Lost customer trust and increased churn Today, data privacy is taken seriously, and not just by regulatory bodies.  Research shows that organizations see a 2-7% customer churn after a data breach and 20% of employees say that their company lost a customer after they sent a misdirected email. A data breach can (and does) undermine the confidence that clients, shareholders, and partners have in an organization. Whether it’s via a formal report, word-of-mouth, negative press coverage, or social media, news of lost – or even misplaced – data can drive customers to jump ship. Revenue loss Naturally, customer churn + hefty fines = revenue loss. But, organizations will also have to pay out for investigation and remediation and for future security costs. How much? According to IBM’s latest Cost of a Data Breach report, the average cost of a data breach today is $3.86 million. Reputation damage As an offshoot of lost customer trust and increased customer churn, organizations will – in the long-term – also suffer from a damaged reputation. Like we’ve said: people take data privacy seriously. That’s why, today, strong cybersecurity actually enables businesses and has become a unique selling point in and of itself. It’s a competitive differentiator. Of course, that means that a cybersecurity strategy that’s proven ineffective will detract from your business. But, individuals may also suffer from a damaged reputation or, at the very least, will be embarrassed. For example, the person who sent the misdirected email may be labeled careless and security leaders might be criticized for their lack of controls. This could lead to…. Job loss Unfortunately, data breaches – even those caused by a simple mistake – often lead to job losses. It could be the Chief Information Security Officer, a line manager, or even the person who sent the misdirected email. Our Psychology of Human report found 1 in 4 people who made email mistakes at work subsequently lost their jobs. It goes to show that security really is about people. That’s why, at Tessian, we take a human-centric approach and, across three solutions, we prevent human error on email, including accidental data loss via misdirected emails.

How does Tessian prevent misdirected emails? Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprises. It turns an organization’s email data into its best defense against human error on email. Importantly, Tessian’s technology automatically updates its understanding of human behavior and evolving relationships through continuous analysis and learning of the organization’s email network.  That means that if, for example, you frequently worked with “Jim Morris” on one project but then stopped interacting with him over email, Tessian would understand that he probably isn’t the person you meant to send your most recent (highly confidential) project proposal to. Crisis averted.  Interested in learning more about how Tessian can help prevent accidental data loss and data exfiltration in your organization? You can read some of our customer stories here or book a demo.

Email is the threat vector security leaders are most worried about protecting.  It’s the most common channel for data exfiltration, fraud, and targeted attacks such as impersonation and phishing, and it’s the major point of egress for sensitive data. And, in most cases, the root cause of these incidents is human error.  Employees break the rules, make mistakes, and can easily be tricked or hacked. This begs the question: what’s the best solution? This blog evaluates legacy data loss prevention (DLP) solutions and is based on an extensive whitepaper available for download. The whitepaper provides greater depth and compares human layer security (HLS) with the legacy security solutions discussed here.   Why Aren’t Legacy Data Loss Prevention (DLP) Solutions Effective? While DLP provides value in certain cases, it does not solve the fundamental problem facing organizations – how to keep data secure in the real world where the information and attachments in emails move and are always accessible to anyone.  Once data leaves the point of control, whether at the endpoint or the network, DLP no longer has control over that content.  If your emails contain information and files that are forwarded and accidentally exposed to the wrong people, there is very little that DLP can do. In this blog, we’ll focus on the five biggest problems with legacy DLP solutions. Remember: you can download the whitepaper for a more detailed analysis. Does Not Protect Against Accidental Data Loss Rules-based approaches simply cannot detect accidental data loss – for example, when emails are sent to the wrong people or the wrong file is attached – because there are no regex or pattern matches that can be applied. This level of protection requires context that DLP just doesn’t have. But, it’s important, especially when research shows at least 800 emails are sent to the wrong person every year in organizations with 1,000+ employees. The HLS Difference: Tessian Guardian automatically detects and prevents misdirected emails and misattached files.  DLP Focuses on a Negative Control Model Legacy DLP is very strict with a binary approach to protecting data. It either allows it or blocks it. In a post-perimeter architecture, this is highly disruptive to business and unsustainable. The HLS Difference: Tessian is frictionless; it’s invisible until you need it, which has helped enterprise customers across industries prevent data loss, without impeding productivity. Read our customer stories to learn more.   Slow, Cumbersome and Non-adaptive 85% of security leaders say DLP is admin-intensive.  Legacy DLP must analyze all content and try to match it to block lists. This requires extensive analysis and the matching can be wrong as enterprise email content is constantly changing.  As content and locations get more complex, legacy DLP can develop problems very quickly.  The HLS Difference: Tessian uses contextual machine learning, and our ML models have been trained on more than two billion emails – rich in information on the kind of data people send and receive every day. Importantly, they continue to automatically adapt and learn as human relationships evolve over time. Learn more about our technology.  Difficult and Expensive to Implement While DLP may be regarded as a check-the-box solution for compliance, it is incredibly cumbersome, complex, and expensive to deploy, often requiring huge spend in professional services to implement and maintain.  Typical deployments are at least 12 months which makes it hard to justify the return on investment vs. the security it provides. The HLS Difference: With Tessian, there is no pre-configuration required, and the platform starts preventing threats within 24 hours of deployment.

Limited Threat Visibility Legacy DLP, including Email DLP, Endpoint DLP, and Network DLP offer little to no visibility into employee risk is one of the biggest challenges security and risk management leaders face.  Worse still, when insights around risk are available, it’s siloed and hard to interpret.  Insights around security awareness training exist in separate systems from insights related to threats that have been detected and prevented. There’s no integration which means security leaders can’t get a full view of their risk profile. Without integration and visibility, it’s impossible to take a tailored, proactive approach to preventing threats.  The HLS Difference: With Tessian Human Layer Risk Hub, our customers can now deeply understand their organization’s security posture with granular visibility into employee risk and insights into individual user risk levels and drivers. Learn more about Human Layer Security Tessian uses contextual machine learning to address the problem of accidental or deliberate data loss by applying human understanding to email behavior. Guardian: Automatically prevents accidental data loss via misdirected emails and misattached files. No rules required. Enforcer: Automatically prevents data exfiltration and other non-compliant activities on email  Human Layer Security Intelligence: Comprehensive visibility into employee risks, threat insights, and tools that enable rapid threat investigation and proactive risk mitigation Human Layer Risk Hub: Enables security and risk management teams to deeply understand their organization’s email security posture, including individual user risk levels and drivers

Phishing – in its many varieties – is the threat most security leaders are concerned about protecting their organizations against. Why? Because attacks are frequent, hard-to-spot, time-consuming to investigate, and expensive to recover from.  And legacy solutions like Secure Email Gateways (SEGs), sandboxes, DMARC, and security awareness training out there just aren’t enough. With these methods, users aren’t engaged in a meaningful way and unknown anomalies aren’t accounted for. But there’s a better way.  This blog evaluates the shortcomings of legacy phishing prevention solutions, and proposes a different approach: Human Layer Security. Note: This article is based on an extensive whitepaper available for download. The whitepaper provides greater depth as it compares Human Layer Security with the legacy security solutions discussed here. The problem with SEGs & native tools SEGs lack the intelligence to learn user behavior or rapidly adapt.  The backbone of a SEG is traditional email security approaches – static rules, signature based detection, library of known threats, etc. Meanwhile, attackers consistently evolve their techniques, email networks are dynamic in nature, and human behavior is inconsistent and unpredictable. That means rules are out of date as soon as they are created and signature-based approaches are ineffective. They can’t detect advanced impersonation, account takeover (ATO), third-party supply chain risk, or wire fraud. Worse still, SEGs don’t address other entry points like Microsoft SharePoint, OneDrive, and ShareFile, which are some of the most hacked cloud tools.  What about native controls like Microsoft ATP? O365’s native security controls do protect users against bulk phishing scams, spam, malware, and domain spoofing. And these tools are great when it comes to stopping broad-based, high-volume, low-effort attacks – they offer a baseline protection.  But, today’s email attacks have mutated to become more sophisticated and targeted.  Attackers use automation to make small, random modifications to existing malware signatures and use transformation techniques to bypass these native O365 security tools. Unsuspecting – and often untrained – users fall prey to socially engineered attacks that would be hard for even a security expert to spot.  To learn more about why Office 365 accounts are vulnerable to attack, click here. Why sandboxes fail to detect phishing attacks One of the primary ways sandboxes can fail is in phishing attempts.  Any detection made by the sandbox is dependent on a file exhibiting malicious behavior. This is easy to work around. Hackers will often send a PDF that contains a link to a malicious form to avoid detection.  Likewise, documents with a URI (Uniform Resource Identifier) have an extremely low footprint for sandboxes to detect. And the short TTL domain doesn’t leave much evidence for event analysis or threat intelligence. There are issues with latency, too. Emails, communications, downloads, and important files can take several minutes to reach their destination because of the bottleneck sandboxes can create. This is not an option in today’s modern enterprises where real-time communication and collaboration is paramount. Why DMARC isn’t enough Domain-Based Message Authentication Reporting and Conformance (DMARC), is an added authentication method that uses both SPF and DKIM to verify whether or not an email was actually sent by the owner of the domain that the user sees.  In order for DMARC to pass, both SPF and DKIM must pass, and at least one of them must be aligned. While impersonating a given domain is a common method used for phishing and other malicious activities, there are other attack vectors that DMARC does not address. For example, DMARC does not address domain impersonation attacks (i.e. sending from a domain that looks like the target being abused – e.g. exampl3.com vs. example.com), or display name impersonation (i.e. modifying the “From” field to look as if it comes from the target being abused). The other misunderstood aspect of DMARC is that enabling DMARC on your domain protects your domain from being used in a phishing attack. But to protect your organization against phishing and spear phishing attacks, all domains used in communication with your employees should have DMARC enabled on them.  But still, only one-third of businesses employ DMARC.  This makes the security of your organization dependent on other companies communicating with your organization and vulnerable to supply chain risk, especially since DMARC records are publicly available, meaning attackers can easily identify and target domains that are not registered, and thus are vulnerable to impersonation. Finally, in addition to their own internal domains, organizations are likely to use some combination of Office 365, Gmail, MailChimp, Salesforce.com and other third-party email services. But it’s a challenge to then retrofit them all with DMARC. Want to learn more? We explore the limitations of DMARC in more detail here. The limitations of security awareness training Security Awareness Training (SAT) is seen as a “quick win” when it comes to security – a box-ticking exercise that companies can do in order to tell their shareholders, regulators and customers that they’re taking security seriously.  Sadly, the evidence of these initiatives being conducted is much more important than the effectiveness of them.  And engagement is a big problem. Too many SAT programs are delivered once or twice a year in lengthy sessions. This makes it really hard for employees to remember the training they were given, and the sessions themselves have to cram in too much content to be memorable.  It’s also difficult for security leaders to trains their employees to spot today’s sophisticated attacks. That’s because SAT platforms rely on simulating phishing threats by using pre-defined templates of common threats. This is a fair approach for generic phishing awareness (e.g. beware the fake O365 password login page), but it’s ineffective at driving awareness and preparing employees for the highly targeted and continuously evolving phishing threats they’re increasingly likely to see today (e.g. an email impersonating their CFO with a spoofed domain). We explore the pros and cons of phishing awareness training here. What is Human Layer Security?  The only question left to answer is: When legacy solutions and training programs aren’t enough, how can we prevent employees from interacting with the malicious emails that land in their inbox? The answer is Human Layer Security (HLS). SEGS and native tools like O365 provide basic phishing protection, but organizations need an intelligent solution like Tessian to detect and prevent advanced inbound attacks like BEC, ATO, and CEO Fraud that make it through inbuilt bulk phishing and spam filters. Tessian Defender uses machine learning (ML) to protect your people from even the most advanced inbound threats.  Here’s how: Tessian’s machine learning algorithms analyze your company’s email data, learn employees’ normal communication patterns, and map their trusted email relationships — both inside and outside your organization. Tessian inspects both the content and metadata of inbound emails for any suspicious or unusual signals pointing to a potential impersonation, ATO, or BEC threat. For example, payloads, anomalous geophysical locations, IP addresses, email clients, and sending patterns.  Once it detects a threat, Tessian alerts employees that an email might be unsafe, explaining the threat in easy-to-understand language via an interactive notification.

Today, we announce the news that Tessian is moving to a 100% channel model, partnering with leading cybersecurity partners like Optiv Security to help enterprises secure the human layer and protect against threats caused by human error. There’s currently a gap in enterprise email security. Nearly 50% of advanced phishing emails bypass secure email gateways while legacy email solutions and data loss prevention (DLP) controls aren’t stopping employees from leaking data, accidentally or otherwise. Using machine learning, Tessian is solving these problems in a way that current technology providers can’t – opening up a huge opportunity for security-focused partners. 

Led by the company’s Chief Strategy Officer, Matt Smith, and the team who successfully built and scaled the Duo Security channel program, Tessian’s channel team has launched a best of breed, invite-only partner program and has also signed partnerships with the likes of Altinet and CTS in the UK, Asystec and Kontex in Ireland, and Nclose in South Africa. It is now looking to bring more security-centric and strategic go-to-market partners onboard to help holistically solve one of the biggest problems in enterprise security today.

“A 100% channel model means the Tessian team is ‘all-in’ on partners,” says Smith. “We’re committed to helping our partners differentiate their offerings, design new service packages and increase their profitability. Channel partners play a critical role in advising and helping CISOs and CIOs solve major security challenges – which today includes data loss and breaches caused by people. With trusted partners like Optiv, we can truly accelerate our mission of securing the human layer in the enterprise.”  “A solid cybersecurity infrastructure is a core asset to every organization. As companies become increasingly vulnerable to security threats, both intentional and unintentional, it’s vital that tested and trusted security solutions are in place,” says Ahmed Shah, senior vice president of alliances and strategic partnerships at Optiv. “We welcome the opportunity to partner with companies like Tessian that provide these types of services to enterprise clients.” To find out more about Tessian’s channel program, click here. 

Data loss prevention (DLP) and insider threat management are both top priorities for security leaders to protect data and meet compliance requirements.   And, while there are literally thousands of threat vectors – from devices to file sharing applications to physical security – email is the threat vector security leaders are most concerned about protecting.   It makes sense, especially with remote or hybrid working environments. According to Tessian platform data, employees send nearly 400 emails a month. When you think about the total for an organization with 1,000+ employees, that’s 400,000 emails, many of which contain sensitive data. That’s 400,000 opportunities for a data breach. The solution? Email data loss prevention.

This article will explain how email DLP works, consider the different types of email DLP, and help you decide whether you need to consider it as a part of your overall data protection strategy. 

What is email data loss prevention?   Essentially, email DLP tools monitor a company’s email communications to determine whether data is at risk of loss or theft. There are several methods of email DLP, which we’ll look at below. But they all attempt to: Monitor data sent and received via email Detect suspicious email activity Flag or block email activity that leads to data loss Do I need email data loss prevention?   Unless you’re working with a limitless security budget (lucky you!), it’s important to prioritize your company’s resources and target areas that represent key security vulnerabilities.   Implementing security controls is mandatory under data protection laws and cybersecurity frameworks, like the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and Health Insurance Portability and Accountability Act (HIPAA).   And there’s a good reason to prioritize preventing data loss on email. As we’ve said, email is the threat vector security leaders are most concerned about. We’ll explain why.    Inbound email security threats   How can malicious external actors use email to steal data? There are many methods.   Phishing—social engineering attacks designed to trick your employees into handing over sensitive data. According to the FBI, phishing is the leading cause of internet crime, and the number of phishing incidents doubled in 2020. Spear phishing—like phishing, but targeted at a specific individual. Spear phishing attacks are more sophisticated than the “bulk” phishing attacks many employees are used to. Malware—phishing emails can contain a “malicious payload”, such as a trojan, that installs itself on a user’s device and exfiltrates or corrupts data.   Email DLP can help prevent criminals from exfiltrating your company’s data. Internal email security threats While it’s crucial to guard against external security threats, security teams are increasingly concerned with protecting company data from internal actors. There are two types of internal security threats: accidental and malicious.  Accidental data loss Accidents happen. Don’t believe us?  Human error is the leading cause of data breaches. Tessian platform data shows that in organizations with 1,000 or more employees, people send an average of 800 misdirected emails (emails sent to the wrong recipient) every year. That’s two every day.    How can a misdirected email cause data loss? Misspelling the recipient’s address, attaching the wrong file, accidental “reply-all”—any of these common issues can lead to sensitive company data being emailed to the wrong person.   And remember—if the email contains information about an individual (personal data), this might be a data breach. Misdirected emails are the top cause of information security incidents according to the UK’s data regulator.   We can’t forget that misattached files are also a big problem. In fact, nearly half (48%) of employees say they’ve attached the wrong file to an email. Worse will, according to survey data:   42% of documents sent in error contained company research and data 39% contained security information like passwords and passcodes 38% contained financial information and client information 36% contained employee data   But, not all data loss incidents are an accident.   Insider threats   Employees or contractors can steal company data from the inside. While less common than accidental data loss, employees that steal data—or simply overstep the mark—are more common than you might think.   Some employees steal company data to gain a competitive advantage in a new venture—or for the benefit of a third party. We covered some of these incidents in our article, 11 Real Insider Threats.   But more commonly, employees are breaking the rules for less nefarious reasons. For example, employees send company data to a personal email address for convenience. For example, to work on a project at home or on another device.   Sending unauthorized emails is a security risk, though. Tessian platform data shows that it occurs over 27,500 times per year in companies with 1,000 employees or more. And, while – yes – it’s often not done maliciously, the consequences are no less dire, especially in highly regulated industries. So, how do you prevent these things from happening?   Email DLP solutions to consider   Research shows that the majority of security leaders say that security awareness training and the implementation of policies and procedures are the best ways to prevent data loss. And both are very important.   !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js");   But – as well-intentioned as most employees are – mistakes still happen despite frequent training and despite stringent policies. That means a more holistic approach to email DLP – including technology – is your best bet. Broadly, there are two “types” of DLP technology: ruled-based DLP and machine learning DLP.   Rule-based email DLP   Using rule-based DLP, IT administrators can tag sensitive domains, activities, or types of data. When the DLP software detects blacklisted data or behavior, it can flag it or block it.   Like training and policies, rule-based DLP certainly has its place in security strategies. But there are limitations of ruled-based DLP. This “data-centric” model does not fully account for the range of behavior that is appropriate in different situations.   For example, say an IT administrator asks email DLP software to block all correspondence arriving from “freemail” domains (such as gmail.com), which are often used to launch cyberattacks. What happens when you need to communicate with a contractor or customer using a freemail address?   What’s more, rule-based DLP is very admin-intensive. Creating and managing rules and analyzing events takes a lot of time, which isn’t ideal for thinly-stretched security teams.   🤖 Machine learning email DLP   Machine learning email DLP is a “human-centric” approach. By learning how every member of your company communicates, machine learning DLP understands the context behind every human interaction with data.   How does machine learning email DLP work? This DLP model processes large amounts of data and learns your employees’ communications patterns.   The software understands when a communication is anomalous or suspicious by constantly reclassifying data according to the relationship between a business and customers, suppliers, and other third parties. No rules required.   This type of DLP solution enables employees to work unimpeded until something goes wrong, and makes preventing data loss effortless for security teams.

Learn more about how Tessian’s email DLP solutions   Tessian uses contextual machine learning to address the problem of accidental or deliberate data loss by applying human understanding to email behavior.   Our contextual machine learning models have been trained on more than two billion emails – rich in information on the kind of data people send and receive every day. And they continue to adapt and learn as human relationships evolve over time.   This enables Tessian Guardian to look at email communications and determine in real-time if particular emails look like they’re about to be sent to the wrong person or if an employee has attached the wrong file. Tessian Enforcer, meanwhile, can identify when sensitive data is about to be sent to an unsafe place outside an organization’s email network. And, finally, Tessiden Defender prevents inbound threats, like spear phishing, business email compromise, and CEO fraud.    To learn more about data exfiltration and how Tessian uses machine learning to keep data safe, check out our customer stories or talk to one of our experts today. You can also subscribe to our monthly newsletter below to get more updates about DLP, compliance, spear phishing, industry trends, and more. 

We’ve said it before and we’ll say it again: cybersecurity is a team sport. That means that (like it or not) the responsibility and burden sits with everyone, including the Chief Finance Officer (CFO).  That’s right: quantifying cyber risk, navigating cyber insurance policies, and negotiating ransom with hacking groups can all be part of the job spec.  If you’re a CFO who’s struggling to understand their role in cybersecurity, keep reading. We share 7 opportunities to get involved and protect your company’s assets.  Note: Every company is different. Size, revenue, industry, and reporting structures all play a role. This is general advice meant to provide a bird’s eye view of a CFO’s potential involvement in cybersecurity. 1. Quantify risk It can be hard for the C-suite to see the value of a solution when they haven’t yet experienced any consequences without it. As the saying goes, “If it ain’t broke, don’t fix it”.  That’s why it’s so important CFOs step in to quantify risk using specific “what-if” scenarios. The most basic formula is: probability x expected cost. Let’s use the example of an email being sent to the wrong person. We know at least 800 misdirected emails are sent every year in organizations with 1,000 employees. The expected cost, of course, depends on the email content and recipient, but let’s look at the worst-case scenario. What would the cost be if your press release for an upcoming, highly confidential merger and acquisition landed in a disgruntled former employee’s inbox? How would this impact the M&A itself? The company’s reputation? Revenue? Not a risk worth taking. Learn more about the key security challenges organizations face during M&A events. 2. Benchmark spending against other organizations Just like a marketing team should use a benchmark to determine whether or not their email list is engaged, CFOs should use a benchmark to determine how much they should be spending on cybersecurity. Think of it as your North Star. Fortunately, it’s relatively easy to determine how much your competitors or industry mavericks are shelling out. At least if they’re publicly traded.  A good place to start is their S-1. Here, you’ll be able to see what percentage of the company’s revenue goes towards Sales and Marketing, Research and Development, and General and Administrative.  This should give you a good idea of how to allocate your revenue.  You can also look at more general benchmark reports. For example, according to a Deloitte study, cybersecurity spending has increased YoY, from .34% of a company’s overall revenue in 2019 to .48% in 2020.  In 2020, that equated to $2,691 per full-time employee.   Bonus: Did you know you can also benchmark your security posture against your industry peers with Tessian Human Layer Security Intelligence? Learn more.  3. Vet cyber insurance policies Today, virtually every business needs cyber liability insurance. If you run a business that stores client, customer, or partner data…you need it. But it’s money wasted if you aren’t fully familiar with the policy terms. Check to make sure your first-party cyber insurance includes: Breach response recovery (including technical and legal advice) Forensic analysis for identifying the attack source Event management (including data recovery, PR services, and notification of clients) Cyber extortion Network/business interruption (including those that are the result of an attack on a third party) Dependent business interruption Credit monitoring services Consequential reputational loss or loss of income It’s also worth exploring third-party cyber insurance to protect your company’s assets from subsequent compliance penalties and settlement costs.  For example, Facebook settled a class-action lawsuit over its use of facial recognition technology. Illinois. The case reportedly settled for $550 million for a violation of the Biometric Information Privacy Act.  Third-party cyber insurance should include: Network security failures and privacy events Regulatory defense and penalties (including coverage for GDPR liabilities) PCI-DSS liabilities and costs Media content liability  4. Communicate with the board In a sentence, the CFO is responsible for the financial security of an organization. And, in the event of a breach, financial security simply isn’t guaranteed. Don’t believe us? Check out the consequences of a breach, according to IT leaders: !function(e,t,s,i){var n="InfogramEmbeds",o=e.getElementsByTagName("script"),d=o[0],r=/^http:/.test(e.location)?"http:":"https:";if(/^\/{2}/.test(i)&&(i=r+i),window[n]&&window[n].initialized)window[n].process&&window[n].process();else if(!e.getElementById(s)){var a=e.createElement("script");a.async=1,a.id=s,a.src=i,d.parentNode.insertBefore(a,d)}}(document,0,"infogram-async","//e.infogram.com/js/dist/embed-loader-min.js"); All of these will impact a company’s bottom line, including share value and rate of growth… two things the board doesn’t want to hear and news a CFO would hate to deliver.   But this isn’t a case of shooting the messenger. The responsibility and burden of cybersecurity sits with everyone, remember?  Post-breach, the board, auditors, and other third parties will be examining how effectively budgets were allocated to prevent the worst. That’s why it’s essential the CFO is actively involved in creating and implementing cybersecurity strategies; they have skin in the game.  5. Create secure processes for the finance team While – yes – the CFO holds the power of the purse and therefore influences the overall cybersecurity strategy, they also have a massive responsibility to secure their own team’s processes. After all, the finance department is one of the most targeted, specifically by invoice fraud, wire transfer fraud, and business email compromise.  Between June 2016 and July 2019, FBI statistics show that wire transfer fraud via BEC occurred 166,349 times, and cost businesses over $26 billion. In 2019, the number of bank transfer phishing scams occurring in the UK increased by 40%. In 2017, the FBI received 15,690 complaints about BEC (primarily involving wire transfer), resulting in over $675 million in losses. In 2019, this increased to 23,775 complaints and over $1.7 billion in losses. To protect against these incidents, CFOs should work with security teams to help train employees to spot scams, implement email security software to spot suspicious domains, and create fool-proof payment validation processes. For more tips, check out this article: Everything You Need to Know About Wire Transfer Phishing. 6. Negotiate ransom in the event of a ransomware attack  This is a position no CFO wants to be in. But, more and more, we’re seeing organizations being forced to comply with cyber criminals’ extortion demands. (7 Examples of Ransomware Attacks here.) While this may seem far beyond the scope of a finance director’s role, they’re heavily involved in the process. Of course, the first question to answer is: To pay? Or not to pay? This depends on an infinite number of factors, including the data being held, the hacking group who infiltrated the network, your cyber insurance policy, the company’s liquid assets….  The list goes on.  To avoid being put between a rock and a hard place, CFOs (along with the rest of the C-Suite and security team) should take prevention seriously, including anti-malware software, patching processes, and security for email, web, and other services. Tessian can help with email by preventing ransomware attacks at the source. 7. Know how to spot a phish CFO’s are generally among the most frequently targeted by phishing attacks. They’re also frequently impersonated. It makes sense. They have access to and control over the company’s money. It’s essential, then, that CFOs are especially vigilant, know how to spot a spear phishing attack, and know what to do if they suspect an email, text, or call is malicious.  Training, technology, and processes can help. If you want to learn more about how Nudge theory plays a role, check out this article about in-the-moment warnings. Looking for more resources? Check out the following: ⚡ Relationship 15: A Framework to Help Security Leaders Influence Change ⚡ CEO’s Guide to Data Protection and Compliance ⚡ Who Are the Most Likely Targets of Spear Phishing Attacks? ⚡ Why Information Security Must Be a Priority for GCs in 2021

When our three  founders, Tim, Ed, and Tom conceived of a company initially called “CheckRecipient” in their London apartment, the path to working with the largest and most prestigious companies on the planet would have felt a long way away.  Yet here we are, 9.5 years later, already growing our base of Fortune 500 customers while plotting our journey to 50k+ employee companies and beyond.

Of course, regardless of the size of our customers, our mission is the same. We continue to empower people to do their best work, without security getting in the way. But working relationships between customers and vendors change when you go upmarket. Based on my experience of working with our largest customers, here are five challenges enterprise customers face with security vendors, and tips to help CISOs and Heads of Infosec carefully navigate the often rewarding (and always noisy) world of vendor partnerships. Vendors, vendors everywhere… So you’re a CISO at a prestigious bank, law firm, or healthcare company.  Every security vendor under the sun wants a piece of your time. This is exhausting. And frequently counterproductive. Don’t they know you also have a job to do? So, what do you do about it? Go to every meeting your vendors book in and try to work around it? Go completely quiet on all your vendors and hope that you’re getting value from the partnerships anyhow? We’ve learned with our customers that it’s worth taking control of this situation early on. 1. Categorize your vendors into a quadrant based on the current value you’re seeing and their potential value. Work with your team to sketch out a framework for current value, and then challenge your vendors to supply you with the telemetry to feed that framework. Potential value is more of a judgement call, but here are a list of questions you may want to consider.  How fast is the vendor growing?  How innovative is their roadmap?  How many of their products/services are we currently not using that we could be?  By the way, this quadrant will also be really useful when it comes to budgeting season and renewal conversations with your vendors…  Think very critically about whether you should be continuing to partner with your “Low Performers”.

2. Based on the quadrant, communicate with your vendors how often you need to connect with them. (If you want to go a step further, you can even take the lead on scheduling so meetings go in at convenient times for you.). For example, you may want to meet with your magic quadrant and high potential vendors quarterly, but the “Steady Eddies” may only require your attention once a year. Longer time to value They say that time heals all. But in SaaS, time is the biggest killer for momentum, engagement, and ultimately ROI.  That’s why the onboarding process is critical to the long-term success of a partnership.  There’s two determining steps for onboarding:  Internal Processes: For the enterprise, there is plenty of red tape and change management when it comes to deploying new tech. The most successful deployments I’ve seen involved a proactive CISO or Head of Infosec pulling as much process management forward as possible. Technical Deployment Considerations. Rome wasn’t built in a day. Likewise, enterprise tech teams will often adopt a 1-9-90 approach to deployment (e.g. a pilot 1% group of friendly users getting the tech initially, then 9%, then the rest). Those security leaders who agree on and stick to a deployment plan, encourage deployment project leads to connect regularly with the vendor, and ensure roadblocks are identified and escalated early are the most successful.  Support tickets and feature request prioritization I’ve seen support processes and feature requests work really well and in all such cases, the key is communication. Encourage your technical leads to agree up front with your vendors how best to flag high priority tickets. It’s worth keeping oversight on this to ensure it aligns with what’s strategically important to you. This is the hymn sheet that both parties can sing from when it comes to escalation and helps everyone involved avoid the old fashioned (and slightly anarchical) “who shouts the loudest” method of prioritization. The same goes for feature requests. Agree a process for tracking these and allocating a scale all the way from “deal breaker” to “nice to have” (and what’s needed now vs in the future). Strength in numbers As 1997 UK trip-hop band Olive (niche reference?) once sang: “You’re not alone”. No enterprise CISO Head of Infosec is an island. There’s often a temptation to hoard ownership of the partnership with a vendor to prevent those pesky folks running wild throughout your business. In practice, this probably achieves the opposite effect. Our most successful Tessian customers involve a broad set of stakeholders in the ownership of the vendor partnership and outsource some of the heavy lifting of demonstrating the product ROI to the vendor’s CSM. For example, at Tessian, stakeholders from the security function, IT, HR, compliance, and legal will all have a say in the successful implementation of the product. The exact same process is going on internally at Tessian, with exec sponsors, product managers, CSMs, and account executives all aligned to each enterprise account.  Integration is king (and consolidation is… prince?) Finally, the enterprise space is becoming increasingly cluttered with more and more vendors seemingly popping up every day.  You may find yourself looking at the 10s or even 100s of vendors they partner with and asking, “Do I actually feel more secure?”. It’s a fine balancing act between the skyscraper of layered defenses and the modest bungalow of a lean stack.  And the wire that connects these two buildings is – you guessed it – integration. Now, I dislike the cliche of “Make 1+1=3” (it doesn’t). But pushing your key vendors to integrate will not only improve the value you get out of them individually, it will also bring clarity to any overlap or redundancies in functionality between them. Any opportunity to trim down bulky incumbent contracts where another vendor can pick up the slack has to be considered a win. I’d emphasize that this refers to integration not just in terms of functionality, but also reporting. Over half of our enterprise clients have already enabled the SIEM API to create a “single pane of glass” view of insights that becomes tool agnostic.  For example, Investec joined us for a webinar to explain how they’re using Splunk to centralize and correlate their Tessian reporting with other tools. You can check out a summary of their tips here]. Conclusion   If you’ve made it this far I commend your ability to put up with my penchant for a metaphor… Increasingly, we’re moving away from the classic, client-vendor relationships and towards a more symbiotic model of shared goals. This is vastly more conducive to getting holistic value for what you pay for.  The bottom line: the foundation for any halfway decent partnership is good communication. That’s not “communication” in the sense of spending hours on calls with a vendor every day. What it does mean is early alignment with them on what it is you hope to achieve through working together – that way we all really are singing from the same hymn sheet 🎼