With the constantly evolving threat landscape and a crippling skills shortage, enterprise security is stuck between a rock and a hard place.
In an exclusive interaction, Hatem Naguib, SVP & COO Barracuda Networks, throws light on how something so simple, yet so sinister constitutes for over half the cyber-attacks monitored globally – email.
Naguib tells us how the hugely-famous, but rarely successful ‘Nigerian prince’ rip-off has evolved to a stage in which one doesn’t have to be a super-smart hacker to launch an attack – thanks to the dark web.
Over the course of the discussion, it becomes evident that while the CISO’s job has gotten harder, it has never been easier for the hacker.
The good news though, Naguib highlights, is that cybersecurity has now become the center-point of every discussion and a board-level concern.
In your point of view, what are the biggest challenges in the cybersecurity space right now? How prepared is the enterprise in fending against the increasingly complex attacks?
There's a huge shortage of security professions in the world – we're not training enough, we're not getting them out to the market. And this is making it very difficult for customers to set up the right levels of protection.
On the other side, the threat landscape has evolved dramatically. So it doesn't take more than a teenager to take information from the dark web, create a kit, launch an attack and be able to extract information. It doesn't require sophisticated methods of attack or a highly skilled hacker.
We're seeing criminal enterprises leveraging access to IP, accessing people's personal information, and then using that technology for ransomware and targeted attacks on customers.
Hackers have figured out how to leverage the same technologies we've been using for business in order to automate, orchestrate and extract information.
People are losing their jobs at the highest levels over security breaches. Individuals are frustrated with security challenges – not just from their companies, but from their governments as well.
A recent Barracuda report reveals that 59 percent of the attacks that you monitored was a result of spear phishing. Could you elaborate on this, and what is Barracuda doing to counter spear phishing?
The classic email gateway solutions use several layers of capabilities to see where an email is coming from and asses if it's spam, a virus or a zero day.
“The global threat intelligence layer we add to all our products uses IP addresses, semantics, and orchestration and categorization tools, helping customers with the threat intelligence we capture.”
Barracuda did something very unique: We took the corpus data – data that we accrued from 60,000 email customers, processing a billion emails a day, and built a solution that allows us to predict the characteristics of what a spear phishing attack would look like, based upon the type of email a company uses.
We analyzed companies' inboxes and defined 15-17 characteristics by leveraging AI and ML to actively predict, in real time, when a spear phishing attack is happening.
What we noticed is that certain individuals had a higher propensity for being used in a spear phishing attack. Companies all over the world were dealing with these types of attacks where classic email security technologists failed to identify or predict attacks.
This technology actually became even more powerful when we added the ability to understand account takeover. The solution has proven to have a very high accuracy - it's higher than 99.5 percent right now.
Which areas of enterprise security is Barracuda setting sights on?
One of the pillars that builds our strategy is on collaboration email. We know email has become a highly vulnerable component to customers' threat landscape, primarily because it's the No.1 communication channel that businesses and individuals use.
It is extraordinarily easy to socially engineer and perform attacks through emails. Many of the customers get the first taste of cloud on Office 365 or Gmail.
The second area is network and applications. The classic network infrastructure is protected by a firewall. We add an additional capability – we look at distributed enterprises as well. It's intended for customers who have multiple sites, needing access from anywhere and are digitally transforming and building applications.
Additionally, we also have a global threat intelligence layer that we add to all our products so that all our customers can benefit from the threat intelligence we capture. We use IP addresses, semantics, and orchestration and categorization tools. So if a customer in the US is attacked by spam, we can target that IP address and protect a WAF customer in India.
How is Barracuda staying ahead in this intensely competitive security space? Could you tell us how Sentinel gives Barracuda that winning edge?
We have a full portfolio of capabilities, we don't just give you a firewall. We leverage our history, experience and expertise that comes from hundreds of engineers all over the world.
The second, and more important aspect is that it is in our DNA to build security solutions that are consumable. We targeted small and medium businesses because they face the same security challenges.
So they don't have three weeks to set up an email infrastructure or deploy a WAF that's overly complicated.
Barracuda Sentinel leveraged 2.5 million mailboxes and capabilities to build a learning model that could determine the 15-20 characteristics of a company's emails – it studies when it was sent, who sent it, the tone of the email, are they talking about money, etc.
All this information can be used to holistically determine whether a certain type of attack is occurring. It also has the ability to extricate that email from the inbox, even before the customer gets a chance to see it.
We also added a third capability – forensics and incident response. The forensics tool in Sentinel reduces the time from weeks to minutes. It will go through all the environments, identify the problematic emails, change passwords in case of an account takeover, it changes the game for an admin and helps plug the breach.