Barracuda Sentinel Uses AI to Detect Spear Phishing Attacks

New service makes use of machine learning and container-based technologies to limit the risk of Business Email Compromise attacks.

Data security

Asaf Cidon sold his security startup Sookasa to Barracuda in March 2016 and has been busy helping to build new technologies for Barracuda ever since. One of those new technologies was announced on June 28, with the debut of the Barracuda Sentinel service designed to help detect spear phishing and improve email security.

"Our team from Sookasa has been working on communication and content security which led lead us to this new product, Barracuda Sentinel," Cidon told eWEEK. "Sentinel leverages a lot of the work we had already done using the APIs of cloud services."

The new Barracuda Sentinel service uses machine learning and artificial intelligence technology to help identify potentially malicious email attacks and targeted spear phishing. Cidon said that Sentinel uses a combination of different machine learning technologies including Apache Spark, to conduct analysis of email messages. 

As opposed to mass spam attacks, targeted spear phishing attacks take specific aim at a particular user. Spear phishing attacks can also lead to Business Email Compromise (BEC) fraud, with attackers tricking users into paying fraudulent account invoices. BEC is a large problem which resulted in losses of over $360 million in 2016 according to the latest statistics compiled by the FBI's Internet Crime Complaint Center (IC3).

Cidon explained that traditional email security systems tend to rely on global rule bases to make decisions on spam and malicious email content. With Barracuda Sentinel the approach is different, as the system provides a unique set of rules for each specific customer. The rules are learned by the artificial intelligence technology back end, based on each specific company's communication patterns. Barracuda is not storing user emails as part of the Sentinel service, but rather is extracting what Cidon referred to as 'signals' that can help to determine the authenticity of a given email interaction.

On initial deployment, Cidon said that Barracuda Sentinel will spend time to analyze the normal context of communication within an organization to learn what is normal and expected behavior. The system swill build a unique database for each customer based on the machine learning activity to identify when there is any type of email that appears to be outside of the normal patterns.

In the past, building a specific user database for each company would have been a large and complicated task. Cidon said that Barracuda is using Amazon Web Services and specifically the Amazon EC2 Container Service (ECS) to easily build and scale out the required software infrastructure.

"Using ECS it's actually pretty easy," Cidon said. "With containers and Spark we can build unique user profiles completely automatically."

DMARC

In addition to helping organizations detect potential spear phishing attacks, Barracuda Sentinel also provides organizations with capabilities to improve the security of email overall. Among the capabilities is DMARC (Domain-based Message Authentication, Reporting and Conformance) configuration for an organization's email domain. DMARC is a technology approach that can help improve email authenticity and reduce email domain spoofing.

"We provide a set of tools that help organizations to setup DMARC properly," Cidon said. 

Among the DMARC configuration tools are analytics to understand email configuration across a large organization. Cidon said that there are also tools to help identify if someone is attempting to spoof a company's email domain as well. Additionally, the Barracuda Sentinel service provides user training and simulation capabilities.

"We can simulate attacks against the highest risk employees and train them to be aware," Cidon said. "It's always important to make sure employees have awareness because no technology is 100 percent perfect."

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.