Request a Demo of Tessian Today.

Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

Move beyond your SEG with Tessian’s SEG Consolidation Wizard  | Generate Report Now →

Tessian Blog

  • All
  • Customer Stories
  • Compliance
  • Email DLP
  • Integrated Cloud Email Security
  • Data & Trends
  • NULL
    array(14) { [0]=> object(WP_Term)#10478 (11) { ["term_id"]=> int(5) ["name"]=> string(16) "Customer Stories" ["slug"]=> string(16) "customer-stories" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(5) ["taxonomy"]=> string(8) "category" ["description"]=> string(155) "Read our latest Customer Stories, interviews and news. Learn how Tessian protects organisations in Financial Services, Legal, Technology and other markets." ["parent"]=> int(0) ["count"]=> int(46) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "2" } [1]=> object(WP_Term)#11322 (11) { ["term_id"]=> int(120) ["name"]=> string(10) "Compliance" ["slug"]=> string(10) "compliance" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(120) ["taxonomy"]=> string(8) "category" ["description"]=> string(143) "Read our latest articles, tips and news on Compliance including GDPR, CCPA and other industry-specific regulations and compliance requirements." ["parent"]=> int(0) ["count"]=> int(40) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "5" } [2]=> object(WP_Term)#11321 (11) { ["term_id"]=> int(116) ["name"]=> string(9) "Email DLP" ["slug"]=> string(20) "data-loss-prevention" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(116) ["taxonomy"]=> string(8) "category" ["description"]=> string(144) "Read our latest articles, tips and industry-specific news around Data Loss Prevention (DLP). Learn about the implications of data loss on email." ["parent"]=> int(0) ["count"]=> int(99) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "4" } [3]=> object(WP_Term)#11320 (11) { ["term_id"]=> int(2) ["name"]=> string(31) "Integrated Cloud Email Security" ["slug"]=> string(20) "human-layer-security" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(2) ["taxonomy"]=> string(8) "category" ["description"]=> string(301) "Integrated Cloud Email Security solutions were introduced as a new category, and positioned as the best defense against advanced phishing threats that evade traditional email security controls.  Learn more about what they are, the benefits of using them, and how you can best evaluate those on offer." ["parent"]=> int(0) ["count"]=> int(134) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "1" } [4]=> object(WP_Term)#11319 (11) { ["term_id"]=> int(486) ["name"]=> string(17) "Data & Trends" ["slug"]=> string(11) "data-trends" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(486) ["taxonomy"]=> string(8) "category" ["description"]=> string(0) "" ["parent"]=> int(352) ["count"]=> int(1) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "3" } [5]=> object(WP_Term)#11318 (11) { ["term_id"]=> int(341) ["name"]=> string(13) "Insider Risks" ["slug"]=> string(13) "insider-risks" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(341) ["taxonomy"]=> string(8) "category" ["description"]=> string(154) "Access Tessian's library of free data exfiltration posts, guides and trend insights. Acidental data loss, insider threats, and misdirected emails content." ["parent"]=> int(490) ["count"]=> int(39) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "2" } [6]=> object(WP_Term)#11317 (11) { ["term_id"]=> int(433) ["name"]=> string(14) "Remote Working" ["slug"]=> string(14) "remote-working" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(433) ["taxonomy"]=> string(8) "category" ["description"]=> string(163) "Access free tips from security leaders and new research related to remote working and hybrid-remote structures. Level-up your cybersecurity for a remote workforce." ["parent"]=> int(116) ["count"]=> int(16) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "1" } [7]=> object(WP_Term)#11316 (11) { ["term_id"]=> int(384) ["name"]=> string(7) "Podcast" ["slug"]=> string(7) "podcast" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(384) ["taxonomy"]=> string(8) "category" ["description"]=> string(345) "Cybersecurity podcast series on the human factor, discussing why we need to focus on people - not just machines and data - to stop breaches and empower employees. Tim Sadler, CEO of Tessian meets with business, IT and security leaders to flip the strict on cybersecurity and share best practices, cybersecurity challenges, threat intel and more." ["parent"]=> int(2) ["count"]=> int(9) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "1" } [8]=> object(WP_Term)#11315 (11) { ["term_id"]=> int(411) ["name"]=> string(14) "Threat Stories" ["slug"]=> string(14) "threat-stories" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(411) ["taxonomy"]=> string(8) "category" ["description"]=> string(155) "Tessian Threat Intelligence and Research team uncovers trends and insights in email security related to phishing, social engineering, and more. Learn more!" ["parent"]=> int(0) ["count"]=> int(24) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "3" } [9]=> object(WP_Term)#11314 (11) { ["term_id"]=> int(3) ["name"]=> string(22) "Advanced Email Threats" ["slug"]=> string(22) "advanced-email-threats" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(3) ["taxonomy"]=> string(8) "category" ["description"]=> string(166) "Get up to speed on the latest tips, guides, industry news and technology developments around phishing, spear phishing, Business Email Compromise, and Account Takeover" ["parent"]=> int(490) ["count"]=> int(154) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "6" } [10]=> object(WP_Term)#10484 (11) { ["term_id"]=> int(352) ["name"]=> string(15) "Life at Tessian" ["slug"]=> string(12) "team-culture" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(352) ["taxonomy"]=> string(8) "category" ["description"]=> string(149) "Learn more about Tessian company news, events, and culture directly from different teams. Hear from engineering, product, customer success, and more." ["parent"]=> int(0) ["count"]=> int(47) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "7" } [11]=> object(WP_Term)#11280 (11) { ["term_id"]=> int(435) ["name"]=> string(21) "Interviews With CISOs" ["slug"]=> string(21) "ciso-spotlight-series" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(435) ["taxonomy"]=> string(8) "category" ["description"]=> string(164) "Learn how to navigate the threat landscape, how to get buy-in, and how to break into the industry from these cybersecurity leaders from Shell, Penn State, and more." ["parent"]=> int(0) ["count"]=> int(33) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "8" } [12]=> object(WP_Term)#11281 (11) { ["term_id"]=> int(436) ["name"]=> string(16) "Engineering Blog" ["slug"]=> string(16) "engineering-blog" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(436) ["taxonomy"]=> string(8) "category" ["description"]=> string(134) "Tessian's engineering team shares tips for solving complex problems. Get advice related to QAs, 502 errors, team management, and more." ["parent"]=> int(352) ["count"]=> int(18) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "1" } [13]=> object(WP_Term)#10473 (11) { ["term_id"]=> int(434) ["name"]=> string(16) "Cyber Skills Gap" ["slug"]=> string(16) "cyber-skills-gap" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(434) ["taxonomy"]=> string(8) "category" ["description"]=> string(149) "Learn more about the cybersecurity skills gap and cybersecurity gender gap. Research and interviews with industry leaders and champions of diversity." ["parent"]=> int(435) ["count"]=> int(19) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "1" } }
Interviews With CISOs
Tessian Spotlight: Michael Mrak, Head of Department Compliance & Information Security at Casinos Austria
Monday, March 4th, 2019
Michael has been with Casinos Austria for 26 years. He started in the IT department and eventually took over the role of Data Privacy Officer in 2001. Responsible for overall information security strategy and, working closely with the CEO, Michael establishes policies relating to compliance and anti-money laundering. As well as overseeing all the activities related to the development, implementation, maintenance and adherence to the organization’s privacy policies, he is also the link between his organization and the Austrian Ministry of Finance. What are the greatest challenges you have overcome at Casinos Austria as Head of Department Compliance and Information Security? Dealing with the number of regulations is definitely number one. It is a developing field for lawmakers and this makes the laws less stringent than they should be. Additionally, this means that we sometimes have to deal with laws that are in conflict with each other such as money-laundering and data privacy. Another issue that I face, which is probably the case for many compliance officers, is keeping the awareness of compliant behavior high. It is a constantly ongoing process that requires continuous education about the rules that must be followed and we deal with this by running educational campaigns. While there are many ways to approach user education, I find running in-person educational sessions to be much more effective than the rest (e.g. e-learning). What are the greatest information security issues in the gaming industry and how should these be addressed? Different gaming markets tend to have different issues but one overall issue I found is, surprisingly, not technical but social, namely dealing with social engineering tactics. This is actually quite a problem because advanced spear phishing attacks that use social engineering methods are very difficult to recognize and therefore challenging to prevent. This is usually dealt with by keeping awareness high but, as mentioned before, that requires constant communication. Because it is such an issue, this will be my main focus for 2019. How should compliance and information security executives ideally work with the board to address information security issues? In an ideal situation, the most important aspect is to get support from the top as I cannot execute my plan if I do not have the support of the board. Additionally, constant communication within the organization is key so having weekly meetings with the board and other departments to discuss strategic issues is ideal. How are most organizations in the gaming industry handling information security and what do you think should change? Surprisingly, a lot of our competitors in the gaming industry do not have a high level of information security. This seems to be especially common with some of the younger organizations that might be prioritizing high growth over security practices. Casinos Austria has been operating since the 60s so we have very well established compliance procedures. It is not the case that these younger organizations do not care about information security but rather that they usually address this in an unstructured way without many processes. It is extremely important to have a clearly defined information security strategy and that usually means having processes in place.
Read Blog Post
Integrated Cloud Email Security
Announcing our Partnership with Sequoia and a New Era of Cybersecurity
by Tim Sadler Wednesday, February 27th, 2019
I’m delighted to officially share with the world today that Tessian’s raised $42m in Series B funding led by Sequoia and partner Matt Miller is joining the board. I got to properly know Sequoia and Matt last year after a destiny-crafting introduction from the legendary CyLon. We’ve been fortunate to have a lot of interest from investors, but I try not to take meetings unless we’re actually fundraising. Sequoia was different. Instead of spending time talking about ARR and our metrics, Matt was interested in our vision, founding story, team and challenges. Sequoia call themselves company-builders, and that’s exactly how it felt from day one. We couldn’t be more excited to welcome Matt to the Tessian board and to work with him to create a new category of enterprise cybersecurity. When Tom, Ed and I started Tessian in our apartment in 2013, we started with a grand vision but laser focus on trying to execute one thing extremely well—preventing sensitive data loss caused by human error. Over the past three years, we’ve been quietly expanding the capabilities of our machine learning engine to address other gaping holes in enterprise security. Today, we’re also delighted to share our vision with the world for the very first Human Layer Security platform for the enterprise. Enterprises have spent the past two decades protecting their networks with firewalls, their devices with endpoint security but have completely neglected the most important data processors of all—their people. The new capital raised in our Series B will allow us to leverage the technology we’ve applied to email security and expand this to provide automatic protection for the myriad platforms and applications in use everyday by people in global organizations. Of course, none of this would have been possible without our most important allies. First, I’d like to thank all of our customers for their incredible support and belief in us over the years. Cybersecurity, by definition, is a risk-averse industry. It’s been inspiring to see how many enterprises are willing to adopt new technology to solve their greatest problems. Second, and to whom we owe the greatest thanks—the employees of Tessian. It’s because of your brilliance, creativity and relentless grit that we’ve achieved what we have today. As I’m sure any founder will attest, fundraising is a necessary part of company building but not the ultimate goal. We now have a huge amount of work ahead as we execute against our plans for 2019—a year that’s shaping up to be our biggest yet.
Read Blog Post
Advanced Email Threats
Risk of Spear Phishing to Enterprises
Tuesday, February 26th, 2019
Spear Phishing attacks are on the rise, and they’re more sophisticated than ever. Why? Because they’re extremely profitable for perpetrators. The FBI estimates that Business Email Compromise due to spear phishing has cost businesses more than $12 billion between December 2016 and May 2018. Spear phishing harms your enterprise by exploiting employees’ trust in their colleagues, partners, and customers.  Spear phishing attacks are costly with serious business impacts. What are the risks of Spear Phishing to a business? • Significant loss of funds due to wire-transfer fraud (BEC) • Malicious intrusion by hackers into business-critical systems • Significant damage to IT infrastructure due to malware or stolen credentials • Widespread loss of sensitive customer data • Widespread loss of company intellectual property • Reputation damage and regulatory penalties The Evolution of Spear Phishing 281 billion emails are sent every single day, as reported by Radicati. Since its introduction in the 1970s, email has become the main artery of communication for the enterprise. Enterprise email networks have significant cybersecurity vulnerabilities: • Email networks are open gateways • Email networks have human nodes • Email networks are dynamic in nature This exploitation began with spam in 1978. Spam is an inbound email threat that is bulk in nature i.e. emails are sent to large numbers, sometimes millions, of recipients with minimal personalisation. These properties make it relatively easy to defend against, and almost every email provider or legacy Secure Email Gateway now includes spam filtering as a standard part of their feature set. As enterprises got better at defending against spam, so too did perpetrators at trying to dupe targets. A new era of inbound email threats was born: phishing. Phishing emails are often pharming for credentials by mimicking the identity of a trusted website or service (e.g. Facebook or Gmail). As with spam, phishing is relatively easy to filter and most email platforms and legacy Secure Email Gateways include anti-phishing filters. To outmaneuver these filters, perpetrators have developed more sophisticated tactics to reach their targets. As a result, there has been a dramatic increase in a new type of inbound email threat: Spear Phishing. Unlike spam and phishing, spear phishing is highly targeted toward a specific individual within an enterprise and will often impersonate the identity of a trusted third party in order to trick the target into taking some form of action e.g. paying an invoice, sending data or downloading malware. These characteristics make spear phishing much more difficult to prevent from a technological perspective and thus mean that attackers have a higher success rate. Why are Spear Phishing attacks getting worse? 95% of all attacks on enterprise networks are the result of successful spear phishing. —  According to Allen Paller, director of research at the SANS Institute Human error and existing rule-based systems are your primary risk factor. Employees are often victims of spoofing and impersonation as malicious emails continue to bypass most email platforms and legacy Secure Email Gateways. Malicious emails continue to easily circumvent legacy spam filters, firewalls and gateways through increasingly sophisticated CEO fraud and brand spoofing campaigns. Due to human nature, unaware or preoccupied users (even those actively engaged in an awareness training program) are easily lured into downloading an attachment or clicking on a malicious email link to inadvertently provide attackers with access to sensitive corporate networks and data. 93% of respondents agree that humans and technology need to work side-by-side —  According to Allen Paller, director of research at the SANS Institute Because of the rise in spear phishing, email providers and legacy Secure Email Gateway platforms have attempted to build in some rule-based controls to prevent these kinds of attacks by detecting basic patterns which highlight an impersonation attempt. However, there’s a wide spectrum of spear phishing impersonation techniques, and rule-based controls are inadequate at preventing more sophisticated tactics. About Tessian Tessian is building the world’s first Human Layer Security platform to fulfil our mission to keep the world’s most sensitive data and systems private and secure. Using stateful machine learning to analyze historical email data, Tessian’s Parallax Engine can predict for this user, at this point in time, does this email look like a security threat?
Read Blog Post
Life at Tessian
Building a Bold and Beloved Brand
by Kelli Hogan Wednesday, December 12th, 2018
Cybersecurity has an image problem. To many, it simultaneously conjures up feelings of stale corporate software and cliched messaging rife with anonymous hacker and military-grade defense references. It’s also an incredibly crowded space with over 2,500 brands and platforms competing for every business’s budget. Most of these solutions are invisible to end users and have zero margin for error. Let that sink in for a minute. With that said, cybersecurity, specifically information security, is now seen as essential to an enterprise’s overall operations and bottom line; today CISOs report into Boards of Directors. The increasing responsibility (due in part to stringent data protection policies like GDPR), heightened risks of processing and storing sensitive data and the fact that no organization appears to be safe from a data breach has given information security a new purpose and place within the structure of a business. So is cybersecurity the place to begin or evolve your career in marketing or design? Compared to consumer tech, it doesn’t ostensibly offer the same opportunities to flex creative muscles or deviate from rigid B2B tactics. But because of the inherent challenges and the growing need for every business to adopt a comprehensive cybersecurity strategy, this is the space for creative disruption and fresh perspectives. At Tessian, we’re building a world-class Marcomms team with the ambition of bucking convention and reimagining B2B, SaaS and cybersecurity marketing. We’re proving it can be creative and calculated, inspiring and effective. Tessian’s mission is to keep the world’s most sensitive data and technology systems secure. Our job is to build a brand that embodies this mission, and more importantly, that captures the market’s attention and turns users into satisfied customers. Marcomms at Tessian is a multidisciplinary function comprised of wildly talented communications generalists, specialists and designers. Nearly everything we do is cross-functional, which means we collaborate with every internal team—with Engineering and Data Science to ensure we authentically communicate our technology and product offering; with Client Development to capture customer success stories; with Business Development to create compelling content and execute exclusive events that help nurture leads and gain new customers. Our core objective is filling the top of the funnel and delivering pipeline to the sales team. Our targets are big. We deliver them through a variety of strategic channel activities including events, digital marketing, content creation and PR. We have the freedom and drive to constantly experiment, measure and refine our efforts in order to optimize performance. We move fast, and our work satisfies the analytical and big picture thinker in each of us. I left Google a year ago to take some time off and carefully consider my next career move. I had a decade of experience in consumer brand and product marketing, working with incredible creative talent on exciting technology. I loved it and learned a lot. But over time I was missing a few things—real autonomy and accountability. I wanted to help build something from the ground up and to be responsible for delivering exceptional and sustainable results. I got my chance by joining Tessian. In just three months, I have learned so much, acquired more responsibility than I could imagine and, most importantly, I’ve started to assemble an extraordinary team of brilliant people from different disciplines, each of whom challenges me and makes me better at my job. Our goals for 2019 are bold and courageous. To achieve them, we are looking for key talent to round out our capabilities. Check out the open roles at tessian.com/careers. In the meantime, meet our Marcomms team and hear what they think of Tessian— “As a creative graduate having worked for independent studios and within in-house teams, building a design career at Tessian has been decidedly different. Cybersecurity companies face an uphill struggle when constructing the visual narratives that power their brands—the sector is filled with overly complex explanations of technology and iconographic cliché; the shield, the padlock, the lightning strike. Design at Tessian is instead always evolving and growing, and allows you to work in all areas of the company, integrating with sales to produce pitch decks, or with client development to produce workflow diagrams, or with operations and recruitment for branded collateral and event organization.” – Leon Brown, Designer “I joined Tessian in September 2017 as the first marketer, and it’s been astonishing to see how the team has grown. When I joined it was crucial to quickly kick-start new marketing channels, and show in a very quick way the positive impact marketing has on the company and how it aligns to business goals. Then it was about building a marketing function and processes which could scale. We now focus on hiring specialists and ensuring everyone in the team is aware of the direction they are moving in and how they can get to their desired destination. I truly believe you need to hire people smarter than you and get out of the way – it’s important to allow people to be effective and perform to achieve the best results. I thoroughly enjoy working at Tessian. Marketing has always been a passion of mine, but marketing for- and at- Tessian is a whole other feeling. It’s a joy to work with such clever and driven individuals to really understand how, as a team, we can optimise our key marketing activities to the point where we can make accurate predictions on how many leads, MQLs or even revenue each channel can generate. There are some unique challenges working in a startup, but they’re also some of the biggest selling points; there may not always be a set process or structure for things, but for the right hire it can be invigorating to set up the infrastructure for the marketing team. It’s something you will keep optimising; nothing is ever stagnant. Everything is possible, which can sound terrifying, but it’s one of the most exciting things about working at Tessian. We never say something can’t be done, but rather always work together to figure it out. We learn from every failure as much as we do success.” – Chandni Trehan, Marketing Manager “Joining Tessian has made moving from Los Angeles to London more than worth it. (Even in winter.) During the universally stressful college senior job search, my motto was high growth and high impact. After graduating from UCLA, I joined Tessian as the second full-time hire on the marketing team. In under six months, I’ve been given the chance to forge my own path: come up with an idea, organize the plan of action and execute. I own the space in which I operate, while working closely and cross-functionally with every team in the office, which offers both breadth and depth, as I continue to learn and grow alongside some of the sharpest, savviest people I’ve ever known. What’s it like being at Tessian, in one word? Meaningful. Every day, we walk into work with the knowledge that what we do matters. And that’s as hard to find as it is fulfilling. While rapid growth can sometimes translate to high pressure, I’m constantly grateful to be here alongside the inspirational people that I look up to in every way on our journey to make a difference.” – Bianca Butler, Marketing Associate “With nearly 4 years in brand strategy, I’ve been fortunate enough to work on brand building challenges in luxury retail, FMCG and, more recently, consumer technology. Working across categories has given me a varied and colourful marketing perspective, but I was looking for a role that would take me to the front line of marketing, a position where I could have a daily impact and to be in a team where we feel ownership over the brand we build. Tessian has been exactly that. The work is dynamic, immediate and tangible and gives instant results. Tessian manages to gather incredible minds from an endless range of interesting backgrounds. It’s a pleasure to work in such an energetic environment, and the excitement and dedication is infectious.” – Karina Ferdi, Marketing Executive “Before joining Tessian I helped run CyLon, a cybersecurity startup accelerator in which Tessian participated. I worked with the then-5-person team for a year and a half. After I saw the team leave the office one day to play rounders after work, I knew I wanted to join the team. As reductive as that may seem, it represented a culture where everyone was not just part of a company, but also a friendship group. I finally joined in December 2017, as the company’s first designer. What I instantly saw was where there could have been an informal division between the commercial and technology, there was respect. Everyone buys into the same vision and believes we are building something game-changing. Over the last year, my design journey has been incredibly diverse. I’ve been part of the company rebranding, have created exhibition stands and even outfitting our 11,000 sq ft office.” – Shane Wickramasuriya, Design and Brand Lead  
Read Blog Post
Email DLP
Bupa Fined £175,000: The Risks and Costs of Unauthorized Emails
Thursday, October 18th, 2018
As the recent Bupa data breach highlighted, the sending of unauthorized emails – an email that is intentionally sent to an unauthorized recipient, such as an employee’s personal email account – can have a detrimental financial and reputational impact upon an organization. The global insurance and healthcare group’s failure to prevent the exfiltration and attempted sale of over half a million international health insurance customers’ personal information led to a £175,000 fine and a damning evaluation of its negligent security practices.
The loss of consumer data can also result in: • Breaching contracts or non-disclosure agreements • The loss of IP and proprietary research • Breaching data protection regulations • Heavy fines imposed by regulators and clients (GDPR, in particular, will greatly increase fines for all manner of data breaches) Despite such demonstrably damaging ramifications, many organizations do not have sufficiently secure networks and, as a result, lack the necessary visibility over how sensitive data is processed and stored. Before they know it, sensitive data is shared, stolen and sold; the damage is done. For large organizations like Bupa, monitoring thousands of employees and hundreds of thousands of email communications containing millions of pieces of data can seem an insurmountable and relentless task. In 2018, it is estimated that 124.5 billion business emails were sent every day with each employee sending an average of 31 each. These figures are only expected to increase (by at a rate of 3% per annum over the next few years) as corporate email networks grow in size and importance. Organizations that possess large amounts of highly sensitive patient or consumer data like Bupa have a duty to prevent this kind of data breach from happening. If they cannot monitor or control employee behaviour, they must take the necessary steps to find and invest in an approach and solution that can prevent unauthorized emails from being sent. It’s crucial to be proactive – rather than reactive – to address this kind of threat As such, we recommend enterprises employ an email security platform that offers comprehensive protection against the sending of unauthorized emails. Tessian Enforcer, for example, uses machine learning to understand human conversation patterns in order to detect, flag and prevent anomalous emails, which may contain sensitive data, from being sent to unauthorized or personal email accounts.
Read Blog Post
Integrated Cloud Email Security, Advanced Email Threats
Why Rule-Based Approaches to Spear Phishing is Failing
Wednesday, September 19th, 2018
  Introducing Defender Business Email Compromise scams were responsible for over $5.3 billion in global losses from 2013 to 2017. According to the FBI, these types of attacks are also becoming more prolific, jumping 2,370% from 2015 to 2016 alone. Most enterprises have anti-spam and anti-phishing filters in place to protect their emails. Unfortunately, bad actors are outpacing these safeguards and are finding more intelligent ways to break through to their targets. This is where Tessian comes in. Since 2013, we have been developing machine intelligent technology to prevent threats that rule-based legacy gateways and platforms cannot. Tessian Defender is our latest advancement. Defender protects from threats executed by humans rather than just code, using the Tessian’s Parallax Engine and natural language processing technology to keep the most sensitive data and systems private and secure. The Problem Spear phishing is effective because of its highly targeted approach. When it successfully dupes individuals into sending money, sharing data, or downloading malware, it brings significant reputational and monetary risk. Defender protects against these threats through comprehensive safeguards against weak and strong-form impersonation alike. Weak-form impersonation can generally be detected and prevented through the rule-based controls that many enterprises already use. Often this is done by authenticating SPF, DKIM, and DMARC records to estimate the legitimacy of the sender. This entails cross-referencing IP addresses, scouring for invisible signatures, and linking senders to their domain names and broader email protocols. Rule-based defences also perform checks to find matches with known display names, modifications to “reply-to” addresses, and newly registered domains. Unfortunately, this is not enough. These systems are limited in scope and not always implemented. DMARC authentication, for example, only protects a domain against direct impersonation, where a bad actor is trying to spoof someone’s actual email address. It fails to address domain or display name lookalike impersonation. Furthermore, global DMARC adoption rates are low. Legacy technology stacks find it difficult to query large datasets in real-time, which means it is often a challenge for systems to quickly recognise and filter phishing emails. Even where these systems are sufficient, weak-form spear phishing is now evolving into a more advanced threat: strong-form spear phishing. This type of spear phishing subverts legacy email security systems by turning to tactics that are difficult for humans and rule-based email security processes to detect. Traditional, pre-defined rule sets cannot fend off strong-form spear phishing because of the almost infinite number of domain and sub-domain, display name and address, and freemail permutations impersonation allows for. Even where they do detect certain impersonations, legacy systems cannot capture the evolving dynamics of email networks, with enterprises developing new relationships every day over email. A rule set would need to constantly be updated in order to remain effective. This is time consuming and resource intensive and inefficient. The Solution Tessian Defender is specifically designed to tackle strong-form impersonation spear phishing. Due to the complexity of strong-form impersonation techniques, having an understanding of email relationships based on historical data and user behavior is critical. Using stateful machine intelligence, Tessian has developed a new approach to thwart spear phishing. Tessian’s Parallax Engine can predict for this user, at this point in time, does this email look like a security threat? Tessian Defender also uses natural language processing (NLP) to understand content within an email and will automatically classify its intent, so it can provide more context to the end user within a warning message, and also highlight the specific risk to security teams.  
Read Blog Post
Engineering Blog, Life at Tessian
Building an Email Load Tester in Node
Sunday, April 1st, 2018
At Tessian, our engineering teams work to ensure that our backend systems have the capability to handle the workloads required by our clients. We do this in lots of industry-standard ways: continuous integration pushed to a continuous-use staging environment, unit and module tests, integration tests and high-load simulations. On the Node.is team, we needed a load testing service which could replicate email traffic above and beyond the 9 am problem (when everyone logs on at work and sends replies to their emails received overnight). Off-the-shelf load testers are typically designed for REST API traffic  —  hitting a server with http(s) requests until it breaks. We needed something smarter. Something that could generate high network traffic and still have the capacity to hold a responsive SMTP conversation for each connection. Like all good engineering projects, we began with the simplest of setups: using swaks to generate and send emails (the source) and a simple instance of Haraka (an SMTP mail server) running on Node.js to receive the traffic (the sink). Running the source and sink on separate AWS compute instances gave us a trivial-to-setup, rampable load tester. Executing swaks on a single core can generate and send around 27 emails/second. Coding a simple bash script to launch swaks processes across dozens of cores (AWS compute instances can give you up to 72 virtual cores) should have provided us with a cool 27 x 72 = 1944 emails/second. Of course, it didn’t. There are some basic overheads in this simple setup. Swaks is a perl script, so each time a message is sent, a new perl process needs to be started, the script interpreted and the process terminated. On the sink side, Haraka does quite a lot of processing of each email it receives — parsing the headers and message body, checking address formats and so on — none of which we really needed for our purposes. The overall throughput came out at around 450 emails/second. Not a bad start, but we felt like we could do better. First we replaced the Haraka sink with a much simpler Node.js server. We coded a net.Server instance and implemented responses for the 4 basic SMTP commands: MAIL FROM, RCPT TO, DATA and QUIT. We didn’t include any validation of the received data — we run different tests for that — because we wanted pure performance. The server recorded various statistics along the way (clock time, data transfer rate, active connection numbers, etc) and console.log()’ed them out each time it received an email. In its entirety, the completely functional (but not exactly RFC-compliant) Node.js SMTP sink server was coded in just 9 functions and 200 lines. Back to the test. Re-running the 72-core swaks script with the new Node.js sink didn’t do much to help the maximum rate with small messages (which still peaked at around 450 emails/second); it did, however, make a big difference with larger messages. By losing the message parsing on the sink side, Node was able to make full use of its multi-connection network streaming capability and keep the maximum incoming rate for multi-megabyte messages. Looking at the server load figures, it was clear that the sink server was busy — but not too busy. The numbers of active connections were averaging just 6 with small bursts into the dozens. Time to focus on the source. Coding a new Node.js module to load and send emails over SMTP was simple enough. Around 100 lines of code later, a fully functional sending script, complete with terminal-configurable options to choose the size of message and destination server was built. Firing up an instance of it on a single core achieved a pretty smart 1426 emails/second (10K messages transferred in 7.01 seconds). We then fired up sending instances across increasing numbers of cores until we plateaued at ~4700 emails/second — more than 10x over the first setup. For context, that’s more than our company’s total current internal email traffic over a 24 hour period, squashed down to 1 second. This is one of many reasons we love using Node.js; its ease and efficiency in handling high-performance network connections is unrivaled, and without it, it’s difficult to imagine the lengths we’d need to go to in order to achieve simple high-throughput load testing of our email servers. Of course, the load tester is still being worked on (there’s more to squeeze out of it), but for now, we’re pretty happy with its performance.       #engineering
Read Blog Post
Integrated Cloud Email Security, Insider Risks, Email DLP
What is an Insider Threat? Insider Threat Definition, Examples, and Solutions
by Tessian Monday, June 29th, 0201
Organizations often focus their security efforts on threats from outside. But increasingly, it’s people inside the organization who cause data breaches. There was a 47% increase in Insider Threat incidents between 2018 and 2020, including via malicious data exfiltration and accidental data loss. And the comprehensive Verizon 2021 Data Breach Investigations Report suggests that Insiders are directly responsible for around 22% of security incidents. So, what is an insider threat and how can organizations protect themselves from their own people?
Importantly, there are two distinct types of insider threats, and understanding different motives and methods of exfiltration is key for detection and prevention. Types of Insider Threats The Malicious Insider
Malicious Insiders knowingly and intentionally steal data, money, or other assets. For example, an employee or contractor exfiltrating intellectual property, personal information, or financial information for personal gain. What’s in it for the insider? It depends.   Financial Incentives   Data is extremely valuable.Malicious insiders can sell customer’s information on the dark web. There’s a huge market for personal information—research suggests you can steal a person’s identity for around $1,010.   Malicious Insiders can steal leads, intellectual property, or other confidential information for their own financial gain—causing serious damage to an organization in the process.   Competitive Edge Malicious Insiders can steal company data to get a competitive edge in a new venture. This is more common than you might think. For example, a General Electric employee was imprisoned in 2020 for stealing thousands of proprietary files for use in a rival business. Unsurprisingly, stealing data to gain a competitive edge is most common in competitive industries, like finance and entertainment.   The Negligent (or Unaware) Insider 
Negligent Insiders are just “average” employees doing their jobs. Unfortunately, “to err is human”… which means people can—and do—make mistakes.   Sending a misdirected email   Sending an email to the wrong person is one of the most common ways a negligent insider can lose control of company data. Indeed, the UK’s Information Commissioner’s Office reports misdirected emails as the number one cause of data breaches.    And according to Tessian platform data, organizations with over 1,000 employees send around 800 misdirected emails every year. We’ve put together 11 Examples of Data Breaches Caused By Misdirected Emails if you want to see how bad this type of Insider Threat can get.   Phishing attacks   Last year, 66% of organizations worldwide experienced spear phishing attacks. Like all social engineering attacks, phishing involves tricking a person into clicking a link, downloading malware, or taking some other action to compromise a company’s security.   A successful phishing attack requires an employee to fall for it. And practically any of your employees could fall for a sophisticated spear phishing attack.Want to know more about this type of Negligent Insider threat? Read Who Are the Most Likely Targets of Spear Phishing Attacks?   Physical data loss    Whether it’s a phone, laptop, or a paper file, losing devices or hard-copy data can constitute a data breach.Indeed, in June 2021, a member of the public top-secret British military documents in a “soggy heap” behind a bus stop.   Looking for more examples of Insider Threats (both malicious and negligent?) Check out this article: 17 Real-World Examples of Insider Threats   How can I protect against Insider Threats?   As we’ve seen, common Insider Threats are common. So why is so hard to prevent them? Detecting and preventing Insider Threats is such a challenge because it requires full visibility over your data—including who has access to it.   This means fully mapping your company’s data, finding all entry and exit points, and identifying all the employees, contractors, and third parties who have access to it. From there, it comes down to training, monitoring, and security.   Training   While security awareness training isn’t the only measure you need to take to improve security, it is important. Security awareness training can help you work towards legal compliance, build threat awareness, and foster a security culture among your employees. Looking for resources to help train your employees? Check out this blog with a shareable PDF.   Monitoring   Insider Threats can be difficult to detect because insiders normally leverage their legitimate access to data. That’s why it’s important to monitor data for signs of potentially suspicious activity.   Telltale signs of an insider threat include: Large data or file transfers Multiple failed logins (or other unusual login activity) Incorrect software access requests Machine’s take over Abuse by Service Accounts Email Security The vast majority of data exfiltration attempts, accidental data loss incidents, and phishing attacks take place via email. Therefore, the best action you can take to prevent insider threats is to implement an email security solution.   Tessian is a machine learning-powered email security solution that uses anomaly detection, behavioral analysis, and natural language processing to detect data loss.   Tessian Enforcer detects data exfiltration attempts and non-compliant emails Tessian Guardian detects misdirected emails and misattached files Tessian Defender detects and prevents spear phishing attacks How does Tessian detect and prevent Insider Threats? Tessian’s machine learning algorithms analyze your company’s email data. The software learns every employee’s normal communication patterns and maps their trusted email relationships — both inside and outside your organization. Tessian inspects the content and metadata of inbound emails for any signals suggestive of phishing—like suspicious payloads, geophysical locations, IP addresses, email clients—or data exfiltration—like anomalous attachments, content, or sending patterns. Once it detects a threat, Tessian alerts employees and administrators with clear, concise, contextual warnings that reinforce security awareness training
Read More