AI-enhanced email threats poured in. Barracuda stopped the flow.

There were two jobs: Responding to thousands of email threats and closing the security gap that allowed them in.

Takeaways:

• BNBuilders faced a huge wave of advanced, AI-enhanced email threats.
• Barracuda Email Protection delivered the incident-response capabilities needed to remediate thousands of attacks.
• A Microsoft 365 feature, Direct Send, enabled some malicious emails to bypass the email gateway.
• Barracuda support engineers identified and resolved the issue, shutting off the flow of advanced threats.

A fast-growing commercial building contractor with offices across the West Coast, BNBuilders was still using the older, open-source, on-prem email security tools that served it well when it was a smaller company. But as time went on and the company grew, things kept breaking, and the number of email-borne threats was rising steadily. Security became too time-consuming, and it couldn’t scale as the company needed it to.

Finally, the IT team and company leadership decided to implement a modern, robust email security solution. They chose Barracuda Email Protection, part of the comprehensive BarracudaONE cybersecurity platform. Years later, they’ve never considered moving to another vendor.

“I finally wasn’t babysitting those unreliable old systems. Instead, we had a cloud-hosted solution that … was simple and intuitive to use, and completely reliable. … Over the years, as threats evolved, so did our Barracuda Email Protection capabilities.”

— Anthony Albano, IT Director, BNBuilders

Get the full story here, including how Barracuda helped identify and fix a crucial setting that was letting some email threats bypass the gateway.

Battling a wave of next-gen threats

In spring 2025, Anthony and his team upgraded their BarracudaONE cybersecurity platform to implement the full set of Barracuda Email Protection capabilities, including advanced incident response automation, cloud-based backup for Microsoft 365 data and email, security awareness training, and more. But shortly thereafter, the threat environment changed.

“We started getting hundreds, and eventually thousands of AI-generated phishing emails every day. And they were incredibly hard to respond to efficiently. Every subject line was different, so our older tools couldn’t mass-pull them. Sender names were spoofed as the recipient, so we couldn’t use that info. Each message’s malicious link was unique too.”

— Morgan Tickner, Information Security Specialist, BNBuilders

Anthony and Morgan decided they needed to really dig into what Barracuda Email Protection could do. They soon found that the platform’s automated incident-response capabilities were far more flexible and powerful than they’d realized. Once they set it up and put it to work, they were able to detect and remove thousands of malicious emails from user inboxes with very little effort. See how in the full case study.

Eliminating the problem at the source

Even though they had gained the ability to respond quickly and effectively to malicious emails, they still had a problem: How were so many of these emails getting past the email security gateway and into users’ inboxes?

Barracuda support came to the rescue. After a brief investigation, our support engineer figured out that a setting in Microsoft 365 called Direct Send was enabled by default, and that it allowed emails with sender addresses spoofed as coming from internal servers to be delivered directly to user inboxes without filtering.

(For details on this setting, how to disable it, and why you might prefer to leave it enabled, see this article, and this one, from Microsoft.)

Get the full story in this case study, and discover all the ways that BarracudaONE and Barracuda Email Protection made BNBuilders’ infrastructure more secure while also dramatically reducing the amount of time and effort required from Anthony, Morgan and their team. And like them, you may also decide that Barracuda is the kind of long-term cybersecurity partner your organization needs.