Barracuda Improves Email Security With Forensics and Incident Response

Barracuda introduces new capabilities that enable organizations to more rapidly investigate and remediate potentially malicious email that has already been delivered.

Barracuda Forensics

Barracuda announced an update to its Total Email Protection platform on Jan. 17, providing organizations with new Forensics and Incident Response capabilities.

Total Email Protection is Barracuda's flagship email platform that integrates multiple capabilities including email threat prevention as well as an advanced artificial engine that can mitigate the risk of spear phishing attacks. The Forensics and Incident Response capability now adds a new layer, enabling organizations to perform analysis and remediation.

"Forensics and Incident Response allows users to investigate malicious emails that were delivered to users retroactively and understand where they came from," Asaf Cidon, vice president of content security at Barracuda, told eWEEK

Cidon added that the Forensics and Incident Response feature also enables organizations to find all copies of malicious emails and see which users clicked on any malicious links. For the response portion, the new feature enables organizations to notify all impacted email recipients, as well as provide the ability to delete or quarantine the emails retroactively. Cidon said that the forensics and response workflow did not exist in any of Barracuda's email security products before.

Unlike some other email security technologies that Barracuda gained by way of acquisition, Cidon said that all of the technology for Forensics and Incident Response was developed in-house. Cidon sold his security startup Sookasa to Barracuda in March 2016, which helped to serve some of the foundational elements of the Barracuda Sentinel artificial intelligence capability for email that debuted in June 2017.

How It Works

Cidon explained that many of Barracuda customers already have users reporting suspicious emails to security and IT departments, which causes administrators to take many manual steps. Some of those steps involve Powershell scripts or manual sifting of mailboxes to locate emails, figuring out who received it, trying to manually delete it and notifying the affected users.

"This is a way for IT to automatically investigate and remediate these incidents, which saves significant amounts of time and effort," Cidon said. "To clarify, this augments our automated security solutions, which automatically block malicious emails from ever reaching employees."

Overall, Cidon said that the goal for the Forensics and Incident Response capability is to have it be a "connective tissue" across many of Barracuda's other products. For example, once an attack is identified, Barracuda can also block any links that existed in the email from being opened from the network. Another example is to use the incidents found by IT teams that might have been clicked on or opened by users as content for future phishing simulation campaigns.

Looking forward for email security and Total Email Protection at Barracuda, Cidon said that the company is focused on preventing and detecting account takeover automatically. 

"Account takeover is when an attacker steals employee credentials and uses them to log in as the employee for malicious purposes, such as launching a BEC [business email compromise] attack, spreading phishing or malware, or stealing information," Cidon said.

Cidon noted that Barracuda already has an account takeover detection capability in the market, and is working hard to make it even better, detecting different types of malicious activity, including forwarding rule changes and the suspicious deletion of emails.

"We continue to focus on preventing targeted attacks, especially BEC and zero-day phishing attacks," he said. "We constantly work on improving detection rates and false positives by improving the AI by improving the natural language processing classification and adding new signals related to file attachments and links."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.