From days to hours: How Barracuda Managed XDR supercharges email protection for busy IT teams

Email is the most common entry point for cyberattacks. Many, if not most, companies have invested in some level of email protection to prevent email-borne attacks such as phishing from reaching and compromising targets. Email protection continues to advance, harnessing the power of AI to detect previously unknown and increasingly evasive threats hidden deep within documents, images, QR codes, URLs and more.

These advanced email security solutions help businesses protect employees from cyberthreats and from themselves. They can’t provide guaranteed 100% protection because no security tool can — especially when there are people involved and there’s a chance of accidental oversight due to heavy workloads or exhaustion, a lack of expertise or simple human error. IT administrators have many things to manage and monitor, often at the same time, and sometimes all it takes is one overlooked or discounted security alert for attackers to get a free pass into the company network.

IT admins need a safety net. Extended detection and response platforms, particularly those that are backed by a 24/7 security operations center, can provide one.

When integrated with email security tools, they provide a protective backdrop that can respond automatically to suspicious activity, disabling the affected account while an investigation takes place. Here’s a real-world example.

Case study: How hackers make themselves at home

There are estimated to be more than 400 million Microsoft 365 users worldwide, making the platform a highly attractive target for cyberthreats. In 2024, the platform reported more than 600 million identity attacks per day, of which 99% were password-based, amounting to around 7,000 password attacks per second. Our case study company uses Microsoft 365.

One day, an email arrived in an employee’s inbox. Within seconds, the recipient had clicked on the link and started to enter their credentials into what they believed was the legitimate Microsoft 365 login page. It wasn’t.

In fact, the page was a spoofed login page, designed to look like Microsoft’s but controlled by the attackers. The attackers grabbed the credentials and used them to access the user’s account. Within a minute, they’d set up some inbox rules to hide and filter data such as security notifications. 

The company’s email protection tools spotted the anomalous account login, which came from an unfamiliar device and location for that user, and quickly sent a security alert to the company’s IT administrator. Unfortunately, the over-stretched IT admin overlooked the warning.

Days later, the attackers launched a phishing campaign from the compromised account to the company’s suppliers and customers. This finally brought the intrusion to the attention of the IT admin. Within a few hours, the company had addressed the incident. 

Email protection plus Barracuda Managed XDR Cloud Security

Here’s an alternative scenario showing how this incident might have unfolded if the business had installed a managed extended detection and response (XDR) solution with advanced Automated Threat Response (ATR) alongside its email protection.

Managed XDR’s detection capabilities would have spotted the device and location anomalies, leading ATR to immediately suspend the account. This would contain the threat and block the attackers from further activity. The whole incident would be neutralized at the start rather than days later — limiting the opportunities for damage and disruption.

Essential steps for email security

In a world where complete threat prevention can’t be guaranteed, the key to effective security is cyber resilience: the ability to respond to and recover from security incidents. The following best practice steps will help you to build a resilient IT environment and address email-borne threats:

• Deploy multilayered email security. Defense-in-depth is essential for cyber resilience in a fast-evolving threat landscape. Supplement email gateways with AI-powered technology that can look beyond known malicious links or attachments.
• Protect access to employee accounts and company data through multifactor authentication (MFA). A zero-trust strategy is even better. A zero-trust approach will continuously verify identities and ensure people can only access the resources they need rather than everything.  
• Automate threat detection and incident response. This will enable you to quickly identify, remediate and clean up any threats found in users’ inboxes.
• Improve cybersecurity awareness. Continuously educate users about the latest email threats so they know what to look out for and how to report it.
• Secure and back up all data. To avoid data loss as the result of an email-based attack, your data needs to be properly secured, isolated and backed up.

For further information on how Barracuda can help to protect your Microsoft 365 environment, please check out Barracuda Email Protection and Barracuda Managed XDR.