Blog

Blog

Email Filtering and Open Quarantine – The Paradigm Shift

In my previous blog post, I provided examples of the growing sophistication – and subsequent success – of several high-visibility email attacks that used social engineering to evade traditional email security filters. This week, I’d like to introduce a new filtering paradigm: open quarantine.Open quarantine balances the needs of security and usability using a two-phase email filtering process. In...
Blog

Deceptive Emails and Other Types of Cyberattacks

In my previous blog post, I provided examples of the growing sophistication – and subsequent success – of several high-visibility email attacks. This week, I’d like to look at the different types of emails that are enabling these attacks.Deceptive emails are used by cyberattackers to carry out three different types of attacks:To coerce the recipient to follow a hyperlink to a website masquerading...
Blog

Understanding Email Identity

One of the things that often stumps even the most security conscious companies is knowing all the third-party email service providers they are working with. It is extremely difficult, if not impossible for these organizations to protect their customers from phishing attacks if they don’t even know who is sending legitimate email on their behalf. And this gets even more challenging when you...
Blog

Managing Your AWS Costs? Get Ready for a Surprise!

Managing AWS costs is confusing, difficult and sometimes can seem downright hopeless. At Agari, we’ve found Cloudhealth to be a useful partner in measuring both AWS usage and spend. As the saying goes: “what you measure, improves!”.In particular, we’ve found it useful to track daily AWS spend. It's helpful both in terms of understanding what drives costs, as well as heading off unexpected...
Blog

Software Ate My Infrastructure: 2 Years on AWS with Ansible, Terraform and Packer - Part 2

Agari has made significant investment into infrastructure as code. Almost two years into this project, we’ve learned some lessons. In my previous blog post, I discussed organization of your automation repository and parameterizing environments. For this post, I'd like to talk about state management and database automation. State management One of the most frustrating things about working with...
Blog

Software Ate My Infrastructure: 2 Years on AWS with Ansible, Terraform and Packer - Part 1

Agari has made significant investment into infrastructure as code. Almost two years into this project, we've learned some lessons. (If you'd like to read about our first year efforts, check out my previous blog post - Ansible and Terraform at Agari: An Automation Journey.) Our efforts have already yielded dividends by increasing engineering velocity while maintaining infrastructure reliability....
Blog

Document Sanitization and Redaction Safety Net for The Forgetful User

Policies written. Tools provided. Training conducted. As IT leaders, you have sufficiently enabled your users to properly sanitize and redact their documents before sharing outside the organization, but what happens when they forget? Worse, what happens if they intentionally ignore the policy and process altogether? No longer can the sanitization and redaction of documents for secure sharing rely...
Blog

A Summer Intern's Journey into Airflow @ Agari

If you have been following our previous posts, Airflow @ Agari and Leveraging AWS to Build a Scalable Data Pipeline or our recent talks on data pipelines and Apache Airflow, you are well aware that Agari leverages both the public AWS cloud and open source technologies, such as Apache Spark and Apache Airflow, to build resilient predictive data pipelines. This summer, we had the pleasure of...
Blog

Email Headers Explained: Understanding Email Header Information

With the surge of phishing and other advanced email attacks, you can’t be too careful when it comes to your inbound email messages. Beyond viewing the basic information provided, you should make it a habit of viewing and understanding your emails' full headers.
Blog

Hacktivism - Top Phishing Attacks of 2016

In this series of blog posts we examine the most common forms of phishing attacks and appropriate countermeasures to protect both individuals and organizations – in this post we explore hacktivism and the growing range of victims.Politically Motivated & HacktivismThe threat of cyber criminals pursuing a political agenda and seeking to disrupt critical infrastructures has been well documented....
Blog

Demystifying Machine Learning: Evaluating Security Claims

In my blog post last week, Demystifying Machine Learning: Making Informed Security Decisions, I discussed a framework for evaluating Machine Learning claims. This week, let’s see how to apply it. I’ve included below a blurb from the website or data sheet of a fictitious security company called Acme Security. While the company is fictitious, the content is derived from looking at similar material...
Blog

Agari Honored by Online Trust Alliance

At Agari, we think it's important to "walk the walk", not just "talk the talk" so to speak. To us that means implementing the privacy and security measures on our own website and email that our industry talks about every day. This is why we are proud to be recognized once again as a recipient of the Online Trust Alliance (OTA) Honor Roll award and to be designated as "Top of the Class".This is the...
Blog

Making Email Great Again…with Norwest Venture Partners

We’ve very excited to welcome Norwest Venture Partners to the Agari family! Norwest, the newest investor in Agari, led the Series D funding for $22M we announced earlier this week. Their interest in the Agari Email Trust Platform and its unique ability to stop targeted phishing attacked shouldn’t come as a surprise. They have a long history of investing in the cybersecurity space. Their portfolio...
Blog

10 Shocking Malware and Ransomware Statistics

“Malware Mania” is back with a vengeance creating havoc for organizations of all sizes and in all industries. Cyber criminals have morphed their attack methods with the resurgence of macro malware and encrypting ransomware to evade traditional antivirus and sandbox defenses. As a result, cybersecurity teams are scrambling for a more effective way to deal with these shocking realities:2,500 cases...
Blog

Security Professional Pain Points – and How to Solve Them

Ask any security professional what the number one pain point is within their organization, and chances are they’ll say ‘user behavior’…with ‘malware’ coming in as a very close second. And while these issues are very different on the surface, they do have one thing in common: both are often the cause of high-profile data breaches, largely in part to the increased use of spear phishing email...
Blog

Agari Proud to Join FS-ISAC Again This Year!

We’re looking forward to another great FS-ISAC summit next week in Miami. Twice a year, the Financial Services Information Sharing and Analysis Center (FS-ISAC) holds information sharing events, where industry leaders come together to network and share the latest in combating cyber threats and new technology innovation. During the summit next week, Agari will host various on-site activities,...
Blog

What Does Federal Phishing Look Like?

In a recent blog, where we covered why government bodies are prime targets for phishing, we asked whether you’d be able to recognize a spoofed email from a federal agency. The truth is, a spoofed federal email looks very similar to a legitimate email you would expect to receive from government bodies. With the majority of people receiving regular emails from federal agencies, these emails are...
Blog

Lessons Learned Hiring Software Engineers During a Bubble – Part 3

Now that you've (hopefully!) read my first two blog posts on hiring lessons learned, Step 0: Who Are You? and Step 1: The Prep, you're ready to check out my third - and final - post on the topic:Step 2: The HowFinding the CandidatesIf you ask sales managers what qualities they look for in top performers, they will likely include: tirelessly hunting for prospects and keeping their calendars filled...
Blog

Lessons Learned Hiring Software Engineers During a Bubble - Part 2

As per my previous blog post, hiring software engineers gets more competitive every year. Now that you’ve read the first step in our process, Step 0: Who Are You, here’s the next step: Step 1: The Prep The Pitch Hiring is a lot like sales, and just like a good salesperson, you need a well-honed pitch. For recruiting purposes, you’ll want to break this into two parts: first, the company pitch...
Blog

Lessons learned hiring software engineers during a bubble

Hiring software engineers gets more competitive every year. There is now a service - hired.com - that provides an efficient, but disturbingly Tinder-like, interface for evaluating potential candidates. Traditional businesses like banks, healthcare providers and automotive shops are hiring software engineers too. This is creating so much demand that talent is being pulled from other fields. We see...