Account takeover (ATO) is one of the fastest growing threats over email as these originate from trusted sources and have low detection rates. Tessian can stop even the most advanced ATO attacks with machine learning-powered anomaly detection, behavioral analysis, and natural language processing (NLP).
An attacker steals the credentials of an employee in your trusted external network using a variety of techniques such as a non-targeted phishing attack, a targeted spear phishing email, brute force attack, password compromise, or leaked credentials online.
Once the attacker gets hold of the account credentials, they choose a target organization in the network of the victim and start sending out emails from the compromised account. The emails usually contain a malicious link, malware or even request confidential information about the target company/employees/customers, funds transfer, credentials etc.
The recipients of these emails have no idea that their trusted network has been compromised. These emails appear genuine, are from a trusted contact, have legitimate headers, and pass authentication. The unsuspecting receiver performs the requested task, which usually results in a breach.
Using machine learning, behavioral analysis, and NLP, Tessian detects a broad range of threat signals such as anomalous geophysical location, time email is sent, IP address, email client, unusual reply-to addresses, anomalous recipients, and more. Such granular analysis allows Defender to detect anomalies in even the most sophisticated and painstakingly crafted attacks.
Tessian can also spot with precision any language that conveys suspicious intent using NLP; suspicious URLs using machine learning; and suspicious attachments through content interrogation. The algorithm does all these in sub-seconds, without any perceived impact on the user experience.
Tessian’s machine learning algorithm continuously analyzes and learns from email communications across its global network to build profiles and models of companies and their employees to understand what their normal email communication looks like.
Combining this with end user alerts allows employees to identify and self-triage ATO emails. Tessian also offers administrators a variety of remediation options and the flexibility to determine the type of controls and alerts for end users.
Tessian tracks user behavior and detects even the most subtle anomalies that might signal an attack at the first instance of an attempt. This not only helps organizations stop breaches at a very early stage, but also avoid potential compromise to brand and business reputation along with compliance penalties.
Tessian automatically categorizes and prioritizes threats by assigning a Risk Confidence Score and displaying them within the portal for quick administrative response. Administrators can view high-level threat data as well as granular forensics for detailed analysis. Tessian also delivers real-time alerts of ATO events to dedicated mailboxes to ensure that SOC and security managers get notified without any delay.
By automating the grouping of ATO events, Tessian allows administrators to detect and act on burst attacks quickly. Automatic creation of event logs and cases without manual intervention helps SecOps/SOC managers optimize their resource-constrained engineering teams. This also reduces noise and enables one-click remediation of multiple events and burst attacks.
Tessian delivers frictionless employee education with contextual, in-the-moment alerts. Powerful, yet non-intrusive end-user education with alerts helps organizations drive employees towards secure email behavior to reduce risks over time.