Request a Demo of Tessian Today.
Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

October 27 | Fwd:Thinking. The Intelligent Security Summit (Powered by Tessian). Save Your Seat →

guide icon

Tessian Blog

See All Posts
Integrated Cloud Email Security
Product Update: Tessian Enhances Portal Navigation to Help Security Teams Respond to Incidents Faster
By James Alliband
Monday, August 22nd, 2022
We are always looking at ways we can improve product efficacy and user experience for our customers. Our latest update – a new and enhanced portal navigation system – achieves just this. It enables security teams to prevent, detect and respond to threats coming into and out of the inbox in a much more efficient way. 
New and enhanced portal navigation system This new navigation system in the Tessian Cloud Email Security Platform significantly improves security team incident response time, making them more efficient in triaging email security incidents.    Today, security teams that rely on traditional email security defenses spend as much as 9-12 hours detecting and responding to each email security incident.   New navigation enhancements   The enhanced portal navigation reduces this administrative burden, helping security teams to work smarter, not harder, by giving them time back to spend on more important tasks. The navigation has been restructured to the two main use cases of the Tessian Cloud Email Security Platform:    Email Threat Prevention   Data Loss Prevention 
Accelerating response times with new navigation bar We have also updated the portal with a new navigation bar allowing quick navigation between insights and security events, so that teams can get to the content they need, faster.    We have also updated the portal’s overall design to give it a fresh and more appealing look and feel. This latest enhancement to the user experience is a testament to our continuous investment in innovation to deliver a first-class customer experience. Don’t just take our word for it, read these Gartner Peer Insights…    The new and improved portal navigation and user interface has been rolled out to all of our existing customers.  
To see how Tessian prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo.   For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn  
Read Blog Post
Integrated Cloud Email Security
Phishing, Email Breaches and Multi-Factor Authentication Compromise Take Center Stage at Black Hat 2022
By John Filitz
Tuesday, August 16th, 2022
After almost three years of pandemic induced disruption, Black Hat 2022 marked the return to a semblance of normalcy in Las Vegas. The number one hot take from 2022’s show was the hope for the pandemic to finally be behind us.    One aspect, however, that will never be the same again is the rapid shift to distributed computing environments, across the world. This explains why cloud adoption is growing at an unprecedented scale, with Gartner forecasting almost $500 billion will be spent on cloud services in 2022, with the figure rising to nearly $600 billion by 2023.    Increasing complexity and a rapidly expanding attack surface area are some of the main drivers, according to former CISA director Chris Krebs in his opening keynote, of why cyber risk is going to get worse before it gets better. Krebs also called on the cyber community and the government to continue bolstering efforts to address cyber risk.
Phishing and multi-factor authentication compromise   Phishing and multi-factor authentication (MFA) compromise were among the dominant threats covered by established and emerging security vendors at Black Hat 2022. Trying to stay relevant, one of the legacy email security solutions unveiled machine learning capabilities in an attempt to address cyber threats that are increasingly able to bypass secure email gateways (SEGs).   Tessian’s CISO, Josh Yavor and KnowBe4’s Roger Grimes both focussed their Black Hat presentations on the how threat actors are leveraging social engineering to compromise MFA, with Roger underscoring that 70-90% of all breaches are attributed to social engineering, including MFA compromises.   Although MFA remains an important security control, organizations have been prone to placing too much faith in this one particular security measure. Although underscoring the importance of MFA, Roger cautioned against the overstated claims that by adopting MFA an organization is near impenetrable.     Tessian’s Josh illustrated how MFA has become an important security control, but that threat actors are able to compromise it via a range of social engineering attacks. Josh ended his presentation with an appeal – only by adopting advanced anti-phishing solutions, that leverage machine learning powered behavioral intelligence to detect threats as they manifest, can the risk of a credential compromise be reduced.   Some of the other themes observed at Black Hat 2022 included a focus on addressing cloud and end-user cyber risk, with a range of solutions that included contextually aware API security, intelligent vulnerability management, end-user isolation for a hybrid workforce, as well as ensuring that security awareness training actually strengthens security culture.  
Cyber risks caused by human error    Coinciding with the annual security conference, several high-profile breaches were trending, including a Lapsus$ ransomware attack on Cisco in early August, as well as Marriott International suffering a third breach since 2018. Both attacks were attributed to employee credential compromise.    In the case of Cisco, the threat actors compromised an employee’s personal Gmail account and gained access to stored credentials in that account. In the case of Marriott, a month prior to the 2022 Black Hat conference, an employee at one of its hotels provided credentials to a threat actor.   Both instances underscore the reality that people make mistakes and that a layered security strategy is no longer a nice to have but is essential to reducing the risk of a breach. These instances also validate findings from recent seminal industry security reports including IBM’s Cost of a Data Breach 2022 and Verizon’s DBIR 2022 demonstrating that compromise credentials and phishing are the leading threat vectors.    Similar findings have been echoed in the vendor community, most recently by Palo Alto’s Unit 42, showing that 70% of its incident response is attributed to business email compromise and ransomware related attacks.
The future of cybersecurity is in the cloud   Breaches are increasing in frequency as well as costs associated with a compromise, with the average breach cost now costing victims an average of $4.35m. That number jumps to $10.1m if you happen to be in healthcare.   Only by leveraging best-in-breed cloud native security solutions will increasingly advanced attacks be detected and prevented. Cloud native security solutions benefit from not carrying technical debt from an on-premise world, but rather have the advantage of being engineered from the ground-up for adaptive, cloud-based threats.   For example, Tessian’s Intelligent Cloud Email Security Platform has behavioral intelligence at its core – enabled by machine learning, using Natural Language Processing (NLP) and Natural Language Understanding (NLU) – is able to detect threats as they manifest, in real-time. This includes threats that have been able to circumvent initial security controls such as MFA or legacy static, rule-based email security solutions like SEGs.
To see how Tessian prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo.   For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn
Read Blog Post
Podcast, Compliance, Interviews With CISOs
Lola Obamehinti on What Good Security Awareness Training Looks Like
By Laura Brooks
Saturday, August 13th, 2022
With a wealth of experience in developing and leading security and awareness programs at companies including eBay and TIAA, Lola Obamehinti knows what makes a good program. Lola, the founder of Nigerian Techie and former ,  joined Tim Sadler, Tessian CEO and co-founder, on the RE:Human Layer Security podcast to discuss security and awareness training – why it matters, how to make it effective, and the secret to keeping employees engaged.    Tim and Lola also discussed diversity in tech, with Lola reflecting on the work that remains and how to increase inclusivity and diversity in the industry.   Listen to the whole episode or read on for some key Q&As from the interview.   Q: Why is security awareness so important in organizations today?   A: Security awareness and training are crucial for every organization because employees need to understand their role in protecting confidential company data and information. When cybercriminals target a company and attempt to gain access to networks and systems they do not only target IT or tech employees. Each and every employee has the potential to be a target, regardless of their role. So it is really important to equip employees with the proper tools to identify phishing attacks and other methods that cybercriminals may use to infiltrate an organization.   Q: What does a good security awareness program look like?   A: Effective security awareness and training programs require a multifaceted approach. It is not just training, and it is not just security awareness events or communications – it is all of those elements working together.    You could even divide security training up further into phishing simulations, which then feed into additional security training, alongside required security training (that could also be role-specific). The communications pieces and events also play a big role because you need to let the employees know where they are missing the mark, and also lead effective security awareness events. Finally, you need to use data to track the progress of all of those particular programs.    This well-tracked, multifaceted approach really helps to keep security at the forefront of employees’ minds, and in my opinion, is what works best. 
Q: How do you improve a pre-existing program and engage employees?   A: Additional funding is the best way to improve a pre-existing program. It may seem like the easy answer, but in my experience, I have noticed that security awareness and training is one of the parts of security that is often a bit underfunded. Companies often say that additional funding isn’t necessary, but whenever an incident happens security awareness and training is one of the first teams that is notified.    Now when it comes to the content of the program, context is key. To engage employees and help them retain information, you need to provide context to the lessons you are teaching them.    For example, when I was leading security awareness and training at eBay, we were entirely remote, so ensuring employees were well engaged was a key focus. One of the things we did was in January after the popular Coinbase advert that was shown at the Superbowl. The advert featured a QR code bouncing around the screen, similar to a bouncing DVD logo. So, I wrote an article about protecting yourself against QR code phishing, using the advert to provide context.   The engagement was huge – a few of our engineers even created their own QR codes! Until then I didn’t think that level of engagement was possible, but it just goes to show what happens when employees are truly interested in a topic. You just need to make it relevant to them.
  Q: What diversity and inclusion work is left and how can leaders help?   A: Right now, there is a lot of work left to do in the industry when it comes to diversity and inclusion. The security industry reflects the greater technology industry where there is not a lot of representation. Even for San Fransisco-based companies, the representation of Black, Indigenous, and People of Color (BIPOC) teeters around 2-5%, which is really really disheartening. Particularly because in 2014 a lot of the major tech companies started releasing diversity reports, but the numbers really haven’t moved since.    To change this I believe that the gatekeepers, from hiring managers to executives, need to give opportunities to individuals who might not have a traditional path. Maybe they just have a passion, maybe they have done a lot of extracurriculars like starting a podcast or YouTube or Discord to educate other individuals on security. They may not have the right certifications, but those individuals should be given more opportunities at entry-level or even management.   Also, for the individuals who are already in the industry – if they don’t feel included or like there are proper opportunities for advancement they leave. We have all seen the lawsuits that are being brought against Google and other tech organizations where people have been discriminated against, experienced racial microaggressions, and were not promoted or compensated fairly. So the work doesn’t stop once you have a diverse workforce – you need to make them feel continually included.    Finally, I would like to highlight that diversity is not just about BIPOC. It can be gender, background, or socioeconomic status, it can be anything. I think of diversity as diversity of perspective and thought – and it is so important for the overall success of a company.
Read Blog Post
Integrated Cloud Email Security, Interviews With CISOs
Hot Takes: 8 Ways to Strengthen the CISO and CFO Relationship
By John Filitz
Thursday, August 11th, 2022
As cyber risk continues to escalate, strategic collaboration between the Chief Information Security Officer (CISO) and Chief Financial Officer (CFO) is becoming more important.    In a recent webinar discussion between Tessian’s CFO, Daniel Kim, Jason Thomas, CIO at Cole, Scott and Kissane and Steve Kinman, CISO at Snyk, we talked about the key elements to addressing cyber risk at a strategic and fundamental level.    What did we uncover? Ultimately, the CISO and CFO roles are changing, and collaboration between these two important stakeholders is essential for businesses to mitigate cyber risk, while also driving business objectives forward. The panel also outlined some of the key principles necessary for enabling a dynamic risk mitigation and business value-led partnership.
1. Focusing on cybersecurity fundamentals  The risk for a cyber breach and the costs associated with breaches are increasing. In fact, the 2022 Cost of a Data Breach Report from IBM revealed that the cost of a data breach now stands at $4.35 million, up 13% from 2020.    According to Jason Thomas, CIO at Cole, Scott and Kissane, security leaders must focus on the security fundamentals as a starting point. This includes understanding your environment i.e. classifying your assets, knowing what you have from a technology and people standpoint, as well as the degree of cyber risk faced by your organization.  
2. Quantifying cyber risk  For Daniel Kim, CFO at Tessian, moving away from a binary quantification of cyber risk is the first and important step to addressing increasing cyber risk, so too is appreciating that “the risk is never going to be zero.”    As a next step, he says, it is important that companies also appoint C-suite steering committees that should operate in a similar fashion to disaster risk committees. This would move companies out of a reactive to a proactive position on cyber risk mitigation. 
3. Prioritize cybersecurity spending   Prioritizing cybersecurity investments can often face questions of relevance from other business leaders on the value that these investments would add to the company. For Jason it is essential that company leaders ask themselves, “how much is one hour of downtime worth to the company.”   For Steve Kinman, CISO at Snyk, many companies are still struggling to adequately prioritize cybersecurity program development, stating “what I hear a lot from teams is that they’re doing a lot of ad hoc security planning…and there’s no-rollup of that information to the C-suite or board.”  Every cybersecurity initiative, he says, must be aligned with the business and its objectives.    
4. Cyber risk as a financial risk   On the growing importance of CFO and CISO relationship building, Tessian’s Dan underscores that the growing importance rests on two important aspects, namely the frequency and the impact of risk.    On frequency of risk, it is imperative that leaders understand what risks exist in their environment. This can range from natural, geopolitical, financial and cyber risk. On impact, the increasing costs associated with cybersecurity events, including loss of revenue, downtime, to the loss of data and IP, have rendered cyber risk as a financial risk, says Dan.   Combined with regulatory changes that will result in the C-suite being held personally liable for cyber breaches is essentially elevating the importance of dealing adequately with cybersecurity risk – with Dan adding, “reacting to a breach after the fact is no longer a good business model.”    
5. Healthcheck on the CISO and CFO relationship   Synk’s CISO Steve noted that for the majority of organizations a disconnect between the CISO and CFO is apparent, noting many CFOs don’t understand cybersecurity terminology and do not understand the real cyber risk facing their organizations. It’s important to shift the conversation from cyber risk to business risk.   Touching on the evolution of the CISO role, Jason states it is critical that security leaders understand the fundamental financial aspects of the business in order to prioritize investments to address these risks.     
6. The importance of ROI   Having measurable return on investment (ROI) from your security tools is non-negotiable for every business. For Jason, this entails conducting routine audits on the security tool efficacy. Not being able to get the data out of the tools and demonstrate what impact they are having leaves you unable to determine whether the tool is performing as expected and is delivering ROI.   Using  a framework that categorizes the investment by the following criteria for Dan is helpful:   investments that generate revenue investments that cut cost investments that manage risk   Every business leader – including CISOs – need to be able to translate their area of expertise and programs underway to business outcomes, according to Dan. Learning how to speak the same risk language, being the catalyst for change and making it a collaborative journey is so important to achieving business outcome success.     
7. Become an effective C-suite communicator  It’s only once a breach has happened that cybersecurity programs are prioritized. This, according to Steve, is the well-known mantra of “not wasting a breach” to increase the cybersecurity budget.    Although this approach is commonly used in the industry, there is a need for a more proactive approach. Steve cautions, however, that security and risk leaders need to be tactical with their asks for additional cybersecurity investments – you need to have a well developed and well-communicated cybersecurity strategy in place first.   Additionally, overcoming communication obstacles that may exist between the CISO and the C-suite, requires developing a set of metrics for reporting that conveys maturity of the program, rollout according to timeframes, and being able to show how risk is trending. The C-suite and board require a different type of language than most security practitioners are familiar with  – don’t go too deep on security jargon.    
8. Overcoming the cybersecurity perception problem In a 2022 Tessian study, we found that only 58% of employees believe that senior executives at their  company value cybersecurity. For Steve, recognizing that most companies recognize that cyber risk is the number 1 risk, and that’s where the acknowledgement stops.    Even large corporations don’t demonstrate how essential cybersecurity and cyber risk mitigation are to their overall growth strategies. Cyber risk needs to be intertwined in the business plan and commonly understood by all of the business units. When cybersecurity risk is not referenced in the business plan that is where the perception of cybersecurity not being valued manifests from.   Jason and Dan agree that security awareness training needs to be ongoing and doesn’t need to be overly complex. Jason uses a constant messaging approach to drive security awareness on the risks being seen in the industry and measures his team have in place to safeguard his company.  
Building a Long-Term Relationship   The importance of strategic collaboration between CFOs and CISOs is coming into sharper focus, particularly as cyber risk continues its upward trajectory.    For organizations that are behind the technology adoption curve, according to Dan, cybersecurity risk can no longer be seen as a standalone, siloed IT project, but rather it needs to be seen as key business risk facing the enterprise.   Sharing information and intelligence i.e. constant communication on breaches threat trends in the industry as well as demonstrating what measures are in place helps Jason and his team build trust with the C-Suite.     Steve advises, it can be very intimidating to think that the CFO doesn’t care about cyber risk, get over that fear, go and speak to your CFO, build that relationship.    Building an effective relationship between the CFO and CISOs takes collective effort, as well as a shared view on the extent of cyber risk facing the organization. Having a well-oiled partnership between these two important business stakeholders can both mitigate cyber risk and as well as deliver success on business objectives.     
To see how Tessian prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo.   For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn
Read Blog Post
ATO/BEC, Email DLP
Key Takeaways from IBM’s 2022 Cost of a Data Breach Report
By John Filitz
Wednesday, August 10th, 2022
The cost of a data breach is up 13% from 2020 totalling $4.35 million, according to IBM’s Cost of a Data Breach Report for 2022. IBM’s annual report also revealed that compromised credentials, phishing and cloud misconfiguration are the top three attack vectors. Phishing related breaches is the costliest form of attack, costing businesses $4.91 million in damages per breach.    IBM recommends investing in security tools that leverage artificial intelligence (AI) and machine learning. These next generation security tools represent the biggest breach cost mitigation measure organizations can take, reducing the overall cost of a breach by an average of $3.05 million.    Keep reading for key findings from the report.   Key findings   The cost of a breach continues to creep up year-over-year. The cost of a breach has increased to $4.35m in 2022 –  representing a nearly 13% increase from 2020. Top 3 attack vectors were identified as: compromised credentials (19%), phishing (16%) and cloud misconfiguration (15%). Phishing is the costliest form of a breach. Although compromised credentials is the leading cause of a breach, phishing is the costliest with the fallout averaging $4.91m per breach.  Business Email Compromise (BEC) is expensive. BEC attacks are the second costliest, totalling on average $4.89m per breach.  
Healthcare remains the most adversely impacted vertical. Costs of healthcare breaches have reached a record high of $10.1m. According to HIPAA, there were over 680,000 healthcare breaches in 2021, resulting in close to 45 million healthcare records being compromised. Million dollar savings. Investing in security AI and machine learning tools is the greatest breach cost mitigation organizations can take, reducing the overall cost of a breach by an average of $3.05m compared to organizations that do not have these tools in place.   The increasing frequency and costs associated with breaches is adding to inflationary pressure for goods and services. Companies that have suffered a breach are typically raising their prices for goods and services. Breaches are still taking an inordinate amount of time to contain. On average breaches are resolved within 277 days from discovery. Paying ransoms does not lead to significant cost savings for victims of a breach. Those that chose to pay ransoms saw on average $610, 000 less in breach costs than those that chose not to pay. Critical infrastructure remains vulnerable and lags in zero trust adoption. 80% of critical infrastructure organizations have not adopted zero trust strategies. The result is +$1m more costly breaches, totalling an average of $5.4m per breach. 
The importance of cloud adoption maturity and cloud security   Hybrid cloud represents a hedge against cyber risk. The study found hybrid cloud adopters discovered breaches 15 days sooner than companies that relied solely on a single public or private cloud operating model. Hybrid cloud reduces breach cost. Companies that rely on a  hybrid cloud operating model also experienced the lowest costs associated with a breach. On average breach costs for hybrid cloud adopters were $3.8 million. Cloud security adoption is lagging breaches. Almost half (45%) of all breaches originated in cloud environments, with 43% of organizations stating that they are only in the early stages of implementing security across their cloud environments.  A lack of cloud security adoption increases time to resolve a breach. On average organizations that failed to adopt adequate or any cloud security for their cloud environments required +108 days to resolve a breach.
Phishing and Business Email Compromise (BEC) are the costliest attack vectors   BEC and credential compromise breaches are insidious and difficult to discover. Email breaches have the second highest mean time to discovery at 308 days (+16% on the overall mean time), with compromised credentials topping the list with a mean time for discovery 327 days (+19%). Phishing is a lucrative scam. Phishing is the second leading attack vector for breaches (16%), and is also the costliest at $4.91m. BEC attacks come a close second, costing businesses $4.89m. 
Recommendations   Some of the key IBM recommendations include:   Adopt a zero trust security strategy and security model. Zero trust is particularly well-suited to hybrid cloud environments and hybrid and remote work operating models, protecting data by limiting accessibility and requiring context to grant access. Adopt security tools that can share and centralize data between disparate systems. Implement security tools that can centralize data security operations across multiple environments to enable security teams to detect incidents across complex hybrid multi-cloud environments. Invest in cloud native security automation tools. This includes security orchestration, automation and response (SOAR), security information and event management (SIEM), managed detection and response (MDR) tools and XDR to accelerate incident response through automation. Use best-of-breed security tools that help protect and monitor endpoints and remote employees. Remote work related breaches cost an average of $1 million more than non-remote work breaches. Leveraging endpoint and end-user focussed security solutions including endpoint protection platforms (EPP), identity and access management (IAM) and email security solutions are essential. Create and test incident response plans and playbooks. This includes creating incident response teams that are well rehearsed on testing the IR plan. Additional measures include red teaming and finding solutions that manage attack surface risk.  
To see how Tessian prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo.   For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn.
Read Blog Post
Email DLP, Integrated Cloud Email Security
Tessian Recognized as a Representative Vendor in the 2022 GartnerⓇ Market Guide for Data Loss Prevention
By Negin Aminian
Tuesday, August 9th, 2022
Tessian has been recognized by Gartner in the Market Guide for Data Loss Prevention (DLP) 2022 as a Representative Vendor for next generation DLP. Gartner makes the distinction that, “DLP is a mature technology, but the emergence of tools with a focus on cloud and insider risk management use cases has provided SRM leaders with the option to invest in a next-generation data security tool.”    State of the DLP market and why email matters The need for cloud native DLP tools is growing in-step with increased public cloud adoption, and the report mentions that, “In 2021, Gartner fielded 29% more client inquiries on the topic of DLP than in 2020.” In the latest Gartner forecast, “Worldwide end-user spending on public cloud services is forecast to grow 20.4% in 2022 to $494.7 billion, up from $410.9 billion in 2021, according to the latest forecast from Gartner. In 2023, end-user spending is expected to reach nearly $600 billion.”   Email is a significant threat vector for data loss. In separate research conducted by Tessian (2022), the risk for a data loss event occurring via email is high, with nearly 60% of organizations surveyed having experienced an email data loss incident due to an employee mistake in the last 12 months. Email was also identified as the riskiest channel for data loss, followed by cloud file-sharing and instant messaging platforms.   Gartner underscores the importance of addressing data loss risk on email due to the fact that “email is one of the most prevalent means of sending information and a priority for most clients.” And in reference email security DLP capabilities, Gartner states:   “Some email security vendors’ solutions can also address accidental data loss use cases, such as the sending of email to the wrong recipients or the sending of wrong attachments. These solutions use artificial-intelligence- based algorithms to track users’ email patterns and notify users if they may be accidentally sending sensitive information.”   These intelligent email DLP capabilities are native to Tessian, having the ability to prevent misdelivered emails and misattached files from being sent, as well as preventing malicious attempts at email data exfiltration.   Key findings from the Gartner Market Guide for DLP The report identifies three key findings: “Data loss prevention programs that are not tied to specific initiatives and goals are indicative of immature data security governance. Traditional DLP vendors that focus on conventional and data specific content inspection methods, can lead to fatigue and a siloed view of data movement. Legacy DLP tools rely on detection methods that were developed for on-premises workloads. Cloud migration has complicated the vendor selection process for clients, since these legacy approaches to DLP often are no longer viable.”   Some of the key recommendations include: “Define a DLP strategy based on data risk and the needs of the business.” Invest in a DLP solution that not only provides content inspection capabilities but also offers extra features such as data lineage for visibility and classification, user and entity behavior analytics (UEBA), and rich context for incident response. Overcome the challenges presented by a cloud-first strategy by implementing a solution to map and secure sensitive data across the hybrid environment.”
How Tessian protects against accidental and intentional data loss on email   Tessian’s unique approach to securing the email ecosystem and preventing email data loss hinges on three pillars:   Enabling intelligent and automated email security that leverages machine learning powered behavioral intelligence to detect both known and unknown threats, in real time. This prevention capability extends to automatically preventing email data loss from both malicious insider and accidental data loss use cases. Improving security operations (SecOps) efficiency by preventing data loss events from becoming incidents, reducing the time spent triaging incidents, as well as time spent configuring static DLP rules. Strengthening security culture by creating a positive end-user experience by empowering end-users to make the right cybersecurity decisions.
An intelligent approach to cloud email security  By leveraging machine learning powered behavioral detection, Tessian’s cloud email security platform is able to prevent both accidental and malicious data loss attempts from becoming incidents – ensuring data security compliance, while reducing the burden on SecOps.    Combined with contextual, in-the-moment end-user warning banners, security culture is strengthened by empowering end-users – through a range of DLP policy enforcement options – to make the right security decisions.   Want more information on how Tessian can protect your organization against email DLP? Click here to schedule a demo.
To see how the Tessian Intelligent Cloud Email Security platform prevents insider threats and protects against DLP, watch a product overview video or book a demo. For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn.       Gartner, “Market Guide For Data Loss Prevention”, Ravisha Chugh, Andrew Bales, July, 19, 2022. Gartner Disclaimer: GARTNER is registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Read Blog Post
Are Phishing Tests Part of Your Security Training? How’s That Working Out?
By Andrew Webb
Tuesday, August 9th, 2022
A good security culture is critical for any organization because as the old saying goes, you’re only as strong as your weakest link. Finding that weakest link and strengthening it then is seen as crucial. And that’s why we need to talk about phishing tests.    Because rather than fostering a strong security culture, phishing testing can sometimes have a detrimental impact on your employees security awareness as well as their morale. All too often phishing testing adopts a ‘gotcha’ approach, followed by ‘punishment training’. Our recent Security Cultures Report found that only 33% have had a positive experience with phishing simulations, and 18-24 year olds are 2-3x as likely to have had a bad experience. So when we saw this tweet, we were hardly surprised.   It’s by no means an isolated incident.   How NOT to run phishing exercises #infosec pic.twitter.com/m4icf9KUrZ — Jackie Singh (CISO at ANTIFA) (@HackingButLegal) December 17, 2021
Look, I can be as vigilant as I can, but at the end of the day, it feels like the entity sending me the most phishing emails is MY OWN company, constantly sending them as tests to try to trick us. — Brian Gray 🪩🥂💖 (@urbanbohemian) June 27, 2022 Meanwhile this example from GoDaddy in 2021 seems particularly mean spirited. It’s not entirely unrealistic to expect some sort of corporate comms like this from their own internal team during the holiday season.   Dysfunctional security culture    These are classic examples of a dysfunctional security culture. The result: total fear and paralysis in the workforce that is actually affecting their ability to do their work. Work that brings in real revenue. Stopping phishing attacks by effectively shutting down the company’s ability to function normally can’t really be considered a win.    As we’ve discussed before, you can’t stop people clicking links any more than you can prevent them from sending or receiving them in the first place; for many people, that’s their job. Their inbox is a revolving door of links to documents, webpages, forms, and databases. It’s almost an unconscious muscle memory with some people.    It also has a cost to employees’ mental state, which, given the past two years, is probably already quite fragile – after all, no one should be publicly humiliated and lose their job for clicking a phishing test link.
It’s not just Dave in the Accounts team that this can happen to, even IT experts can fall foul, as this other thread on Reddit explains – look at why though… “I was just coming after lunch, joggling a few important tasks in my head and when I unlocked my laptop there were 20 new emails, so I tried to quickly skim through them”     In short, they were distracted.
Mistakes happen Phishing tests and security training more generally, delivers a poor ROI for CISOs and InfoSec teams. Security training is expensive, both in the cost to organize and run it, and the cost to the company more broadly from taking staff away from what they should be doing. It’s also… often boring, on a par with doing a tax return. What’s more, after just one day people forget more than 70% of what was taught in training, while 1 in 5 employees don’t even show up for SAT sessions. And this is despite some companies’ best effort to make it ‘fun’.   After anger comes apathy IT can fix technology but it can’t fix apathy, but that’s where people more than likely end up after phishing training. This can result in a drastic drop in responsiveness and employee effectiveness.    Thanks to research by Dr. Karen Renaud and Dr. Marc Dupuis we know that unleashing fear, uncertainty and doubt on a workforce doesn’t work. It cripples decision making, creative thought processes and the speed and agility businesses need to operate in today’s demanding world.
What does a good security culture look like?   Our 2022 Security Cultures Report found that although security leaders are prioritizing training (85% of employees in the US and UK participate in security awareness programs) just 36% of them say they’re fully paying attention. And while half (50%) do say it’s helpful, only 28% say it’s engaging. 36% say it’s out-right boring.    Perhaps that’s why 1 in 3 employees don’t even understand why cybersecurity is important, and nearly 30% don’t think they personally play a role in maintaining their company’s cybersecurity.   Look, we’re not down on phishing testing per se. If done right as a research exercise it can provide valuable insights and data points for your organization as part of a much broader suite of security measures.
But what we are down on is victim naming and blaming. Technical tests like phishing testing should be an opportunity to better train and tune your companies filters and defenses, not used to punish your people. A user failure is, uncomfortable as it may be to hear, really an technical failure – because that phishing link should never have even got in front of a person in the first place.   Internal phishing tests are misaligned with their intended outcome. Too often we use the metric to beat users over the head, when we really should be using the data to tune curriculum. The test should identify vulnerabilities, not fix them. https://t.co/a13rQ6q2sF — Brian Anderson (@btanderson72) June 23, 2022
Why ‘in the moment’ training works   How did you learn to swim? I bet you didn’t sit through an hour long presentation about it once a quarter, watch a video, then do a ‘fun’ quiz. You got in the water and worked things out ‘in the moment’. Your senses and instincts flagged potential dangers like getting out of your depth or diving too deep. Good security training is the same.    Training people away from their day to day working environments removes the connection between the danger, and where that danger is experienced. When Tessian detects a threat like a spear phishing email, employees see a warning message that they have to respond to. It’s written in plain English, and offers context around why the email was flagged.
It takes time and effort to develop a robust security culture that everyone subscribes to. That’s hard work when you’re fighting several other issues and problems. In order to foster and maintain a risk-aware workforce, security teams should play an active role in onboarding, offboarding, and day-to-day. This is especially important now, with remote and hybrid operating models being the norm.    But, according to our research, security leaders underestimate just how much they should be a part of the employee experience. But not doing so has an exponential negative impact on the organization which could result in a successful attack. Our 2022 Security Culture Report is a good place to start your journey to a stronger security culture. Download it here.
Read Blog Post
Threat Intel
Tessian Threat Intel Roundup: July 2022
By John Filitz
Friday, July 29th, 2022
Impersonation attacks are a significant contributing factor to the growing phishing challenge, with APWG reporting over 1 million phishing attacks in Q1 2022 – the highest number of attacks recorded for a quarter.   Threat actors are targeting well-known brands to carry-out sophisticated social engineering attacks and are leveraging legitimate 3rd parties to conduct their attacks. Threat actors are also using open source intelligence to impersonate and target specific individuals within companies.   Once trust has been established, the threat actor can further compromise the information system – this includes compromising vendors within the target’s supply chain – by delivering a malicious payload.   The challenge in detecting impersonation attacks is expected to become more protracted in the short term. This is due to the majority of organizations still relying on legacy rule-based email security solutions that are unable to detect sophisticated impersonation attacks.   Sign-up for our Threat Intel update to get this monthly update straight to your inbox.  
Impersonation attacks mimicking well-known and trusted brands, and will remain a mainstay for threat actors to perpetrate attack campaigns that include fraud and account compromise as key objectives.   Impersonation attacks are becoming more targeted and are leveraging open source intelligence, targeting smaller companies as well as specific individuals at those companies, with the C-suite particularly targeted.   Legitimate 3rd party services providers,  including mass-mailing services and payment providers are increasingly common methods employed by threat actors.   Account Takeover-based impersonation attacks, specifically within the supply chain ecosystem of a particular company, pose among the greatest threats. This is due to the threat actor operating within the “circle of trust” and having access to multiple targets.
The FTC has reported a sharp increase in impersonation fraud, with losses totaling $2 billion in the period October 2020 to September 2021. Some of the leading corporations are the most impersonated. In the technology space, this includes Microsoft, Google, Amazon and Apple as among among the most impersonated brands.   Email impersonation attacks come in different guises including:   Typosquatting – in this instance the threat actor sets up an email domain that appears to be legitimate – however with one or several characters replaced with look-a-like characters, for example using zero instead of “o.”   Email domain spoofing – the threat actor will manipulate the email headers so that false email address is displayed to the sender, for example the sender’s email address is “fraudster@cybercrime.com,” but the recipient sees “billgates@microsoft.com” in their inbox. Often email domain spoofing will include some degree of brand impersonation, including use of brand logos and email footers, to enhance the legitimacy of the malicious email.   Account Takeover – ATO attacks are possibly the most insidious form of impersonation attacks due to the threat actor leveraging a compromised and “trusted” email account to perpetrate an attack.   Threat actors often use a sense of urgency combined with some intelligence to get the target to carry-out their request, for example, such as requesting urgent payment of a known supplier invoice but to a bank account number controlled by the threat actor.   Malicious payloads in the form of attachments or links are also commonly used. The malicious nature of the payload is obfuscated to bypass rule-based security controls.   In the case of a malicious attachment, common obfuscation methods include changing the file name to a “.doc” or “.pdf” or in the case of a malicious link, using third-party mailing services to deliver the malicious links. This can include the use of link-redirects that will redirect the victim using a “safe” link to a safe website, which then redirects to a malicious website.   One noteworthy impersonation attack campaign included the NOBELIUM campaign detected by Microsoft Threat Intelligence. In this campaign, threat actors leveraged a legitimate mass-mailing service Constant Contact to impersonate the US International Development Aid agency (USAID) to distribute malicious URLs to a “wide variety of organizations and industry verticals.”   More recent impersonation campaigns are leveraging a combination of phishing email and a call-back number impersonating a well-known and trusted security vendor in an attempt to compromise the target via remote administration tools (RAT).
The need to upgrade email security is increasingly moving up the priority order list.   Legacy rule-based solutions are unable to detect multi-tiered impersonation attacks that remain undocumented in most threat intel engines on which legacy solutions rely.   Adaptive, machine learning powered behavioral detection is essential to detect unknown and rapidly evolving threats, including supplier based ATO attacks.   Leveraging security solutions that incorporate security awareness training as part of the active defense measures remains a key element of ensuring that end-users are in a better position to detect impersonation attacks.
To see how Tessian prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo. For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn
Read Blog Post
1 in 3 Employees Do Not Understand the Importance of Cybersecurity
By Andrew Webb
Tuesday, July 26th, 2022
Our research report into security culture reveals a startling disconnect between security leaders’ views and those of employees when it comes to cybersecurity. Our survey of 2,000 employees in the UK and US revealed that just 39% say they’re very likely to report a security incident, making investigation and remediation even more challenging and time-consuming for security teams. When asked why, over two-fifths (42%) of employees said they wouldn’t know if they had caused an incident in the first place, and 25% say they just don’t care enough about cybersecurity to mention it – a sentiment that should set alarm bells ringing for security leaders.    What’s more, for some staff, this attitude is bleeding into their home life. 20% of employees say they don’t care about cybersecurity at work – over 1 in 10 say they don’t care about it in their personal lives!   It’s clear then, that a significant percentage of employees are simply not engaged with the organization’s cybersecurity procedures and how they play their part in keeping their company secure.
Turning to IT and security leaders, virtually all of the 500 leaders we surveyed (99%) agreed that a strong security culture is important in maintaining a strong security posture. And yet despite rating their organization’s security 8 out 10, on average, three-quarters of organizations experienced a security incident in the last 12 months.    There’s clearly a disconnect here between the views of the SOC team, and those in other teams around the business, and one reason for that could be the reliance on traditional training programs.   48% of security leaders say training is one the most important influences on building a positive security posture. But the reality is that employees aren’t engaged; just 28% of UK and US workers say security awareness training is engaging and only 36% say they’re paying full attention. Of those who are, only half say it’s helpful, while another 50% have had a negative experience with a phishing simulation. 1 in 5 employees don’t even show up for SAT sessions.    As indicated above, the report also reveals a disconnect when it comes to actually reporting security risks and incidents. Eighty percent of security leaders believe robust feedback loops are in place to report incidents, but less than half of employees feel the same, suggesting clearer processes are needed so that security teams have greater visibility of risk in their organization.
Boomers v Gen Z: The Generational Divide    The report also revealed stark generational differences when it comes to cybersecurity culture perceptions. The youngest generation (18- 24 year olds) is almost three times as likely to say they’ve had a negative experience with phishing simulations when compared to the oldest generation (55+). In contrast, older employees are four times more likely to have a clear understanding of their company’s cybersecurity policies compared to their younger colleagues, and are five times more likely to follow those policies.    When it comes to risky cybersecurity practices such as reusing passwords, exfiltrating company data and opening attachments from unknown sources, younger employees are the least likely to see anything wrong with these practices. 
Read Blog Post
New Study from Forrester Consulting: The Total Economic Impact™ of Tessian Cloud Email Security Platform
By Negin Aminian
Tuesday, July 19th, 2022
A commissioned study conducted by Forrester Consulting on behalf of Tessian in July 2022 reveals that a composite enterprise of 10,000 protected inboxes saw 268% Return On Investment (ROI) over three years after deploying Tessian. This amounts to over 29,600 labor hours saved.   In addition to the significant time savings, the benefit of having Tessian deployed focused on reducing email security risk against advanced email threats, as well as preventing email data loss. Additional key benefits included quantifiable improvements to the security culture of customer organizations, leading to lower click-through-rates and a greater awareness of the cyber risks posed on email. 
Tessian commissioned Forrester Consulting to conduct a Total Economic Impact™ study to examine the ROI that a composite enterprise realized by deploying Tessian over a 3 year period. The value of having Tessian deployed was distributed accordingly:   • Savings of  $3.1 million due to inbound email threat prevention, including against advanced malicious emails that upstream solutions failed to detect.   • Savings of $2.6 million from preventing email data loss incidents thanks to Tessian’s advanced email data loss protection capability.   • $2.9 million in savings from preventing accidental email from being sent – this includes preventing misdirected and miss-attached emails from being sent.   For modeling purposes Forrester Consulting used full Tessian Platform implementation for a 10,000 end-user enterprise. The study found total benefits of $8.6m, a net present value (NPV) of $6.2m, and an ROI of 268%.
Risk Reduction   Email remains the preferred delivery mechanism for devastating malware attacks, including ransomware. The FBI notes in its latest IC3 report that Business Email Compromise (BEC) has led to losses of $43 billion in the past 5 years, with 65% of these losses occurring in the period 2019 to 2021.   According to the study, this is supported by Forrester’s own research, finding that email-based phishing attacks are playing an increasingly prominent role in security breaches, rising from 23% in 2020 to 31% in 2021. This represents a 35% year-over-year increase. Of concern are the increasing sophistication of BEC, account takeover attacks (ATO), and the devastating impact that insider threats pose, particularly from a data breach perspective.   An information gap that Forrester Consulting identified in the study is the lack of research available and awareness surrounding email data loss. This was mirrored both in published research and in the enterprise. Only after deploying Tessian, did customers realize the magnitude of the data loss risk they faced.
Challenges before Tessian   Some of the key email security challenges prior to interviewed organizations choosing Tessian, included:   • A lack of detection and prevention capability of existing email security tools against advanced threats. Interviewees noted that advanced email threats are becoming more prevalent and more targeted at senior executives.   • Previous email security tools had limited or no email data loss capabilities. Due to the sensitive nature of data processed by the interviewees’ organizations, they could no longer take the risk of not addressing email data loss risk arising from either exfiltration and misdirected emails. • Existing email security solutions that relied on rule-based policies resulted in excessive and disruptive banner warnings without context and didn’t offer protection. In this noisy environment every email had to be treated as a threat, the organizations had no trust in the security efficacy of their existing email security solutions.
Solution Requirements   Prior to choosing Tessian, the features interviewees wanted in an advanced email security solution included:   • Definitive and demonstrable AI and ML capabilities. • High-quality and actionable alerts. • Advanced protection capabilities for inbound as well as outbound email. • API-based integrations into the existing security stack and email environments.  • Fast deployment and low management overhead. • Ability to scale as well as providing a flexible and strategic partnership.
Impact of Tessian   The enterprise organizations that Forrester evaluated found Tessian delivered the following:    • Halving the phishing rate for a large healthcare enterprise, while also reducing the time to diagnose and respond to phishing campaigns from 8.5 hours down to 5 hours.   • Blocking 143 malicious emails in 1 month for a financial services company, and significantly reducing the click-through-rate while improving the security awareness of employees to better identify malicious emails.   • Detecting and preventing 901 malicious emails in one month at another financial services company that had gone undetected by other upstream email security tools.
For data exfiltration, Tessian had the following impact:   • Detected and enabled fast and effective protection and response against data exfiltration attempts for a healthcare enterprise.   • Enabled a culture shift in the professional services company, reducing data exfiltration over email due to the proactive warnings provided by Tessian.      
For misdirected emails Tessian had the following impact:   • 270 instances of accidental data loss in 90 days were prevented for a professional services firm. • 243 misdirected emails and 9 incorrect attachments were detected in one month at a financial services firm.   • Significant reduction in misdirected emails at a healthcare company with the director of information security citing an overall improvement of security awareness among end-users, evidenced by fewer accidental data loss instances every month.
Additional benefits   Better security decision-making: The Forrester study also found there was better end-user security decision-making due to contextual prompts end-users receive in real time on likely malicious emails. Security administrators also leveraged the improved risk analytics to better understand how email security risk is trending in their environment.   Greater investigation efficiency and ability to demonstrate ROI to leadership: Another key benefit realized was significantly faster investigations of email security incidents, as well as a low effort in communicating the ROI of Tessian and how it is reducing email risk to the executive leadership.    Enhanced end-user experience: The user experience and positive feedback from end-users of Tessian were among the notable findings. The positive feedback was tied to the fact that Tessian makes end-users feel more secure and confident on email. This was in large part due to the context driven alerts on likely malicious emails, as well Tessian’s ability to prevent email mistakes from happening.  Improved security culture: The impact Tessian was having on improving the security culture across the organizations interviewed was significant, with one of the interviewees sharing that thanks to Tessian, their latest phishing-prone score was 10% lower than the industry benchmark.
Tessian for advanced email ecosystem protection    Although there are numerous cloud email security solutions on the market today, only Tessian  offers the most comprehensive cloud email security protection available. Thanks to our machine learning powered behavioral detection and cloud email security platform approach, Tessian offers protection against advanced email threats as well as prevents email data loss.    Combined with in-the-moment security awareness coaching, the easy ability to demonstrate ROI, and the strategic and flexible nature of our customer partnerships, leads Tessian to be among the most liked security tools by security leaders and end-users alike.   Want more information on how Tessian can protect your organization? Book a call with one of the team below or try our free email threat assessment.
To see how the Tessian Intelligent Cloud Email Security platform  prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo. For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn
Read Blog Post
ATO/BEC, Integrated Cloud Email Security
How to Prepare for Increasing Cyber Risk
By John Filitz
Wednesday, July 13th, 2022
Each year it seems we are met with new complex challenges and risks that few could have predicted. In turbulent times, it is prudent to take stock of what business and security leaders can control. Allocating dedicated resources to more effectively manage both known and unknown risk is fast becoming essential to shore-up organizational resiliency.   Turning the focus to the sector that is germane to what we do at Tessian, effectively managing cybersecurity risk is now more critical than ever. In fact, cybersecurity risk is now considered the number 1 risk faced by businesses according to Allianz’s 2022 Global Risk Barometer, followed by business interruption (2) and natural disasters (3).   Read on to learn more about some of the key cyber risks organizations are faced with today, and how best to mitigate it.
Cybersecurity risk is increasing The costs associated with breaches are increasing each year. The global cost and impact of cybercrime damages is expected to reach $10.5 trillion in damages by 2025 – representing a 350%+ increase from 2015.    A sign of the worsening cyber risk can be seen in the cybersecurity insurance industry. Given the high number of recent claims, up by 500% in 2021, has resulted in cyber insurance premiums seeing significant escalations – essentially doubling over the past year. And as a result of recent developments in Ukraine, leading insurers are now excluding suspected nation-state cyber attacks from coverage provisions.  
Persistent and increasing email security risk   Due to its open nature, email remains the preferred method for delivering a malicious payload, including ransomware – responsible for up to 95% of breaches. Email also attracts the greatest investment in the attacker value chain and is the riskiest channel for data loss.    Until recently, detecting and preventing email threats relied on static, rule-based solutions like Secure Email Gateways (SEGs). These solutions are only able to detect known threats because they rely on a threat detection engine of already documented threat campaigns. But threats have become more advanced and are proliferating at an alarming rate, with the net result these threats are going undetected by SEGs and are reaching victims’ mailboxes.   According to Verizon’s DBIR 2022, email-delivered social engineering attacks are growing in complexity, with phishing responsible for 60% of these attacks. In addition, the FBI reported that $43 billion has been lost globally due to Business Email Compromises (BEC) in the past 5 years, with a 65% increase in BEC fraud related losses reported globally in the period 2019 to 2021.  
The growing ransomware challenge   Advanced cyber threats like ransomware are also trending in the wrong direction. Ransomware related damages exceeded $20 billion for 2021 – representing a 57x fold increase from 2015. By 2031 ransomware damages are expected to reach $265 billion. Responsible for 75% of cybersecurity insurance claims, Ransomware-as-a-Service offerings are mainstreaming the ability to carry out devastating ransomware attacks.    Russia-based Conti ransomware gang aka Wizard Spider has been linked to 50 incidents in April 2022 alone, including attacks on the Costa Rican and Peruvian governments. Currently there is a $15million bounty on Conti from the US government – indicative of the scale of the problem. The FBI estimates that over 1,000 Conti ransomware victims have paid in excess of $150 million in ransom in the past year.    Also concerning is the increasing proliferation of wiper-malware seen in 2022 in cyber attacks against the Ukraine in 2022. Disguised as ransomware, wiper-malware essentially wipes all data from infected hosts. In response to the growing ransomware threat, CISA announced the formation of a ransomware taskforce at the end of May 2022.   
Software supply chain vulnerability   Software supply chain cyber risk is another leading concern for CIOs and CISOs. The acceleration of digital transformation and cloud adoption, and increased speed of deployment through DevOps processes, have resulted in dramatically expanding the attack surface area with vulnerable code and applications exposed online.    Software supply chain attacks remain a vulnerable element given the high impact and high reward for the attackers as has been demonstrated in the SolarWinds and Kaseya attacks. 
Final thoughts for staying safe in a volatile cybersecurity environment   Prioritizing cybersecurity program development is now a core aspect of effective organizational risk management. There however remains a collective need in the vendor and the broader business community to elevate and educate executives particularly at the board level, on the importance of proactive cybersecurity risk management.    Assume you will suffer a breach. From this risk-aware position think about the proactive steps you can take to improve your cyber resilience. The escalating email, ransomware, wiper malware and supply chain vulnerability risks underscore the imperative for investing in intelligent and agile cybersecurity defenses.   Continuously seek out innovative solutions that keep your environment safe, while at the same time ensure high degrees of employee engagement on the importance of security awareness.  
To see how the Tessian Intelligent Cloud Email Security platform  prevents ransomware attacks, and protects against DLP, watch a product overview video or book a demo. For the latest cybersecurity news and articles, sign up for our newsletter, and follow us on Twitter and LinkedIn
Read Blog Post
ATO/BEC, Email DLP, Integrated Cloud Email Security
What is an Integrated Cloud Email Security (ICES) Solution?
Thursday, July 7th, 2022
In recent years, the shift away from on-prem email platforms to cloud-based platforms has been dramatic, with Gartner estimating that 70% of organizations now use cloud productivity suites like Microsoft 365 and Google Workspace. But as email migrates from legacy on-prem approaches to the cloud, securing these cloud based services becomes the next big challenge. Enter Integrated Cloud Email Security.
What is an Integrated Cloud Email Security (ICES) Solution? The term ‘Integrated Cloud Email Security (ICES)’ was coined in the Gartner 2021 Market Guide for Email Security. ICES solutions were introduced as a new category, and positioned as the best defense against advanced phishing threats that evade traditional email security controls.     ICES solutions are cloud-based, and use APIs to detect anomalies in emails with advanced techniques such as natural language understanding (NLU), natural language processing (NLP) and image recognition. Using API access to the cloud email provider, these solutions have much faster deployment and time to value, analyzing email content without the need to change the Mail Exchange (MX) record.   Taking it one step further, ICES solutions can also provide in-the-moment prompts that can help reinforce security awareness training (SAT), and are able to detect compromised internal accounts. In the report, Gartner reflected on the future of ICES solutions, suggesting that they would eventually render SEGs redundant:   “Initially, these solutions are deployed as a supplement to existing gateway solutions, but increasingly the combination of the cloud email providers’ native capabilities and an ICES is replacing the traditional SEG.”
Gartner predicts that by 2023, at least 40% of all organizations will use built-in protection capabilities from cloud email providers rather than a secure email gateway (SEG)… But why?   In short, legacy SEGs are no match for the cyber threats of tomorrow. Email is responsible for 96% of cybersecurity breaches, making it the greatest threat vector. In fact, in the 12 months between July 2020 and July 2021, Tessian detected 2 million malicious emails that had bypassed SEGs. So why are traditional SEGs not fit for today’s cybersecurity landscape?
Rule-based approaches don’t cut it SEGs were developed in 2004 with on-premise email servers in mind and use a rule-based approach to threat detection. They use deny lists, allow lists and signatures for message authentication to help stop attacks – with these lists created using threat intelligence. They are reactive by design, and protect email data against threats that are already known. This means that SEGs offer no protection against zero-day attacks (a significant and growing threat vector), and are easily evaded by attackers using advanced social engineering campaigns. SEGs also fail to detect business email compromise (BEC), account takeover (ATO) and advanced spear phishing attacks.
The migration to the cloud   More and more, organizations are adopting SaaS offerings like Microsoft 365 – which have SEG capabilities natively included. This shift was well underway before the pandemic, but has since been accelerated with data suggesting that ICES solutions are here to stay and will displace SEGs from the cybersecurity stack.. The rise of offerings like Microsoft 365 and Google Workspace and the move away from SEGs comes as no surprise, with enhanced functionality at the platform level that can include:   Blocking emails from known bad senders Scanning attachments with AV Blocking emails with known bad URLs Content analysis to identify SPAM   Given these native SEG-like capabilities in cloud productivity suites, makes ICES solutions the perfect supplement to ensuring comprehensive email protection. ICES solutions are so effective because they  provide protection against many of the threats SEGs fail to detect – when used in combination with SaaS offerings like Microsoft 365.
What are the benefits of ICES solutions?   ICES solutions offer more than just threat detection. Key features of ICES solutions  can include:   BEC and ATO Attack detection using NLU, NLP, social graph analysis and image recognition Context-aware banners to warn users Phish Reporting Mail Security Orchestration, Automation and Response (MSOAR) capabilities to assist in automatic reclassification of emails and removal from inboxes
How to evaluate ICES vendors   The number of  ICES solutions available on the market is continually growing. There are a few key things you should consider when evaluating which ICES solution to use. Taking a look at your current email security framework and comparing it to your end goal, the following elements should be analyzed:   Time-to-value, return-on-investment time horizon Cost of effort to install and manage False positive rate ML- and AI-based technology to detect advanced social engineering attacks including BEC and ATO attacks Ability to analyze and map conversation history Computer vision to analyze suspicious data and links in emails User education controls to reinforce training, including context-aware banners and/or in-line prompts Ability to analyze emails prior to delivery to the end user API integration  of email events into Extended Detection and Response (XDR) or Security Information and Event Management/Security Orchestration, Automation and Response (SIEM/SOAR) solutions   Still struggling to decide? Have a look at the 2021 Gartner Market Guide to Email Security, which contains further information on ICES vendors, including Tessian.
Why choose Tessian?   Tessian was recognized as a Representative Vendor for Integrated Cloud Email Security (ICES) in the recently released 2021 Gartner Market Guide for Email Security.     What sets Tessian apart from other ICES solutions is its advanced email security and email data loss prevention (DLP) capability, including:   Advanced Spear Phishing Protection Advanced Attachment and URL Protection   Internal Impersonation & CEO Fraud Advanced Spoof Detection Counterparty & Vendor Impersonation  Brand Impersonation External Account Takeover  Invoice Fraud Bulk Remediation Automated Quarantine  Threat Intelligence   Tessian also offers protection against both malicious and accidental data loss, in-the-moment security awareness training for suspected phishing emails and in-the-moment security awareness notifications. 
To summarize, there are four key Tessian differentiators:   Threat prevention: Tessian protects against both known and unknown email attacks, including business email compromise, account takeover, spear-phishing, and all impersonation attacks that bypass SEGs, M365, and G Suite. Protection also includes class leading email DLP. Education and awareness: With Tessian’s in-the-moment training, organizations can educate and empower users to build continuous email security awareness  Reduced admin overhead: Tessian removes the burden on SOC and admins by automating repetitive tasks such as maintaining triage and review. This eliminates the need for human verification of email threats, reducing FTE requirements. Data-rich dashboards: With Tessian, security teams have clear visibility and the ability to demonstrate clear ROI     To find out more about Tessian as an ICES solution, and the key findings listed in the 2021 Gartner® Market Guide for Email Security, click here. 
Read Blog Post
Page