Today, comprehensive visibility into employee risk is one of the biggest challenges security and risk management leaders face.
Why? Because most security solutions offer a limited view of risk and don’t offer any insights into the likelihood of an employee falling for a phishing attack or exfiltrating data.
Worse still, when it is available, risk information is siloed and hard to interpret.
Insights around security awareness training exist in seperate systems from insights related to threats that have been detected and prevented. There’s no integration which means security leaders can’t get a full view of their risk profile.
Without integration and visibility, it’s impossible to take a tailored, proactive approach to preventing threats. It’s an uphill battle. You may not even know where to start…
But, we have a solution.
With Tessian Human Layer Risk Hub, our customers can now deeply understand their organization’s security posture with granular visibility into employee risk and insights into individual user risk levels and drivers.
What is Tessian Human Layer Risk Hub?
Tessian Human Layer Risk Hub creates enriched individual risk profiles for each employee, modeled from a broad range of signals like email usage patterns, indirect risk indicators, and employee security decisions (both historic and in real-time). Because of this unique data modeling, Tessian can gauge employees’ risk level, including whether or not they’re careful, careless, frequently attacked, etc.
This is the only solution that offers protection, training, and risk analytics all in one platform, giving you a clear picture of your organization’s risk and the tools needed to reduce that risk.
How does Tessian Human Layer Risk Hub work?
With Tessian Human Layer Risk Hub, security leaders can quantify risk, take targeted actions, and offer the right training to continuously lower the risks posed by employees’ poor security decisions.
Let’s look at an example.
1. An employee in the Finance department is flagged as a high-risk user based on their access to sensitive information, their low level of security awareness training, and how frequently they’re targeted by spear phishing attacks.
Tessian looks at five risk drivers – accidental data loss, data exfiltration, social engineering, sensitive data handling, and security awareness – to generate individual risk scores. Each employee’s risk score is dynamically updated, decreasing when an employee makes the correct security decision, and increasing when they do something risky, such as clicking on a phishing email or sending company data to personal email accounts.
In this view, admins can see each employee's risk score and how it changes over time based on key risk drivers.
2. Based on these insights, Tessian intelligently and automatically identifies actions teams can take within the platform (for example, custom protections for certain user groups) to reinforce policies, improve security awareness, and change behavior to help drive down risk.
Security teams can also implement additional processes and controls outside of Tessian to exercise better control over specific risks.
Tessian intelligently and automatically identifies actions teams can take within and outside of the platform to lower risk.
3. With custom protections enabled, Tessian’s in-the-moment warnings help nudge employees towards safer behavior. For example, you could quickly and easily configure a trigger that always warns and educates users when they receive an email from a new domain, mentioning a wire transfer. But, even without custom protections, Tessian Defender can detect spear phishing attacks with incredible accuracy. And, because the warnings are written in clear, easy-to-understand language, employees are continusouly learning and leveling up their security awareness.
If targeted by a spear phishing attack, employees would receive a warning that looks something like this.
This is an example of a warning message employees would see if Tessian Defender detected a spear phishing attack.
4. With continuous protection and in-the-moment training, security leaders will see employees move from high-risk users to low-risk users over time.
Risk scores and drivers are aggregated at employee, department, and company-level and are benchmarked against peers. This makes tracking and reporting on progress simple and effective.
You can see how Natalie's risk score has dropped from 75 to 32 over time.
Benefits of Tessian Human Layer Risk Hub
Tessian Human Layer Risk Hub enables security leaders to reduce risk and improve their organization’s security posture with unique insights you can’t get anywhere else.
- Targeted remediation at scale. With a bird’s eye view of your most risky and at-risk user groups, security leaders can make better decisions about how to distribute budget and resources, what mitigation measures to prioritize, and when to intervene. This goes beyond email. If you can see who has access to sensitive information – and how they’re handling that sensitive information – you’ll be able to create and update policies that really work.
- More effective training. Every year, businesses spend nearly $300,000 and 276 hours on security awareness training. But, training is only effective when the messages are tailored and the employee is engaged. Tessian Human Layer Risk Hub gives security, risk management, and compliance leaders the insights they need to create tailored training programs that cut through. And, Tessian in-the-moment warnings help nudge employees towards safer behavior in real-time.
- Clear ROI. Many solutions simply report risk; they don’t actually reduce risk. Tessian is different. Security leaders can easily measure and demonstrate how risk has changed over time, how the platform has proactively helped improve the organization’s security posture, and can even apply learnings from the platform to inform future decisions. The benefit? You’ll become a trusted partner across your organization.
- Defensible audit. Tessian’s detailed reports and audit logs provide defensible proof against data breaches. If a risk is identified, you’ll be able to formally document all associated events, and track exposure, owner, mitigation decisions, and actions.
The bottom line: Tessian Human Layer Risk Hub gives security teams a unified view and a shared language to communicate risk to business, demonstrate progress towards lowering risk, and effectively secure their human layer.
Learn more about Tessian
Interested in learning more about Tessian Human Layer Risk Hub? Current Tessian customers can get in touch with their Customer Success Manager.
Not yet a Tessian customer? Learn more about the new Human Layer Risk Hub, explore our customer stories, or book a demo now.
And, to be the first to hear about new product updates, sign-up for our newsletter below.