Dramatically faster solution that quickly identifies and responds to email threats through proactive threat hunting capabilities and automated response to end-user reported emails.  Quickly pivot between email events and prioritize response workflows through powerful search queries. Continuously improve prevention via a feedback loop to Tessian’s behavioral based AI detection. Boston, MA – April 25, 2023 – Tessian, a leading Integrated Cloud Email Security company, today announced the general availability of Tessian Respond, a major improvement in how security teams identify and respond to email threats compared to traditional secure email gateway solutions.  Security teams today face a backlog of end-user reported email threats, missed attacks by traditional controls, and spend too much investigating and remediating individual emails. Tessian Respond enables security teams to quickly identify and respond to all email threats by offering proactive threat hunting capabilities and enabling response and remediation for end-user reported emails. Security admins can now use powerful search queries that leverage intelligence and threat indicators from across the entire Tessian platform. Hundreds of world leading organizations trust the Tessian Cloud Email Security Platform which offers the industry’s most complete set of capabilities required for cloud email security: Tessian Defend, Tessian Protect, Tessian Respond, and Tessian Coach, in a simple to deploy model.  “At Tessian, we are focused on helping our customers eliminate email based threats,” said Allen Lieberman, Chief Product Officer of Tessian. “As customers pivot to cloud based email platforms, they are reconsidering their email security stack to prevent more threats and simplify operations.  With the introduction of Tessian Respond, combined with our existing Defend, Protect, and Coach capabilities, Tessian has established a platform that can be deployed in minutes, dramatically reducing email based risk and greatly simplifying operations”.  “Tessian stops email threats, including Phishing, Business Email Compromise and attacks that could lead to Ransomware or Credential theft on a daily basis,” said Jason Patterson, Senior Director of InfoSec, Compliance and Risk Management at Nasuni. “Without Tessian, these threats would have reached our end users. The platform is easy to use for both administrators and end users. However, investigating the larger impact of an email threat used to take 20 minutes or longer, due to pivoting between multiple tools and powershell scripts. With Tessian Respond, we can now pivot directly from a security event to an investigation in the Tessian platform that allows us to quickly understand the broader risk and remediate the full attack campaign in just a few clicks”. About Tessian Tessian’s mission is to secure the human layer by empowering people to do their best work, without security getting in their way. Using machine learning technology, Tessian automatically predicts and eliminates advanced threats on email caused by human error – like data exfiltration, accidental data loss, business email compromise and phishing attacks – with minimal disruption to employees’ workflow. Founded in 2013, Tessian is backed by renowned investors like Sequoia, Accel, March Capital and Balderton Capital, and has offices in San Francisco, Boston and London.

First to deliver a fully integrated deployment experience of the Microsoft Graph API and M365 Add-in to protect against both email threats and insider risk Deploy complete email security in minutes via Tessian’s integration with Microsoft 365 Simplified experience for end-users with native Office 365 integration Boston, MA – April 25, 2023 – Tessian, a leading Integrated Cloud Email Security company, today announced the release of a new M365 Add-in, simplifying the deployment of the Tessian Cloud Email Security Platform. Tessian’s M365 Integration is the first to offer click-through deployment that combines both Microsoft’s Graph API and Office Add-In to provide email threat protection and insider risk protection in minutes, without the need to deploy or maintain client-side code or a gateway. Many security teams today are moving to M365 environments and trying to secure their enterprise from email threats and data loss without impacting end-user experience. Historically, legacy email security tools used time consuming and complex deployment mechanisms like client-side code and gateways. These legacy methods could cause disruption to mail flow, required ongoing maintenance, and often provided poor end-user experiences. Tessian is solving these problems by enabling the full deployment of the Tessian Cloud Email Security Platform through the combination of two native Microsoft integrations – Graph API and Office Add-In –  which are deployed via an intuitive, click-through process. Customers can deploy complete email security in minutes without the traditional deployment challenges of email disruption, ongoing maintenance, changing MX records, or client-side code and gateways. Hundreds of world leading organizations trust the Tessian Cloud Email Security Platform, which now offers a simplified deployment and better end user experience for Microsoft 365 environments. With Tessian’s M365 Integration, including the newly available M365 Add-In, customers leveraging M365 benefit from the full capabilities of the Tessian Complete Email Security Platform to proactively secure email while offering an improved experience for end-users and security teams. “Many customers are moving to Microsoft 365 for their email platform,” said Allen Lieberman, Chief Product Officer of Tessian. “Tessian is leading the way with our integration across Microsoft technologies to deliver leading cloud-based email security and insider risk protection from the same platform, deployed in the simplest way possible.”  The M365 Add-in launch accompanies the launch of Tessian Respond to deliver a complete set of cloud email security capabilities – Tessian Defend, Tessian Protect, Tessian Respond, and Tessian Coach – all in a simple to deploy model.  About Tessian Tessian’s mission is to secure the human layer by empowering people to do their best work, without security getting in their way. Using machine learning technology, Tessian automatically predicts and eliminates advanced threats on email caused by human error – like data exfiltration, accidental data loss, business email compromise and phishing attacks – with minimal disruption to employees’ workflow. Founded in 2013, Tessian is backed by renowned investors like Sequoia, Accel, March Capital and Balderton Capital, and has offices in San Francisco, Boston and London.

After many years working to secure the networks, computers, applications and connected devices that power our world, I joined Tessian a little over 90 days ago to help them in their journey to eliminate human influenced cyber attacks, accidents, and insider threats from the enterprise.  So why Tessian and why now? Targeted email attacks such as business email compromise (BEC), spear phishing, account takeover, and ransomware continue to be the number one and most damaging human-influenced cyber threats to businesses.  As businesses move to cloud-based email services like Microsoft 356 and Google Workspace, they are looking for email security solutions that can be combined with the capabilities of these platforms. A new market space – Integrated Cloud Email Security (ICES) – is emerging to fill this need.

I believe the evolution of ICES will follow a pattern similar to that of the emergence of Endpoint Detection and Response (EDR) in endpoint protection space, and Cyber Asset Attack Surface Management (CAASM) in asset management space: legacy solutions pivoting into the new market and forward thinking new companies looking to disrupt the status quo.  Tessian has the forward thinking necessary to become one of the visionaries in this space. I am excited to join Tessian to help accelerate their execution to become the leader. The journey is just starting to be interesting! Moreover, Tessian is not playing a “finite game” (good news for you Simon Sinek fans!). Our vision is to secure the human layer. This vision is beyond just email security, and one that I can get behind.  Just like physical security, cybersecurity has been taking an adversarial approach to protecting the networks and computers humans engage in the course of doing day-to-day business. Over the past several decades we have built solutions that protect network perimeters and detect and respond to anomalies in machines running applications and software.  Today, employees in an organization use multiple interfaces; email, messaging, shared drives, and documents, to access and work with (sensitive) data. Many solutions put rules and boundaries around such interactions without learning from and adapting to the changing nature of them; they are not only insufficient but also restrictive.  Tessian aspires to protect every business’ mission while empowering their people to do their best work. This is not an end goal but a shared purpose. Lastly, no company aspiring to secure the human layer could be true to itself if it wasn’t human-first and customer-centric. These are part of Tessian’s core values, and I look forward to building a company that exemplifies these values everyday and learns from the industry experts, our partners, and of course our customers. It has been a whirlwind 90-days so far! If you are interested in knowing more about Tessian, or would like to work with us, or you are an expert with an idea to pitch, reach out to me. I would be happy to hear from you, and our open roles are here.

January 2023 was a special month for us here at Tessian. We celebrated our 10th birthday and we also brought together over 200 Tessians in person for the first time ever for our company kick-off (CKO) in London. It was a humbling moment and a great reminder of how far we’ve come from the days of building Tessian v1 in our first HQ (which was also our living room) and cold emailing thousands of people a week trying to get anyone to take a meeting with us.  With a more distributed team than we’ve ever had before, we thought it was really important to get everyone together in person to celebrate the wins of the past year and set the course for our ambitious 2023 plans. You can see a video reel of the event above, but I wanted to share three of my highlights. Sharing the journey with an incredible team. It’s said so often that it’s almost cliche but when building a startup, you live and die by the strength of your team. Having everyone all together for the first time since 2019 was a reminder of the incredible passion, talent and shared sense of mission that we all have at Tessian.  Appreciating the scale of what you’ve built. When you’ve been building for 10 years, it’s easy to lose track of the progress you’ve made over time. This hit home when we reflected on preventing hundreds of thousands of data breaches and security threats and, on our busiest days, processing more than 1,400 transactions per second for our customers.  Hearing your customers tell you the impact you’re having for them. We invited several Tessian customers from the US and UK to share their stories and experiences with our team. Maurice Tunney (Director of Technology & Innovation at Keystone Law) became a Tessian customer just over a year ago and in that time Tessian has stopped 33 account takeover attacks, any one of which, in Maurice’s words, “could have shut the business down”. Having customers who care so much about your product that they take time out of their schedule to join your company kick-off and share why you’re such a critical part of their security technology stack is an incredible reminder of the impact our technology is having and the importance of our mission. Tessian may be a decade in the making, but the best is yet to come and we have an exhilarating year ahead. If you’re interested in joining our mission and being there for next year’s CKO, please check out our open roles here.

When you visit Tessian’s website, download a piece of content or see our social media channels you will notice something different. We have redesigned our brand with one thing in mind, our customers. We have focused our brand to reflect what we do best and that is to protect you and your people. At Tessian, we understand the importance of helping you protect your organization from advanced cyber threats such as business email compromise ransomware while also ensuring we stop insider risks, whether accidental or malicious over email. We place this responsibility in the highest regard. Intelligence at the very core With all of this in mind, we wanted to create a brand that reflects the trust you place in us and is guided by the values we at Tessian represent. A brand that is: At the highest degree of Intelligence, where we focus on high value security technology that solves hard problems Customer centric because we know you and your people need intelligent technology that is focused on protecting, together. On the front line of intelligently protecting organizations and users with the latest in technology. The Tessian Cloud Email Security Platform utilizes unparalleled behavioral intelligence to stop the attacks that could hurt you the most. Tessian prevents attacks from coming into the inbox while protecting against intentional and accidental data loss over email by leveraging behavioral intelligence modeling. Because of this deep behavioral understanding, we can predict the right decisions each person should make when interacting with email and intervene to protect your users and your organization from email-based threats. Because Intelligence comes in all shapes and sizes Tessian’s brand had to represent not only the high levels of intelligence our products offer but also represent the people that interact with our products. The visual language we have created is more serious, more aligned with the industry we’re in, and gives a clear message of how our products work to protect you. We have delivered a new look and feel and a website to reflect our primary focus. We want our customers and partners to be able to find and recognize Tessian when they need to. For Tessian to break through the noise, it was time to come out of our shell and emphasize the capabilities we provide and the values we stand for. Make no mistake, our technology is differentiated and complete – Cloud Email Security which is unmatched at protecting you against cyber attacks, bar none. Taking a deeper look A large part of any brand is the visual identity it encapsulates for the company, and the way its products are perceived by those who experience it. We wanted to achieve a brand that was ‘FWD:Thinking’ (also the name of our recent security summit), reflecting the ever changing attack landscape our customers live in and one that stays front of mind for those that we protect.  

We started with looking at the foundations of our new brand. The most important part was to ensure we could communicate our solutions through our imagery. We decided to utilize hexagons for two reasons: Firstly they convey strength. Secondly, Tessian is built on six values; each side represents one of our values. Placing a person behind a frosted glass demonstrates the true nature to how our solutions work, keeping you safe from cyberattacks and attackers at bay. The same tile allows Tessian to see right through and see the attacks which otherwise would have been hidden from view. Furthermore, we often combine this visual device with an example of a suspect email, demonstrating how our behavioral intelligence sees its true nature. Various triggers are called out as Tessian , identifies and analyzes behaviors and highlights threat signals, coming together to drive an unparalleled level of intelligence.  

You will also see customer iconography across our new website and assets. Each icon represents different areas of the product from behavioral intelligence to preventative capabilities. Each icon holds its own place in telling the Tessian story.  

Darker tones and more harmonious colors are now utilized in our new color palette. We wanted a color palette that you can relate to while feeling assured, yet also colors that appear serious but still approachable. We can distinguish between good and bad by using a straightforward red and blue combination, which we will then emphasize with a simple white and gray background. Finally, the keen eyed among you might even notice a subtle difference in our logo. While we wanted to keep the identity our logo gives us, we also wanted it to reflect the sharpness we have in detecting and preventing cyber-attacks. Our mission to Secure the Human Layer Gartner stated in the 2021 Market Guide for Email Security that customers are now looking for solutions that integrate directly into cloud email via an API, rather than as a gateway and that a behavioral approach is needed for both threat protection and data protection on email. That’s why we’re building intelligent security that works for human beings as they are, not how security policies would like them to be. Using machine learning technology, Tessian automatically predicts and eliminates advanced threats on email caused by human error – like data exfiltration, accidental data loss, business email compromise and phishing attacks – with minimal disruption to employees’ workflow. As a result, employees are empowered by security. Our new brand encompasses our mission and approach to security, however since the company started we never shy away from the hard problems to solve. We put our customers’ problems at the heart of everything we do and intelligently solve them.  

Innovations in machine learning have fundamentally changed the email security landscape.  And in order to stay ahead, and to ensure that we are protecting our customers from new and advanced email threats, we need to continually improve our machine learning algorithms. Most recently, Tessian’s data science team updated our platform’s Behavioral Intelligence Modeling algorithms to detect advanced social engineering threats. The result? A 15% increase in the detection of advanced email threats including impersonation spear phishing and account takeover (ATO) attacks.

The growing threat of advanced social engineering attacks  Social engineering attacks like impersonation and ATO attacks are a growing threat, with ATO attacks witnessing +300% growth over the last three years.  Impersonation and ATO attacks are a notoriously difficult type of advanced email threat to detect and prevent. This is because the threat actors either impersonate a trusted party or, in the case of ATO, the emails originate from a legitimate source, either within the organization from an already compromised account, or from a compromised vendor in the supply chain.  Traditional, rule-based email security solutions, like Secure Email Gateways (SEGs), which enterprises have been reliant on for decades, offer little protection against these types of attack. Why? Because legacy solutions like SEGs and built-in security from cloud providers are unable to detect adaptive and unknown threats with no prior indicators of compromise reported.  This makes the case for why security and risk management teams must move away from a rule-based approach to one that analyzes behavior instead.  This behavioral approach should leverage machine learning, Natural Language Processing (NLP), Behavioral Intelligence and Global Threat Feeds to automatically determine whether an email sent to an end-user at a particular time is an advanced threat.

A machine intelligent approach to email security Encouragingly, an increasing number of security leaders are realizing the need to adopt machine intelligent solutions to tackle the persistent threat of advanced email attacks. In fact, over half of cybersecurity leaders (58%) surveyed in a 2022 Forrester Consulting report said that they are actively looking to displace SEGs for the next generation of email security solutions. These solutions, like Tessian, leverage machine learning to help organizations mitigate risk on email.  The importance of machine learning powered cybersecurity solutions was similarly recognized by IBM’s Cost of Data Breach Report for 2022. IBM reported that the average cost of a data breach was $3.05 million less in organizations that deployed security artificial intelligence (AI) versus those that had not. What’s more, 66% of security leaders from across the world believe that AI and Machine Learning enables faster threat detection on email and 56% say it makes threat detection more accurate.  Continual improvements to our algorithms are important to ensuring we quickly and accurately detect new and unknown threats on email – keeping our customers and their data safe and secure.  Learn more by speaking to our experts and seeing our machine learning algorithms in action. 

As a human first company, we want Tessian to be a place where everyone has the opportunity to bring who they are to work, and be included and valued as they are. Diversity, equity and inclusion (DEI) is so important to us, not only because it’s the right thing to do, but also because it’s essential for our success. Diversity is necessary for innovation, so prioritizing it is a really important part of our future as a company.   We recently published our second annual DEI Report, and I’ve been reflecting on our journey over the last year and the three big lessons I’ve taken into this year’s strategy.

Data. Data. Data.   We can’t just guess how we’re doing on DEI, we need data. When we first launched our 2021 DEI Strategy, it was based on analysis of a number of different kinds of data that helped act as signposts towards our DEI Focus Areas. Since then, we have improved our data set to add anonymized candidate data, and employee data about lots more personal attributes.   Anything we can explore – we do. It can be difficult to know where you’re going to find the most interesting and impactful insights before you start looking. Here’s how we do it:   We start off with a big pile of data, everything from representation to experience, to compensation to retention, all split by all the different personal attributes we collect voluntary data on. There are some standard measures we look at: pay gaps, representation vs benchmarks, significant variations in experience etc. but that often opens the door to lots of further questions, that require further data exploration We do our best to turn over every single stone and ask ourselves: is something going on here? Usually the answer is no, but it’s important that we employ that rigour everywhere, so that when the answer is yes, we don’t miss it. It’s easy to get distracted by what we assume the most significant DEI concerns are, often based on our own biases, so it’s so key to start as objectively as possible. Don’t guess or intuit where you should be focusing attention! Start with as much data as you can get, and let that guide your thinking.

If you don’t actively pay attention, anything can slip   Focus is necessary, but it’s hard. Throughout this journey, we’ve been so conscious that there are infinite dimensions of diversity to consider, and infinite topics we could focus our attention on. But resources are finite, and if we want to make an impact, we need to focus on just a few things.   As hard as it feels, focus isn’t just about deciding where you are going to focus, it’s also about deciding where you’re not going to dedicate energy. In 2021 one of those “non-focus areas” for us was gender representation. We found that we were above the benchmark compared to other companies similar to us, and there was nothing to indicate that might drop. So we put our energy into other places.   Throughout 2021, our gender representation gradually fell by 7 percentage points as we happened to hire fewer women and people from underrepresented genders. By the time the end of the year came, these few percentage points had put us below the benchmark compared to other similar companies.   Focusing on other kinds of representation, and other DEI areas meant we didn’t notice this gradual change in our gender representation, and so didn’t get ahead of it. This was a really important lesson for us this year; this time around we are paying more attention to movement in metrics even when they don’t directly relate to our focus areas for the year.   This is key to keeping focus dynamic, and adapting to the information you have today.

Working with everyone, necessity of the team activity   The final lesson I’ve taken from our DEI journey so far: DEI is necessarily a team activity. None of us can do it alone.   Once we have our focus areas, we develop tactics that we hope will address them. So far on our journey, the accountability to these tactics has been with the People & Talent team. But the more work we do, the more we realize we need the whole company 100% behind us, prioritizing this work.   Hiring is a great example of this: in a fast growing business, often representation comes down to hiring. If you’re growing but you aren’t hiring diversely, then overall representation will fall. So one of our Focus Areas this year is hiring more people from underrepresented genders and ethnicity backgrounds.   Of course, our brilliant Talent partners care so deeply about this, and are moving heaven and earth to build up a diverse pipeline of candidates. But it isn’t always easy. Building a diverse pipeline in a notoriously non-diverse industry can take time, and this is often time we feel we don’t have in such a fast-moving company. Or there might be a particular experience level we feel like a candidate should possess that limits the diversity in the candidate pool.   This is where the rest of the company comes in. In this case: the Hiring Manager and hiring team. Every single Tessian needs to be bought into our strategy so that we can resolve these challenges in the right way. One of our Tessian values is We Do The Right Thing, so it’s really important to us to take these tensions seriously and work together to make the best decisions for our people.   There are a few basic things we ask of all Tessians…   Help us reach diverse candidates by sharing our DEI work and our open roles widely…think LinkedIn, Discord, Slack. Any communities our Tessians are a part of! Continue to give us feedback on how they’re feeling, about DEI and our workplace more generally. We use an employee engagement tool, Peakon to collect this feedback so that people can stay anonymous if they choose. And most importantly: Get to know each other! Connection building is the core of belonging so we encourage lots of ways for our people to connect deeply. This is especially important in a globally distributed, hybrid team – we have to OVER deliver on opportunities to get together both in person and virtually. What’s Next?   And as with any journey like this, it’s far from over. We all have so much work to do in DEI and there are a hundred new questions swimming around our heads on where we should focus next, and how to make our DEI Strategy more effective. For example…   Goals: Right now our DEI Goals sit with the People team. Should we transition our DEI Goals to the company level, so it’s every one of us that is responsible for addressing them? We know accountability is key, but is the accountability in the right place for maximum impact?   Engagement: How much time and engagement should we be asking of our people? Do we need everyone to know every detail of our strategy? Or is it enough that they know their own role, and the WHY behind DEI at Tessian?   We’re committing to continuing to ask ourselves these hard questions and hold ourselves accountable to the very highest standards of DEI. It’s not always easy, but it is the right thing to do.   Want to join us on our journey? We’re hiring, all open roles are here. What’s it like to work at Tessian? Here’s 200 reasons you’ll love it.

We are welcoming Kelly Sheridan as Tessian’s new Chief People Officer! Kelly will be responsible for leading Tessian’s people strategy, with a key focus on attracting and growing talent, developing and evolving the company’s culture, and providing a great employee experience as the company grows and scales.    We sat down with Kelly to ask her a few questions and get to know her a little better.

Kelly, first thing first, how did you get into the world of HR?    So, my path to Chief People Officer is certainly not the traditional route. I graduated with a liberal arts degree from Syracuse University but I didn’t really have a “what I wanted to be when I grow up”  moment. I knew I wanted to move to Boston, and it was there that I found myself landing a career in marketing. Over 12 years, I worked my way up at a variety of financial services companies and, in 2005, I joined the largest regional accounting firm in New England as their head of marketing. I loved every minute of the marketing stage of my career.   About a year after that, a new CEO came in and said he wanted to do some restructuring. He asked me to take over HR. I had zero experience, zero knowledge and, I thought, zero interest in HR. But he was certain it was where I needed to be and he promised me support, training, consultants, etc.    Here I am, 17 years later, as a Chief People Officer. Needless to say he was right; HR was my calling. He delivered on his promises and I still consider him a friend and mentor.

That’s an amazing story. So, what happened next?    The accounting firm was acquired by Grant Thornton and, as a result, HR was centralized in Chicago. So, in 2013 I left to pursue my next role as VP, Global HR at SharkNinja – a consumer goods brand which makes Shark Vacuums and Ninja Blenders. I had the chance to help grow both the People function and the global footprint, which saw me opening a design center in London and relocating to China for five months.    I later joined Bullhorn, the global leader in software for the recruitment industry, as its VP People. While I loved that role, I knew I wanted to take a step into a Chief People Officer (CPO) role and build a function from the ground up, and this is what I did at Nuvolo.   The last two and a half years have been a ride!  We grew our employee headcount from 250 to over 500, hiring 285 people globally in 10 months in 2021 all while building all of the processes, programs, and policies that go along with scaling a fast-paced tech organization.

Sounds like your experience in growing and scaling teams in fast-paced tech companies is perfectly suited for the Chief People Officer role at Tessian. So what made you decide to join our company?    There are a few reasons but I think the single most compelling was the people I met – starting with Tim, the CEO. Every conversation I had during the hiring process felt genuine, authentic, and easy.. Everyone was caring, and I could really get a sense of the energy and passion behind the work the people at Tessian do. Everyone is excited about what the future holds.    With that in mind, it’s clear that the culture at Tessian is a really strong one. I’m excited to join an organization that has already built something special already, and I also see limitless opportunities ahead.

What do you see as the biggest opportunities for Tessian?    For me, it’s about building an incredible employee experience. There is no doubt that exists here; I’ve seen it throughout the interview and onboarding process. But as we grow and scale, there will be further opportunities to evolve and innovate so that we are providing programming, initiatives, coaching, learning, and experiences that help every employee at Tessian expand their careers, the business, and our brand.    We’re so happy to have you onboard Kelly. Now you’re here, what’s going to be your focus for the next 3-6 months?   I actually look at this in smaller blocks. My first 90 days will be about meeting people and trying to learn as much as I can about Tessian, the market and our customers. Through listening and learning, I aim to find where there is room for improvement, and how we can enhance the employee experience and our business strategy.    Then, it’s about how we translate business objectives into our People strategy so that we are attracting, developing and keeping our exceptional team!

Today we announce the appointment of our new Chief Financial Officer, Daniel Kim. Daniel has joined us to supercharge our fast-paced growth and unlock more opportunities in the North America market. Previously Daniel was at integrated security firm Lookout, where he oversaw and led all financial aspects, from business reporting and accounting to treasury and revenue operations. Before Lookout, he led the finance and sales operations functions at BigPanda.    We caught up with Daniel to hear why he decided to join the team. Here’s what he had to say. “Tessian’s compelling mission, seasoned leadership team, and their best-in-class intelligent cloud email security product, present a significant opportunity to modernize the enterprise, and I can’t wait to get started.”    

Our co-founder and CEO Tim Sadler is delighted with the appointment, saying “not only does Daniel share our mission of empowering people to do their best work, by intelligently protecting them on the channels they use most at work, but he also knows what it takes to lead a company through rapid growth. We are at a critical and exciting phase in our company growth and trajectory, and with Daniel’s track record, he is best-equipped to help Tessian continue to scale.”  

As the virtual curtain falls on our seventh Human Layer Security Summit we’d just like to say a huge thank you to our guests and to you, our attendees. There were some terrific insights, advice, and examples offered in every session – here’s what you missed..

New Vulnerabilities, Ransomware and Supply Chain Attacks: 3 Lessons to Make You Rethink Your Inbound Strategy To kick things off, Paul Laudanski (Head of Threat Intelligence at Tessian), hosted David Kennedy (CEO and Founder at TrustedSec), and Elvis Chan (Asst. Special Agent in Charge at the FBI). Together they discussed ransomware and supply chain attacks; how they’re often devastating for businesses, and how to protect against them.    As David says, “Why target one individual victim when you can target a thousand victims and get a much larger payout”. From the law enforcement side, Elvis Chan explains how we’re seeing more ‘ransomware as a service’, because as well as the technical elements of an attack, it’s also essential that bad actors can communicate clearly in English, and have access to money-laundering services to take the payment. “That’s a lot of sophisticated elements and organization,” says Elvis, “and that’s what the FBI is good at, going after syndicates and organizations”. Indeed, Elvis informs us that the FBI currently has over 100 investigations underway.

As for why phishing is the most popular attack vector, David explains “It’s the easiest method. Many organizations suffer from M&M syndrome – hard on the outside, soft on the inside. You have to do a lot of research to go against the perimeter.” Attacking the human, however, can be done much more easily, and once you’re inside, moving around is simple. David also explains how attacks disrupt three main areas “They’re going after your backups, they’re selling your data, and they’re hitting you with DDOS – until you pay.”

The Defense In-Depth Playbook: How to Augment Microsoft 365 to Supercharge Email Security Session 2 saw Matthew Pascucci (Director of Security Operations at Evercore) explain to Tessian CISO, Josh Yavor, how layering his security stack with solutions across network, endpoint, and application layers ensures they have the best possible defenses. “Microsoft are fantastic at what they do, but there are always areas for improvement,” says Matthew.    He explains how the partnership between Tessian and Microsoft, combines the best of rules-based solutions with behavioral solutions. “The key is having them build off each other,”he said. They go on to discuss Evercore’s ‘after event’ operations, and what procedures and documentation they have in place. “There should be an understanding from a user what happens when they get an ‘in the moment’ alert from Tessian – it’s there to protect them, not stop business,” says Matthew.    The session winds down with a discussion on why the days of on-prem Secure Email Gateways are numbered, and why the future is in the cloud. “There’s less patching, less hardware maintenance,” says Matthew. 

Preventing Advanced Attacks and Influencing Safe Behavior in the Fast-Paced World of Tech Next up was Ben Aung (Chief Risk Officer at Sage) in conversation with Tessian’s Solutions Engineer Ashley Bull. Sage is one of the UK’s largest technology companies, offering back-office software products and services for small and medium-sized businesses. As such, they hold some of their customers’ most sensitive data: HR, financial, and accounting records.    Ben explains how important support from the board of directors is, and how to put that support and interest from the board into action. “Winning that situation and making sure you set out your bigger picture in a way that’s easy to understand is key,” says Ben. He also explains what he loves about the capabilities of Tessian, and how he can tailor the advice specific to the user so that “in the moment, they’ll make the right judgment”.

Ensuring Ultimate Email Security in Law Firms, Where Reputation Is Everything Amelia Dunton (Customer Success Manager at Tessian) hosts Simon Lambe (Head of IT Security at Mishcon de Reya) and David Aird (IT Director at DAC Beachcroft) to discuss why your reputation is crucial in any global law firm. Simon details how he has to balance the speed of response times with data protection. – while also protecting clients’ most important information.   David highlights how some of the practices that might be permissible in another sector, aren’t in the legal sector. Simon then details how he’s developed the cybersecurity strategy at Mishcon around three pillars – prevention, detection, and recovery. “I think historically people thought only about prevention,” he adds. They both then discuss risk appetite, and how it needs to be business-focused, not technology-focused.    Finally, Amelia (who revealed herself as a DLP nerd 🤓), asks Simon for some of his data loss prevention examples; including finding one employee selling company IP to a competitor.

Creating a New Identity for Modern Security: Why Organizations Should Prioritize Securing the Human Our next session has Matt Egan (Director of Technical Strategy at Okta) in conversation with Austin Zide (Product Manager at Tessian). They start by exploring Matt’s ‘hobby’, calling out brands with bad password policies. “Yeah I have a lot of fun with that!” says Matt – not all heroes wear capes.    Matt then explains what trends he’s most excited about in Human Layer Security, and how we’re moving to a world of protecting the individual, not the IP address. He also details why many security teams are going wrong in security and specifically, identity – and how by changing this approach they can improve their overall security position. Finally, the session closes with how Tessian specifically integrates with Okta.

Security Philosophies from Trailblazers: Q&A with Helen Patton, Advisory CISO, Cisco Closing out the Summit is the awesome Helen Patton (Advisory CISO at Cisco) in conversation with our own Josh Yavor. Helen reveals what she considers security must-haves, such as good asset management, multi-factor authentication, vulnerability management, and incident response capabilities. “All those things are hard to do well, and all of those things combined are going to help you deal with the threats of the day, whatever they are,” says Helen.    She also explains how she uses Sounil Yu’s Cybersecurity matrix to find out where her strengths and weaknesses are, “it’s a maturity curve,” Helen said. She goes on to explain why it’s wrong to think of security as a technical discipline, and why it should be more a business discipline with a technical solution. Finally, she gives her thoughts on hiring. “When I look at job postings, and HR conversations, it’s broken,” she said. According to her, in order to improve the breadth of talent in the industry, we need a mindset change from what a security hire has done to what they will do.   So there you have it – That’s a wrap! If you want more from all seven summits, you can watch them on demand over on our knowledge hub. Sign up for our newsletter below and follow us on our social media platforms (LinkedIn and Twitter) so you’re first in the know for the next Human Layer Security Summit.  

We’re excited to announce that Tessian has been named one of the 2022 UK’s Best Workplaces™ for Wellbeing.   So, what was the criteria? The Great Place to Work® culture experts analyzed thousands of employee surveys, assessing their holistic experiences of wellbeing at work through fundamental facets of employee wellbeing, like:   Work-life balance Sense of fulfilment Job satisfaction Psychological safety Financial security Here are just some examples of how we support wellbeing at Tessian.   Refreshian Summer Last year, we launched what we call “Refreshian Summer”. This sees everyone in the company down tools on specific days through-out the summer months to rest, recharge and enjoy the sunshine. You can learn more about the initiative here.    Mental health support We wouldn’t have made it on this list if we didn’t take mental health seriously. And private healthcare in both the US and the UK and instant access to support via Spill help us take care of our people. With Spill, therapy sessions, mental health training, and feelings check-ins are just a click away.    Access to Employee Resource Groups (ERGs)   It’s important employees feel like they can bring their whole selves to work, and ERGs, or staff community groups, help ensure all Tessians can connect with their peers in a safe space. Two examples? Plus, an LGBTQ+ network, and Tes-She-An, a space created to support Tessians who identify as women.    In-depth Diversity and Inclusion (D&I) training   Over the last 18 months, Tessian has been taking steps towards creating a more diverse and inclusive place to work. Why? Well, it’s the right thing to do. Diversity is infinite and everyone should feel valued for who they are and have the opportunity to bring this to work.    Hear why D&I is important to all of us below, and read more about how we created a strategy to maximize impact here.    “Choice First” working policy   Tessian’s ‘choice first’ working policy allows employees to choose where they work – remotely, in the office, or hybrid. Those working remotely get substantial budgets to set up their home offices, and those working in the office or hybrid have access to hubs in London, Boston, Austin, and San Francisco. 

Want to work at Tessian? See if we have a role that interests you today.

This post is part three of Why Confidence Matters, a series about how we improved Defender’s confidence score to unlock a number of important features. You can read part one here and part two here.   Bringing our series to a close, we explore the technical design of our research pipeline that enabled our Data Scientists to iterate over models with speed. We aim to provide an insight into how we solved issues pertaining to our particular dataset, and conclude with how this project had an impact for our customers and product.   Why design a pipeline?   Many people think that a Data Scientist’s job is like a Kaggle competition – you throw some data at a model, get the highest scores, and boom, you’re done! In reality, building a product such as Tessian Defender was never going to be a one-off job. The challenges of making a useful machine learning (ML) model in production lies not only in its predictive powers, but also in its speed of iteration, reproducibility, and ease of future improvements.   At Tessian, our Data Scientists oversee the project end-to-end, from conception and design, all the way through to deployment in production, monitoring, and maintenance. Hence, our team started by outlining the above longer-term requirements, then sat down together with our Engineers to design a research flow that would fulfill these objectives.   Here’s how we achieved the requirements we set out.

The research pipeline

The diagram above shows the design of the pipeline with its individual steps, starting from the top left. An overall configuration file specifies many parameters for the pipeline, such as the date range for the email data we’ll be using and the features we’ll compute. The research pipeline is then run on Amazon Sagemaker, and takes care of everything from ingesting the checked email data from S3 (Collect Logs step) to training and evaluating the model (at the bottom of the diagram).   Because the pipeline is split into independent and configurable “steps”, each storing its output before the next picks it up, we were able to iterate quickly. This provided flexibility to configure and re-run from any step without having to re-run all the previous steps, which allowed for experimentation at speed.    In our experience, we had only to revise the slowest data collection and processing steps a couple of times to get it right (steps 1-3), and most work and improvements involved experimenting with the features and model training steps (steps 4-5). The later research steps take only a few minutes to run as opposed to hours for the earlier steps, and allow us to test features and obtain answers about them quickly.

Five Key Steps within the Pipeline   Some of these will be familiar to any Data Science practitioner. We’ll leave out general descriptions of these well-known ML steps, and instead focus on the specific adjustments we made to ensure the confidence model worked well for the product.   1. Collect Logs This step collects all email logs with user responses from S3 and transforms them to a format suitable for later use, stored separately per customer. These logs contain information on decisions made by Tessian Defender, using data available at the time of the check. We also lookup and store additional information to enrich and add context to the dataset at this stage.   2. Split Data The way we choose to create the training and test datasets is very important to the model outcome. As mentioned before, consistency in model performance across different cuts of the data is a major concern and success criterion.     In designing our cross-validation strategy, we utilized both time-period hold-outs and a tenants hold-out. The time-period hold-out allows us to confirm that the model generalizes well across time even as the threat landscape changes, while testing on a tenant hold-out ensures the model generalises well across all our customers, that are spread across industries and geographical regions. Having this consistency means that we can confidently onboard new tenants and maintain a similar predictive power of Tessian Defender on their email traffic.   However, the downside to having multiple hold-outs is that we’re effectively throwing out data that did not fit within both constraints for each dataset, as demonstrated in the chart below.

We eventually compromised by allowing a slight overlap between train and validation tenants (but not on test tenants), minimizing the data discarded where possible.   3. Labels Aggregation In part two, we also highlighted that one of the challenges of the user-response dataset is mislabelled data. Greymail and spam are often wrongly labeled as phishing, and can cause the undesired effect of the model prioritizing spam, making the confidence score less meaningful for admins. Users also often disagree on whether the same email is safe or malicious. This step takes care of these concerns by cleaning out spam and aggregating the labels.   In order to assess the quality of user-feedback, we first estimated the degree of agreement between user-labels and security expert labels using a sample of emails, and found that user-labels and expert-labels matched in around 85% of cases. We addressed the most systematic bias observed in this exercise by developing a few simple heuristics to correct cases where users reported spam emails as malicious.    Where we have different labels for copies of the same email sent to multiple users, we applied an aggregation formula to derive a final label for the group. This formula is configurable, and carefully assessed to provide the most accurate labels.   4. Features This step is where most of the research took place – trialing new feature ideas and iterating on them based on feature analysis and metrics from the final step.    The feature computation actually consisted of two independently configurable steps: one for batch features and another for individually computed features. The features consisted of some natural language processing (NLP) vectorizations which were computed faster as a batch, and were more or less static after initial configurations. Splitting it out simplified the structure and maximized our flexibility.    Other features based on stateful values (dependent on the time of the check) such as domain reputations and information from external datasets were computed or extracted individually, such as whether any of the URL domains in the email was registered recently.   5. Model Training and Evaluation In the final and arguably most exciting step of the pipeline, the model is created and evaluated.    Here, we configure the model type and its various hyperparameters before training the model. Then, based on the validation data, the “bucket” thresholds are defined. As mentioned in part two, we defined five confidence buckets that simplified communication and understanding with users and stakeholders. These buckets range in priority from Very Low to Very High. In addition, this step produces the key metrics we’ll use to compare the models. These metrics include both generic ML metrics and Tessian Defender product-specific metrics as mentioned in part two, against each of the data splits.    Using MLFLow, we can keep track of the results of our experiments neatly, logging the hyperparameters, metrics, and even store certain artifacts that would be relevant in case we needed to reproduce the model. The interface allowed us to easily compare models based on their metrics.    Our team held a review meeting weekly to discuss the things we’ve tried and the metrics it has produced before agreeing on next steps and experiments to try. We found this practice very effective as the Data Science team rallied together to meet a deadline each week, and product managers could easily keep track of the project’s progress. During this process, we also kept in close contact with several beta users to gather quick feedback on the work-in-progress models, ensuring that the product was being developed with their needs in mind.

The improved confidence score  The new priority model was only deployed when we hit the success criteria we set out to meet.    As set out in part two, besides the many metrics such as AUC-ROC we tracked internally in order to give us direction and compare the many models, our main goal was always to optimize the users’ experience. That meant that the success criteria depended on product-centric metrics: the precision and number of quarantined emails for a client, the rate at which we could improve overall warning precision, and consistency of performance across different slices of data (time, tenants, threat types).   Based on the unseen test data, we observed a more-than-double improvement in the precision of our highest priority bucket, with our newest priority model. This improved the user experience of Tessian Defender greatly, as it meant that a security admin could now find malicious emails more easily and act on it more quickly, and that quarantining emails without compromising on users’ workflow was a possibility.

Product Impact As a Data Scientist working on a live app like Tessian Defender, rolling out a new model is always the most exciting part of the process. We get to observe the product impact of the model instantly, and get feedback through the monitoring devices we have in place, or by speaking directly with Defender customers.   As a result of the improved precision in the highest priority bucket, we unlocked the ability to quarantine with confidence. We are assured that the model is able to quarantine a significant number of threats (for all clients), massively reducing risk exposure for the company, and saving employees precious time and the burden and responsibility of discerning malicious mails, at a low rate of false positives.    We also understand that not all false positives are equal – for example, accidentally quarantining a safe newsletter has almost zero impact compared to quarantining an urgent legal document that requires immediate attention. Therefore, prior to roll-out, our team also made inquiries to quantify this inconvenience factor, ensuring that the risk of quarantining a highly important, time-sensitive email was highly unlikely. All of this meant that the benefit of turning on auto-quarantine and protecting the user from a threat far outweighs the risk of interrupting the user’s work-flow and any vital business operations. 

With this new model, Tessian Defender-triggered events are also being sorted more effectively.    Admins who log in to the Tessian portal will find the most likely malicious threats at the top, allowing them to act upon the threats instantly. Admins can quickly review the suspicious elements highlighted by Tessian Defender and gain valuable insights about the email such as: its origin  how often the sender has communicated with the organization’s users how users have responded to the warning    They can then take action such as removing the email from all users’ inboxes, or adding the sender to a denylist. Thus, even in a small team, security administrators are able to effectively respond to external threats, even in the face of a large number of malicious mails, all the while continuing to educate users in the moment on any phishy-looking emails.

Lastly, with the more robust confidence model, we are able to improve the accuracy of our warnings. By ensuring a high warning precision overall, users pay attention to every individual suspicious event, reap the full benefits of the in-situ training, and are more likely to pause and evaluate the trustworthiness of the email. As the improved confidence model is able to provide a more reliable estimate on the likelihood of an email being malicious, we are able to cut back on warning on less phishy emails that a user would learn little out of.   This concludes our 3-part series on Why Confidence Matters. Thank you for reading! We hope that this series has given you some insight into how we work here at Tessian, and the types of problems we try to solve.  To us, software and feature development is more than just endless coding and optimizing metrics in vain – we want to develop products that will actually solve peoples’ problems. If this work sounds interesting to you, we’d love for like-minded Data Scientists and Developers to join us on our mission to secure the Human Layer! Check out our open roles and apply today.   (Co-authored by Gabriel Goulet-Langlois and Cassie Quek)