Request a Demo of Tessian Today.

Automatically stop data breaches and security threats caused by employees on email. Powered by machine learning, Tessian detects anomalies in real-time, integrating seamlessly with your email environment within minutes and starting protection in a day. Provides you with unparalleled visibility into human security risks to remediate threats and ensure compliance.

Move beyond your SEG with Tessian’s SEG Consolidation Wizard  | Generate Report Now →

Tessian Blog

  • All
  • Customer Stories
  • Compliance
  • Email DLP
  • Integrated Cloud Email Security
  • Data & Trends
  • NULL
    array(14) { [0]=> object(WP_Term)#10785 (11) { ["term_id"]=> int(5) ["name"]=> string(16) "Customer Stories" ["slug"]=> string(16) "customer-stories" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(5) ["taxonomy"]=> string(8) "category" ["description"]=> string(155) "Read our latest Customer Stories, interviews and news. Learn how Tessian protects organisations in Financial Services, Legal, Technology and other markets." ["parent"]=> int(0) ["count"]=> int(46) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "2" } [1]=> object(WP_Term)#11048 (11) { ["term_id"]=> int(120) ["name"]=> string(10) "Compliance" ["slug"]=> string(10) "compliance" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(120) ["taxonomy"]=> string(8) "category" ["description"]=> string(143) "Read our latest articles, tips and news on Compliance including GDPR, CCPA and other industry-specific regulations and compliance requirements." ["parent"]=> int(0) ["count"]=> int(40) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "5" } [2]=> object(WP_Term)#11047 (11) { ["term_id"]=> int(116) ["name"]=> string(9) "Email DLP" ["slug"]=> string(20) "data-loss-prevention" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(116) ["taxonomy"]=> string(8) "category" ["description"]=> string(144) "Read our latest articles, tips and industry-specific news around Data Loss Prevention (DLP). Learn about the implications of data loss on email." ["parent"]=> int(0) ["count"]=> int(99) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "4" } [3]=> object(WP_Term)#11046 (11) { ["term_id"]=> int(2) ["name"]=> string(31) "Integrated Cloud Email Security" ["slug"]=> string(20) "human-layer-security" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(2) ["taxonomy"]=> string(8) "category" ["description"]=> string(301) "Integrated Cloud Email Security solutions were introduced as a new category, and positioned as the best defense against advanced phishing threats that evade traditional email security controls.  Learn more about what they are, the benefits of using them, and how you can best evaluate those on offer." ["parent"]=> int(0) ["count"]=> int(134) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "1" } [4]=> object(WP_Term)#11045 (11) { ["term_id"]=> int(486) ["name"]=> string(17) "Data & Trends" ["slug"]=> string(11) "data-trends" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(486) ["taxonomy"]=> string(8) "category" ["description"]=> string(0) "" ["parent"]=> int(352) ["count"]=> int(1) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "3" } [5]=> object(WP_Term)#11044 (11) { ["term_id"]=> int(341) ["name"]=> string(13) "Insider Risks" ["slug"]=> string(13) "insider-risks" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(341) ["taxonomy"]=> string(8) "category" ["description"]=> string(154) "Access Tessian's library of free data exfiltration posts, guides and trend insights. Acidental data loss, insider threats, and misdirected emails content." ["parent"]=> int(490) ["count"]=> int(39) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "2" } [6]=> object(WP_Term)#11043 (11) { ["term_id"]=> int(433) ["name"]=> string(14) "Remote Working" ["slug"]=> string(14) "remote-working" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(433) ["taxonomy"]=> string(8) "category" ["description"]=> string(163) "Access free tips from security leaders and new research related to remote working and hybrid-remote structures. Level-up your cybersecurity for a remote workforce." ["parent"]=> int(116) ["count"]=> int(16) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "1" } [7]=> object(WP_Term)#11042 (11) { ["term_id"]=> int(384) ["name"]=> string(7) "Podcast" ["slug"]=> string(7) "podcast" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(384) ["taxonomy"]=> string(8) "category" ["description"]=> string(345) "Cybersecurity podcast series on the human factor, discussing why we need to focus on people - not just machines and data - to stop breaches and empower employees. Tim Sadler, CEO of Tessian meets with business, IT and security leaders to flip the strict on cybersecurity and share best practices, cybersecurity challenges, threat intel and more." ["parent"]=> int(2) ["count"]=> int(9) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "1" } [8]=> object(WP_Term)#11041 (11) { ["term_id"]=> int(411) ["name"]=> string(14) "Threat Stories" ["slug"]=> string(14) "threat-stories" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(411) ["taxonomy"]=> string(8) "category" ["description"]=> string(155) "Tessian Threat Intelligence and Research team uncovers trends and insights in email security related to phishing, social engineering, and more. Learn more!" ["parent"]=> int(0) ["count"]=> int(24) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "3" } [9]=> object(WP_Term)#11040 (11) { ["term_id"]=> int(3) ["name"]=> string(22) "Advanced Email Threats" ["slug"]=> string(22) "advanced-email-threats" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(3) ["taxonomy"]=> string(8) "category" ["description"]=> string(166) "Get up to speed on the latest tips, guides, industry news and technology developments around phishing, spear phishing, Business Email Compromise, and Account Takeover" ["parent"]=> int(490) ["count"]=> int(154) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "6" } [10]=> object(WP_Term)#10791 (11) { ["term_id"]=> int(352) ["name"]=> string(15) "Life at Tessian" ["slug"]=> string(12) "team-culture" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(352) ["taxonomy"]=> string(8) "category" ["description"]=> string(149) "Learn more about Tessian company news, events, and culture directly from different teams. Hear from engineering, product, customer success, and more." ["parent"]=> int(0) ["count"]=> int(47) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "7" } [11]=> object(WP_Term)#11006 (11) { ["term_id"]=> int(435) ["name"]=> string(21) "Interviews With CISOs" ["slug"]=> string(21) "ciso-spotlight-series" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(435) ["taxonomy"]=> string(8) "category" ["description"]=> string(164) "Learn how to navigate the threat landscape, how to get buy-in, and how to break into the industry from these cybersecurity leaders from Shell, Penn State, and more." ["parent"]=> int(0) ["count"]=> int(33) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "8" } [12]=> object(WP_Term)#11007 (11) { ["term_id"]=> int(436) ["name"]=> string(16) "Engineering Blog" ["slug"]=> string(16) "engineering-blog" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(436) ["taxonomy"]=> string(8) "category" ["description"]=> string(134) "Tessian's engineering team shares tips for solving complex problems. Get advice related to QAs, 502 errors, team management, and more." ["parent"]=> int(352) ["count"]=> int(18) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "1" } [13]=> object(WP_Term)#10780 (11) { ["term_id"]=> int(434) ["name"]=> string(16) "Cyber Skills Gap" ["slug"]=> string(16) "cyber-skills-gap" ["term_group"]=> int(0) ["term_taxonomy_id"]=> int(434) ["taxonomy"]=> string(8) "category" ["description"]=> string(149) "Learn more about the cybersecurity skills gap and cybersecurity gender gap. Research and interviews with industry leaders and champions of diversity." ["parent"]=> int(435) ["count"]=> int(19) ["filter"]=> string(3) "raw" ["term_order"]=> string(1) "1" } }
Life at Tessian
Tessian Launches Advanced Email Threat Response Capabilities for Security Teams
by Tessian Tuesday, April 25th, 2023
Dramatically faster solution that quickly identifies and responds to email threats through proactive threat hunting capabilities and automated response to end-user reported emails.  Quickly pivot between email events and prioritize response workflows through powerful search queries. Continuously improve prevention via a feedback loop to Tessian’s behavioral based AI detection. Boston, MA – April 25, 2023 – Tessian, a leading Integrated Cloud Email Security company, today announced the general availability of Tessian Respond, a major improvement in how security teams identify and respond to email threats compared to traditional secure email gateway solutions.  Security teams today face a backlog of end-user reported email threats, missed attacks by traditional controls, and spend too much investigating and remediating individual emails. Tessian Respond enables security teams to quickly identify and respond to all email threats by offering proactive threat hunting capabilities and enabling response and remediation for end-user reported emails. Security admins can now use powerful search queries that leverage intelligence and threat indicators from across the entire Tessian platform. Hundreds of world leading organizations trust the Tessian Cloud Email Security Platform which offers the industry’s most complete set of capabilities required for cloud email security: Tessian Defend, Tessian Protect, Tessian Respond, and Tessian Coach, in a simple to deploy model.  “At Tessian, we are focused on helping our customers eliminate email based threats,” said Allen Lieberman, Chief Product Officer of Tessian. “As customers pivot to cloud based email platforms, they are reconsidering their email security stack to prevent more threats and simplify operations.  With the introduction of Tessian Respond, combined with our existing Defend, Protect, and Coach capabilities, Tessian has established a platform that can be deployed in minutes, dramatically reducing email based risk and greatly simplifying operations”.  “Tessian stops email threats, including Phishing, Business Email Compromise and attacks that could lead to Ransomware or Credential theft on a daily basis,” said Jason Patterson, Senior Director of InfoSec, Compliance and Risk Management at Nasuni. “Without Tessian, these threats would have reached our end users. The platform is easy to use for both administrators and end users. However, investigating the larger impact of an email threat used to take 20 minutes or longer, due to pivoting between multiple tools and powershell scripts. With Tessian Respond, we can now pivot directly from a security event to an investigation in the Tessian platform that allows us to quickly understand the broader risk and remediate the full attack campaign in just a few clicks”. About Tessian Tessian’s mission is to secure the human layer by empowering people to do their best work, without security getting in their way. Using machine learning technology, Tessian automatically predicts and eliminates advanced threats on email caused by human error – like data exfiltration, accidental data loss, business email compromise and phishing attacks – with minimal disruption to employees’ workflow. Founded in 2013, Tessian is backed by renowned investors like Sequoia, Accel, March Capital and Balderton Capital, and has offices in San Francisco, Boston and London.
Read Blog Post
Life at Tessian
Tessian is First Email Security Platform to Fully Integrate with M365 To Provide Threat Protection and Insider Risk Protection
by Tessian Tuesday, April 25th, 2023
First to deliver a fully integrated deployment experience of the Microsoft Graph API and M365 Add-in to protect against both email threats and insider risk Deploy complete email security in minutes via Tessian’s integration with Microsoft 365 Simplified experience for end-users with native Office 365 integration Boston, MA – April 25, 2023 – Tessian, a leading Integrated Cloud Email Security company, today announced the release of a new M365 Add-in, simplifying the deployment of the Tessian Cloud Email Security Platform. Tessian’s M365 Integration is the first to offer click-through deployment that combines both Microsoft’s Graph API and Office Add-In to provide email threat protection and insider risk protection in minutes, without the need to deploy or maintain client-side code or a gateway. Many security teams today are moving to M365 environments and trying to secure their enterprise from email threats and data loss without impacting end-user experience. Historically, legacy email security tools used time consuming and complex deployment mechanisms like client-side code and gateways. These legacy methods could cause disruption to mail flow, required ongoing maintenance, and often provided poor end-user experiences. Tessian is solving these problems by enabling the full deployment of the Tessian Cloud Email Security Platform through the combination of two native Microsoft integrations – Graph API and Office Add-In –  which are deployed via an intuitive, click-through process. Customers can deploy complete email security in minutes without the traditional deployment challenges of email disruption, ongoing maintenance, changing MX records, or client-side code and gateways. Hundreds of world leading organizations trust the Tessian Cloud Email Security Platform, which now offers a simplified deployment and better end user experience for Microsoft 365 environments. With Tessian’s M365 Integration, including the newly available M365 Add-In, customers leveraging M365 benefit from the full capabilities of the Tessian Complete Email Security Platform to proactively secure email while offering an improved experience for end-users and security teams. “Many customers are moving to Microsoft 365 for their email platform,” said Allen Lieberman, Chief Product Officer of Tessian. “Tessian is leading the way with our integration across Microsoft technologies to deliver leading cloud-based email security and insider risk protection from the same platform, deployed in the simplest way possible.”  The M365 Add-in launch accompanies the launch of Tessian Respond to deliver a complete set of cloud email security capabilities – Tessian Defend, Tessian Protect, Tessian Respond, and Tessian Coach – all in a simple to deploy model.  About Tessian Tessian’s mission is to secure the human layer by empowering people to do their best work, without security getting in their way. Using machine learning technology, Tessian automatically predicts and eliminates advanced threats on email caused by human error – like data exfiltration, accidental data loss, business email compromise and phishing attacks – with minimal disruption to employees’ workflow. Founded in 2013, Tessian is backed by renowned investors like Sequoia, Accel, March Capital and Balderton Capital, and has offices in San Francisco, Boston and London.
Read Blog Post
Integrated Cloud Email Security, Product Updates
Respond Faster. Prevent More.
by Bob Boyle Tuesday, April 25th, 2023
Tessian Complete Cloud Email Security Platform defends against inbound email threats, protects your most sensitive data from being lost via email, helps security teams respond to email security incidents faster and more efficiently, while coaching end-users to drive better security decisions When evaluating email security solutions, security professionals care about one thing over anything else: will this help us prevent more threats?  The irony is, security solutions themselves have become one of the main drivers as to why security teams aren’t preventing more threats in the first place. Legacy gateway solutions are time intensive, manual and inefficient – meaning security teams simply don’t have the time, tools or patience to effectively manage their email security posture. Security teams today often rely on rule-based prevention policies or end-user reporting to first identify email risk, and then use between 2-5 different security tools to perform investigation and remediation workflows. For every individual email threat, this process can take 30 minutes on average – and sometimes, more.  This means if an organization sees any more than 15 potential email threat alerts, one single security team member may lose a full day of work.
Between a backlog of end-user reported emails, attacks that have bypassed traditional controls and inefficient email response workflows, security teams spend too much time responding to advanced email threats. It can take days, due to archaic tooling and approval processes, for organizations to remove known malicious emails from an enterprise, exposing the company to extended risk.  In order to prevent more threats, security teams need a solution that will help them cut through the noise, enhance their risk detection, and increase their response efficiency. This is exactly why we’ve built Tessian Respond. 
Tessian Respond is the fastest solution for security teams to quickly identify and respond to email threats by offering threat hunting capabilities and the automated response to end-user reported emails. Tessian Respond makes it easy for security teams to quickly pivot between email security events and response workflows, to better understand the full scope of an attack and make an informed response decision based on the risk. 
Powerful search queries leveraging data and threat indicators from the entire Tessian platform – such as Subject, URLs, or even File Hash Values – now allow security teams to investigate if a single email alert is an isolated incident, or part of a broader attack campaign across the organization. End-user reported emails will be ingested from any existing report phish button and prioritized by highest risk using a combination of machine learning algorithms and customer defined policies. Tessian Respond automatically classifies end-user reported spam and false positives, which enables the security team to quickly focus their time on legitimate higher risk email threats.  The ability to quickly detect and identify email risk does not, however, completely solve the problem that security teams are dealing with today. In order to enable more prevention, security teams need the ability to remediate existing email threats… FAST. Tessian Respond gives security teams bulk remediation actions directly within investigation workflows to quickly remove threats from the environment and reduce the organization’s attack surface moving forward. With a continuous feedback loop directly into Tessian’s behavioral based AI detection algorithm, every email marked as malicious, reported as spam, and removed from the inbox  improves Tessian’s understanding of an organization’s normal email behavior and helps Tessian improve prevention overtime. Security teams will benefit from Tessian Respond by spending less time triaging across multiple legacy email security solutions, manually remediating email threats with PowerShell scripts, and maintaining an overwhelming list of reactive rule-based prevention policies. Tessian Respond gives security teams the freedom and flexibility they need to do what is most important to them: prevent more threats.
When evaluating email security solutions, security professionals can be confident in one thing over anything else: Tessian enables security teams to respond faster, and as a result, prevent more threats.
Read Blog Post
Beyond the SEG / Microsoft + Tessian, Product Updates
Tessian Launches Complete M365 Integration
by James Alliband Tuesday, April 25th, 2023
We are excited to announce the release of our M365 Add-In, simplifying the deployment of the Tessian Cloud Email Security Platform. Tessian’s M365 Add-In (Office Add-In) comes together with the M365 API (Microsoft Graph API) to offer the M365 Integration an industry-first click-through deployment with Microsoft 365 providing email threat defense and insider risk protection in minutes, without the need to deploy or maintain client-side code or a gateway. The decline of gateway security solutions The effectiveness of legacy approaches to email security has been in the crosshairs for quite some time, primarily due to the declining effectiveness of Secure Email Gateway (SEG) and the pervasiveness of threats hitting inboxes, with email responsible for over 90% of cyber attacks.  Now Gartner predicts that by 2025, 85% of organizations will embrace cloud-first principles. This rapid acceleration to the cloud has opened up a world of possibilities for seamless integrations with cloud security providers. Most enterprises adopt cloud-hosted productivity suites such as Microsoft 365, which natively provides SEG capabilities. But it’s more than just a duplication of capabilities. The rapid shift to the cloud and the ever-changing threat landscape has exposed a once sturdy and reliant email defense to become vulnerable and ineffective in safeguarding users and data from advanced threats and insider risks.  Today security leaders are abandoning their point solution demanding SaaS solutions that integrate with their cloud solutions—removing that once overburdening, legacy solution for a more intelligent and straightforward approach.  Rise of Cloud Email Security?
The email security market was on hold for years. But then, according to the Verizon Data Breach Report, in 2022, human error was responsible for 82% of breaches. On average, phishing and business email compromise cost an organization $4.9 million annually, ten times the cost of DDOS and ransomware attacks combined. The need for a new approach to email security is no longer a choice. These solutions have not disappointed. The Rise of Cloud API-Enabled Email Security. CAPES/ICES solutions that have capitalized on a market ready for change.  M365 Integration. Effortless for the security team. Today Tessian has introduced an Integration that places power back into the security team’s hands—integrating in seconds with your M365 environment, leaving you protected in minutes.  However, this Integration comes with a difference. As with most ICES vendors, they are integrated via a graph API into the cloud-productivity suite, focused only on threats coming into the organization. Because of this, they are still leaving the organization exposed to insider risks and sensitive data loss. They are still operating as a point solution, unable to replace legacy email controls fully.  Tessian’s M365 Integration is different. A new and simple integration consisting of the M365 API (Graph API) and M365 Add-In (Office Add-In) allows complete email protection against a wide range of threats. The Integration requires Mailbox API Connection and an XML manifest file to be uploaded to the M365 Admin center.
This deployment follows just a few simple steps: Enable connection to M365 Tenant Grant required permissions to enable email security  Add directory groups to sync  Add mailboxes by group, user, or both to protect required end-users. Download the M365 Add-In manifest file and upload it to the M365 Admin Center.
Once the API has synced and the manifest is deployed when a user next opens a supported Outlook client Tessian’s Cloud Email Security Platform protects them. What is an Office Add-In Office Add-Ins (sometimes called Web Add-Ins) allow 3rd parties to build solutions that extend to Microsoft 365 applications. These solutions can run in Microsoft 365 applications, such as Outlook, across multiple platforms, including Windows, MAC, iPad, and a browser. Office Add-Ins are deployed centrally in the M365 Admin Center and don’t involve rolling out client-side software or routing emails through a gateway. They have low management overhead, no complex configurations, and no manual updates meaning security teams can focus on what matters most—protecting their organization. Integration flows The M365 Add-In (Office Add-In) requires M365 API connections to be fully functional, which is why the M365 Integration exists. As both are required to secure an organization, Tessian has built them together to make deployment as simple and easy as possible.  This new level of protection means that when the email check process starts, the M365 Add-In intercepts the email, checks the email with the Tessian Cloud Email Security Platforms behavioral intelligence model, and then the result is returned, either allowing the email to be sent or showing a warning message to the end-user and preventing a potential data loss incident.
Mistakes happen, and end-users should know they are protected.  When end-users receive or send an email, they know an automated check will occur to prevent an advanced phishing attack from hitting their inbox. 
Likewise, when a mistake happens, such as autocomplete on an email address, an end-user is warned of the potential error to not only avoid the potential data breach, but they are coached in the moment.  If the email is okay, the email continues on to its desired destination.
The time is now Tessian is built with simplicity and speed to protection in mind. And when 82% of breaches are caused by human error, the time is now to ensure you have the best email protection deployed.  Hundreds of the world’s organizations trust the Tessian Cloud Email Security Platform, which now offers a simplified deployment and better end-user experience for Microsoft 365 environments.
Read Blog Post
Beyond the SEG / Microsoft + Tessian, Advanced Email Threats
Tessian in Action: This Attack Got Through a SEG and M365, but Not Tessian.
by Tessian Threat Engineering Group Tuesday, March 28th, 2023
Cyber attacks are getting more sophisticated and more targeted. In this Tessian in Action update we explore how an attack got through legacy security solutions, but not Tessian.  Legacy security solutions just aren’t able to combat advanced threats over email the way that Integrated Cloud Email Solutions can. At Tessian, we’re seeing more and more attacks bypass traditional secure email gateways only to be stopped by our platform. The attack below sailed right through the client’s SEG and their Microsoft 365 defenses, only to be flagged by Tessian. The client, a medical firm, handles highly sensitive data and personal identifiable information. Fines from PII data breaches can be huge. In February 2023 Arizona-based Banner Health was fined $1,250,000 following a 2016 breach.
The target of the attack The attackers had clearly done their research, as this attack was specifically targeted at the client’s Chief Legal Officer, and one other senior member of the legal team. They were both targeted with a malicious URL sent from a look alike domain. The timing of the attack was 12-1 UTC, which was in the morning of the client’s location, perhaps in an attempt to catch them early and be top of their inbox.  Stopped dead in its tracks This attack was able to get past the client’s SEG and MS365 but Tessian flagged it as an impersonation attack. Tessian also identified the URL as malicious, and the fact it was a first time sender. Tessian’s Behavioral Intelligence models detected additional anomalies increasing our confidence score to 100/100. Consequently, this email never reached either of the recipients. The security team at the organization are well aware that attacks against their exec team can have devastating consequences. In fact, the security team that highlighted this attack to Tessian are highly active with the Tessian portal, and so quarantined it themselves, but had they not, Tessian Defender would have hard-quarantined this email or displayed a warning message to end users, coaching them and raising their security awareness ‘in the moment’.  It’s situations exactly like this that more and more firms are facing. Tessian was built exactly to stop these kinds of highly targeted attacks that slip by existing and legacy solutions. If you’d like to see how Tessian can better protect your organization, find out more with our Microsoft + Tessian Solutions Guide.
Read Blog Post
Advanced Email Threats
Tessian in Action: Phishing Attack Sends Credentials to Telegram
by Tessian Threat Engineering Group Monday, March 27th, 2023
Contributors : Catalin Giana & Razvan Olteanu In this example of Tessian in Action members of our Threat Intel Team saw this Microsoft credential attack target several of Tessian’s customers. There are four interesting things to note in this attack.  There was a zipped set of password instructions attached Within that was HTML that hid obfuscated Javascript which forwarded to a credential harvesting site The attack had a custom sender name for each individual attack Any successfully captured credentials were forwarded to Telegram. Here’s how the attack sequence worked. The email came as a Microsoft impersonating campaign with a zip file attached containing password instructions. Much like a sealed present, the hope was that the user would unpack the zip file to see what was in it, believing it to be legitimate.  
The copy in the email backs this up by specifically asking the user to unzip and follow the instructions within. There’s also an implied sense of urgency about the account expiring in the next 24 hours, which is further encouragement for the user to act.  It’s worth noting the ‘in the moment’ warning provided by Tessian at the top of the email here. Tessian adds custom warnings like this to Outlook (it looks a little different for gmail) to provide ‘in-the-moment’ security awareness for end users. Depending on how you have Tessian configured, and what our confidence score of threats are, we can either hard quarantine (as we did in this case) or add a warning and release to the user. You can see more on how Tessian protects against threats like these here. Upon downloading and unzipping the archive the team found malicious HTML. When executed it shows that it loads something from Microsoft Sharepoint which finally redirects to a Microsoft login phishing page.
Adding user credentials causes a script to execute which then queries, to determine the IP address. It then attempts to pass the response along with the password entered directly to a telegram group using Telegram’s api.
Let’s look now at that HTML in detail.  Original form: The html contains multiple chunks of base64-encoded Javascript that needs decoding manually and concatenating in order to find the original script. Doing that reveals a new obfuscated Javascript that is hex-encoded and has appended some base64 code at the end.
After removing the hex code character and adding all the other base64 encoded chunks the original script looks like this.
Read Blog Post
Beyond the SEG / Microsoft + Tessian, Threat Stories, Advanced Email Threats
Tessian in Action: Microsoft Credential Scraping Attempt
by Tessian Threat Engineering Group Monday, March 20th, 2023
Recently Tessian’s Threat Engineering Group identified an emerging threat detected by Tessian Defender targeting around 45 of our customers. The campaign was an email credential harvesting attack and was not detected by Microsoft Exchange Online Protection (EOP) when the attack began.  Anatomy of the attack The attack email was able to bypass legacy security solutions, like secure email gateways, as well as Microsoft 365. Let’s explore some of the reasons why it was able to do that: Firstly, the email was ‘sent’ by Amazon Simple Email Service (SES), which is a common tool leveraged by attackers to send automated attacks. However, the display name impersonated the company being targeted, no doubt attempting to add legitimacy, • The display name was actually dynamically generated, taking the first three letters of the recipient address and pretending to be the company name. • This is done to avoid basic aggregation and detection methods by secure email gateways and native security controls of email providers. • Looking at the subject of the email, it’s fairly innocuous, and again a rule in a SEG to flag the word ‘payment’ would trigger hundreds of false positives. • Finally, the body of the email itself is benign, simply stating “Please consider the environment before printing this email”. If anything, the attack attempt is a little too spartan in content, which might have raised suspicions in the user that received it.
Let’s now look at the HTM attachment, which contains JavaScript, which is encoded (below)
And when decoded twice it looks like this. Note that some of the content is still encoded.
All this encoding and obfuscation is attempting to hide the fact that the script redirects the user to a credential harvesting form. The form is hosted on a domain registered one day before the first phishing email was seen on the Tessian network. What’s more, to add legitimacy, the customer’s logo is hosted at the top of the form. Remember, this attack went to several organizations, so the logo must be dynamic. It’s therefore likely that it was scraped by the attacker using automated tooling. The user the “username” field is already pre-populated with the recipient’s email address. Again, adding legitimacy and lower the amount of effort for the recipient to share their password. Finally, when the password is entered, it is posted to a PHP script hosted on the same domain.
How did Tessian Defender detect this threat? So how did Tessian Defender stop this threat when SEGs and Microsoft 365 didn’t? Well, as well as detecting unusual file characteristics, Tessian’s Behavioural Intelligence models detected additional anomalies increasing our confidence score to 100/100. They are as follows:   The recipient company name was used in the display name.  The recipient has no historical relationship with the sender. Multiple emails were sent to each customer in a short period of time, to unconnected employees, this is known as a bust attack.  Tessian’s Natural Language Processing (NLP) models classified the email as being payments-related Depending on the specific customer configuration, Tessian Defender either hard-quarantined this email or displayed the following warning message to end users, coaching them and raising their security awareness
Indicators of Compromise (IOCs) Tessian Threat Engineering Group reacted to add the below IOCs to the Tessian Unified Threat Interface. We recommend readers do the same Sender Address: jorgezamora@powderiverdev[.]com Credential Harvesting Site Domain: https://emdghouseltd4[.]pro
Contributors: Ed Bishop and Catalin Giana.
Read Blog Post
Beyond the SEG / Microsoft + Tessian
Tessian Recognized as a Representative Vendor in the 2023 Gartner® Market Guide for Email Security
by James Alliband Monday, March 20th, 2023
Tessian is honored that Gartner has recognized us as a Representative Vendor for Integrated Cloud Email Security (ICES) in the 2023 Market Guide for Email Security. Within the report, Gartner recommends that security and risk management leaders should: “Supplement the native capabilities of your existing cloud email solutions with third-party security solutions to provide phishing protection for collaboration tools and to address both mobile- and BEC-type phishing scenarios.” According to the report, “The migration to cloud email platforms continues along with a significant increase in the number of phishing attacks.” Further in the report Gartner states, “Impersonation and account takeover attacks via business email compromise (BEC) are increasing and causing direct financial loss, as users place too much in the identities associated with email, which is inherently vulnerable to deception and social engineering.” The report informs its readers, “email continues to be a significant attack vector for malware and credential theft through phishing. An estimated 40% of ransomware attacks start through email. Cloud adoption continues, with an estimated 70% using cloud email solutions.  
Gartner recommends that security and risk management leaders responsible for email security should:  Supplement the native capabilities of your existing cloud email solutions with third-party security solutions, to provide phishing protection for collaboration tools and to address both mobile- and BEC-type phishing scenarios.  Use email security solutions that include anti-phishing technology for targeted BEC protection that use AI to detect communication patterns and conversation-style anomalies, as well as computer vision for inspecting suspect URLs. Select products that can provide strong supply chain and AI-driven contact chain analysis for deeper inspection and can detect socially engineered, impersonated, or BEC attacks.  Prioritize integration of email security solution APIs to enable integration of email events into a broader XDR or security information and event management (SIEM)/security orchestration, analytics and reporting (SOAR) strategy.
While email security has come a long way since its inception around 2000, the greatest external threats facing on-premise mail servers at the time were bulk unsolicited mail and spam. But today, the world has changed. As Gartner refers to in the report, now an estimated 70% of organizations are using cloud email solutions. This rapid shift to the cloud has opened up a new threat to landscape security. Risk management leaders must uncover and learn how to protect themselves from it. Regarding email, the effectiveness of safeguarding this unsolicited domain has been in the crosshairs for quite some time. Today email is the entry point responsible for over 90% of cyber attacks.   
But why is this the case?  The rapid shift in moving to the cloud allowed cyber criminals a huge opportunity; an opportunity grabbed with both hands. Email security, while being in the crosshairs, has been largely untouched for many years. Organizations holding significant investments in their Secure Email Gateway (SEG) protect their internal network from the outside world. Still, it isn’t as though these solutions deteriorated overnight, but the world around them did. Secure Email Gateways were built to address security concerns in a forgone, cloud-adverse world. They were once the gold standard in email security. But the rapid shift to the cloud and ever-changing threat landscape exposed this once sturdy and reliant email defense to become vulnerable and ineffective in safeguarding users and data from advanced threats and insider risks.  Further to this, Microsoft and Google have pressured this space. Now offering overlapping capabilities of a Secure Email Gateway (SEG) solution within the cloud productivities platforms allowing organizations to streamline their email security approach, simplify their security stack and reduce cost and complexity. But while this is a positive for security and risk management leaders, Gartner states in the report that “threat actors are also getting more sophisticated, often targeting the end users using fake login pages as a way of harvesting credentials. Sophisticated email threats include compromised websites and weaponized documents used to deploy malware. Many ransomware-as-a-service gangs use email as the initial entry point. Beyond malware, business email compromise and account takeover threats continue to rise, with significant financial losses as a result”. 
Combatting this new wave of attacks  Now it is recommended to consolidate overlapping gateway capabilities into Microsoft 365 to help CISOs reduce cost and complexity while cautioning that CISOs should carefully evaluate the native capabilities offered by cloud email systems and ensure that they are adequate to prevent a sophisticated attack. An argument can be made that “complexity” remains at the heart of Microsoft’s licensing model. Microsoft has numerous packaging options, bundles, and add-ons. Knowing where they differ and overlap is vital to understanding what you have access to today and effectively leveraging native security capabilities to secure your email environment.
At Tessian we believe that organizations need to go beyond their SEG and that a Microsoft + ICES email security stack is the future of email security. Gartner recommends that to combat this new wave of attacks, email security solutions need to use a variety of more-advanced detection techniques, including, but not limited to, Natural Language Processing, Natural Language Understanding, and Social Graph Analysis. Gartner states, “ICES solutions go beyond simply blocking email by adding context-aware banners warning users. This means that the threshold for false positives can be higher and can also reinforce security awareness training. Often, a mechanism for reporting phishing is included, either as part of the email client or as another banner inserted into the email body.” Microsoft + Tessian = Comprehensive security This is where an intelligent cybersecurity solution like Tessian Cloud Email Security Platform comes into play, providing advanced email threat protection and insider risk protection on email. With Tessian, no mail exchange (MX) records need to be changed. Tessian can construct a historical user email pattern map of all email behavior in the organization. The algorithm can then detect and prevent threats that Microsoft or SEGs have failed to detect. 
This dynamic protection improves with each threat that is prevented. Unlike the in-line static nature of SEGs, it ensures 24/7 real-time protection against all attack vectors, including insider threats. That is why the leading enterprises opt to displace their legacy SEG and augment Microsoft’s native security capabilities with Tessian. Gartner, Market Guide for Email Security, Ravisha Chugh, Peter Firstbrook, Franz Hinner, 13 February 2023 GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally, and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Read Blog Post
Attack Types, Threat Stories, Advanced Email Threats
Dozens of SVB and HSBC-themed URLs Registered
by Tessian Threat Engineering Group Wednesday, March 15th, 2023
As we explored 48 hours ago, the recent turbulence in the banking sector provided a potential opportunity for threat actors to launch attacks. So it comes as no surprise that we’re starting to see domains spun up for just such purposes. Tessian’s Threat Intel Team have been monitoring the situation as it unfolds, and found that multiple domains featuring both SVB and HSBC were registered. Malicious domains are being added to Tessian’s Unified Threat Feed to proactively protect our customers from future phishing attacks. What is interesting about this is that some are for legitimate, if a little unorthodox, activities like driving traffic, marketing and selling merchandise. It’s in this ‘fog of war’ that bad actors like to hide, and clearly some have been registered with attacks in mind. So let’s look at those first.  Siiiconvalleybank[.]com and siliconvalleybonk[.]com have clearly been set up to launch impersonation attacks, hoping people don’t notice those typos in the URLS. Other examples include myaccount-hsbc[.]com and thesiliconvalleybank[.]com. Meanwhile Svb-usdc[.]com and svb-usdc[.]net are both already set up to launch phishing attacks.
Google is already blocking these and alerts any visitors to that effect. Exploring beyond that warning reveals a ‘lookalike’ site offering a reward program and clicking ‘claim’ opens a QR code.
Fake URLs to drive traffic Some of the newly registered URLs are also being used to drive traffic.[.]in uses HSBC brand in order to gain more traffic for an Indian-based website with adult content. Meanwhile SVBlogin[.]com loads up All Day Capital Partners website offering to ‘help’ SVB customers. Many of the others are cybersquatting, no doubt hoping to sell on, while others registered but don’t contain any content or redirect, as if waiting to see how things pan out. Perhaps one of the oddest is svbbankrun2023[.]com, which hosts a merchandise shop selling SVB-themed items.  
Tessian Recommends: The following list should be used as a blocklist at your own risk, but we advise adding the newly registered domains on a watchlist for monitoring purposes. Here’s a full list of SVB and HSBC URLs we’ve documented so far.    Hsbcsvb[.]com Siiiconvalleybank[.]com Login-svb[.]com Svbankcollapseclaimants[.]com Svbankcollapselawsuit[.]com Svblawsuits[.]com[.]in Svbanklegal[.]com Svbankcollapse[.]com Svbankcollapseclaims[.]com siliconvalleybankfilm[.]com siliconvalleybankcrash[.]com siliconvalleybankcollaps[.]com siliconvalleybankcolapse[.]com siliconvalleyfederalbank[.]us silliconvalley[.]ink siliconvalleyfederalbank[.]net siliconvalleybank-usdc[.]com siliconvalleybonk[.]com ziliconvalley[.]sk siliconvalleybankcustomerservice[.]com siliconvalleybankhelp[.]com siliconvalleyentrepreneursbank[.]com siliconvalleybankcreditors[.]com siliconvalleyentrepreneurbank[.]com siliconvalleybankclasaction[.]com wwwsiliconvalleybankclassaction[.]com siliconvalleybankfailures[.]com siliconvalleybanksettlement[.]com siliconvalleybank[.]xyz siliconvalleybank[.]lol siliconvalleyfederalbank[.]biz siliconvalleyfederalbank[.]lol siliconvalleybankmovie[.]com siliconvalleybank[.]biz siliconvalleybn[.]com siliconvalleybanklawsuit[.]com siliconvalleybankclassaction[.]com siliconvalleybankreceivershipcertificate[.]com siliconvalleybankcollapse[.]com siliconvalleybust[.]com svbbankrun2023[.]com svbalternative[.]com svbankclassaction[.]com svbanklawsuit[.]com svb-cash[.]com svbfdic[.]com svbwiki[.]com svbcollapseexplained[.]com banksvb[.]com svbcollapse[.]net svbbailout[.]org fucksvb[.]com svbcoin[.]xyz svbchain[.]xyz svb-usdc[.]com svb-usdc[.]net svbfailure[.]com svbopenletter[.]com svbplaintiffs[.]com svbinfo[.]com svbbankrun[.]com svbrecovery[.]com svbmeltdown[.]fyi wefundsvbclients[.]com svbreceivership[.]com svblogin[.]com svbcollapse[.]com svbclaim[.]com svbdebt[.]com svbclaims[.]net svbbailout[.]com svbi[.]io svbank[.]com hsbcbdubai[.]com hsbc079[.]com hsbc757[.]com Hsbc736[.]com hsbc119[.]com hsbc719[.]com hsbc938[.]com Hsbc891[.]com Hsbc-premium[.]com Hsbckyc[.]com Hsbclogin[.]co Myaccount-hsbc[.]com Thesiliconvalleybank[.]com 1svb[.]com Circle-svb[.]com Svb2023[.]com Svbgate[.]com Svbtoken[.]com Svbnfts[.]com whatissvb[.]com
Read Blog Post
Attack Types, Threat Stories, Advanced Email Threats
The Current SVB Banking Crisis Will Increase Cyberattacks, Here’s How to Prepare
by Tessian Threat Engineering Group Monday, March 13th, 2023
The recent banking turmoil involving Silicon Valley Bank and Signature Bank sent shockwaves through technology firms globally as they scrambled to transfer their capital, secure payroll, and pay their bills. However, this mass changeover in banking details is exactly the situation that breeds targeted cyberattacks. Although the swift intervention of The Federal Reserve, The Bank of England, HSBC and others helped calm the liquidity crisis, a cyber threat crisis is likely now brewing as threat actors spin up a host of impersonation attacks and campaigns. The Tessian Threat Intel Team has already seen dozens of SVB and HSBC-themed URLs registered, some of which are used to launch phishing campaigns. 
Money, distraction, urgency Bad actors are driven by money. And there is a lot of money at play with this crisis. The streaming firm Roku indicated it has about $487 million in deposits at SVB. They are likely making changes now to diversify where they deposit this money and, accordingly, updating wiring instructions to reflect these new banking relationships. In their Q4 Risk Insights index, Corvus Insurance indicated 28% of all claims in Q4 2022 were due to fraudulent funds transfers. Threat actors relish the confusion and rapid changes that come with a crisis like this. The sheer number of updates to wiring instructions increases the chances that standard operating procedures around changing wiring instructions are ignored. Common operating procedures around changing wiring instructions might include (a) verifying the authenticity of each request by calling the person (using a known, existing phone number, not one provided in a new email) (b) implementing a call-back verification system for each vendor when any wiring instructions are changed, and (c) implementing dual control and multiple “eyes” on every wire change request. Tessian is already seeing genuine email traffic related to changing wiring instructions and expects to see advanced attacks leveraging this crisis soon. Finally, the scale of this crisis is huge and information about it is widespread. There are a large number of affected entities – Reuters published a list detailing not only the firms affected but their financial exposure – ensuring a target rich environment for the bad guys.
Fraudulent (and genuine) wire transfers The top 2 common attack vectors with fraudulent funds transfers are (1) impersonation attacks and (2) targeted phishing attacks. In an impersonation attack, the bad actor impersonates someone or some company that is known to the organization. They will typically do this by registering a new domain name that is largely similar to the targeted company’s domain.
In this example, the attacker registered a new domain name ( which looks similar to They are reaching out to the finance department at Acme to request a change in bank accounts for future payments. Sophisticated attackers will conduct research using publicly available information (10-K annual reports, LinkedIn blog posts, LinkedIn connections to the CFO or Accounts payable personnel, and any website mentions) to build a convincing approach.  A targeted phishing attack would use similar impersonation methods while attempting to gain access – either electronically with a username and password or via socially engineered approach – to implement a fraudulent funds transfer. In the below example, the attacker is impersonating a known, trusted domain and attempting to gain access to an accounts payable employee. 
Recommended next steps Tessian’s Threat Engineering teams are monitoring our datasets closely for emergent threat signals and updating Tessian’s Global Threat Library and Behavioral Intelligence Model in response. Our existing Defender customers will automatically benefit from this protection. In addition, we are recommending the following steps to further protect our existing customers: Deployment hygiene: review your deployment coverage to ensure Defender’s protection is configured to apply to all mailboxes on all devices. Schedule a deployment health-check.  Enable warnings for money requests: for additional protection, Defender Customers can leverage Defender’s Custom Protection to detect and warn users when an email “requests money”.  Reinforce approval processes: work with your finance teams to revise and review your payment approval workflows, and consider adding an additional internal verification layer to account for the increased risk 
How Tessian stops wire fraud attacks Built ready: The SVB crisis and other events like this are exactly the sort of thing Tessian was built to handle. Tessian covers fraudulent fund transfer attacks and other scenarios that are difficult to detect and that are often missed by legacy email security tools. Tessian is built to detect and prevent any variations of wire fraud attacks.
Spotting imposters: Tessian catches thread hijacking attempts by looking for subtle indications of domain spoofing and small changes in behavior that suggest the sender isn’t who they say they are.  Custom protection: All Tessian customers have access to an additional layer of protection that allows them to educate users at the point of receiving a suspicious email including those involving fraudulent funds transfers. Defender’s Custom Protection gives organizations an additional layer of security by alerting users when an email triggers specified conditions. This provides further fine tuning around threats specific to your organization or specific groups within your organization.
Proactive defense: As this situation evolves, Tessian’s Threat Engineering Team are closely monitoring incoming emails for new phishing tactics and upward trends in existing ones, continuously improving the breadth and accuracy of the protection we provide to our customers. Our threat intelligence team can also respond to new phishing campaigns in a matter of minutes by updating our global threat library, ensuring that all of our customers are protected against malicious sender domains and URLs. Guidance: While we may see more basic attacks leveraging the SVB crisis initially, threat actors will quickly evolve in sophistication to take advantage of the sheer volume of wire changes occurring to better target organizations. Legacy email security tools that use rules and policies are more likely to miss these attacks or report large numbers of false positives. Tessian’s guidance to our customers and anyone else is to expect a significant uptick in volume and in quality (more convincing) attacks on your employees over the coming weeks and months. See Defender in action (video) or request a free trial of Tessian to start detecting wire fraud attacks today.
Read Blog Post
Beyond the SEG / Microsoft + Tessian, Advanced Email Threats
Why You Should Download the Microsoft 365 + Tessian Guide
by Bob Boyle Thursday, March 9th, 2023
With Business Email Compromise (BEC) attacks remaining the number one cybercrime in 2022, and 82% of data breaches involving humans – email continues to be the largest threat vector for any organization. The effectiveness of legacy gateway solutions like Proofpoint, Ironport, and Mimecast has come under scrutiny as organizations look to solve new security concerns in a cloud-first world. Organizations that have already begun adopting cloud-hosted productivity suites, like Microsoft 365, are finding an overlap in their native-security capabilities, which legacy email security solutions have traditionally addressed.  Microsoft has made significant strides in improving the native-security features built into their different licensing models. This allows security leaders to reduce cost and complexity within their security stack, as the email security capabilities offered by Microsoft 365 mirror that of a Secure Email Gateway (SEG):  Traditional Email Security URL & Attachment Protection Manual Investigation & Response Rule-Based DLP Policies  These overlapping capabilities have given security leaders a good enough option to move beyond legacy SEGs, but understanding what is included within each Microsoft licensing model is key to effectively securing an organization’s email environment. Microsoft offers various packaging bundles and add-ons, allowing flexibility for security leaders to maintain the same level of protection offered by their legacy gateway solutions.
Is good enough really good enough?  The global shift to a remote workforce has also opened up new threat vectors and emerging attack types that security leaders are still struggling to prevent. Round-the-clock access to sensitive data has increased the human risk of malicious, negligent, and accidental data loss. Attackers are leveraging social engineering to trick end-users by abusing trusted relationships. Relying solely on traditional detection methods to defend against advanced attacks and rule-based policies to protect against insider risk, is leaving organizations more vulnerable than ever before.  A more intelligent approach is needed. Organizations can continue to rely on traditional detection methods to filter out bulk phishing and spam, but simply put, scanning for malicious signatures based on known threat intelligence doesn’t stop the advanced threats that security leaders face today.
There is, however, a solution. The advanced detection capabilities of an Integrated Cloud Email Security (ICES) solution close the gaps where legacy, rule-based detection or current Microsoft tools fall short. ICES solutions employ advanced machine learning to map an organization’s typical email behavior and detect unusual communication patterns, providing a more accurate defence against BEC attacks. In addition, ICES solutions can warn end-users of potential misdirected emails or instances of sensitive data loss.
In this Solution Guide, we discuss the decline of legacy gateway solutions, how to reduce cost & complexity by migrating to Microsoft 365, and what email security capabilities are available in each Microsoft licensing package. In the end, readers will understand how Tessian + Microsoft 365 enables the most complete Integrated Cloud Email Security platform.
Read Blog Post
Insider Risks
Taking a Modern Approach to Insider Risk Protection on Email
by Seema Shah Thursday, March 9th, 2023
Businesses have found themselves in a world where data is a form of currency. Their biggest successes rely on leveraging and exchanging vast volumes of data such as company IP, customer PII data, payment information, or confidential business intel. In nearly every case, this is sensitive data. While businesses would not thrive without data, they would also not run without their people. People and data working in harmony, enabled by technology, and driven by processes are the key ingredients for what powers a business.  The increasingly interconnected nature of the global business network demands a universally accepted and standardized method of communication. Unsurprisingly, this is email by default, making it the most utilized channel for sending and receiving sensitive data, with nearly 350 billion emails sent daily.  But as Spiderman’s Aunt May said, with great power comes great responsibility. As much as data can serve as a competitive advantage, it can also be the cause of the downfall of a business. The average cost of a data breach in 2022 stands at $4.35 million according to IBM Security’s “The Cost of a Data Breach Report“. Rules don’t work Preventing breaches is paramount, but it’s only possible to truly secure the data by understanding the people. And it isn’t possible to understand people with static, stagnant rules and a one-size-fits, rigid approach because everyone is different. People work in many roles and functions, interacting with varying types of sensitive data in their own way. Subsequently, the rise of remote working and migration to the cloud has allowed people to work “in their own way” more than ever before.   Everyone has a unique behavior on email, from the way different individuals address their recipients to the distinct set of initiatives they are working on and the typical associated stakeholders and data of each of those.   So it follows that today, one of the biggest challenges of protecting data on email is insider risk, whereby an employee accidentally, negligently, or maliciously leaks sensitive data.  Why we’ve published this guide With current DLP solutions, you would have to configure endless rules to account for the countless different email behaviors unique to each employee to address the majority of data loss events arising from insider risks such as misdirected emails, miss-attached files, and data exfiltration.   The issue of insider risk and data loss on email requires a tailored approach to every employee’s unique, risky behaviors on email, driven by a deep understanding of their normal behavior to identify anomalies, mistakes, and malicious actions effectively.  Insider risk can cause real harm to your business. What’s more, many security leaders are unaware how many incidents actually happen, as many are unreported. Tessian has created a guide for addressing the problem of insider risk on email, covering what you need to know about today’s threats and what it takes to solve the problem. Download our guide to find out how. 
Read Blog Post