Request a Demo of Tessian Today.

Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

State of Email Security 2022: Every Company’s Riskiest Channel |  Read the Full Report →

Tessian Blog

  • All
  • Customer Stories
  • Compliance
  • Email DLP
  • Integrated Cloud Email Security
  • Data Science
  • NULL
    array(14) { [0]=> object(WP_Term)#9896 (11) { ["term_id"]=> int(5) ["name"]=> string(16) "Customer Stories" ["slug"]=> string(16) "customer-stories" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(5) ["taxonomy"]=> string(8) "category" ["description"]=> string(155) "Read our latest Customer Stories, interviews and news. Learn how Tessian protects organisations in Financial Services, Legal, Technology and other markets." ["parent"]=> int(2) ["count"]=> int(46) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "2" } [1]=> object(WP_Term)#9948 (11) { ["term_id"]=> int(120) ["name"]=> string(10) "Compliance" ["slug"]=> string(10) "compliance" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(120) ["taxonomy"]=> string(8) "category" ["description"]=> string(143) "Read our latest articles, tips and news on Compliance including GDPR, CCPA and other industry-specific regulations and compliance requirements." ["parent"]=> int(0) ["count"]=> int(39) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "3" } [2]=> object(WP_Term)#9947 (11) { ["term_id"]=> int(116) ["name"]=> string(9) "Email DLP" ["slug"]=> string(20) "data-loss-prevention" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(116) ["taxonomy"]=> string(8) "category" ["description"]=> string(144) "Read our latest articles, tips and industry-specific news around Data Loss Prevention (DLP). Learn about the implications of data loss on email." ["parent"]=> int(0) ["count"]=> int(95) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "2" } [3]=> object(WP_Term)#9946 (11) { ["term_id"]=> int(2) ["name"]=> string(31) "Integrated Cloud Email Security" ["slug"]=> string(20) "human-layer-security" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(2) ["taxonomy"]=> string(8) "category" ["description"]=> string(301) "Integrated Cloud Email Security solutions were introduced as a new category, and positioned as the best defense against advanced phishing threats that evade traditional email security controls.  Learn more about what they are, the benefits of using them, and how you can best evaluate those on offer." ["parent"]=> int(0) ["count"]=> int(130) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "4" } [4]=> object(WP_Term)#9945 (11) { ["term_id"]=> int(486) ["name"]=> string(12) "Data Science" ["slug"]=> string(12) "data-science" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(486) ["taxonomy"]=> string(8) "category" ["description"]=> string(0) "" ["parent"]=> int(0) ["count"]=> int(1) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "1" } [5]=> object(WP_Term)#9944 (11) { ["term_id"]=> int(341) ["name"]=> string(17) "Data Exfiltration" ["slug"]=> string(17) "data-exfiltration" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(341) ["taxonomy"]=> string(8) "category" ["description"]=> string(154) "Access Tessian's library of free data exfiltration posts, guides and trend insights. Acidental data loss, insider threats, and misdirected emails content." ["parent"]=> int(116) ["count"]=> int(34) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "2" } [6]=> object(WP_Term)#9943 (11) { ["term_id"]=> int(433) ["name"]=> string(14) "Remote Working" ["slug"]=> string(14) "remote-working" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(433) ["taxonomy"]=> string(8) "category" ["description"]=> string(163) "Access free tips from security leaders and new research related to remote working and hybrid-remote structures. Level-up your cybersecurity for a remote workforce." ["parent"]=> int(116) ["count"]=> int(15) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "1" } [7]=> object(WP_Term)#9942 (11) { ["term_id"]=> int(384) ["name"]=> string(7) "Podcast" ["slug"]=> string(7) "podcast" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(384) ["taxonomy"]=> string(8) "category" ["description"]=> string(345) "Cybersecurity podcast series on the human factor, discussing why we need to focus on people - not just machines and data - to stop breaches and empower employees. Tim Sadler, CEO of Tessian meets with business, IT and security leaders to flip the strict on cybersecurity and share best practices, cybersecurity challenges, threat intel and more." ["parent"]=> int(2) ["count"]=> int(9) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "1" } [8]=> object(WP_Term)#9941 (11) { ["term_id"]=> int(411) ["name"]=> string(12) "Threat Intel" ["slug"]=> string(19) "threat-intelligence" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(411) ["taxonomy"]=> string(8) "category" ["description"]=> string(155) "Tessian Threat Intelligence and Research team uncovers trends and insights in email security related to phishing, social engineering, and more. Learn more!" ["parent"]=> int(2) ["count"]=> int(21) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "3" } [9]=> object(WP_Term)#9940 (11) { ["term_id"]=> int(3) ["name"]=> string(7) "ATO/BEC" ["slug"]=> string(14) "spear-phishing" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(3) ["taxonomy"]=> string(8) "category" ["description"]=> string(166) "Get up to speed on the latest tips, guides, industry news and technology developments around phishing, spear phishing, Business Email Compromise, and Account Takeover" ["parent"]=> int(0) ["count"]=> int(143) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "5" } [10]=> object(WP_Term)#9939 (11) { ["term_id"]=> int(352) ["name"]=> string(15) "Life at Tessian" ["slug"]=> string(12) "team-culture" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(352) ["taxonomy"]=> string(8) "category" ["description"]=> string(149) "Learn more about Tessian company news, events, and culture directly from different teams. Hear from engineering, product, customer success, and more." ["parent"]=> int(0) ["count"]=> int(42) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "6" } [11]=> object(WP_Term)#11051 (11) { ["term_id"]=> int(435) ["name"]=> string(21) "Interviews With CISOs" ["slug"]=> string(21) "ciso-spotlight-series" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(435) ["taxonomy"]=> string(8) "category" ["description"]=> string(164) "Learn how to navigate the threat landscape, how to get buy-in, and how to break into the industry from these cybersecurity leaders from Shell, Penn State, and more." ["parent"]=> int(0) ["count"]=> int(32) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "7" } [12]=> object(WP_Term)#10996 (11) { ["term_id"]=> int(436) ["name"]=> string(16) "Engineering Team" ["slug"]=> string(16) "engineering-team" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(436) ["taxonomy"]=> string(8) "category" ["description"]=> string(134) "Tessian's engineering team shares tips for solving complex problems. Get advice related to QAs, 502 errors, team management, and more." ["parent"]=> int(352) ["count"]=> int(17) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "1" } [13]=> object(WP_Term)#9898 (11) { ["term_id"]=> int(434) ["name"]=> string(16) "Cyber Skills Gap" ["slug"]=> string(16) "cyber-skills-gap" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(434) ["taxonomy"]=> string(8) "category" ["description"]=> string(149) "Learn more about the cybersecurity skills gap and cybersecurity gender gap. Research and interviews with industry leaders and champions of diversity." ["parent"]=> int(435) ["count"]=> int(19) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "1" } }
Customer Stories
Mitigating Inbound and Outbound Email Threats
Wednesday, June 12th, 2019
Evercore is one of the world’s leading independent investment banking firms. Headquartered in New York City, and with over 2,000 employees and offices across major global financial centers, Evercore serves a global base of clients on a variety of highprofile transactions. These include M&A, strategic shareholder advisory, restructurings, capital raises, equity research, sales, trading, wealth management and trust services. Since its founding in 1995, Evercore has advised on over $3 trillion in M&A, recapitalization, and restructuring transactions. Evercore is protecting over 2,000 people with Tessian Defender, Tessian Guardian, Tessian Enforcer and Tessian Constructor.
Moving past manual solutions Evercore is a firm with exceptionally high standards. That extends to deploying new pieces of software. In heavily transactional environments like investment banking, any downtime or performance issues caused by a new software product is potentially damaging. IT teams often cite ease of deployment as a main priority for new software. Chris Turek, Evercore’s Chief Information Officer, understands just how important it is to deploy new systems quickly and smoothly.
Incredibly simple, uniquely effective For Chris, the beauty of the Tessian platform lay in its administrative simplicity. When Tessian is installed on an email network, it begins analyzing historic email communications retroactively to learn what constitutes ‘normal’ behavior for each user. Within hours, Tessian was up and running, protecting Chris and Evercore’s employees against misdirected emails due to human error. Tessian has also been instrumental in targeting spear phishing emails generated outside the organization. What’s more, Tessian’s platform doesn’t require large sets of pre-labeled data or complex integration processes. The add-in can be installed by simply downloading a file, and it can be rolled out to users at the IT team’s discretion. As Tessian integrates directly with Microsoft Outlook, Office365 and G Suite, all major enterprise email environments are catered for. Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
Evercore Case Study hbspt.cta.load(1670277, '64b7cdd7-d73a-4573-88ec-56e7cee61f20', {"region":"na1"});
Read Blog Post
Customer Stories
Data Loss Prevention in Healthcare: A Serious Business
Tuesday, June 11th, 2019
Laya Healthcare members have access to some of the most innovative health insurance benefits and services in the Irish health insurance market. Working with over half a million customers, its brand promise, Looking After You Always, represents laya healthcare’s member-centric approach, which is fundamental to its vision and values. Part of global insurer AIG since 2015, Laya healthcare also offers life and travel insurance policies. Laya Healthcare is protecting 550 employees with Tessian Guardian.
Security in healthcare: a serious business Health insurance is an intensely specialized industry and can be fragmented from a technology perspective. Significant amounts of information are constantly transferred between different practitioners, hospitals, other insurers and partner organizations. As one of Ireland’s largest health providers, Laya healthcare deals with extremely sensitive information. Ian Brennan, Director of IT at laya healthcare, and his team go above and beyond to ensure human error doesn’t contribute to breaches or put individuals’ data at risk. Ian is responsible for overseeing Laya healthcare’s security and privacy. Analysing their security data, he established that particular email productivity functions like Autocomplete were actually contributing to errors being made by people. As Ian says, “We always want to save our team time, but unfortunately there are negative consequences to these efficiency-led features too.” Ian needed to find a way to eradicate the possibility of these errors without disrupting employees’ productivity on email.
Minimizing disruption for the workforce Laya healthcare’s existing Data Loss Prevention tool was catching most mistakes being made by people on email. However, certain limitations meant that Ian was looking for a more intelligent solution that learned from users’ behaviour, and which required minimal time investment from the IT department. In Ian’s experience, “there are a million tools that say they’ll do exactly what I need. But if I need a performant product that runs unobtrusively when it’s not doing its job, there aren’t many solutions that really fit the bill. Ian is sensitive to the knock-on effects on his IT team when software doesn’t work as intended. Since Tessian deployed the Guardian product for Laya healthcare, it has needed minimal “care and feeding”, as Ian says, requiring no IT input to make sure Guardian was learning as expected. This freed his team up to tackle higher-value work. “I’ve seen very few products as light on IT admin as Tessian.”
Moving beyond rule-based systems Ian was eager to take advantage of Tessian’s ability to learn from employees’ behaviours, identifying which email conversations were ‘business as usual’ and which emails needed flagging. Ian is confident that leveraging Tessian’s machine learning will reduce overhead for his team and the wider business in the coming years. “As rule-based systems expand in complexity, the maintenance and service requirements often increase too. We anticipate that Tessian will scale much more smoothly.” Insurance companies are confronting a changing security climate. “People are now much more switched on to their rights as individuals, and security risks are always evolving too.” Tessian and laya healthcare will continue to work closely together in the coming months and years, helping eradicate human errors on email and helping laya healthcare members get the topclass service they deserve. Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
Laya Healthcare Case Study hbspt.cta.load(1670277, '6a36d064-618a-46aa-a821-1c527caf151a', {"region":"na1"});
Read Blog Post
Customer Stories
Tackling Spear Phishing when the Stakes are High
Tuesday, June 11th, 2019
Polarcus is the world leader in offshore geophysical services. Its fleet of green, hightech vessels conduct explorations from pole to pole, producing seismic survey data for global clients. Headquartered in Dubai, the company is listed on the Oslo stock exchange. Polarcus is protecting 350 employees with Tessian Defender. 
The spear phishing paradox Spear phishing is a relatively new and very different kind of security threat. For decades, spam and bulk phishing attacks have relied on unsophisticated mass messaging, effectively hoping that one or two people out of thousands don’t pay attention and make elementary mistakes. Spear phishing, by contrast, is far more malicious. Inbound emails targeting specific people, using social pressures to imply urgency, are a much more challenging threat for legacy security products. Erik Ruis joined Polarcus as Head of IT in early 2019. At that point the company was working out how to address sophisticated threats that could bypass its existing security infrastructure. He comments, “Threats like data theft and systems takeover can start from a single spear phishing email. Making things more complicated, companies in our sector have become targets for attackers seeking financial gain or trying to make an environmental or political statement.” This set of circumstances led Polarcus to Tessian.
Helping users make better judgments Spear phishing techniques like domain impersonation (when an attacker changes, for example, ‘’ to ‘’ in order to trick a user into thinking an email is coming from a colleague) pose enormous risks to organizations. To effectively combat these threats, busy email users needed to understand in real time why an email might be suspicious. Defender, Tessian’s product built to combat spear phishing threats, was the natural solution. In Erik’s experience, “When you show someone a phishing email and tell them it’s an impersonation, they are still sometimes unable to understand why it’s fake.” This underscored the benefits of a product that leverages machine learning to automatically provide contextualised warning messages to users, a fundamental part of the Tessian offering. Now, Erik says, “we don’t get many alerts from Tessian, but when they happen people definitely notice them and benefit from them.”
What the future holds As Polarcus continues to innovate, Erik will keep looking for intelligent products that can tackle issues to do with human behavior on email, such as data exfiltration. The key will be identifying solutions that focus on “patterns of behavior, rather than rules.” In the meantime, attackers trying to circumvent legacy rule-based systems means that for Erik, “as perpetrators become more creative and more sophisticated over time, I expect Tessian’s products to keep adding even more value.” Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
Polarcus Case Study hbspt.cta.load(1670277, 'bc5ef259-cd9e-4061-b40d-e49fdae495b3', {"region":"na1"});
Read Blog Post
Customer Stories
Focusing on Security Basics with Game Changing Technology
Tuesday, June 11th, 2019
Arm technology is at the heart of a computing and connectivity revolution that is transforming the way people live and businesses operate. Together with 1,000+ technology partners, Arm is at the forefront of designing, securing and managing all areas of computing, from the chip to the cloud. Arm is protecting 6,000 employees with Tessian Defender and Tessian Guardian. 
Building a human layer security culture “Humans will make mistakes.” That’s the blunt assessment of Arm CISO Tim Fitzgerald. Tim joined Arm in 2017 after spending years working on IT and information security at KPMG and Symantec. Since being acquired by Softbank in 2016, Arm has been investing significantly in the organization’s growth. On joining Arm, Tim kicked off an ambitious plan to improve his workforce’s understanding of security risks, while retaining a “high-trust” culture that emphasises “sharing, communication and collaboration as the basis of Arm’s success”. When Tim first began speaking to Tessian, he was seeking a more intelligent way to respond to isolated incidents of data loss that resulted from people not having enough salient information surfaced for them in real time. “Getting the fundamentals right”, for Tim, meant looking at the most prominent channels of communication and catalyzing change by focusing on the most important threat vectors within these channels. That meant looking at email, and particularly at how people behave – and slip up – on email.
Tailored real-time threat detection Over an initial proof-of-concept period, Arm straight away began seeing results. Thanks to Tessian’s ability to retroactively analyze historic email data, Arm was “immediately able to look back and pinpoint particular events that could have been avoided with Tessian’s software. That was a huge influence in our decision to move forward.” For Tim, Tessian’s reinforcement of best practice through delivering crucial contextual insight – giving people a beat to stop and think – is critical. “The value for us is that we’re effectively retraining the organization to look again at how they’re interacting with email in real-time.”
Eradicating ‘garden-variety’ vulnerabilities Under Tim’s leadership, Arm is continuing to invest in its security infrastructure by focusing on its people, and on flawlessly executing the basics of information security. In Tim’s view, “The ugly truth is that most threats to organizations stem from ‘garden variety’ vulnerabilities, and that includes humans.” Today, Tessian protecting employees from human error on email is a crucial part of Arm’s security strategy. Sometimes, focusing on the basics is the most important thing you can do.
Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
Arm Case Study hbspt.cta.load(1670277, 'dc21b2ed-417f-498c-b2c0-c64e255b6143', {"region":"na1"});
Read Blog Post
GDPR’s Anniversary: What We’ve Learned and What’s Next
Thursday, May 23rd, 2019
The General Data Protection Regulation – or GDPR – sprang into life 12 months ago, on May 25th 2018. To mark GDPR’s anniversary, we sat down with Tessian’s Head of Legal and Compliance, to see what’s changed in the last year and discuss what’s still to come.
I’m sure you’re celebrating GDPR’s first birthday this week. In general, do you think it’s been a positive step? My general opinion is that GDPR’s been a very positive step in relation to the promotion of data subject rights. I certainly think that data protection legislation was ripe for change – developments in this field were long overdue. Importantly, our clients also see GDPR in a positive light, despite the potential for an increased administrative and compliance burden. So what do you think the biggest benefits of GDPR have been? In the last 12 months the GDPR has provided much-needed consistency when it comes to the protection of data across the continent (and beyond). Organizations used GDPR as an opportunity to “spring clean”, critically assessing their information security systems and processes and identifying opportunities for continued improvements. In my experience, organizations are taking these changes very seriously, as are regulatory bodies. We have seen more reports of breaches to the ICO in the UK, and the EU has started to levy some blockbuster fines. Looking ahead, I see no reason why this trend would stop. I also think that GDPR’s onset has been helpful in starting widespread debate in relation to data protection and privacy. Almost everyone now has at least some understanding of what GDPR does and what it means for people and business. Increased data literacy is enormously helpful, and this may have helped bump data protection and security up the priority list at board level. What were the biggest challenges for Tessian in the build-up to GDPR? As a relatively young company, Tessian was fairly fortunate in the run-up to GDPR as we didn’t have a huge archive of legacy data and systems. Mobilization and project management in larger organizations would likely have been much more difficult! That being said, businesses of all sizes can still find it challenging to understand every piece of data that they hold: where data is located, whether it’s compliant with each of the major GDPR principles, and so on. The difference now with GDPR is that the penalties are potentially much more severe if you get it wrong. To stay on the right side of GDPR, it’s so important to spend the time doing diligence on data flows and data mapping – understanding how data moves in and out of the organization, how it’s protected, and making sure that there are individuals taking responsibility and ownership of the issue internally. Even a year on, this requirement is still absolutely necessary. So is this it now as far as GDPR goes? Or is there more still to be done? It’s been fascinating to see the global impact that GDPR has had. So far, we’re still yet to see the true extent of regulators’ “teeth” when it comes to fines. While there’s still more to come, the progress made in a year has been really encouraging.  
Read Blog Post
Customer Stories
Human-Centered Cybersecurity in a Historic Industry
Saturday, May 11th, 2019
North P&I Club (North) is a leading mutual maritime liability insurer based in Newcastle upon Tyne with regional offices and subsidiaries in Australasia, China (Hong Kong and Shanghai), Greece, Ireland, Japan, Singapore and the USA. North’s IT department embraces modern technologies by creating leading-edge solutions to support over 350 staff across the globe on a 24/7 basis, enabling the shipowners we insure to trade with confidence. North is protecting over 350 employees with Tessian Guardian and Tessian Enforcer.
The voyage beyond policy and training “As you can imagine, in the shipping sector a lot of business is conducted on email.” James Holmes, Chief Information Officer at marine insurer North, has a broad range of priorities to tackle in his role. Until adopting Tessian, North had principally aimed to educate employees through policy and training initiatives. James saw that there was an opportunity for technological solutions to also play their part: “We have to acknowledge that people are going to make mistakes – we are human, after all – but at the same time we have to mitigate errors as much as we can.” James was made aware of Tessian’s software through another Tessian customer, and was immediately impressed by the prospect of intelligently being able to identify misdirected emails before they happen. Insurance companies control many kinds of sensitive data, and James wanted to make sure data wouldn’t be put at risk because of human error. North’s IT team scoped out the market and found that Tessian would be the platform that best served the company’s needs. North’s cross-departmental Information Security Committee approved, and gave the green light for James’s team to deploy Tessian.
Better email security with intelligent technology James was eager to take advantage of the way Tessian impacts people’s behavior in the moment, prompting them to think carefully about potentially taking a dangerous action on email. “It’s about empowering people to make decisions having all salient information to hand.” Since rolling out Tessian across the business, North has seen a number of employees receiving Tessian alerts and, as a result, double-checking emails to ensure mistakes are not made. Digesting Tessian’s reports on people’s alerts helps James to quantify the Guardian filter’s impact. “People can react in the moment to Tessian’s notifications and make the right decision for themselves and the business.”
Encouraging cybersecurity oversight across the business With more people working from home and using different devices to get work done, it’s important for companies in all industries to understand where new threats may emerge. James says, “We all know that personal addresses are more susceptible to hacking. Having technology that reminds people of the dangers of inappropriate data transfers is incredibly useful.” Today, North is in the process of improving its data loss prevention capabilities by bringing in Tessian’s Enforcer filter. Enforcer identifies when sensitive data is being transferred out of an organization to personal or unauthorized addresses. Because of Enforcer’s importance when it comes to regulatory alignment, North’s risk and compliance team will take responsibility for managing the new filter. Shipping is one of the oldest trades in the world, and marine insurance is moving quickly as a sector. By embedding best-in-class technology across the company and building out the organization’s suite of Tessian products, James is orienting North for longterm success. Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
North Case Study hbspt.cta.load(1670277, '1f1bf7bc-c0ea-4b6d-9511-304b26346158', {"region":"na1"});
Read Blog Post
Interviews With CISOs
Tessian Spotlight: Mark Ramsey, Chief Information Security Officer of Americas Division at ASSA ABLOY Group
Tuesday, April 30th, 2019
Mark Ramsey has over 30 years’ experience in software engineering and security. He initially trained as a software engineer and transitioned into the security side of Information Technology, as it became a growing area within enterprises. He has set up security teams from scratch in a handful of businesses including Assa Abloy, where he is currently Chief Information Security Officer. Alongside this, he is committed to knowledge and education around cybersecurity, and teaches masters-level students at Fairfield University where he has been a Professor for the past 33 years. What can you share from your experience creating a security function from scratch? I’ve done this for three companies now. I find most people are cooperative because there is a growing understanding that security is crucial for the successful running of a company. Most people want to be secure and to do things right, but it’s important to strike a balance. You must be sure to make things secure, but flexible enough so people are able to do their jobs and do them well. For Assa Abloy, security has always been a priority; it is in our DNA given we are a security lock company. We have been building up our security profile but it is an on-going process with new challenges. We are preparing for the expansion to the Internet of Things. What are the greatest challenges you have overcome since you have been CISO of Assa Abloy – Americas? My biggest fear is the employees. You can put in all the technology in the world, but sometimes people will not be thinking; that is human nature. The risk is not just malicious in nature, mistakes can be unintentional. It is not just on email where this can happen, it can happen in file sharing environments. All it takes is one click. We have set up many training sessions to help combat this, with training on secure business processes, and security awareness. I am lucky to have many years’ experience in university lecturing, so I know how to translate technical aspects into easy to learn steps. We do know people are getting better. What is making it tougher is that there are two things accelerating. Everything is increasingly global and accessible, and everything relies on cyber. You need to know where your data is stored, who the owners are and how it is classified. We can put protection in one area, but if we find a breach in another then you have wasted time and money. It’s not a security project its a programme – a case of on-going management. How should senior cybersecurity executives ideally work with the board? I’ve been fortunate to work with security conscious boards, but I would advise people not to scaremonger. It’s best to communicate honestly, to make them aware of risk levels and explain what can be done. Security teams ultimately don’t make the company money, but they certainly can generate value in the long run. Security is a wise expense that can keep boards out of the news if they’re provided with the right information to make an educated decision. We’re lucky now with GDPR and CCPA providing external standards and pressure. Most boards now know they will be held responsible, this means they are actually seeking out help from security leaders. Do you have any advice for new CISO’s to set them up for success? Communicate, communicate, and communicate. Keep the business leaders and employees informed of the risks and what needs to be done to mitigate them. Be willing to compromise; there are some areas might not have all policies we want in place, but we have to find what will realistically be adopted. Security practices must still allow people to do their jobs properly and securely.  
Read Blog Post
Interviews With CISOs
Tessian Spotlight: Giampiero Astuti, Group CIO at Astaldi
Wednesday, April 24th, 2019
Giampiero Astuti has served as Group Chief Information Officer at global construction company Astaldi since 2003. Before joining Astaldi, he worked as CIO in different industries (financial services, IT, and pharma / biotech) both in Italy and abroad. What are your principal responsibilities at Astaldi? My role is to define Astaldi’s information and digital strategy and, consequently, plan the evolution of the Group’s information systems. I am supported by a team of around 50 people, spread across different functions and countries. A vital part of my job is to enable better information management and communication across the business: Astaldi operates more than 250 sites in 20+ different countries, so our information requirements are quite complex. How do you manage security risks in such a complicated global business? Astaldi has more than 50,000 different active suppliers worldwide: we have a very varied range of product and service partners. This creates inevitable security risks. We also need to be careful when working with other construction companies on joint venture projects, which is a very common occurrence in our industry. We could be working together with a company on one project, but simultaneously competing with that same company for another separate tender. This makes information governance extremely important. What are some of the most interesting problems CIOs in the construction sector have to tackle? It’s worth stating that every sector has its own particular opportunities and threats, of course. But considering the fact that the construction sector can be quite traditional and conservative, CIOs have to maximize innovation by focusing on great change management and creating value from relatively limited IT budgets. So how has the sector changed since you started working at Astaldi? When I joined Astaldi there were no web apps or content management solutions: some information was still being shared by fax. Inevitably, much more of our activity is digital these days. There are so many fascinating new paradigms becoming more and more popular in the sector, such as BIM (Building Information Modelling) and Industry 4.0. These are great opportunities for us, but they are also significant security threats. As more and more devices and machines are connected to networks, the potential risks increase dramatically. In construction, we must also think of physical safety as well as data loss, so the risks are magnified even more if systems are corrupted or hijacked. There are also challenges bringing these new ideas into our work. We are experimenting with the possibilities of machine learning and other next-generation technologies, but when competing to win contracts it can be tricky to persuade a customer that a newer technology is going to be practical and cost-effective. Our projects range from hundreds of millions of euros up to multiple billions of euros: this scale can make the implementation of new technologies very expensive and complex. Lastly, what are the key qualities of the best CIOs? Firstly, I think it’s very important that CIOs are much more than just technical experts. I studied economics, for instance, and I think a broad understanding of business and project management is very important in this role. Technology knowledge will always be important, but CIOs must also have good soft skills like motivation and leadership. In my view, these are just as important as IT expertise.  
Read Blog Post
Customer Stories
Staying Proactive with Data Loss Prevention
Tuesday, April 23rd, 2019
Morrisons Solicitors is a leading law firm in the south east of England. Founded nearly 300 years ago, Morrisons provides an integrated commercial service to clients ranging from bluechip corporates to SMEs, OMBs and family-run businesses. The firm also offers a full range of services to private individuals, including family, residential conveyancing, wills, estates and tax planning, probate, personal injury and clinical negligence. Tessian is protecting people with Tessian Guardian, Tessian Enforcer and Tessian Constructor.
The problem Given the highly sensitive nature of the R&D performed, securing their email environment from human error is a key priority for the company. The company had heard of incidents in the past where project related information had been sent to the wrong person and wanted to proactively address this step. The management team is acutely aware of the potential risks from misaddressed emails, and had spent some time looking at various vendors before choosing to work with Tessian because of the way in which the machine learning approach solves the problem. The solution Tessian was rolled out firm-wide to over 150 users, with Guardian effectively detecting and preventing misaddressed emails and mitigating the risk that comes along with data loss via email. Tessian also gave Morrisons an insight into some significant email statistics that equipped them with the data needed to design key rules and policies on outgoing emails using Constructor. Tessian now protects Morrisons from multiple risks around confidential and sensitive data leakage every day. Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
Morrisons Case Study hbspt.cta.load(1670277, 'b83b546b-b2aa-4ff8-a251-984531919c6d', {"region":"na1"});
Read Blog Post
Customer Stories
Protecting Sensitive Client Data
Friday, April 12th, 2019
DC Advisory is a mid-market corporate finance company with a specific expertise in cross-border transactions. Operating in a highly regulated industry, it is important for them to take measures to ensure that their clients’ data is adequately protected. DC Advisory is protecting employees with Tessian Guardian and Tessian Constructor. 
From the outset, the team at DC Advisory understood the risk involved in accidentally emailing highly sensitive information to the wrong person and the detrimental effects that can have on a company’s reputation and integrity. Off the back of this insight, they set out to discover a solution that could intelligently identify and prevent misdirected emails while having minimal disruption to the end user. After having a demo of the Tessian platform and exploring its functionality, DC Advisory decided to adopt Tessian as a part of their cybersecurity framework. The results from their first Tessian threat report – indicating the volume of misdirected email prevention activity Tessian performed for DC Advisory – were very positive. The report revealed that Guardian was able to detect and prevent misdirected emails and remove that threat from the organization, whilst being non- obtrusive to the end user. Learn more about how Tessian prevents human error on email Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.
Read Blog Post