Resources
Blog

DHS' BOD 18-01 for Email Security: What You Need to Know

Mon, 11/13/2017
Are you ready for Binding Operational Directive 18-01? On October 16, 2017, the Department of Homeland Security (DHS) issued this directive in order to implement better security protocols on government emails. The DHS BOD 18-01 is a compulsory directive to all federal departments and agencies. Among the measures mandated in BOD 18-01 is a requirement that federal agencies adopt Domain-based...
Cybersecurity
Blog

Tips to Protect the Potential Next Target of the Financial Sector – Trading Apps

Thu, 10/12/2017
The media landscape today continues to share stories of the increased cyber vulnerabilities in mobile applications. While banks have had many years to develop and tailor their apps to respond to various security issues, with increased security around detecting fraudulent use, trading apps from smaller businesses have flown under the radar and missed out on improved security. Although cyber...
Email Data Loss Prevention
Data Security
Lock on Keyboard
Blog

Microsoft Deal Is a Start, But More Needs to be Done to Protect the NHS from Cyber Threats

Mon, 08/21/2017
Following the recent WannaCry attack that affected so many organizations, both public and private, across the globe, many firms are now taking steps to protect themselves from potential threats in the future. One establishment in the UK that the WannaCry attack had ramifications for was the NHS. The incident meant multiple hospitals across England and Scotland had to cancel procedures after vital...
Email Data Loss Prevention
Email Security
Blog

My Experience as a Summer Intern at Agari

Mon, 08/14/2017
As with all great internships, I started this summer at Agari being delightfully bombarded with various acronyms and different technologies to learn. But though there was such a wealth of new information, within weeks, I found myself making real contributions to the product and essentially being treated as a full-time engineer.I came into this 10-week internship after my junior year at U.C....
Computer
Blog

What Can Businesses do to Keep Secure in the Mobile Working Revolution?

Thu, 07/27/2017
The age of mobile working continues to gather pace. More people than ever before are working from home or on the move, rather than in the traditional office environment. This isn’t surprising. Businesses are becoming increasingly digital and as such, can provide staff with increased opportunities to work outside the office. It isn’t just businesses that are leading the mobile working revolution ...
Email Data Loss Prevention
Data Security
Blog

Why are my Google Calendar Invites Blocked by DMARC?

Fri, 06/30/2017
Are you sending Google Calendar invites and not getting replies, or maybe your invitees tell you they tried to reply and it was blocked? Or maybe you are trying reply to Google Calendar invites and being blocked saying the mail is not accepted due to your domain's DMARC policy?This is an issue I have been seeing, so I did some digging and I have figured out what is going on. Before I get to the...
Google Workspace
Blog

Real Estate Email Scams - Don't Get Tricked!

Thu, 06/29/2017
Every year, more than 5 million homes are bought and sold in the U.S. Given this volume, it should come as no surprise that the real estate industry is a prime target for email-based crimes. Cyber criminals are spoofing (and in some cases taking over) the email accounts of real estate agents, title companies, and others involved in the home buying process. Once the criminal gains access, he or she...
Advanced Persistent Threats (APT)
Email Spoofing
Blog

Productivity & Security with Office 365 + Agari

Tue, 06/20/2017
Companies are flocking to Office 365 as the leading choice of cloud-based email. But while it’s a great productivity enhancer and provides simplicity and cost savings over on-premises solutions, it raises serious security challenges. Threat actors typically target email accounts with identity deception. And with Office 365 being ubiquitous and publicly-discoverable, the risks become even greater...
Blog

Agari named as UK Government G-Cloud supplier to the public sector

Wed, 05/24/2017
We are delighted to announce that Agari is among the suppliers listed on the UK Government’s G-Cloud 9 framework.Agari will now be able to provide its award-winning DMARC Email Authentication service, Agari Customer Protect, to UK public sector organisations through the Government’s secure online store, the Digital Marketplace. Agari Customer Protect is listed in the the Software-as-a-Service ...
Blog

Security vs. Productivity: The Office Macro Dilemma

Mon, 05/08/2017
There is no doubt that macros are being increasingly used to execute malicious code around the world and we have all know what impact it can have on an organization when they strike. But sometimes team members just need to run macros to get their work done. So, what do you do? As a security professional, you want to prevent macros from running because it's safer and you don’t have to work until 3...
Email Security
Blog

The Google Docs Account Takeover Worm: What Could Happen and How to Protect Yourself

Wed, 05/03/2017
Today, cybercriminals launched a highly effective email scam that included a link to a Google Docs document that was in fact a link to a 3rd party app designed to steal information from the recipient. Worse, the email appears to come from someone known to the victim. Based on information from the Agari Trust Network, we saw more than 3,016 organizations compromised that sent 23,838 emails to Agari...
Blog

The 2 Phases of Email Filtering That Make up the Open Quarantine Process

Tue, 11/29/2016
In my previous blog post, I introduced the concept of open quarantine. This week, I’d like to explore the two phases of email filtering that make up the open quarantine process. Phase 1 - Tripartite ClassificationThe notion of open quarantine depends on being able to perform a tripartite classification of messages into good, bad and undetermined, where the first two categories have a close to...
Blog

Email Filtering and Open Quarantine – The Paradigm Shift

Thu, 11/17/2016
In my previous blog post, I provided examples of the growing sophistication – and subsequent success – of several high-visibility email attacks that used social engineering to evade traditional email security filters. This week, I’d like to introduce a new filtering paradigm: open quarantine.Open quarantine balances the needs of security and usability using a two-phase email filtering process. In...
Blog

Deceptive Emails and Other Types of Cyberattacks

Wed, 11/09/2016
In my previous blog post, I provided examples of the growing sophistication – and subsequent success – of several high-visibility email attacks. This week, I’d like to look at the different types of emails that are enabling these attacks.Deceptive emails are used by cyberattackers to carry out three different types of attacks:To coerce the recipient to follow a hyperlink to a website masquerading...
Blog

Understanding Email Identity

Wed, 10/12/2016
One of the things that often stumps even the most security conscious companies is knowing all the third-party email service providers they are working with. It is extremely difficult, if not impossible for these organizations to protect their customers from phishing attacks if they don’t even know who is sending legitimate email on their behalf. And this gets even more challenging when you...
Anti-Phishing Offerings
Anti-Phishing
Blog

Managing Your AWS Costs? Get Ready for a Surprise!

Thu, 10/06/2016
Managing AWS costs is confusing, difficult and sometimes can seem downright hopeless. At Agari, we’ve found Cloudhealth to be a useful partner in measuring both AWS usage and spend. As the saying goes: “what you measure, improves!”.In particular, we’ve found it useful to track daily AWS spend. It's helpful both in terms of understanding what drives costs, as well as heading off unexpected...
Blog

Software Ate My Infrastructure: 2 Years on AWS with Ansible, Terraform and Packer - Part 2

Wed, 09/28/2016
Agari has made significant investment into infrastructure as code. Almost two years into this project, we’ve learned some lessons. In my previous blog post, I discussed organization of your automation repository and parameterizing environments. For this post, I'd like to talk about state management and database automation. State management One of the most frustrating things about working with...