Barracuda has been protecting our customers from email attacks for over a decade. Our award-winning Email Security Gateway has been the flagship of this line of defense for nearly 15 years. What started out as a robust spam filtering solution has advanced into a powerful, proactive system that attacks email-borne threats before they ever reach our customers' networks.
We didn't just add new technologies to our threat detection and mitigation systems. Over the years we added new ways to deploy and manage our solutions. We offer our email security solutions as physical and virtual appliances, public cloud deployments, and hosted solutions in Barracuda Essentials for Email Security and Barracuda Essentials for Office 365. All of these solutions are centrally managed in one easy to use cloud-based platform. One of the foundations of our business is making it easy for our customers to leverage our email security expertise.
Today we are proud to announce a new layer of defense for Office 365 deployments: The Barracuda Email Threat Scan. This email security tool is a cloud-based service that identifies latent threats in corporate email environments. This differs from our Advanced Threat Protection service in that it is looking for threats that already reside in your email environment.
When we think of email-borne threats, we commonly think of spam and phishing, or the attachment that blows up when opened. We generally notice these things when they arrive in the mailbox. These attacks are still legitimate concerns, but the latent threat is also very real and dangerous.
The latent threat is one that gets introduced into the email system, from an external or internal source, and hides itself until it's ready to work. It may be waiting for a particular date to activate, or it may be quietly gathering intelligence on the victim's network. For example, this banking heist used latent malware that resided on the victims' systems for an average of 42 days before the thieves took action. This time was used to gather data, learn business logic, and develop a sophisticated and successful attack. Latent threats such as this are known as Advanced Persistent Threats (APTs).
Detecting latent threats is a priority for all corporate environments. In fact, the 2014 Sony Pictures hack was considered a “perfect” example of an APT at work:
“It has everything: A determined attacker with a motive monitoring the victim’s network for a long time, learning all the details, and planning carefully where and when to strike. More importantly, the victim did not pay enough attention to securing its systems properly.
“These attacks are also not about one single threat. It is about the attacker persistently trying to get into your systems, trying different ways, different malware, different exploits, or an altogether different technique, such as social engineering, or even combining all of them,” he added.
“If you want to fend off these threats, you need to have people capable of detecting a perpetrator sneaking around in your systems. If you rely only on ‘static’ software solutions, those can and will be eventually bypassed by the attacker. It is always easier to attack than defend,” he said.
Furthermore, a recent Barracuda analysis of 20,000 Office 365 mailboxes found that 93% of accounts had at least one APT. That same analysis showed an average of 125 threats per account
Microsoft also recently announced that they are working on advancing their own APT protection tools. Windows Defender Advanced Threat Protection (WDATP) will be integrated with Office 365, so that threats residing in Office 365 can be detected and removed. This Microsoft integration will be in preview sometime in 2017, but you don't have to wait that long to scan your email infrastructure for these threats.
Barracuda Email Threat Scan for Microsoft Office 365
The Barracuda Email Threat Scan for Office 365 will evaluate your corporate Office 365 infrastructure and build a report that helps you understand your email security posture. Highlights of the report include a threat overview, a user snapshot, and remediation guidance.
After the scan
Once the Email Threat Scan is complete, you'll want to review the report for any immediate action you may need to take on threats already present in your system. This pdf checklist outlines the steps to take after the scan. This checklist will help you remove the threats and put you in a position to prevent them going forward.
Once this is done, you'll want to take a look at adding Advanced Threat Protection (ATP) to your email protection. Barracuda ATP does the following:
• Protects against zero-hour, targeted attacks
• Provides protection against ransomware variants including Locky and CryptoLocker
• Offers real-time email attachment scans
• Sandboxes attachments to identify threats before delivery
Barracuda Essentials for Office 365 is available in multiple configurations, including three that provide Advanced Threat Detection:
Advanced Email Security: Includes email threat protection such as spam filtering, virus protection, malware protection, outbound filtering, and more.
Advanced Email Security and Compliance: Includes all of the above and adds our innovative Cloud Archiving Service, which provides hosted archiving and eDiscovery of email.
Complete Protection and Compliance: Email protection, Cloud Archiving Service, and our Cloud Backup Service. This Cloud-to-Cloud Backup option protects your Office 365 email and OneDrive for Business. Read more about this on our blog here and here.
Sign up here for a comprehensive and free Email Threat Scan. Our solution specialists are available to help you with the scan and the report. If you're at Microsoft Ignite, stop by our booth #2445 to have someone on our team get you started.
For more information on our solutions for Office 365, visit our corporate website here. For more on the new Email Threat Scan, see our press release here.
Christine Barry is Senior Chief Blogger and Social Media Manager at Barracuda. Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years. She holds several technology and project management credentials, a Bachelor of Arts, and a Master of Business Administration. She is a graduate of the University of Michigan.
Connect with Christine on LinkedIn here.