Proofpoint closes acquisition of Tessian.

Request a demo
Request a demo
Request a demo
Request a demo
Request a demo

How to Close Critical Data Loss Prevention (DLP) Gaps in Microsoft 365

Tessian • Wednesday, September 15th 2021
How to Close Critical Data Loss Prevention (DLP) Gaps in Microsoft 365

Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprises.

Over a million businesses worldwide use Microsoft 365, with 731,000 companies in the United States alone. That represents a big juicy audience for hackers, bad actors and others.


And although Microsoft 365 provides foundational rule-based data loss prevention (DLP) and data classification to address compliance requirements, it falls short when protecting against data loss caused by people. That’s why many of our customers choose Tessian to layer on top of 365, to stop complex, targeted attacks most SEGs just can’t stop.

Tessian complements Microsoft 365 with a behavioral analytics layer and offers enhanced data protection by closing critical DLP use case gaps such as inadvertent or accidental data loss, sensitive data exfiltration to unauthorized or personal accounts, and insider risks. Tessian also has more robust investigation, reporting, and remediation tools.


In this article, we’ll explore three DLP challenges, identify where Microsoft 365 falls short, and describe how Tessian helps security teams overcome them
Want to explore this topic in greater detail? Download the Solution Brief: How Tessian Closes Critical DLP Gaps in Microsoft 365.


Microsoft 365 can’t stop accidental data loss


Misdirected emails are the number one data security incident reported to data protection regulators across the world. Every day, inadvertent human error on email leads to organizations putting their customer’s data at risk, breaching mandatory industry and data protection regulations and losing highly sensitive intellectual property. In fact, according to Tessian research, 800 misdirected emails are sent every year in organizations with 1,000 employees.


You can check out 11 data breaches caused by misdirected emails here.


Microsoft’s capabilities here are limited to files on Sharepoint and OneDrive sites, where you can allow or block specific domains. It cannot detect if you shared an email or files (including files in Sharepoint) to a wrong party.

In addition, Microsoft 365 Email DLP capabilities are not context-aware. What that means in practice is that it lacks context between parties exchanging email and hence cannot proactively identify wrong recipients or wrong attachments.


Microsoft 365 detection is purely based on DLP policies and data classification – Regex pattern matches, proximity of certain keywords to the matching patterns, exact data matching and Fingerprinting. These techniques cannot be applied to detect wrong recipients or wrong attachments.

How does Tessian prevent accidental data loss?


Stop Misdirected Emails

Tessian’s behavioral approach ensures that emails reach the right recipients, preventing accidental data breaches over email. Leveraging historical data to map email relationships with context, deep content inspection, and behavioral analysis, Tessian identifies first-time contacts, flags recipient anomalies, and stops misdirected emails in real-time.


Prevent Wrong Attachments

Tessian uses a combination of attachment scanning, natural language processing (NLP), and deep content inspection to map email content to users, entities, and projects. This helps detect a variety of anomalies and warns when employees are about to send a wrong attachment.


Easy and Accurate Reporting

Insights and analytics makes compliance and reporting easy. Admins can readily filter, view, and track accidental data loss events prevented by type, as either misdirected emails or miss-attached files using the HLS intelligence portal to mitigate events.

Learn more about Tessian Guardian.

“Tessian’s ability to prevent misdirected emails using artificial intelligence is unrivalled in the market, and it is now something we consider a crucial part of our firm’s cybersecurity strategy.”
Ann Cant IT Director at Travers Smith

Microsoft 365 can’t prevent exfiltration of sensitive data to unauthorized or personal accounts

Whether it’s an employee negligently sending emails to unauthorized or personal accounts, or individuals maliciously stealing company intellectual property for personal gain while exiting the company, sensitive data exfiltration is a major problem in today’s organizations.


Don’t believe us? 27,500 unauthorized emails are sent every year in organizations with 1,000 employees.


Unfortunately, Microsoft 365 DLP capabilities do not effectively detect when unstructured data leaves the organization. This is because it’s not able to identify the unique context of each employee at a granular level. Traditional approaches to prevent data exfiltration on email rely on a litany of pre-defined rules and denylists, and retrospective incident response.


Tackling the problem of data exfiltration by manually maintaining denylists in a world of innumerable new freemail and personal domains is a losing game. Relying on users to manually classify documents puts organizations at risk, while relying on machine based RegEx classification for sensitive content detection or human-in-the-loop quarantine leads to false positives, false negatives and significant administrative burden.

“Tessian’s technology has transformed our security protocol. We used to manually monitor for personal addresses so we could ensure sensitive emails weren’t being sent outside of our organization. This process was laborious and not particularly effective, as it only looked at one potential security threat. This is a much more comprehensive and effective system.”
Kevin Strange Head of Information Technology at Premier Asset Management

How does Tessian prevent data exfiltration?


Automatically Detect Non-business Email Accounts with Historical Email Data

Tessian analyzes historical email data to understand normal content, context and communication patterns, enabling a comprehensive mapping of every employee’s business and non-business email contacts. Relationship graphs are continuously updated as email behavior changes over time after Tessian is deployed.


Perform Real-time Analysis of Emails Before They’re Sent to Detect Data Exfiltration

Tessian’s Human Layer Security Engine analyzes all outbound emails in real-time and uses machine intelligence to automatically predict data exfiltration based on insights from the relationship graph, deep inspection of the email content, and previous user behavior.


Automatically Detect and Prevent Data Exfiltration Over Email

With Tessian, you can automatically detect anomalous patterns of exfiltration. Real-time warnings are shown to employees when data exfiltration threats are detected and guides them towards secure behavior. Warning triggers can be tailored to suit your company’s security policies and workflow requirements; employees can be warned, emails can be blocked, or activity can be silently tracked. Employee interactions are also logged for inspection in the Tessian dashboard.


Learn more about Tessian Enforcer.


Microsoft 365 can’t measure and report the impact of insider risks


Insider threats are often perceived to only include those who may have malicious intent, such as disgruntled employees or employees who hack into the organization to gain access to credentials. However, employees exfiltrating data via email are often simply careless or negligent as well.


Microsoft 365 monitoring and reporting capabilities, including insider risk capabilities, are content detection and triage focused and does not provide any type of holistic visibility into employee risk profiles, high risk users in order for security and risk management leaders to take specific actions to improve their employee’s data handling practices and strengthen their security posture.

“Tessian doesn’t just prevent threats. It’s a platform that gives us data back and empowers our security team to refocus our security efforts and proactively change behavior.”
Tim Fitzgerald CISO at Arm

How does Tessian approach insider risk management?

Tessian’s approach is human-centric and behavioral, and is able to detect intent and the unique context of the particular employee’s situation. The Human Layer Security Platform maps employee email activity and builds unique security identities for every individual. Dashboards and analytics surface these insights and give full visibility into threats you’ve never been able to detect before. With Tessian, you can predict and preempt security risks caused by human behavior.


Superior Risk Analytics

Enriched individual risk profiles that are modeled with a broad range of signals from email usage patterns, relationship graphs, job role, security decisions in real time as well as from 12 months of historical emails and calculates individual risk scores. Because of this unique data modeling, Tessian provides a profile that is contextually rich with granular visibility into risk drivers.


Dynamic Risk Scoring

Security risk scores are dynamically updated to represent an accurate individual risk profile in real time. The risk scores trend down when the user makes positive security decisions and trend up when poor security decisions are made, or if the user exhibits high-risk email security behavior. These scores and risk drivers are also aggregated at the user, department, and company level and are benchmarked against the Tessian network.


Defend Against Data Breaches with Defensible Audit

Detailed reporting and audit logs provide defensible proof against data breaches. If risk is identified, Tessian’s Risk Hub enables you to formally document all associated events such as exposure, owner, mitigation decisions and actions.