Traditional email security platforms and applications are located between a network and the outside world and protect that crucial gateway and choke point. They filter incoming e-mail to remove spam and viruses and sometimes prevent things like personal or confidential information from leaving a network in the same way. They are good at what they do, but are becoming less and less effective against things like advanced phishing and targeted imitation attacks. And they do nothing to prevent a number of new types of attacks, such as when a hacker takes over an email account and then sends his malware or phishing attacks internally to other users.
The effectiveness of these so-called gateway devices is known. Review bake-offs often have the best competitors perform with an accuracy of 99.5 percent or higher. It is unlikely that any e-mail with a malicious package, a link to a malware site or other forms of traditional attacks will endure this defense. The problem is that hackers know this and start developing email attacks and new techniques designed to bypass gateway security.
They do this in various ways, but a commonly used technique is sending a highly targeted email that contains no links or malicious payloads that the gateways will detect. Sometimes they pretend to be a colleague or business contact and simply ask the targeted victim to write them back, but to a bill that the attacker controls, which is often camouflaged to look like something else. They can then execute their disadvantages through the established channel or by directing a victim to another, unprotected communication platform. Or they can include a call-to-action in their first e-mail, such as a transfer request, but with bank information in plain text to mislead the filters. And in the newest form of attacks, hackers first work to compromise an internal email account and then use it to launch their attacks, completely avoiding the network gateway.
One of the biggest shortcomings of gateway devices is that they rarely understand the network that they are protecting. Of course, they can find incoming e-mail malware or malicious links, but they don't know that a seemingly harmless e-mail sent from a Gmail account does not really come from the company's CEO. Another shortcoming is that because they are at the gateway, they have no control over internal e-mails and are unable to contact them.
That is why everyone, from the private sector to government agencies, is urgently looking for a way to improve their email security. It is perhaps the next big push in cyber security.
Barracuda Sentinel's email security platform could be a big part of that solution. Instead of sitting at the gate, Sentinel connects at API level with any cloud-based email program such as Microsoft Office 365 that was used for this review. It integrates with every inbox of a protected organization, where everyone receives individual attention, regardless of whether the mail came from outside or the internal network.
Sentinel is offered as a service, with prices based on the number of employees being protected. That way employees can have more than one inbox without increasing the price. Barracuda calls this new form of email security Inbox Defense. It is designed to work with a gateway appliance or other email protection (Barracuda itself offers different gateway defense devices and platforms) and usually focuses on the aforementioned gaps in all gateway platforms.
Setup: training of the AI
Installation of Sentinel could not be easier. After deployment, the service only needs permission from the email administrator to integrate with any existing mailbox at the API level. After this he uses artificial intelligence to dive into the email archives to find out more about the people, patterns and programs used by authorized users. (Finally a good use for all that archived email that accumulates on the servers of most organizations.)