In my blog post last week, Demystifying Machine Learning: Making Informed Security Decisions, I discussed a framework for evaluating Machine Learning claims. This week, let’s see how to apply it. I’ve included below a blurb from the website or data sheet of a fictitious security company called Acme Security. While the company is fictitious, the content is derived from looking at similar material...

At Agari, we think it's important to "walk the walk", not just "talk the talk" so to speak. To us that means implementing the privacy and security measures on our own website and email that our industry talks about every day. This is why we are proud to be recognized once again as a recipient of the Online Trust Alliance (OTA) Honor Roll award and to be designated as "Top of the Class". This is...

We’ve very excited to welcome Norwest Venture Partners to the Agari family! Norwest, the newest investor in Agari, led the Series D funding for $22M we announced earlier this week. Their interest in the Agari Email Trust Platform and its unique ability to stop targeted phishing attacked shouldn’t come as a surprise. They have a long history of investing in the cybersecurity space. Their portfolio...

Ask any security professional what the number one pain point is within their organization, and chances are they’ll say ‘user behavior’…with ‘malware’ coming in as a very close second. And while these issues are very different on the surface, they do have one thing in common: both are often the cause of high-profile data breaches, largely in part to the increased use of spear phishing email...

We’re looking forward to another great FS-ISAC summit next week in Miami. Twice a year, the Financial Services Information Sharing and Analysis Center (FS-ISAC) holds information sharing events, where industry leaders come together to network and share the latest in combating cyber threats and new technology innovation. During the summit next week, Agari will host various on-site activities...

In a recent blog, where we covered why government bodies are prime targets for phishing , we asked whether you’d be able to recognize a spoofed email from a federal agency. The truth is, a spoofed federal email looks very similar to a legitimate email you would expect to receive from government bodies. With the majority of people receiving regular emails from federal agencies, these emails are...

Now that you've (hopefully!) read my first two blog posts on hiring lessons learned, Step 0: Who Are You? and Step 1: The Prep , you're ready to check out my third - and final - post on the topic: Step 2: The How Finding the Candidates If you ask sales managers what qualities they look for in top performers, they will likely include: tirelessly hunting for prospects and keeping their calendars...

As per my previous blog post, hiring software engineers gets more competitive every year. Now that you’ve read the first step in our process, Step 0: Who Are You , here’s the next step: Step 1: The Prep The Pitch Hiring is a lot like sales, and just like a good salesperson, you need a well-honed pitch. For recruiting purposes, you’ll want to break this into two parts: first, the company pitch and...

Hiring software engineers gets more competitive every year. There is now a service - hired.com - that provides an efficient, but disturbingly Tinder-like, interface for evaluating potential candidates. Traditional businesses like banks, healthcare providers and automotive shops are hiring software engineers too. This is creating so much demand that talent is being pulled from other fields. We see...

When it comes to cyber-resilience, a one size approach does not fit all. The threat level is rising as attacks become more frequent and complex. Cyber criminals use multiple attack vectors to gain the intelligence and access necessary to penetrate a company’s defenses. In particular, sophisticated, targeted email attacks that are aimed at specific employees are one of the most commonly used...

With cyber warfare increasingly dominating headlines, the digital security measures of governments have come under growing scrutiny. The US government is one that constantly makes the news for being a prime target for cybercriminals and other nation-states. Recently, it was reported that a hacker accessed an employee’s email account at the Department of Justice and stole 200GB of files including...

Your email is about to get safer if you are a Gmail user! This week in the Gmail Blog , Product Manager John Rae-Grant talked about a couple of changes to Gmail on the web that will allow users to see if an email might not be as secure as it should be. First, Gmail will display a broken lock symbol in the upper right of the email window if it is not encrypted in transit with TLS. And second, Gmail...

What would you do if you received a confidential email from your CEO asking you to wire money to an attorney as part of an acquisition? This is what happened to Texas manufacturing firm, Ameriforge Group Inc., whose director of accounting wired $480,000 to the Agricultural Bank of China, before realizing that it was an email scam. Unfortunately, these kinds of highly targeted phishing scams, known...

Lately, the question of DANE vs DMARC has been coming up quite a bit. While both DANE and DMARC involve “authentication”, there are significantly different things meant by each. Let’s start by addressing the underlying technologies. DANE, or RFC6698 , is intended to mitigate the threat of a man-in-the-middle intercepting encrypted communications by posing as one of the end points. A common vector...

In the last five years, we’ve all become far too familiar with it – hackers spoofing a company’s domain and therefore tarnishing the brand, bad actors attempting to infect our computers with malware, and criminals sending millions of spam messages. As if this isn’t enough, now there is a whole group of people working to outsmart companies AND their customers by using cousin domains to fool...

With the high volume of email activity the holiday season brings, we’ve been getting a lot of questions about holiday email scams – what to look for and how to avoid them. So in the spirit of giving…some good advice…our Field CTO John Wilson has published a blog on LinkedIn with suggestions that can help people better protect themselves from online criminals, and help businesses ensure they aren’t...

Snowflakes and Early Automation Efforts At Agari, as part of our mission to solve phishing, we deal with data at scale. We’ve chosen AWS to help us move quickly, making sure our infrastructure is as agile as we are. Unfortunately, in the beginning, we treated AWS instances much the same way as physical servers: each configuration was lovingly hand-crafted, packages were installed at the command...

Steve Katz - “Phishing and social engineering is still a global threat to every business around today.” Last year, phishing attacks cost organizations $4.5 billion in losses, but as we all know the loss is not only monetary. These attacks exploit the trust we as customers have in the brands we use. Recently Agari sat down with the Financial Services industry's first CISO, previous CSO of Citi...

At Agari, we are vocal about the steps organizations can take to protect their brands and customers from the impact of phishing attacks. But what exactly are the hard numbers behind our mission? Let’s look at some phishing statistics showing a clear need for change when it comes to mitigating the phishing problem. A rising threat Verizon research has found that phishing is now the second most...

A long-time sponsor of FS-ISAC, Agari takes pride in being a member of the digital security community, committed to protecting financial services brands and their customers from email-based cyber attacks. During this year's conference, held at the Hotel del Coronado in San Diego, we once again joined our industry brethren, reconnected with familiar faces and forged new relationships with cyber...