Traditional email protection platforms and appliances sit between a network and the outside world, shielding that critical gateway and chokepoint. They filter incoming email to weed out spam and viruses, and sometimes also prevent things like personal or confidential information from leaving a network the same way. They are good at what they do but are becoming increasingly ineffective against things like advanced phishing and targeted impersonation attacks. And they do nothing to prevent some new kinds of attacks, like when a hacker takes over an email account and then sends their malware or phishing attacks internally to other users.
The effectiveness of these so-called gateway appliances is well known. Review bakeoffs often have the top competitors performing at 99.5 percent accuracy or higher. It’s unlikely that any email with a malicious package, a link to a malware site or other forms of traditional attacks are going to make it through those defenses. The problem is that hackers know this and have started to develop email attacks and new techniques designed to circumvent gateway protection.
They do this in a variety of ways, but one frequently used technique is to send a highly targeted email that is void of any links or malicious payloads that the gateways will detect. Sometimes they pretend to be a colleague or business contact and simply ask for the targeted victim to write them back, but at an account that the attacker controls, which is often camouflaged to look like something else. They can then run their cons using the established channel or by leading a victim to another, unprotected communication platform. Or they can include a call to action in their first email, such as a request for a money transfer, but with bank details provided in plain text to fool filters. And in the newest form of attack, hackers first work to compromise an internal email account and then use that to launch their attacks, avoiding the network gateway entirely.
One of the biggest shortcomings of gateway appliances is that they rarely have any insight about the network they are protecting. Sure, they can find malware or malicious links in incoming mail, but they don’t know that a seemingly innocuous email sent from a Gmail account isn’t really coming from the company CEO. Another shortcoming is that, because they sit at the gateway, they have no control over internal emails and are in no position to ever come in contact with them.
Because of this, everyone from the private sector to government agencies are urgently searching for some way to boost their email security. It may well be the next big push in cybersecurity.
The Barracuda Sentinel email protection platform could be a big part of that solution. Instead of sitting at the gateway, Sentinel connects at the API level to any cloud-based email program like Microsoft Office 365, which was used for this review. It integrates with every inbox from a protected organization, giving each one individual attention, whether or not the mail came from the outside or the internal network.
Sentinel is offered as a service, with pricing based on the number of employees being protected. That way employees can have more than one inbox without raising the price. Barracuda calls this new form of email protection Inbox Defense. It’s designed to work in conjunction with a gateway appliance or other email protection (Barracuda itself offers several gateway defense appliances and platforms) and mostly concentrates on the aforementioned gaps in all gateway platforms.
Installation of Sentinel could not be easier. Once employed, the service will simply need permission from the email administrator to integrate with every existing mailbox at the API level. After that, it will dive into the email archives using an artificial intelligence to learn about the people, patterns and programs used by authorized users. (Finally, a good use for all that archived email that piles up on the servers of most organizations.)