Lightning Fast Search (GA)

Incidents happen. When security analysts investigate an incident, and have to wait for search results, time is wasted, money is lost and risk is added. Waiting for email search results to return is painful. Through dozens of searches a day and potentially hundreds per month, the seconds – and in some cases – minutes really add up – resulting in time spent waiting instead of actively threat hunting in email.

Lightning Search, currently in beta within our Investigation and Response product, takes waiting out of the equation. We’re already seeing sub 1 second response times when searching across millions of emails. 

We’re allowing more customers to test this functionality, so if you’re tired of waiting, reach out to your customer success representative for early access.

Optical Character Recognition

Building on image based attack detection using perceptual hashing released in August – Tessian  now analyzes image content, exposing hidden malicious intent beyond text-based scans. Our updated heuristics effectively identify common fraudulent tactics used in image-based phishing attacks, providing comprehensive protection. Users will receive defanged emails with warnings or administrators will be alerted based on tailored tenant settings, enhancing security effortlessly.

HTML Previews

Within the Tessian portal, security admins can now see exactly what the end user sees alongside threats flagged on the email. This helps admins complete investigations faster without having to switch between portals to view images included within the email.

Fast Search

No more waiting ~30 seconds for the SEG to return results. Tessian searches millions of emails and returns results in less than 1 second. Security teams are now empowered with the fastest email Incident Response capabilities on the market, to reduce their organization’s risk and we make their teams more efficient

Enhanced API for SIEM and SOAR Integrations

With our latest API enhancements, you can now effortlessly pull critical information, including quarantine status, admin label and deletion counts for inbound emails, and the outcomes of investigations for outbound email events. This means real-time access to email security event data within SIEM and SOAR platforms. 

The inclusion of email event quarantine status precedes an upcoming enhancement to delete emails from inboxes directly from SIEM and SOAR platforms via the API. Soon, you’ll be able to release emails from quarantine, add emails to a denylist, and categorize them as safe, spam, or malicious through the APl. Full lifecycle email threat remediation via API will save your security admins time, and keep them within their platform of choice.

See our API Documentation for more information, and reach out to your customer success representative for early access to Remediation API features. 

Updated Product Navigation and Names

We’re excited to unveil our updated platform navigation at Tessian. This enhancement is designed to provide you with a more intuitive and efficient user experience and aligns seamlessly with our core product pillars: Defend, Protect, Respond, and Coach. It also coincides with our product names changing to be easier to understand:

• Email Threat Defense (formerly Defender): Strengthen your organization’s email security, proactively identifying and mitigating threats before they reach users.
• Email Misdelivery Protection (formerly Guardian): Safeguard against unintentional data disclosures and misdelivery, ensuring sensitive data reaches the right recipients.
• Email Exfiltration Protection (formerly Enforcer): Bolster your defenses against data leaks and unauthorized information transfer, giving you peace of mind.

Updates to Risk Hub (Now Coach)

This upgrade is designed to elevate your security posture by providing more accurate risk scores for users and departments. Scores are made more accurate through higher emphasis on when Custom Protection policies are triggered on inbound emails. Through improved accuracy, the updated Risk Hub equips your organization with better knowledge to make informed security decisions.

Lightning Fast Search (Beta)

Incidents happen. When security analysts investigate an incident, and have to wait for search results, time is wasted, money is lost and risk is added. Waiting for email search results to return is painful. Through dozens of searches a day and potentially hundreds per month, the seconds – and in some cases – minutes really add up – resulting in time spent waiting instead of actively threat hunting in email.

Lightning Search, currently in beta within our Investigation and Response product, takes waiting out of the equation. We’re already seeing sub 1 second response times when searching across millions of emails. 

We’re allowing more customers to test this functionality, so if you’re tired of waiting, reach out to your customer success representative for early access.

Detect Image Based Attacks

In response to an increase in image based phishing attacks, we’ve introduced detection algorithms to stop them before they reach end user inboxes. As you can see in the example below, attackers are placing text content and malicious payloads within an inline image file to avoid detection by email security tools. 

Although the email appears to be text based, all content is actually contained within the attached jpg file, evading detection by our text focused features. We’ve implemented an image similarity denylist to store fingerprints for images that we’ve seen used in phishing attacks. For new inbound emails to our customers that contain a large inline image, Defender will compare the image to our denylist, and flag the email if a high degree of similarity is found.

AI Powered Spam Categorization

The volume of spam received by organizations is perpetually on the rise, an increasing  distraction for security teams. Identifying malicious emails among spam can be difficult, but we’re making it easier.

When Defender customers mark an email as spam, Tessian will now automatically categorize similar emails in the future as spam and filter them out of the default security events view. This update will serve to reduce false positives, and make it easier for admins to focus on the threats that matter.

Unveiling the new Overview and Data Loss Prevention Dashboards

The new overview page communicates the value of Tessian across both the Threat Prevention and Data Loss Prevention modules. Admins can quickly understand their security position, before diving into the events or insights pages to see additional data. The page now can also be filtered by time ranges, so admins can quickly get the data they need.

The new Data Loss Prevention insights page consolidates the previous 3 insights pages (data loss prevention, data exfiltration, custom policies) into one, easy to understand page. It also features our new design system, so our dashboards now have one consistent design language that works in dark mode.

Quarantine Without Warning the End User

 To reduce end user friction when enabling quarantining for malicious emails, admins can now configure Tessian to enable Quarantine logic, with other Defender flagged emails to be silently tracked. This enables more configurability for admins to tailor Defender to their users without disrupting workflows with user warnings. 

*New Product* Abuse Mailbox Response

This month, we’re releasing Abuse Mailbox Response to automate end user reported email workflows. With this release, you can significantly reduce time spent with automated classification, triage and remediation. Among thousands of end-user reported emails, Abuse Mailbox Response uses machine learning to identify the 90% of emails that aren’t malicious, so admins can focus on the ones that matter. 

MIP Label Detection to Prevent Data Exfiltration

To further protect customers from data exfiltration events over email, Tessian now supports detection of MIP Labels in multiple deployment methods. Customers can use the Outlook COM Add-In as well as the gateway to detect when sensitive data tagged with an MIP label is included in an email.

Elevated Inbound Threat Detection

Tessian’s relentless commitment to innovation empowers us to outpace evolving threats. Elevate your security posture with our refined algorithms, designed to outsmart the most sophisticated phishing attempts – in this release we’re adding protection for:

• Unmasking Deceptive Attachments: Our upgraded algorithms excel at spotting attachments that harbor executable code intending to redirect users to malicious websites. 
• Outsmarting Evasive Tactics: Tessian now adeptly identifies attackers striving to elude legacy detection techniques through URL or attachment encoding. 
• Guarding Against File Sharing Abuse: Our algorithms are primed to recognize and combat the misuse of file sharing websites within phishing URLs. 
• Shielding from Crypto Currency Scams: Heightened vigilance against crypto currency scam emails. 

Unveiling the new Threat Prevention Dashboard

Introducing the new Threat Prevention Insights Page, a powerhouse of valuable information about the email threats which includes:

Phishing Insights Unveiled

A clear and concise Phishing Breakdown. Dive into various threat types identified, including Account Take Over and Brand Impersonation attacks. This insight offers a comprehensive understanding of the threats that Tessian is combatting on your behalf.

Quantifying Time Saved

Get an estimate of the time your team has saved thanks to Tessian’s intervention. Soon, customization options will allow you to fine-tune this calculation, making the statistics even more pertinent to your business.

Genuine Threat Visibility

Uncover what managed to bypass your security stack. Traditional email providers relegate spam and malicious emails to Junk and spam folders once they’re detected. Our filter excludes such threats, revealing the number of threats Tessian discovered in users’ inboxes.

New Dimensions of Insights

Delve into an array of new insights. Identify top targets of phishing attacks within your organization, recognize domains frequently impersonated in attacks, and pinpoint malicious domains sending threats to your employees.

Detect Threats Faster Across the Full Body Of an Email

We’re excited to announce a significant leap in our threat detection capabilities – a heuristics engine that leverages the full body of an email for threat detection. The initial heuristics in use are logic-based combinations of email metadata, content, and attachments that uncover malicious intent. An example of a new rule that leverages the engine is one that detects obfuscation techniques within HTML attachments. This capability targets attackers attempting to conceal malicious content by encoding it into an unreadable format.

Enhancements to Investigation and Response Workflows

Emails Classification now available in search results

Search results now show whether Defender originally flagged the email as potentially malicious via a new ‘Tessian Classification’ column. As a result, it’s far quicker for analysts to assess which events may require their attention. 

File Hashes URLs and Email deletion status available in search results

Analysts can now see which file hashes and URLs (both within the body and attachments) were contained for all emails searchable within I&R and Email Search. Whenever an admin deletes an email via Email search or I&R, we now show the email deletion status within the table and event viewer. Customers now have assurance that a threat has been fully remediated. Not every email is deleted successfully and customers can understand more about why that might be the case in the Email Search and Investigate & Respond articles.

Sumo Logic – Now In Integrations Portal

By ingesting Tessian data, Sumo Logic customers will be able to monitor and mitigate email based security threats as well as the people behind them. They can now swiftly analyze incidents in real time, ensuring rapid prioritization and resolution of threats arising from employee behaviors.

Effortless Tessian-Splunk Integration

Introducing the Tessian Splunk app—a seamless solution to effortlessly integrate Tessian API data into your Splunk workflows. With simple setup and no complex scripting required, you can easily access valuable insights. Our default dashboard showcases intuitive ways to visualize Tessian data, enhancing your analysis. Currently, the app fetches data from key endpoints: Events, Groups, User Monitoring, and Risk. Tailor your dashboards by combining Tessian insights with data from other security tools. Locate the app on the Splunkbase marketplace by searching “Tessian,” or find it through the provided direct link. Elevate your integration experience with the included Splunk tile on your integration pages. Simplify data utilization with Tessian and Splunk synergy.

Enhanced Spam Filtering for Admins

We’re excited to share a meaningful enhancement in Threat Prevention > Security Events filtering. Previously, a minor yet impactful issue persisted: even when an email was marked as spam, it cluttered the list of events for admins using default filters. We understand the importance of focusing on relevant events.

We’ve addressed this concern by updating the “Considered as spam” filter. Now, it encompasses events labeled as spam by both the system and admins. This refinement ensures that your view remains streamlined, eliminating unnecessary noise and enabling swift identification of pertinent events.

Quarantine by Threat Confidence Level

Our configuration settings have evolved to provide the utmost flexibility, catering to diverse customer preferences regarding quarantine and warnings. Our latest enhancement empowers customers by allowing a default Admin Quarantine (block) when a certain threat confidence level is exceeded.

Investigate and Respond with Ease

Introducing a game-changing enhancement to our platform: Investigation and Response. Streamline your email threat management with powerful search capabilities, drastically reducing response times and enhancing risk reduction.

Precision in Search

I&R revolutionizes how you locate emails swiftly. Quick identification and resolution of threats significantly mitigate risks. Our array of new search fields empowers you to execute highly specific searches across sender, recipient, and email attributes. For instance, you can identify emails with more than 2 attachments and “Pay” in the subject line.

Proactive Threat Hunting

Stay ahead of emerging threats with proactive hunting. Combat evolving or zero-day threats by swiftly searching across your email archives and remediating in just two clicks. I&R supports broad and intricate searches, offering comprehensive flexibility.

Unified Investigation and Remediation

Bid farewell to juggling multiple tools. I&R consolidates email investigations, saving you time and eliminating analyst frustration. What’s more, remediation is seamless within the platform—no need to switch to your email compliance tool.

Internal Risk Resolution

I&R isn’t confined to external threats. Gain visibility into internal email traffic, empowering you to address internal incidents promptly. Prevent unauthorized exposure of sensitive data to internal recipients. Elevate your threat management with I&R—where search, investigation, and remediation unite for enhanced efficiency and security.

Enhanced Precision and Threat Capture

Our latest release brings a 40% reduction in false positives for lookalike attacks, ensuring you receive only the most relevant alerts. Our improved Behavioural Intelligence Model now captures 5% more threats, bolstering your defense against the latest risks. Plus, our refined executive impersonation identification means 35% more of these attacks are caught. 

Notably, our priority model for Defender now detects 300% more ‘very high’ confidence events with exceptional precision, empowering you to confidently utilize email quarantine. Stay secure and save time with our upgraded email security software.

Detect More Threats with File Hashes

Tessian now generates a file hash for every attachment received and the platform checks this against Tessian’s unified threat intelligence database. The database is populated with updates from our in-house threat intel team alongside external threat intelligence sources. This feature provides an additional layer of protection for your users by preventing known malware threats from making  it past the inbox.

Remediate Spam with a Single Click

Admins can now report and take action on spam emails: Whenever you mark an email as spam through the new “Mark as spam” button, this enables you to filter events marked as spam from the Defender events table.  The Tessian research team will use your spam assessment to build detection algorithms able to distinguish between spam and malicious emails. This is now available in the Defender event viewer via the “Mark as spam” admin action.

API Documentation – Now Public

Public Tessian API Documentation is now available. You can access the Public Tessian API Docs here. It is no longer a requirement to have an active Tessian Portal User to see Tessian’s API Documentation, so admins can share the documentation with colleagues and technical partners as needed.

Improved Experience for Security Events

We’ve redesigned the Defender Events Table to enhance your experience in identifying and addressing crucial events effortlessly. Here’s what you can expect:

Clearer Focus, Streamlined Design

The first notable change is the merging of the sender column into “Sender and Recipient(s)”. By simplifying the layout, we aim to ensure that you swiftly extract vital information without feeling overwhelmed.

Intuitive Labels for Instant Clarity

Our use of labels enhances clarity regarding email status. Whether it’s in quarantine or the user has flagged it as malicious, these labels offer instant insights into the email’s disposition.

Uncover More with a Hover + Seamless Navigation to Resources

Delve deeper into event details effortlessly. Additional event information is now readily accessible by hovering over the “+” buttons. This convenient feature allows you to explore insights without leaving the main view. To further aid your journey, we’ve provided links to Help Centre articles for both label meanings and more information on accessing additional event details.

Investigate Email Threats Within and Outside of Tessian

Customers can now search across all email threats whether they were detected by Tessian or not. You can now search across all emails from within the Tessian portal using our new Investigate and Respond capability and take the following actions:

• Report the missed threat to Tessian so we can prevent similar future threats

• Remove the threat from the user’s inbox (for API deployments only)

• Add the sender to the deny list

You can search for an email using its message id (found within the email headers) or upload it as an .eml file in the portal, our help center article has more information.

Extract and Inspect Malicious URLs

Tessian Defender now offers protection against malicious URLs hidden in attachments. Customers can extract and inspect the URLs from the attachments, including: csv, doc,docx, htm, html,ppt, pptx,rtf, txt, xls, xlsx.

Full Body Email Analysis + Enhanced Threat Detection

To further enhance our threat prevention capabilities, Tessian will now analyze and store the full body of emails of all emails for those who opt-in. By extending our behavioral intelligence models to analyze and store the body of emails we can apply more precise, sophisticated and adaptable threat prevention techniques. In this release, we’ve also improved our lookalike impersonation detection, which will result in a reduction in false positives.

The Tessian API is Now Generally Available

The Tessian API is now available to all customers, letting you consume Tessian email data in your downstream systems. Do you want to triage your events in Splunk, Sentinel or another SIEM? Pair your Tessian data with data from other applications used in your daily workflows, such as user device usage, SAML etc. to understand their activity at a glance. The API offers customers the ability to discover endpoints for Security Events, User Monitoring, Groups, Risk Scores and more.

Improved Admin Labeling and and Actions

Admins can now mark emails as safe or malicious from directly within the portal to improve the algorithm’s performance within their environment. This will help reduce future false positives and reinforce the efficacy of malicious email detection. 

A part of this release includes the ability to take action on user quarantined emails within the portal. If an email is user quarantined, admins can now release the emails to a user’s inbox, or delete the emails from user quarantine just as they currently do for admin quarantined emails. This provides significant time saving with bulk release and delete features as well as added security to quickly remove malicious emails.

Improved Platform Navigation

The left hand-side navigation bar has been re-structured into the parent categories of Threat Prevention and Data Loss Prevention to reflect how our customers use the product. There is also a new top navigation bar, allowing quick navigation between insights and events pages for different modules.