What is the difference between phishing and spear phishing?
Phishing attacks try to steal user credentials by getting victims to click on a link that leads them to a fake sign-up page. Once victims type in their credentials on the fake page, the attackers essentially gain access to a user’s bank account, email or other sensitive data. Phishing attacks are typically sent to a large number of recipients and are usually not personalized to a specific recipient.
Spear phishing attacks are highly targeted and researched personal attacks. They do not necessarily involve a malicious link or attachment. Instead, attackers will send the target a series of innocent-seeming messages in order to trick them into making a wire transfer or sending confidential information. These attacks are difficult to intercept because they do not contain suspicious links or attachments, and are not mass emails that can be matched across many users.
What is Business Email Compromise, or BEC?
In 2013, the FBI began tracking business email compromise (BEC), where attackers target employees with access to company finances and trick them into making wire transfers to bank accounts thought to belong to trusted partners—except the money ends up in accounts controlled by criminals. The scammers use a variety of tactics to fool their victims; however, they typically start with a well-executed spear phishing attack. They might spend weeks or months studying their victims (vendors, billing systems, communications style) and then send an email requesting that some amount of money be sent urgently to a “trusted” vendor. Because of the personal nature of the attack (the familiar vendor, the “authority figure” such as a manager or CEO, the urgent request), legacy email security solutions fail to detect them. The FBI estimates that more than $5 billion has been lost to BEC in recent years.
What do you mean by 'impersonation' attack?
Spear phishing attacks rely on impersonation. The attacker pretends to be, or impersonates, someone you know and engages in conversation to build trust. This conversation frequently takes place over email but can happen over other communications platforms as well (e.g., chat, text messages, social networks). The attackers go to great lengths to pull off a successful impersonation attack, carefully researching personal details of their victims to know things like place of employment, impending transactions, where their kids go to school, who their favorite sports teams are, and so forth. The attacker often engages in multiple messages back and forth before requesting sensitive information (such as credentials, a wire transfer, or employee tax information).
What is DMARC?
DMARC, or Domain-based Message Authentication Reporting & Conformance, is an email authentication, policy, and reporting protocol. It builds on the widely-deployed SPF and DKIM protocols to improve and monitor the protection of the domain from fraudulent email. If it is set up correctly and enforced, DMARC makes sure that only the legitimate owner of a domain can send emails from it. This prevents attackers from sending emails on behalf of domains they do not own ("spoofing"), and therefore eliminates many kinds of phishing and spear phishing attacks. Spoofing can be used both against the owner of the domain and against customers and business partners. Therefore, DMARC is a key component in protecting not only people but also brands.
What is Barracuda Sentinel?
Barracuda Sentinel is the leading comprehensive AI solution for real-time spear phishing and cyber fraud defense. Delivered as a cloud service, Barracuda Sentinel combines a powerful artificial intelligence engine, domain fraud visibility using DMARC authentication, and anti-fraud training for high-risk individuals into a comprehensive solution that protects people, businesses, and brands from these personalized attacks. Barracuda Sentinel integrates with popular communications platforms, such as Microsoft Office 365, to learn each organization’s unique communications patterns. This messaging intelligence allows us to identify anomalies and stop these attacks with zero impact on network performance.
How does the artificial intelligence engine work?
Barracuda Sentinel is powered by a multi-layer AI engine that detects and blocks spear phishing attacks in real time and identifies which employees are at highest risk of spear phishing. We combine information from multiple signals to learn the unique communications patterns of each company and to analyze the content of the messages for sensitive information. Barracuda Sentinel combines this messaging intelligence to determine with a high degree of accuracy whether an email is part of a spear phishing attack.
What happens when a spear phishing attack is detected?
Messages identified as impersonation attempts or spear phishing attacks are automatically moved to a quarantine folder in the end user’s mailbox, and the user and administrator receive an alert about the potential threat.
How does Barracuda Sentinel help with DMARC?
Barracuda Sentinel helps prevent domain spoofing and brand hijacking with a set of tools to help companies implement DMARC. Using Barracuda Sentinel, companies can monitor DMARC data on their domain, and get actionable insight on legitimate and fraudulent usage of their domain.
What type of training is included with Barracuda Sentinel?
Barracuda Sentinel leverages intelligence gathered from our machine learning algorithms to identify high-risk individuals within an organization. Once identified, Barracuda Sentinel offers a set of tools to periodically and automatically train and test the security awareness of those employees with simulated attacks.
Integration with Other Barracuda Solutions
Do I need to have other Barracuda products in place for Barracuda Sentinel to work?
No. Barracuda Sentinel is a standalone product. Because it integrates directly with the Office 365 API, there's no impact on your network performance or existing email security infrastructure. We offer discounts to customers who purchase Barracuda Essentials alongside Barracuda Sentinel.
If I have Barracuda Essentials, do I need Barracuda Sentinel—or vice versa?
Barracuda Essentials and Barracuda Sentinel are designed to be complementary security solutions to keep customers safe and productive in Office 365 environments.
Barracuda Sentinel is a comprehensive AI solution for real-time spear phishing and cyber fraud defense. It prevents personalized attacks that typically do not contain malicious attachments or links.
Barracuda Essentials for Office 365 combines cloud-based security, archiving, and backup for Office 365 environments into a single, comprehensive solution, including:
- Enhanced Email Security augments security for both inbound and outbound email, including enhanced protection from spam, malware, viruses, and phishing emails. We also add a powerful, rules-based outbound email filter to prevent data from leaving your organization, and email encryption for keeping highly sensitive or confidential information safe.
- Cloud Archiving Service leverages Office 365’s journaling feature to ensure that all emails are archived and that they can be easily searched.
- Streamlined Backup and Recovery provides an unlimited cloud backup of all your emails and files, and the recovery process is much simpler and faster than the standard Office 365 recovery process.
Barracuda Sentinel is available a standalone product regardless of any existing email security solutions. It is also available at a discount to Barracuda Essentials customers who want to enhance their security posture with spear phishing and cyber fraud protection.
How much time will I spend installing and maintaining Barracuda Sentinel?
It takes literally two minutes to set up Barracuda Sentinel. Barracuda Sentinel’s API-based architecture has no impact on network performance. It's 100% cloud delivered, without any hardware or software to install or maintain.
Office 365 already has security features. Why would I need additional protection?
It’s true that certain Office 365 plans come with Exchange Online Protection and Compliance Center, which provides an initial layer of security. However, there are no native security features in Office 365 designed to stop spear phishing and cyber fraud.
How do Barracuda Essentials and Barracuda Sentinel differ from Exchange Online Protection?
Barracuda Essentials provides additional layers of security to catch malware and phishing attempts that elude basic Exchange Online Protection. Barracuda Essentials also includes several features that are optional with Exchange Online Protection: advanced threat protection, anti-typosquatting, link protection, and email encryption. Barracuda Sentinel takes that a step further, as a comprehensive solution that guards against highly personalized spear phishing attacks, impersonation attempts, business email compromise, and cyber fraud.
What's Significant About the API-based Approach?
Barracuda Sentinel is the first API-based solution to provide comprehensive protection against spear phishing attacks. We leverage the APIs of popular communications platforms, such as Office 365, to learn each organization’s unique communications patterns to stop spear phishing attacks in real time with zero impact on network performance. This API-based approach is important for several reasons:
- Historical Data: Provides instant access to current and historical data. This historical data is crucial because without understanding the existing communication patterns in the company, it is impossible to detect anomalies and impersonation attempts. Traditional email security solutions would have to collect information for months or years before having enough information to create meaningful profiles.
- Internal Messages: Provides access to the internal communications, which gateway solutions cannot see. The personal nature of the internal communications (“are you at your desk?”) is the weakest link in the success of these spear phishing attacks. Solutions that cannot view/analyze/understand internal communications patterns are useless against these types of attacks.
- Simplified Setup and Management: Very easy to set up and has no impact on network performance.
- Flexible and Comprehensive: Allows for protection across other communications platforms, such as Slack or Gmail, that cannot be monitored via a gateway.