An attacker steals the credentials of an employee in your trusted external network using a variety of techniques such as a non-targeted phishing attack, a spear phishing email, brute force attack, password compromise, or leaked credentials online.
Once the attacker gets hold of the account credentials, they choose a target organization in the network of the victim and start sending out emails from the compromised account. The emails usually contain a malicious link, malware, or a request for confidential information, funds transfer, or credentials.
People who receive these emails have no idea that their trusted network has been compromised. The emails look genuine, are from a trusted contact, and pass authentication checks performed by rule based email security solutions such as SPF, DMARC and DKIM. The victim performs the requested task, which usually results in a breach.
Using machine learning powered behavioral analysis, content analysis and user identity anomaly detection, Tessian detects a range of threat signals such as anomalous geophysical location, time email is sent, IP address, email client, unusual reply-to addresses, anomalous recipients, and more. This allows Tessian to detect anomalies in even the most sophisticated attacks.
Tessian can also precisely spot any language that conveys suspicious intent using Natural Language Processing; suspicious URLs using machine learning; and suspicious attachments through content interrogation. The algorithm does all these in sub-seconds, without hindering the user experience.
When a threat is detected, end-users receive in-the-moment alerts to help them identify and self-triage ATO emails. Tessian also offers administrators a variety of remediation options and the flexibility to determine the type of controls and alerts for end users.
Tessian detects even the most subtle anomalies that might signal an attack at the first instance of an attempt. This not only helps organizations stop breaches at a very early stage, but also avoid potential compromise to brand and business reputation along with compliance penalties.
Tessian automatically categorizes and prioritizes threats by assigning a Risk Confidence Score and displaying them within the portal for quick administrative response. Tessian also delivers real-time alerts of ATO events to dedicated mailboxes to ensure SOC and security managers are notified without any delay.
By automating the grouping of ATO events, administrators can detect and act on burst attacks quickly. Automatic creation of event logs, without manual intervention, helps SecOps/SOC managers optimize their resource-constrained engineering teams. This also reduces noise and enables one-click remediation of multiple events and burst attacks.
Tessian delivers frictionless security awareness coaching with contextual, in-the-moment alerts. Effective yet non-intrusive alerts helps organizations drive employees towards secure email behavior to reduce risks over time.