Our Approach
Your Ultimate Guide to Human Layer Security
Find out why we created this new category nearly two years ago.
Solutions By Use-Case and Industry
CEO’s Guide to Data Protection and Compliance
Everything you need to know about compliance.
Human Layer Security Platform
Human Layer Security Platform Overview
Stops data breaches and security threats caused by employees on email.
Hear what they have to say
Building a Human Layer Security Culture at ARM
Focusing on Security Basics with Game Changing Technology.
Resource Categories
How to Hack a Human Report
Learn how hackers use social media to launch targeted social engineering and business email compromise attacks.
Blog Categories
Read 6 Reasons to Download “How to Hack a Human” Now
Ready? Set? Download.
Securing the human layer
See All Open Roles
Find the fit for you.

See our new Attack Masterclass Webinar: How to Beat the Phishing and Ransomware Surge  — Sign Up Now

Request a Demo
Request a Demo of Tessian Today.
Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.
Spear Phishing

Tessian Launches Account Takeover (ATO) Protection

  • By Harry Wetherald
  • 27 January 2021

Tessian’s mission is to secure the human layer by empowering people to do their best work, without security getting in their way.

Today, a comprehensive email security strategy needs to do more more than just secure an organization’s own email platform and users. Why? Because more and more often, bad actors are gaining access to the email accounts of trusted senders (suppliers, customers, and other third-parties) to breach a target company.

This is called account takeover (ATO) and one in seven organizations have experienced this kind of attack.

And, since legitimate business email accounts are used to carry out these attacks, it is one of the most difficult impersonation attacks to detect, making most organizations vulnerable to ATO. 

But, not Tessian customers. Tessian Defender can now detect and prevent ATO.

How does Tessian Defender detect ATO?

Unlike Secure Email Gateways (SEGs) – which rely almost exclusively on domain authentication and payload inspection – Tessian Defender uses machine learning (ML), anomaly detection, behavioral analysis, and natural language processing (NLP) to detect a variety of ATO signals: 

  1. Unusual sender characteristics: This includes anomalous geophysical locations, IP addresses, email clients, and reply-to addresses 
  2. Anomalous email sending patterns: Based on historical email analysis, Tessian can identity unusual recipients, unusual send times, and emails sent to an unusual number of recipients
  3. Malicious payloads: Tessian uses URL match patterns to spot suspicious URLs and ML to identify red flags indicative of suspicious attachments 
  4. Deep content inspection: Looking at the email content – for example, language that conveys suspicious intent – Tessian can detect zero-payload attacks, too
This image shows how Tessian Defender analyzes the content and metadata of an email to detect ATO.

Importantly, Tessian’s ML algorithm gets smarter as it continuously analyzes email communications across its global network. This way, it can build profiles of organizations (and their employees) to understand what “normal” email communications look like at a granular level. 

This allows Tessian Defender to catch even the most subtle ATO attacks.

Once it detects a threat, Tessian alerts employees and admins that an email might be unsafe. The warnings are written in easy-to-understand language and explain why an email has been flagged, which prevents the users from responding to the email or clicking on malicious links or attachments. These warnings also act as in-the-moment training and help improve email behavior over time. 

Administrators get real-time alerts of ATO and can track events in the Human Layer Security Intelligence portal.

You can learn more about how Tessian detects and prevents ATO here.

Keep reading to see an admin’s view of the portal and what a warning looks like for employees.

What are the benefits of Tessian ATO threat protection? 

The consequences of ATO are far-reaching. 

Attackers could gain access to credentials, employee data, and computer data. They could initiate fraudulent wire transfers, conduct bank fraud, and sell data. That means organizations could suffer significant financial loss, reputational damage, and lose customers (and their trust). And this doesn’t even account for lost productivity, data loss, or regulatory fines. 

Between 2013 and 2015, Facebook and Google were scammed out of $121 million after a hacker impersonated a trusted vendor. And that’s just one example. 

Tessian’s ATO threat protection minimizes these risks by preventing successful attacks.

But, detecting and preventing threats is just one of the benefits of Tessian.  

For security teams

In the portal, admins can see exactly why an email has been flagged as suspicious, view the content of the email, and access remediation tools.
  1. Detection is automated, which means it’s not just effective, but also effortless for security teams
  2. Real-time alerts of ATO events and robust tools (like single-click quarantine) allow for rapid investigation and remediation directly in the portal 
  3. Tessian’s API can be integrated with SIEMs like Splunk and Rapid7, allowing security analysts and SOC teams to analyze Tessian data alongside insights from other solutions
  4. In-the-moment warnings reinforce security awareness training and help nudge employees towards safer email behavior

For the C-suite

Tessian dashboards show - at a glance - how many threats have been detected, how users are interacting with warnings, and how your organization's security posture compares to industry benchmarks.
  1. ATO protection doesn’t just keep your organization safe and compliant (and help you avoid reputational damage or financial loss). It’s a competitive differentiator and can help build trust with existing customers, clients, and your supply chain.
  2. Multi-layer threat insights, visualized data, and industry benchmarks help CISOs understand their organization’s security posture compared to their industry peers
  3. Automated reports make it easy to communicate success to the board and other key stakeholders

For employees

Tessian's warnings are written in clear, easy-to-understand language to help emplyoee's understand why an email has been flagged. In this case, it's because the email has been sent from an unusual server.
  1. Contextual warnings are helpful – not annoying – and act as in-the-moment training. This helps employees improve their security reflexes over time for safer email behavior.
  2. Flag rates are low (and false positives are rare) which means employees can do the job they were hired to do, without security getting in the way

Learn more about Tessian

Interested in learning more about Tessian Defender and ATO Protection? Current Tessian customers can get in touch with their Customer Success Manager.

Not yet a Tessian customer? Learn more about our technology, explore our customer stories, or book a demo now.

Learn More

Tessian ATO Protection
Harry Wetherald
Related posts
Follow Tessian
Copyright © Tessian Limited. All Rights Reserved. Company registered number 08358482.
[if lte IE 8]
[if lte IE 8]