Proofpoint closes acquisition of Tessian.

Request a demo
Request a demo
Request a demo
Request a demo
Request a demo
Product Updates

Updates and improvements to the Tessian Cloud Email Security platform.

  • All Products
  • Platform
  • Defend
  • Protect
  • Respond
  • Coach
  • All Products
    Platform Defend Protect Respond Coach
Protects your organization from attacks missed by legacy email security tools. Leverage machine learning to find anomalies in email behavior and content, while leveraging threat network signals to prevent security breaches. 
Automatically protect against BEC and other advanced email attacks that bypass secure email gateways, and native cloud security security controls. 
Automatically protect against sensitive data loss over email, with machine learning based detection for misdirected emails and files to unauthorized recipients.
Quickly identify and respond to email threats with powerful investigation capabilities and automated response to end-user reported emails while improving prevention over time.
Provide end-users with the relevant information to make an informed decision on whether an email is at risk of being a threat, or if sensitive data is at risk of being sent to an undesired recipient
29 Feb 2024

Beta: Dynamic URL Analysis

To defend against malicious URLs in phishing emails, a beta release of Dynamic URL Analysis is now available to customers of Email Threat Defense. The capability is available on an opt-in basis, and will:

  • Analyze URLs for signs of impersonation and credential harvesting
  • Check threat indicators agains Tessian’s threat intelligence database
  • If configured, Quarantine URLs found to be malicious

Screenshot 2024-02-15 at 3.00.00 PM

29 Feb 2024

Beta: Detect Internal Account Takeovers

Tessian Email Threat Defense customers now have access to a beta release of new capabilities to identify compromised employee email accounts, with:

  • Flags for suspicious internal to internal communications
  • Flags for anomalous spikes in volume of emails
  • Flags for emails with suspected malicious attachments and URLs

Screenshot 2024-02-15 at 2.58.50 PM

29 Feb 2024

Lightweight COM Add-In for DLP Only Customers

A new ‘outbound only’ mode for the COM add-in is now available for customers who exclusively use Tessian’s Email Exfiltration Protection and/or Email Misdelivery Protection solutions. The update removes inbound Email Threat Defense capabilities like email synchronization, scribe calls, and Phishing banners to accelerate response times and increase reliability. Admins can now also choose whether or not to include the user’s original email on compliance alerts, which historically were included by default.

With the release of version 2.6, support will be provided for versions 2.4 and 2.6, with support deprecated for version  2.2. View the release notes here.

Screenshot 2024-02-15 at 1.51.06 PM

29 Feb 2024

Seamlessly Investigate Sensitive Data Loss Events

The interface for Security Events has been updated to make it easier to investigate data loss incidents within Tessian’s Protect modules. All incident details can now be viewed with:

  • An expanded, full-width screen
  • A collapsable sidebar
  • An easier path to identify anomalous activity

These user experience changes are automatically applied within the Tessian portal, so no action is required.

Screenshot 2024-02-15 at 2.35.26 PM

29 Feb 2024

Faster Investigations with Enhanced Classification

Leveraging the latest in LLMs within Tessian’s AI ensemble, customers will now see more granular classifications of an attacker’s intent within phishing emails to speed up email investigations. Phishing emails are now automatically classified with content tags including:

  • Credential notifications (e.g password expiry, new accounts)
  • Service Notifications (e.g voicemail, mailbox full, file share)
  • Financial topics (e.g. invoice, payment request, bank detail changes)

By combining these topics with other signals, Email Threat Defense can now classify a wide range of common phishing attacks more reliably and more accurately. No action is required to benefit from these updates.

Screenshot 2024-02-15 at 2.38.17 PM

11 Jan 2024

Improved Experience for API Users Experience (Beta)

Tessian customers can now leverage the latest in Microsoft’s user experience improvements. Adaptive Cards provide a faster, more intuitive experience for quarantined emails. Interactive buttons and refreshable content mean that users will receive a single email with the alert, and the ability to release or delete within that email.

Register interest in the beta here, and we’ll reach out to set up and test Adaptive Cards for users in your organization ahead of general availability.

11 Jan 2024

Get Audit Logs Using the Tessian API

Customers can now automatically retrieve audit logs via API to programmatically update alerting and dashboards within SIEM and SOAR platforms. The new endpoint provides the same information available through the existing Audit Trail page, now available for consumption via API.

11 Jan 2024

Automate Threat Detection and Remediation in Cortex XSOAR

Tessian and Palo Alto Cortex XSOAR customers can now improve detection and speed up email investigations by leveraging the solutions together. From the XSOAR Marketplace customers can install Tessian, enabling:

  • Remediation of email based threats directly within the XSOAR console.
  • Correlation of email event data with identity, device and network threat signals
  • Improved reporting and alerting effectiveness with email events in XSOAR

Tessian and Palo Alto Networks customers can access the integration from the XSOAR Marketplace.

11 Jan 2024

Detect Malicious Images in PDF Attachments

Threat actors are increasingly using images to bypass text focused email security defenses. This release builds on existing capabilities to detect malicious images within emails, to automatically detect the use of malicious images in PDF attachments. Future releases will include detection of malicious images in DOCX attachments, as well as other file types.

11 Jan 2024

Enhanced Attack Detection using Large Language Models

We’re excited to announce the inclusion of large language models (LLM) in Tessian, to: 

  • Enhance phishing identification and classification. 
  • improve our understanding of sender intent to catch high risk requests. 
  • Detect unsolicited outreach to classify malicious or unwanted communications.

LLMs are exclusively used within our own environment, and no data is shared with third parties. For information about how Tessian secures your data, review the Data Security Overview in the Tessian HelpCenter.

04 Dec 2023

Flagged Emails – End User Configuration

We’ve introduced a new feature that enables configuration for attaching flagged emails, or not, to compliance alerts sent from Tessian. To enable this feature, Tessian Defend and Respond Customers should reach out to Tessian’s customer support team.

04 Dec 2023

Remediation API

Organizations can now perform email threat management tasks from within their SOAR, XDR and ticketing platforms using the Tessian Remediation API. New endpoints added in this release include:

  • Releasing emails from quarantine
  • Deleting email from quarantine
  • Deleting emails from inboxes

This release adds to a robust set of API endpoints for accessing security events and monitoring users, groups and risk within the organization’s platform of choice.

04 Dec 2023

Advanced Query Search

This Investigation and Response (I&R) capability makes email investigations simple, with an intuitive search experience for security analysts no matter their level of expertise. Using advanced query search requires zero previous knowledge of query languages, like KQL, to complete investigations – and can reduces email investigation times by up to 90%, 

Within I&R, analysts can combine keywords and phrases used in email bodies, with search operators like AND, OR, NOT to find unknown threats. For example, security analysts may search for keywords and phrases like “QR” or “Password Reset”, while including other characteristics like the number of email attachments and their extension types, sender domains or even IP address ranges.

04 Dec 2023

Full Email Body Keyword Search

For customers who’ve consented to storing full body emails with Tessian, searching for keywords in the full body of emails is now enabled by default.  Analysts can search for keywords like “Sign In”, “Dropbox”, or “QR” to narrow search results and discover related attack campaigns.

Without the need to toggle between tools like e-Discovery within Microsoft, or compliance solutions like Global Relay to search at the keyword level, security teams can free up capacity by completing email investigations in a fraction of the time.

01 Nov 2023

Lightning Fast Search (GA)

Incidents happen. When security analysts investigate an incident, and have to wait for search results, time is wasted, money is lost and risk is added. Waiting for email search results to return is painful. Through dozens of searches a day and potentially hundreds per month, the seconds – and in some cases – minutes really add up – resulting in time spent waiting instead of actively threat hunting in email.

Lightning Search, currently in beta within our Investigation and Response product, takes waiting out of the equation. We’re already seeing sub 1 second response times when searching across millions of emails. 

We’re allowing more customers to test this functionality, so if you’re tired of waiting, reach out to your customer success representative for early access.

01 Nov 2023

Optical Character Recognition

Building on image based attack detection using perceptual hashing released in August – Tessian  now analyzes image content, exposing hidden malicious intent beyond text-based scans. Our updated heuristics effectively identify common fraudulent tactics used in image-based phishing attacks, providing comprehensive protection. Users will receive defanged emails with warnings or administrators will be alerted based on tailored tenant settings, enhancing security effortlessly.

01 Nov 2023

HTML Previews

Within the Tessian portal, security admins can now see exactly what the end user sees alongside threats flagged on the email. This helps admins complete investigations faster without having to switch between portals to view images included within the email.

01 Nov 2023

Fast Search

No more waiting ~30 seconds for the SEG to return results. Tessian searches millions of emails and returns results in less than 1 second. Security teams are now empowered with the fastest email Incident Response capabilities on the market, to reduce their organization’s risk and we make their teams more efficient

03 Oct 2023

Enhanced API for SIEM and SOAR Integrations

With our latest API enhancements, you can now effortlessly pull critical information, including quarantine status, admin label and deletion counts for inbound emails, and the outcomes of investigations for outbound email events. This means real-time access to email security event data within SIEM and SOAR platforms. 

The inclusion of email event quarantine status precedes an upcoming enhancement to delete emails from inboxes directly from SIEM and SOAR platforms via the API. Soon, you’ll be able to release emails from quarantine, add emails to a denylist, and categorize them as safe, spam, or malicious through the APl. Full lifecycle email threat remediation via API will save your security admins time, and keep them within their platform of choice.

See our API Documentation for more information, and reach out to your customer success representative for early access to Remediation API features. 

01 Oct 2023

Updated Product Navigation and Names

We’re excited to unveil our updated platform navigation at Tessian. This enhancement is designed to provide you with a more intuitive and efficient user experience and aligns seamlessly with our core product pillars: Defend, Protect, Respond, and Coach. It also coincides with our product names changing to be easier to understand:

  • Email Threat Defense (formerly Defender): Strengthen your organization’s email security, proactively identifying and mitigating threats before they reach users.
  • Email Misdelivery Protection (formerly Guardian): Safeguard against unintentional data disclosures and misdelivery, ensuring sensitive data reaches the right recipients.
  • Email Exfiltration Protection (formerly Enforcer): Bolster your defenses against data leaks and unauthorized information transfer, giving you peace of mind.

01 Oct 2023

Updates to Risk Hub (Now Coach)

This upgrade is designed to elevate your security posture by providing more accurate risk scores for users and departments. Scores are made more accurate through higher emphasis on when Custom Protection policies are triggered on inbound emails. Through improved accuracy, the updated Risk Hub equips your organization with better knowledge to make informed security decisions.

01 Oct 2023

Lightning Fast Search (Beta)

lightening search

Incidents happen. When security analysts investigate an incident, and have to wait for search results, time is wasted, money is lost and risk is added. Waiting for email search results to return is painful. Through dozens of searches a day and potentially hundreds per month, the seconds – and in some cases – minutes really add up – resulting in time spent waiting instead of actively threat hunting in email.

Lightning Search, currently in beta within our Investigation and Response product, takes waiting out of the equation. We’re already seeing sub 1 second response times when searching across millions of emails. 

We’re allowing more customers to test this functionality, so if you’re tired of waiting, reach out to your customer success representative for early access.

01 Sep 2023

Detect Image Based Attacks

In response to an increase in image based phishing attacks, we’ve introduced detection algorithms to stop them before they reach end user inboxes. As you can see in the example below, attackers are placing text content and malicious payloads within an inline image file to avoid detection by email security tools. 

Although the email appears to be text based, all content is actually contained within the attached jpg file, evading detection by our text focused features. We’ve implemented an image similarity denylist to store fingerprints for images that we’ve seen used in phishing attacks. For new inbound emails to our customers that contain a large inline image, Defender will compare the image to our denylist, and flag the email if a high degree of similarity is found.


01 Sep 2023

AI Powered Spam Categorization

The volume of spam received by organizations is perpetually on the rise, an increasing  distraction for security teams. Identifying malicious emails among spam can be difficult, but we’re making it easier.

When Defender customers mark an email as spam, Tessian will now automatically categorize similar emails in the future as spam and filter them out of the default security events view. This update will serve to reduce false positives, and make it easier for admins to focus on the threats that matter.

01 Jul 2023

Unveiling the new Overview and Data Loss Prevention Dashboards

The new overview page communicates the value of Tessian across both the Threat Prevention and Data Loss Prevention modules. Admins can quickly understand their security position, before diving into the events or insights pages to see additional data. The page now can also be filtered by time ranges, so admins can quickly get the data they need.

The new Data Loss Prevention insights page consolidates the previous 3 insights pages (data loss prevention, data exfiltration, custom policies) into one, easy to understand page. It also features our new design system, so our dashboards now have one consistent design language that works in dark mode.

01 Jul 2023

Quarantine Without Warning the End User

 To reduce end user friction when enabling quarantining for malicious emails, admins can now configure Tessian to enable Quarantine logic, with other Defender flagged emails to be silently tracked. This enables more configurability for admins to tailor Defender to their users without disrupting workflows with user warnings. 

01 Jul 2023

*New Product* Abuse Mailbox Response

This month, we’re releasing Abuse Mailbox Response to automate end user reported email workflows. With this release, you can significantly reduce time spent with automated classification, triage and remediation. Among thousands of end-user reported emails, Abuse Mailbox Response uses machine learning to identify the 90% of emails that aren’t malicious, so admins can focus on the ones that matter. 

01 Jun 2023

MIP Label Detection to Prevent Data Exfiltration

To further protect customers from data exfiltration events over email, Tessian now supports detection of MIP Labels in multiple deployment methods. Customers can use the Outlook COM Add-In as well as the gateway to detect when sensitive data tagged with an MIP label is included in an email.

01 Jun 2023

Elevated Inbound Threat Detection

Tessian’s relentless commitment to innovation empowers us to outpace evolving threats. Elevate your security posture with our refined algorithms, designed to outsmart the most sophisticated phishing attempts – in this release we’re adding protection for:

  • Unmasking Deceptive Attachments: Our upgraded algorithms excel at spotting attachments that harbor executable code intending to redirect users to malicious websites. 
  • Outsmarting Evasive Tactics: Tessian now adeptly identifies attackers striving to elude legacy detection techniques through URL or attachment encoding. 
  • Guarding Against File Sharing Abuse: Our algorithms are primed to recognize and combat the misuse of file sharing websites within phishing URLs. 
  • Shielding from Crypto Currency Scams: Heightened vigilance against crypto currency scam emails. 
01 Jun 2023

Unveiling the new Threat Prevention Dashboard

Introducing the new Threat Prevention Insights Page, a powerhouse of valuable information about the email threats which includes:

Phishing Insights Unveiled

A clear and concise Phishing Breakdown. Dive into various threat types identified, including Account Take Over and Brand Impersonation attacks. This insight offers a comprehensive understanding of the threats that Tessian is combatting on your behalf.

Quantifying Time Saved

Get an estimate of the time your team has saved thanks to Tessian’s intervention. Soon, customization options will allow you to fine-tune this calculation, making the statistics even more pertinent to your business.

Genuine Threat Visibility

Uncover what managed to bypass your security stack. Traditional email providers relegate spam and malicious emails to Junk and spam folders once they’re detected. Our filter excludes such threats, revealing the number of threats Tessian discovered in users’ inboxes.

New Dimensions of Insights

Delve into an array of new insights. Identify top targets of phishing attacks within your organization, recognize domains frequently impersonated in attacks, and pinpoint malicious domains sending threats to your employees.

01 May 2023

Detect Threats Faster Across the Full Body Of an Email

We’re excited to announce a significant leap in our threat detection capabilities – a heuristics engine that leverages the full body of an email for threat detection. The initial heuristics in use are logic-based combinations of email metadata, content, and attachments that uncover malicious intent. An example of a new rule that leverages the engine is one that detects obfuscation techniques within HTML attachments. This capability targets attackers attempting to conceal malicious content by encoding it into an unreadable format.

01 May 2023

Enhancements to Investigation and Response Workflows

Emails Classification now available in search results

Search results now show whether Defender originally flagged the email as potentially malicious via a new ‘Tessian Classification’ column. As a result, it’s far quicker for analysts to assess which events may require their attention. 

File Hashes URLs and Email deletion status available in search results

Analysts can now see which file hashes and URLs (both within the body and attachments) were contained for all emails searchable within I&R and Email Search. Whenever an admin deletes an email via Email search or I&R, we now show the email deletion status within the table and event viewer. Customers now have assurance that a threat has been fully remediated. Not every email is deleted successfully and customers can understand more about why that might be the case in the Email Search and Investigate & Respond articles.

01 Apr 2023

Sumo Logic – Now In Integrations Portal

By ingesting Tessian data, Sumo Logic customers will be able to monitor and mitigate email based security threats as well as the people behind them. They can now swiftly analyze incidents in real time, ensuring rapid prioritization and resolution of threats arising from employee behaviors.

01 Apr 2023

Effortless Tessian-Splunk Integration

Introducing the Tessian Splunk app—a seamless solution to effortlessly integrate Tessian API data into your Splunk workflows. With simple setup and no complex scripting required, you can easily access valuable insights. Our default dashboard showcases intuitive ways to visualize Tessian data, enhancing your analysis. Currently, the app fetches data from key endpoints: Events, Groups, User Monitoring, and Risk. Tailor your dashboards by combining Tessian insights with data from other security tools. Locate the app on the Splunkbase marketplace by searching “Tessian,” or find it through the provided direct link. Elevate your integration experience with the included Splunk tile on your integration pages. Simplify data utilization with Tessian and Splunk synergy.

01 Apr 2023

Enhanced Spam Filtering for Admins

We’re excited to share a meaningful enhancement in Threat Prevention > Security Events filtering. Previously, a minor yet impactful issue persisted: even when an email was marked as spam, it cluttered the list of events for admins using default filters. We understand the importance of focusing on relevant events.

We’ve addressed this concern by updating the “Considered as spam” filter. Now, it encompasses events labeled as spam by both the system and admins. This refinement ensures that your view remains streamlined, eliminating unnecessary noise and enabling swift identification of pertinent events.

01 Apr 2023

Quarantine by Threat Confidence Level

Our configuration settings have evolved to provide the utmost flexibility, catering to diverse customer preferences regarding quarantine and warnings. Our latest enhancement empowers customers by allowing a default Admin Quarantine (block) when a certain threat confidence level is exceeded.

01 Apr 2023

Investigate and Respond with Ease

Introducing a game-changing enhancement to our platform: Investigation and Response. Streamline your email threat management with powerful search capabilities, drastically reducing response times and enhancing risk reduction.

Precision in Search

I&R revolutionizes how you locate emails swiftly. Quick identification and resolution of threats significantly mitigate risks. Our array of new search fields empowers you to execute highly specific searches across sender, recipient, and email attributes. For instance, you can identify emails with more than 2 attachments and “Pay” in the subject line.

Proactive Threat Hunting

Stay ahead of emerging threats with proactive hunting. Combat evolving or zero-day threats by swiftly searching across your email archives and remediating in just two clicks. I&R supports broad and intricate searches, offering comprehensive flexibility.

Unified Investigation and Remediation

Bid farewell to juggling multiple tools. I&R consolidates email investigations, saving you time and eliminating analyst frustration. What’s more, remediation is seamless within the platform—no need to switch to your email compliance tool.

Internal Risk Resolution

I&R isn’t confined to external threats. Gain visibility into internal email traffic, empowering you to address internal incidents promptly. Prevent unauthorized exposure of sensitive data to internal recipients. Elevate your threat management with I&R—where search, investigation, and remediation unite for enhanced efficiency and security.

01 Mar 2023

Enhanced Precision and Threat Capture

Our latest release brings a 40% reduction in false positives for lookalike attacks, ensuring you receive only the most relevant alerts. Our improved Behavioural Intelligence Model now captures 5% more threats, bolstering your defense against the latest risks. Plus, our refined executive impersonation identification means 35% more of these attacks are caught. 

Notably, our priority model for Defender now detects 300% more ‘very high’ confidence events with exceptional precision, empowering you to confidently utilize email quarantine. Stay secure and save time with our upgraded email security software.

01 Feb 2023

Detect More Threats with File Hashes

Tessian now generates a file hash for every attachment received and the platform checks this against Tessian’s unified threat intelligence database. The database is populated with updates from our in-house threat intel team alongside external threat intelligence sources. This feature provides an additional layer of protection for your users by preventing known malware threats from making  it past the inbox.

01 Jan 2023

Remediate Spam with a Single Click

Admins can now report and take action on spam emails: Whenever you mark an email as spam through the new “Mark as spam” button, this enables you to filter events marked as spam from the Defender events table.  The Tessian research team will use your spam assessment to build detection algorithms able to distinguish between spam and malicious emails. This is now available in the Defender event viewer via the “Mark as spam” admin action.

01 Dec 2022

API Documentation – Now Public

Public Tessian API Documentation is now available. You can access the Public Tessian API Docs here. It is no longer a requirement to have an active Tessian Portal User to see Tessian’s API Documentation, so admins can share the documentation with colleagues and technical partners as needed.

01 Dec 2022

Improved Experience for Security Events

We’ve redesigned the Defender Events Table to enhance your experience in identifying and addressing crucial events effortlessly. Here’s what you can expect:

Clearer Focus, Streamlined Design

The first notable change is the merging of the sender column into “Sender and Recipient(s)”. By simplifying the layout, we aim to ensure that you swiftly extract vital information without feeling overwhelmed.

Intuitive Labels for Instant Clarity

Our use of labels enhances clarity regarding email status. Whether it’s in quarantine or the user has flagged it as malicious, these labels offer instant insights into the email’s disposition.

Uncover More with a Hover + Seamless Navigation to Resources

Delve deeper into event details effortlessly. Additional event information is now readily accessible by hovering over the “+” buttons. This convenient feature allows you to explore insights without leaving the main view. To further aid your journey, we’ve provided links to Help Centre articles for both label meanings and more information on accessing additional event details.

01 Nov 2022

Investigate Email Threats Within and Outside of Tessian

Customers can now search across all email threats whether they were detected by Tessian or not. You can now search across all emails from within the Tessian portal using our new Investigate and Respond capability and take the following actions:

  • Report the missed threat to Tessian so we can prevent similar future threats
  • Remove the threat from the user’s inbox (for API deployments only)
  • Add the sender to the deny list

You can search for an email using its message id (found within the email headers) or upload it as an .eml file in the portal, our help center article has more information.

11 Oct 2022

Extract and Inspect Malicious URLs

Tessian Defender now offers protection against malicious URLs hidden in attachments. Customers can extract and inspect the URLs from the attachments, including: csv, doc,docx, htm, html,ppt, pptx,rtf, txt, xls, xlsx.

11 Oct 2022

Full Body Email Analysis + Enhanced Threat Detection

To further enhance our threat prevention capabilities, Tessian will now analyze and store the full body of emails of all emails for those who opt-in. By extending our behavioral intelligence models to analyze and store the body of emails we can apply more precise, sophisticated and adaptable threat prevention techniques. In this release, we’ve also improved our lookalike impersonation detection, which will result in a reduction in false positives.

01 Oct 2022

The Tessian API is Now Generally Available

The Tessian API is now available to all customers, letting you consume Tessian email data in your downstream systems. Do you want to triage your events in Splunk, Sentinel or another SIEM? Pair your Tessian data with data from other applications used in your daily workflows, such as user device usage, SAML etc. to understand their activity at a glance. The API offers customers the ability to discover endpoints for Security Events, User Monitoring, Groups, Risk Scores and more.

01 Sep 2022

Improved Admin Labeling and and Actions

Admins can now mark emails as safe or malicious from directly within the portal to improve the algorithm’s performance within their environment. This will help reduce future false positives and reinforce the efficacy of malicious email detection. 

A part of this release includes the ability to take action on user quarantined emails within the portal. If an email is user quarantined, admins can now release the emails to a user’s inbox, or delete the emails from user quarantine just as they currently do for admin quarantined emails. This provides significant time saving with bulk release and delete features as well as added security to quickly remove malicious emails.

01 Aug 2022

Improved Platform Navigation

The left hand-side navigation bar has been re-structured into the parent categories of Threat Prevention and Data Loss Prevention to reflect how our customers use the product. There is also a new top navigation bar, allowing quick navigation between insights and events pages for different modules.