Gartner recently released its Market Guide for Email Security and Tessian is thrilled to have been included as a representative vendor for Cloud Email Security Supplement Solutions. So, what does that mean?
According to the report, representative vendors offer “email security capabilities in ways that are unique, innovative, and/or demonstrate forward-looking product strategies.”
How has the threat landscape changed?
According to Gartner’s guide, there are a number of factors related to the market’s direction that security leaders need to consider, including the ways in which hackers are targeting organizations and how (and where) we work. Keep reading to learn more.
Email is the #1 threat vector
“Despite the growth in more targeted attacks through other vectors, email is still the most common channel for opportunistic and targeted attacks, as well as a significant source of data loss.”
As noted in the report, “According to the 2020 Verizon Data Breach report, 22% of breaches involved social engineering, and 96% of those breaches came through email. In the same report, another 22% of breaches were a result of “human failure” errors, where sensitive data was accidentally sent to the wrong recipient.”
“Business email compromise (BEC), the takeover or fraudulent use of a legitimate account to divert funds, continues to grow, and simple payroll diversion scams accounted for $8 million in 2019.”
The bottom line: Whether it’s protecting against inbound threats like ransomware attacks, business email compromise (BEC), or account takeover (ATO) or outbound threats like accidental and malicious data exfiltration, security leaders need to prioritize email security and reevaluate the effectiveness of current solutions.
This is especially pertinent as many organizations have moved to the cloud.
Increased cloud office adoption
According to Gartner, “Enterprise adoption of cloud office systems, for which cloud email is a key capability, is continuing to grow, with 71% of companies using cloud or hybrid cloud email.” We can expect these numbers to rise, especially given the sudden shift to remote working set-ups in response to COVID-19 and the steep and steady rise in the use of mobile devices for work.
But, there’s a problem. Despite G Suite and O365’s basic security controls as well as anti-spam, anti-phishing, and anti-malware services; advanced attachment; and URL-based threat defenses, “email threats have become sophisticated to evade detection by common email security technologies, particularly those that rely only on standard antivirus and reputation.”
“Security and risk management leaders must revisit their organizations’ email security architecture in the light of current email threats, such as sophisticated malware, links to exploit kits, credential phishing, and BEC. Security professionals have known for years that, due to its importance as an attack vector, email security requires a layered approach. However, only a few vendors innovate their products at a pace that is similar to the attackers.”
What capabilities set vendors apart?
So, what capabilities set vendors apart? In other words what capabilities should security leaders be looking for?
Gartner recommends that security leaders “invest in anti-phishing technology that can accurately detect BEC and account takeover attacks. In particular, seek solutions that use AI to create a baseline for communication patterns and conversation style and detect anomalies in these patterns. For account take over attacks, seek solutions that use computer vision when reviewing suspect URLs. Adjacent technologies such as multifactor authentication are used to protect against account takeover attacks.”.
Gartner also says “the following capabilities can be used as primary differentiators and selection criteria for email”. These include the ability to:
- “Protect against attachment-based threats”
- “Protect against URL-based advanced threats”
- “Protect Against Impersonation and Social Engineering Tactics Used in URL-Based, Attachment-Based and Payloadless Advanced Threats”
And, to help security leaders narrow down their search, Gartner identified specific categories of vendors that provide some of the above email capabilities. Tessian is recognized as a representative vendor for CESSs.
Keep reading to learn more about our products and technology.
Tessian Human Layer Security offers both inbound and outbound protection on email and satisfies criteria outlined in the report, including display name spoof detection, lookalike domain detection, anomaly detection, data protection, post delivery protection, and offers these protection for both web and mobile devices.
Powered by machine learning, our Human Layer Security platform understands normal email behavior by analyzing content, context, and communication patterns from historical email data to establish trusted relationship graphs. Tessian can then detect anomalies in real-time using those employee relationship graphs alongside deep content analysis, natural language processing, and behavioral analysis.
- Tessian Guardian automatically detects and prevents accidental data loss from misdirected emails
- Tessian Enforcer automatically detects and prevents data exfiltration attempts and ensures compliant email activity
- Tessian Defender automatically detects and prevents spear phishing, Business Email Compromise and other advanced targeted impersonation attacks.
Tessian’s technology updates its understanding of human behavior and evolving relationships through continuous analysis and learning of the organization’s email network without hands-on maintenance from security teams. That means it gets smarter over time to keep you protected, wherever and however you work, whether that’s a desktop computer in the office or a mobile device, tablet, or laptop at home.
But Tessian doesn’t just detect and prevent threats.
When a security threat is triggered, contextual warnings provide employees with in-the-moment training on why an email was flagged unsafe (or an impersonation attempt) or reinforce data security policies and procedures and improve their security reflexes. This nudges employees towards safer behavior in the long-term.
And, with Human Layer Security Intelligence, security and compliance leaders can get greater visibility into the threats prevented, track trends, and benchmark their organization’s security posture against others. This way, they can continuously reduce Human Layer risks over time.
To learn more about how Tessian protects world-leading organizations across G Suite, O365, and Outlook, check out our customer stories or book a demo.
Gartner, Market Guide for Email Security, September 2020
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.