The War on Cyberattacks - Our investment in Agari
Today, I am proud to announce our investment in Agari, a provider of real-time, data-driven security solutions that detect and prevent advanced email cyberthreats. Why Agari? Consider this, sensitive information of over 110 million people in the U.S. was stolen in the Target breach, and it all started from a phishing email. The lack of email authentication continues to be a source of massive vulnerability for users and companies many decades since email's initial inception.
The foundation of the Internet that we all know and love today was formed in the 1960s and 1970s out of military research that built ARPANET, the first packet-switched connected network built on top of the TCP/IP protocol. One of the first "killer apps" built on this new infrastructure was a way for the then small group of researchers to exchange digital messages with one another. At the heart of this electronic mail subsystem was SMTP, a protocol as fundamental for email as TCP/IP was for the Internet. But because email was then intended for a small trusted group, authentication was never built into the protocol.
Fast-forward to modern day and we find that the number of online users numbers in billions and more half the email that is sent is spam. Phishing has become a major attack vector for the bad guys to gain an initial foothold to exploit well-intentioned security defenses. In our recent security survey of over 100 CISO's revealed that one third of those surveyed list data breaches and malware outbreaks as a top concern for their business, both issues that involve email as the attack vector.
The most impactful breach in the past twelve month has been the highly publicized Target data breach where 40 million credit cards and 70 million identities, including name, address, email address and phone number, of Target shoppers were stolen. How did the bad guys get in? A successful phishing email attack on Target's HVAC vendor installed malware on the vendor's computers that, due to improper security controls at Target, made its way into Target's network. A phishing attack was the first point of compromise.
Thankfully, there is a solution. New protocols like SPF (authentication) and DKIM (integrity) add the missing security to the email protocols. The last missing piece was just recently added in 2012. Agari, along with a group of leading internet companies including Google, Yahoo, PayPal, Twitter, Facebook created a new standard called DMARC that finally allows email senders to instruct email deliverers how to treat unauthenticated emails.
This fundamental leap forward in email architecture is what excited us about investing in Agari. However, making this transition won't happen overnight. It's complex and requires ongoing monitoring and management. Additionally, a new level of threat intelligence can be gathered from attempted attacks. That is exactly where Agari comes in, helping organizations that want to protect their brands from email abuse and securing their email channel. The Agari cloud-based SaaS solution aggregates data from 2.5 billion mailboxes to help global brands eliminate email threats, protect customers and their personal data, and proactively guard brand reputation. Today, Agari analyzes over 6 billion messages per day, identifies over 2 million malicious URLs per month, and blocks over 200 million malicious emails per month.
We re thrilled to join the Agari team and help them scale the business.
Originally published September 22, 2014.