Ayehu Featured in Mergermarket

Ayehu is pleased to announce the company’s recently featured interview in Mergermarket, the leading provider of forward-looking M&A intelligence and data to M&A professionals and corporates around the world.

In anticipation of the company’s plans to close a Series B round of fundraising over the coming few months, Ayehu’s CEO and founder Gabby Nizri sat down with Mergermarket’s Chris Metinko to discuss the details.

The ultimate goal is to raise enough capital to facilitate entry into the cloud as well as extend the company’s machine learning capabilities. In order to achieve these goals, the new round must raise between $10 million and $15 million.

This latest move comes as part of the company’s ongoing shift from general IT process automation to a more targeted focus on the sector of automated cybersecurity incident response. This shift has resulted in revenue growth of 250% in 2016 alone and the company has officially reached the point of breakeven cash flow. Today Ayehu serves over 150 enterprise-level customers and growing.

In order to fulfill this round of funding, which could close as early as March, a new lead investor will likely be needed. A strategic partnership in either the managed service provider or security realm may also be a possibility. The company has been receiving inbound inquiries on this even before deciding to officially seek this latest round.

In terms of competition, Nizri pointed out in his interview that there are several different angles to consider. From the general IT automation perspective, the company competes with such well-known brands as ServiceNow, Hewlett-Packard and BMC Software. From the cybersecurity angle, the main players include IBM, FireEye, Phantom and Hexadite. Additionally, there are the competitors who also feature embedded tools, such as Microsoft, VMware and CA Technologies.

According to the Mergermarket interview, Nizri mentioned the fact that the company will also continue to keep its options open for a potential exit down the road. To date, Ayehu has raised approximately $6 million in funding.

7 Ways to Spot a Phishing Scam

7 Ways to Spot a Phishing ScamDid you know that upwards of 85 percent of all organizations today have been victims of some type of phishing attack? And with the average cost of a successful phishing scam ringing in at around $1.6 million, the problem is very real. What’s more, it’s not just everyday employees being targeted. In fact, 1 in 3 companies are routinely attacked in the form of CEO fraud emails.

These statistics should bring to light the critical importance of protecting your organization – regardless of size or industry – against potential malware attacks, and as always, the best defense is a good offense. To prevent your employees (particularly those in the C-suite) from being bested by a hacker, here are things to train them to watch for.

 

Poor Grammar and/or Spelling – One of the first clues that a particular message might have been sent with malicious intent is the quality of the content within. While most monitoring programs successfully filter out most harmful emails, some will inevitably sneak by. A message from an unknown sender containing poor grammar, misspelled words or content that isn’t logical should raise some red flags.

Mismatched URLs – The goal of a phishing campaign is to give the appearance of authenticity in order to convince the recipient that it’s ok to open an attachment or click on an embedded link. In the latter, the URL may look completely legitimate when, in fact, it actually redirects to a malicious site. To avoid this, all employees should be encouraged to hover over URLs to verify that the actual hyperlink matches.

Misleading Domain Names – Another trick many hackers use in phishing scams is to use misleading domain names to make unsuspecting recipients believe a URL is trustworthy. This can easily be identified by how the URL is laid out. For instance, a phishing artist may attempt to trick a victim by creating a child domain with a familiar name, such as Apple and then linking it to a malicious site. The result might be something like: Apple.malicousdomainname.com. Educating employees on how DNS naming structure works can help quickly detect and address any potential fraudulent messages before they are successful.

Requests for Personal Information – Regardless of how official an email may appear, if the message contained within requests personal information, proceed with extreme caution. Remind employees to always take a step back and assess the logic of these types of messages. Banks or credit card companies don’t need customers to provide their account numbers. Likewise, reputable senders will never ask for things like passwords, credit card numbers of anything else that’s confidential in nature.

Unsolicited Contact – If receiving an email filled with lofty promises seems too good to be true, it probably is. Furthermore, if you didn’t do anything to initiate the contact in the first place, it’s almost certainly going to be some type of scam. Any such message should always be regarded with suspicion and great caution.

Messages Containing Threats – While most phishing campaigns lure victims with the promise of enrichment, some hackers resort instead to rely on intimidation tactics to scare recipients into giving up sensitive information. For instance, an email like this might appear to be from a trusted and respected sender, such as a bank or the IRS, and it might contain a message threatening account closure or asset seizure if money or personal information isn’t provided. These types of intimidating messages should raise a red flag.

Something Just Doesn’t Look Right – Last, but certainly not least, intuition can often be enough to flag a potentially harmful email. Teach employees that if they receive a message that gives them pause, for whatever reason, they should trust their gut and escalate it accordingly. After all, it’s always better to be safe than sorry.

Are you doing enough to protect your organization against phishing and other malicious campaigns? Educate your employees on what red flags to watch for and remind them to never click on a link or open an attachment from an unknown or suspicious sender. Then, fortify your cybersecurity incident response strategy with automation.

Click here to start your free 30 day trial today and get the peace of mind you deserve.





How to Get Critical Systems Back Online in Minutes




Live Webinar: Automating IT Processes in a Code-Filled World: Why Scripting is Not Real Automation

Live WebinarToday’s IT operations professionals are facing an uphill battle with a seemingly never-ending barrage of alerts, requests, tickets, and incidents.

To address this shoulder-crushing workload, these individuals and teams must decide whether to build their own scripts or invest in IT automation software. It may seem like an easy fix to write up a few lines of code to automate a manual process and voila! It’s done.

In reality, it’s not that simple. In fact, if you’re still relying on manual scripting, you and your team are wasting precious time and resources.

 

On Tuesday, March 14, 2017. 12:00 p.m. EDT / 9:00 a.m. PDT, the Ayehu team will be presenting a free live webinar that will delve into the ins and outs of why scripting is not the same as real automation.

In this live, expert presentation, you’ll learn:

  • How scripting differs from automation
  • How to break down key challenges that scripting introduces into the IT environment
  • Explore 3 crucial and often overlooked technical considerations

We’ll also be presenting a live demonstration of how to translate a script into an automated workflow.

Are you an IT professional who is tired of wasting time on manual scripting? Would you like to see firsthand how true automation can revolutionize the way you do your job (and make your life exponentially easier)? If so, you do NOT want to miss this live online presentation.

But hurry…. attendance is limited and we fully expect that this highly-anticipated webinar will fill up quickly.

Register today to reserve your spot!

Creating an Effective Cybersecurity Incident Response Plan

There are two common reasons why many organizations today are still failing to properly prepare for possible cyber-attacks. Some companies erroneously believe that the cybersecurity incident response plan they already have in place is sufficient enough to handle threats, while others mistakenly believe they are not at risk of such an attack at all. But given all the recent high-profile breaches, it’s more evident now than ever before that every business must prepare for the inevitable because everyone is at risk. That said, here are a few tips for establishing a highly effective cybersecurity incident response plan that will keep your organization protected from would-be online attacks.

Creating an Effective Cybersecurity Incident Response PlanFirst, you must evaluate and test your existing incident response protocol to determine its current state and identify areas of potential vulnerability. It’s important to not only have a strategy in place but to also check it regularly to ensure that it’s working as it should be. Simulation exercises and penetration tests should be conducted on a regular basis, not only to assess the quality of the IR plan, but to keep personnel prepared for what steps are necessary to address legitimate threats and, if needed, bring systems back online quickly.

An analysis of existing strategies should also include a check of whether the right tools are being leveraged to simplify, consolidate and streamline the overall cybersecurity incident response process. One of the most common issues behind successful security breaches is the fact that IT personnel simply do not have the bandwidth to effectively field the volume of incoming threats. This is how incidents slip in under the radar and wreak havoc. Adding automation into the process can eliminate this problem by allowing technology to identify, validate and prioritize all incoming threats.

Whether your organization happens to have a plan in place that is inadequate or you’ve not yet taken any measures to develop such a plan, the key is first recognizing the risk and ensuring that your systems and strategies are fully tested and properly planned. Additionally, personnel must be brought up to speed and well-versed in situational response. The hurdles of cost and lack of resources can easily be overcome by employing cost-conscious solutions, like integrating an ITPA tool with existing systems to enhance and extend their effectiveness. A combination of advanced, intuitive technology and adequate staff training should do the trick.

The fact is, cyber-attacks can happen at any time and to any business in any industry. How quickly and fully your organization is able to recover from such an attack is directly proportionate to the quality of the cybersecurity incident response plan you have in place. By applying the principles outlined above, you can proactively manage incoming threats and handle incidents in a timely manner, thereby keeping your company’s sensitive data safe from imminent harm and minimizing downtime as much as possible.

Is your cybersecurity incident response plan strong enough to keep your network secure? Could the added benefit of automation improve and enhance its effectiveness? More importantly, can your organization afford to remain vulnerable to dangerous and costly cyber-attacks? Give our IT process automation and orchestration platform a try free for 30 days and start protecting your business today.



eBook: 5 Reasons You Should Automate Cyber Security Incident Response




New Cybersecurity Regulation Takes Effect this Month

New Cybersecurity Regulation Takes Effect this MonthThe state of NY has officially instituted a new cybersecurity regulation that officially takes effect as of today, March 1st, 2017. This somewhat controversial new regulation imposes more detailed rules on those in the banking and insurance industries with the goal of protecting consumers and institutions alike against cyber-attacks.

This is the first regulation of its kind to be adopted by a US state, though trends certainly indicate that others will likely follow suit due to continued frustration and concern with data breaches. Among other things, the law mandates that financial and insurance institutions must officially employ a CISO, implement multifactor authentication policies and that all cybersecurity incidents must be reported within 72 hours.

“New York is the financial capital of the world, and it is critical that we do everything in our power to protect consumers and our financial system from the ever increasing threat of cyberattacks.” ~ New York Governor Andrew M. Cuomo

In reality, many of the requirements in the NY regulation have already been implemented by larger financial institutions. For instance, the law requires that organizations:

  • Develop comprehensive cybersecurity programs which include written policies that address such important factors as
    • Access controls
    • Asset inventory
    • Data governance
    • Business continuity
  • Perform periodic risk assessments and yearly penetration tests
  • Use encryption must for all data – both in transit and at rest
  • Establish a written incident response plan

Additionally, the regulation states that CISOs must send annual reports to the board of directors. These things are already common practice for many institutions, so there won’t be much change for them.

“It’s one of the most comprehensive cybersecurity regulations in the financial sector.” ~ Luke Dembosky, former cybercrime prosecutor with the US Justice Department.

All organizations in the state of NY are required to submit a statement to the Superintendent of Financial Services by the 15th of February every year certifying compliance. Although the new regulation technically takes effect on March 1, all institutions affected by the policy have an additional 180 days to comply. Some built-in grace periods within the regulation provide up to two years to come into compliance with certain provisions. Additionally, smaller institutions may apply for exemptions.

Some of the details of this new regulation may be challenging to implement, particularly for smaller organizations with limited resources. Utilizing automated cybersecurity incident response may be the key to getting and staying compliant.