A new innovation wave for email security

The one constant about email security is change. In the past few years, there has been a new wave of industry growth, investment, and innovation, as a response to ever more targeted and sophisticated social-engineering attacks. It’s been a long evolution since the days of the simple email filter. Email security solutions today use sophisticated AI that learns the unique communication patterns of each organization and goes beyond the gateway by leveraging the APIs of cloud email providers.

The recent flurry of investments in next-generation email security startups is no surprise, as the venture capital community is starting to see the need for new ways to protect businesses from social engineering. This trend is further validation of Barracuda’s strategy to provide email security solutions that go beyond the gateway.

Email security is in our DNA: the company was launched to provide businesses with an email security solution that was more intelligent, easy to use and a great value. Barracuda’s first spam and virus firewall product became the world's most widely deployed solution for email security, successfully disrupting a market flooded with outdated solutions by providing a cutting-edge, radically simpler alternative. With more than 1 billion emails protected daily, and more than 150,000 customers in 150 countries, we’re continuing our mission to protect customers, data and applications from today’s advanced threats. Our best-in-breed security solutions help our customers do business efficiently and securely.

Over the last decade, the risk and complexity of email-born attacks have risen steadily. Cybercriminals have shifted their business model: Instead of casting a wide net and hoping that one in a million email recipients will fall for the scam, they launch targeted attacks against larger organizations to monetize with much greater payoffs. With antivirus solutions stopping spam and viruses, attackers started writing custom zero-day malware that could evade traditional anti-viruses. Soon, attackers realized that people are the weakest link in the chain and started launching phishing and ransomware attacks to effectively monetize their efforts.

About three years ago, nearly all high-impact attacks started using social engineering to perpetrate brand impersonation, BEC and account takeover. Attackers realized that, instead of creating sophisticated, zero-day malware in a security lab, all they needed was a well-crafted email to an individual in an organization, impersonating someone in a position of authority. Using such a simple yet powerful form of deception can yield anywhere from hundreds of thousands to millions of dollars from a single successful attack.

With traditional email gateways designed to look for obviously malicious signals, such as malicious files or links pointing to malicious websites, they are ineffective against social-engineering attacks, which often involve just plain-text emails. To make matters worse, today’s attackers are getting into the walled garden of an organization, sending email messages from compromised accounts and wreaking havoc internally. Attackers also use compromised accounts in the organization to launch campaigns against other higher-value targets, such as banks, healthcare companies and government organizations. Such attacks will typically not be blocked by the traditional email gateway vendors because they are coming from high-reputation domains. Barracuda researchers recently analyzed more than 360,000 spear-phishing emails, uncovering some startling revelations: Brand impersonation is being used in more than 80% of spear-phishing attacks and sextortion, a form of extortion, makes up 10% of all spear-phishing attacks.

The evolution and success of social engineering attacks has changed conventional thinking about email security and has accelerated efforts to provide security beyond the email gateway. Barracuda has adapted in response, too. With the acquisition of Sookasa in 2016, Barracuda added innovative cloud-based security technology and expertise, leading to development of groundbreaking integration with cloud applications, including Microsoft Office 365. As a result, in 2017, Barracuda launched Sentinel, offering AI-based protection against spear phishing, account takeover, and BEC.

The idea behind Sentinel is to learn the unique communication patterns of each organization and spot anomalous emails, even if the emails do not contain obviously malicious signals, such as malware or links to compromised domains. Sentinel uncovers threats that traditional email security systems can't, by directly integrating with Microsoft Office 365 APIs to detect attacks coming from both internal and external sources. It uses machine learning to detect signs of malicious intent and deception within every email with virtually no IT administration required. Sentinel is part of the Total Email Protection bundle, which provides multi-layer stack protection. Sentinel is experiencing the hyper-growth and adoption of a successful startup: more than a 400% increase year over year and now protecting more than 2 million Office 365 mailboxes. Total Email Protection also includes Barracuda Essentials for gateway defense and Barracuda PhishLine for email security awareness training.

Taking our solutions one step further, this year Barracuda launched Forensics and Incident Response, an innovative solution allowing organizations to immediately respond to a targeted attack, by remediating email attacks with just a few clicks. Forensics and Incident Response automates a process that can take hours or even days and may consume the work of an entire cybersecurity team. Many customers are already taking advantage of this new protection and it is one of the fastest-growing products in our portfolio.

With the evolving attack landscape, analysts recognize the need for solution providers to drive innovation and take new approaches to address enterprise email security. Barracuda was recently recognized as a Leader in the Forrester Wave for Enterprise Email Security, getting top scores for incident response, cloud integration, deployment options, and customer success. Customers praised Barracuda’s innovation, integration with Office 365 integration and customer support.

Barracuda is thrilled to see the innovation and growth in the email security industry. It’s great to have more peers competing and collaborating in the marketplace, including energetic new startups and not just the traditional email gateway providers. More companies focused on email security means faster innovation and better protection from the most insidious new threats. We hope the entire industry continues this wave of innovation and provides a safer journey for every business.