Blog

Blog

The Threat Taxonomy: A Working Framework to Describe Cyber Attacks

Imagine going to the doctor and only being able to say “pain” or “sick”. You can’t say where you feel the pain, or what type of pain, or what is making you sick. Without this information, it is nearly impossible for the doctor to know how to treat you. From a cybersecurity perspective, this is very much like calling every email attack a “phishing attack" or even a “hack”. It limits the ability to...
Blog

Celebrating 10 Years as the First Agarian

As Agari celebrates our 10th anniversary, I've had the opportunity to reflect on the last decade as an Agarian and how my life has changed as a result of my work with this company. It has been an undeniably exciting ten years, but also one full of challenges as we solve some of the hardest problems in email security. Fulfilling Our Mission I joined Agari when it was called Authentication...
Blog

Battling the Bad Guys for 10 Years

When we first flipped on the lights in 2009, we knew we were embarking on an endeavor that wouldn’t be achieved overnight. We wanted to be deliberate, to build a rock-solid foundation—not a quick fix—that would support an email security ecosystem. We anticipated the hefty innovation and investment needed. But we also knew that investment would ultimately yield a durable solution that would change...
Blog

The Intelligent Inbox: Email Security of Tomorrow, Today

If you want to know why business email compromise (BEC) and other advanced email attacks keep working so well, just ask Dilbert. In one particularly biting installment of Scott Adams' popular workplace comic strip, our tech geek hero sits in his cubicle perusing an email that reads, "Enter your bank account number." Dilbert's thought bubble reads "Scam." Quick cut to engineer Alice. Same email,...
Blog

Expect Increased SOC Costs from Jump in Employee-Reported Phishing Incidents

Awareness. Detection. Containment. Remediation. All necessary steps in the phishing incident response process for SOC analysts. Unfortunately, each of these steps takes time, and that time comes at a cost. According to the Q3 2019 Email Fraud and Identity Deception Trends report from Agari, employees now report an average 33,108 phishing incidents to corporate SOC teams each year—an 18% increase...
Blog

V is for Vendor: The Emergence of Vendor Email Compromise

Business email compromise (BEC) has grown into a billion dollar industry as cybercriminals use look-alike domains and display name deception to trick employees into revealing sensitive information, depositing money into criminally-owned bank accounts, and sending thousands of dollars in gift cards via email—all without ever touching a legitimate email account. When these criminals do gain access...
Blog

How to Prevent Phishing Attacks that Target Your Customers with DMARC and Office 365

Editor's Note: This post originally appeared on the Microsoft Security blog and has been republished here. You already know that email is the number one attack vector for cybercriminals. But what you might not know is that without a standard email security protocol called Domain Message Authentication, Reporting, and Conformance (DMARC), your organization is open to the phishing attacks that...
Blog

How to Stop Phishing Message Voicemail Attacks

At Agari we often talk about the evolving nature of advanced email attacks and the identity deception tactics that go with them. These attacks bypass legacy controls and like a magician delighting a curious audience, they trick the human psyche by targeting core human emotions such as fear, anxiety and curiosity. Of course, the magic in this case comes with ill intent. A good example of a...
Blog

Whitelisting Won't Protect You From BEC… Here’s Why

The 250% increase in business email compromise (BEC) scams over the past year should concern every organization, as should estimates of $26 billion in losses over the last five years from these attacks. While some organizations consider whitelisting their email lists to provide protection, occasionally encouraged by their email security provider, this strategy simply will not work with the ever...
Blog

Defense in Focus: With New Technology Comes New Risk

In any industry, the strive for digital transformation brings with it risk as well as opportunity. This is no more apparent than in the defense sector where several high-profile incidents have exposed vulnerabilities in areas such as email applications and other connected IoT devices. 
Blog

Ensuring DMARC Compliance for Third-Party Senders

Marketo. Salesforce. Eloqua. Bamboo HR. Zendesk. It only takes a minute to realize how much organizations love third-party senders. They are typically responsible for sending our important customer notifications, marketing promotions, prospecting emails, and even employee information.Because their mail is so important to your business, we should do what we can to help them become DMARC-compliant....
Blog

Rolling Into Raleigh: Agari Expands RTP Presence to Accommodate Growth

When I joined Agari five years ago, I worked out of my home office in Raleigh, where all I needed was a good internet connection and access to a well-connected airport like RDU. At the time, there were only two employees in the area and thus, there was little need for an Agari office outside of headquarters in Silicon Valley. But with a mission as ambitious as ours—to protect digital...
Blog

Advanced Strategies for Testing Async Code in Python

Creating a future where all of our customers can trust their inbox can push Agari engineers to the limits of available technologies. In fact, handling the scaling requirements of Cloud Email Protection has led our Sensor team to test some of the most advanced features of the Python programming language. To maintain quality while using these features, our team created some of the first approaches...
Blog

New Location, New Dates, Same Great Experience: Announcing Trust 2020

Despite best efforts over the past decade, email security is broken. Human defenses cannot protect us from nefarious attacks, and cybercriminals continue to exploit human trust to run sophisticated attacks at scale. This is the reality of our current environment. Unfortunately, email will continue to be the attack surface of choice until the economic equation is reversed for the crime rings...
Blog

Expanding Email Security One Post at a Time — Experiences of a Digital Marketing Intern

Agari is more than an email security company that detects cyberattacks. It is a community that supports career growth. Working at Agari over the summer course, I had the opportunity to participate in marketing projects and develop new skill sets that will enable me to be more successful both at school and post-graduation.The Task At Hand As a digital marketing intern, I became familiar with...
Blog

Social Engineering: The Weapon of Choice for Email Scammers

The recent Internet Crime Report from the FBI showcasing the growth of business email compromise (BEC) from a $700 million problem to a $1.3 billion problem over the course of only one year was certainly alarming. It showcases just how much cybercrime is growing, despite increased defenses across organizations worldwide. But one key element stands out for me—the fact that none of these attacks...
Blog

Brand Impersonation and Look-alike Domains: How Cybercriminals are Hurting Tech Brands

Here’s some earned media you don’t want for your brand—headlines announcing that your customers are victims of a “nasty phishing scam” or that your “accounts are under attack.” Verizon and Microsoft have had to manage those headlines in recent months. And other tech companies are vulnerable to the same kind of brand damage right now. That’s because organized cybercriminals are going all-in on...
Blog

Building a Career at Agari: One Designer’s Experience

Being a user experience (UX) designer and managing design teams is a rewarding job. I should know since I’ve been a UX designer and manager for the last twenty years. During that time I’ve had several opportunities where I progressed from being the only designer in a company to growing and managing a design team. Agari is the most recent, and my favorite, example of that pattern. My Agari Journey...