In the early days email defence was simple – legitimate mail would come across the internet, land in a mail server, get delivered into an inbox and users would both send and receive. In the early 2000’s, spam and malware came on to the scene and started being sent via email more frequently. As threats began to evolve, improvement on the spam firewall became the modern email gateway. This included things like data loss prevention and encryption to stop leakage of sensitive information. Backup and archiving provided important capabilities to recover from accidental deletion and to archive mail for compliance or storage purposes. However, with a rise in zero day threats – threats that were new or custom and therefore couldn’t be caught by backwards looking signatures – the industry needed a new approach. Sandboxing is a technique that doesn’t rely on having seen a specific attack before. It puts a potentially malicious message into a virtual environment to see if it does anything nefarious, but this relies on spotting either a bad attachment with a virus or a link to a malicious website for example. To a gateway, a social engineering, business email compromise or CEO, a fraud attack can potentially look just like any other email.

Another concern is that attackers have realized that executives frequently access both work and personal email from a unified inbox. An unsecured personal email account is a soft entry point and as a result phishing attacks through the back door can be brutally effective. However, one of the nastiest emerging threats that is become more common, is the rise of account takeover (ATO). In these attacks, the adversary gains login information and uses legitimate email accounts to send and receive mail from within the domain. These emails aren’t spoofed – they really are from who they say they are from and to make matters worse, internal emails never even cross the gateway. So, a gateway solution can’t even see the emails – much less recognise they are illegitimate.

Building the defence

So ,what does a modern email protection stack look like? It all starts with the mailbox. Whether you’re on a cloud service like Office 365 or Gsuite, on havea hybrid configuration, the defences are the same. The gateway is as important as ever, so make sure you have inbound and outbound security deployed, including traditional signature defences and advanced techniques like sandboxing. Secure yourself against accidental and malicious data loss with encryption and DLP and archive important emails for compliance and/or storage reasons. On top of that, ensure resiliency with backup to recover from accidental or malicious deletion of data and a continuity service to ensure that critical emails can get sent during an outage. To stop attacks that bypass the gateway, artificial intelligence can predict how likely an email is to be to or from the person it purports to be from. As the last line of defence against email that comes in through personal accounts, it’s critical to turn your users from a liability into a control. Phishing simulation and training makes your executives resilient.

The first step to take, is to really understand and acknowledge the changing email threat landscape. This means understanding that attacks are no longer easy to detect, but instead are now hiding in the shadows and these attacks could be happening in the background without any detection. Once you are aware of these sophisticated and evolving threats, then determine the impact of these threats on your company. Do you currently have solutions in place to handle these sophisticated attacks? Do you have a backup plan if things go wrong? And if you don’t, what could you risk losing? This step means understanding the impact that an attack could have on your employees’ jobs, your company’s bottom line and more importantly, the company’s reputation. After acknowledging the changing threat landscape and determining the impact than an attack could have on your company, the last step is deploying solutions to avoid an attack.

Considering a Barracuda defence strategy?

Barracuda has created a multi-layered threat detection system that has been optimized to be used in the cloud. With Barracuda backup, the control is in your hands. You have the power to choose how you want to backup, how often and how quickly. You can set custom retention policies; you can choose to do automatic or manual backup and even conduct multi selection restores. Below is a summary of some of the defence products they have on offer – you can layer in defence where you need a boost or use all three components for the ultimate in protection.

Barracuda Essentials

Barracuda Essentials provides gateway defences and resiliency. It is a cloud-based solution including multi-layer email security with advanced threat protection, compliance archiving, and Office 365 cloud backup. Essentials is for Office 365, On-Premises, and hybrid deployments and as well for other Cloud Email Services like GSuite. Whatever the customer environment – Essentials fits all configurations. It is an easy to deploy Software-as-a-Service solution leveraging our expertise in Security and Data Protection and is available on a per-user license basis.

Barracuda Sentinel

Barracuda Sentinel stops brand hijacking and catches social engineering attacks, by using artificial intelligence to stop spear phishing attacks without a payload (malicious attachment) that gateway defences miss. Sentinel does this by applying machine learning techniques to build a model of what a “good” email from a specific user is likely to look like. The artificial intelligence has been trained on over 2.5 million mailboxes, and it analyses over 40 features – things like sender, time of day sent, etc. Unlike rules and policy-based approaches, Sentinel is incredibly accurate – with a false positive rate less than 1 in a million. This means that important emails get through when they’re supposed to, while spear phishing attacks get stopped in their tracks.

The second component of Sentinel is brand fraud prevention. Sentinel leverages a standard called DMARC (Domain-based Message Authentication Reporting and Conformance), which builds on two previous standards SPF (sender policy framework) and DKIM (domain keys identified mail) to make sure email is from who it’s supposed to be from. The real value behind DMARC is in its reporting. Sentinel helps you to understand who is using your domain, and by extension your brand. There may be legitimate third parties sending email on your behalf, but the reporting gives you a rich insight into who is using your brand so you can set DMARC to enforce rules appropriately and stop people from misusing your email domain.

Barracuda Phish Line

Barracuda Phish Line is your last line of defence against hard to detect phishing attacks that come in through unsecured channels. It offers power simulation capabilities, that let you test and train high risk users and provides training for your employees to spot and thwart phishing attacks on unsecured personal accounts. By reinforcing behaviour, you turn your users from a liability into strength in resisting carefully crafted and difficult to detect attacks. Phish Line comes with customisable pre-built templates, which means fast time to value, and relevant content based on industry trends and best practices. Phish Line also comes with a large inventory of turnkey content, which means your employees get the relevant training they need quickly.

Final Words

The team at Nexus Fusion hope you have found this blog useful. If you require any more information regarding email security, call us on 01908 760940 or send us an email at sales@nexusfusion.co.uk. If you are interested in any of the Barracuda products, talk to us about your requirements or ask us for a demo of the product. Essentials as well as all other Barracuda products comes with a free 30-day trial, which means that you can see these products working in your own environment before you decide to purchase.