Barracuda Email Protection: Features

Barracuda's Advanced Threat Protection (ATP) combines behavioral, heuristic, and sandboxing technologies to protect against zero-hour and targeted attacks. ATP automatically scans email attachments in real-time; suspicious attachments are detonated in a sandbox environment to observe behavior. In addition to blocking the attachments, results are integrated into the Barracuda Real-Time System, providing protection for all other customers

Get more details about Barracuda Advanced Threat Protection.

The Barracuda combats, detects, and blocks phishing attempts by combining anti-fraud intelligence, behavioral and heuristic detection, protection against sender spoofing (i.e., spammers spoofing valid email addresses), and domain-name validation.

Get protection against social-engineering attacks with Barracuda Impersonation Protection

Barracuda leverages the cloud for dynamic, real-time threat analysis, attachment sandboxing, and URL protection, to prevent malware from affecting email users.

A popular method that attackers use to deliver malware relies on URLs that contain malicious code, which can be invisibly downloaded and can trigger a much larger attack. Link Protection automatically rewrites these URLs so that Barracuda can sandbox the request at click time to block malicious links. Rewritten URLs do not expire and function indefinitely.

More sophisticated attackers make clever modifications to URLs, so they look genuine but aren’t. The most common technique is omitting letters or using convincing “typos” that even users who check URLs before clicking often miss. Barracuda’s Link Protection includes typosquatting detection, which automatically identifies and redirects these URLs to our sandbox at click time to block malicious activity.

With a long-standing heritage in spam protection, Barracuda remains the leader in identifying and blocking spam. A comprehensive set of security layers ensures your organization remains productive in the face of evolving threats.

Barracuda identifies email from known spammers and determines whether domains embedded in email lead to known spam or malware domains. It leverages industry-leading techniques that protect against attempts to embed text inside images with the intent of hiding content from traditional spam filters.

As virus attacks become more sophisticated and complex, email infrastructure requires advanced virus protection. The potential for the destruction and release of information or the disruption of a network severely impacts productivity and can lead to financial loss.

Barracuda scans email and incoming files using three powerful layers of polymorphic virus scanning technologies. It also decompresses archives for complete protection. Powerful virus definitions are automatically updated to maintain the most up-to-date protection against email-borne viruses.

Not every attack is focused on planting a virus, getting users to send their credit card numbers, or to click on a malicious link. Often, the objective of the attack is focused on disabling a network or mitigating its effectiveness. As a cloud-based service, Barracuda Email Protection is positioned to stop spammers before they overload your email server.

Outbound filtering prevents your organization from being put on spam block lists and prevents outbound attacks from originating inside your network. Employees can inadvertently cause internal systems to become a source for botnet spam. Using a subset of its defense layers, Barracuda’s outbound filtering stops outbound spam and viruses.

Barracuda Email Continuity Service ensures that email operations continue by failing over to a cloud-based email service in the event primary email services become unavailable. During email server outages, an emergency mailbox allows users to continue sending, receiving, reading, and responding to email.

Barracuda Email Protection is integrated with the Barracuda Cloud Control web-based management portal, which leverages Barracuda’s global cloud infrastructure and provides a global view to centrally manage all of Barracuda’s solutions through a single interface. Barracuda Cloud Control also allows administrators to centrally manage policies and configuration. The simple interface makes it easy for your organization to implement and manage the service with minimal IT overhead.

Our email protection leverages Barracuda Central to identify email from known spammers and determine whether domains embedded in email lead to known spam or malware domains. It is continually updated with intelligence on the latest threats across all threat vectors. Barracuda Central is our 24x7 centralized threat intelligence gathering organization, where the latest threats across all vectors are analyzed and added to our extensive databases. Hundreds of thousands of organizations worldwide provide intelligence to Barracuda Central, and our email security is updated on a continuous basis.

Barracuda can automatically detect and prevent spear-phishing attacks that evade traditional email security systems. Barracuda’s AI engine learns your organization's unique communication patterns and leverages these patterns to identify anomalies and quarantine spear-phishing attacks in real time.

Barracuda automatically quarantines business email compromise attacks by detecting anomalies in the email header and the content of the email. The AI does not require any manual rules or user setup and can detect any type of BEC attack automatically from day one.

Barracuda can detect any type of employee impersonation, including impersonation of executives, as well as mid- and low-level employees. It can detect spoofed emails, typosquatted domains, and impersonation emails sent from free or personal email clients.

By discovering anomalous communication patterns within the body of the email, the link, or the email header, Barracuda can stop zero-day phishing attacks that evade other email security systems. It can detect any type of zero-day phishing attack, including links leading to a fake sign-in page, as well as links to malicious websites.

Barracuda has been trained to recognize and automatically quarantine phishing emails that impersonate web services, such as Microsoft Outlook, DocuSign, and Dropbox. Barracuda AI can prevent web impersonations, even when they use deceptive characters or zero-day links.

Barracuda automatically stops attacks that impersonate employees by spoofing their email address. The AI engine recognizes the anomalies in spoofing emails and quarantines them.

Barracuda AI can automatically predict which employees are likely to be targeted by spear-phishing attacks, based on their role and their day-to-day access to sensitive information.

Customers can report false positives and missed attacks to Barracuda, which are used to retrain the AI classifiers. This enables the AI to continuously improve its precision and adapt its detection capabilities.

The raw data from the AI detections can be exported to a CSV file.

Barracuda Impersonation Protection uses Microsoft 365 APIs to connect directly to your environment. The APIs allow the AI to learn customer historical communication patterns and detect and quarantine emails in real time. It’s a cloud-based SaaS solution that requires no maintenance or installation.

You can set up Barracuda’s impersonation protection in 1 minute by simply signing up and connecting it to your Microsoft 365 tenant. No need to change your MX records or install any software.

The API architecture allows impersonation protection to work with any existing gateway-based email security solution as a last layer of defense for targeted attacks.

The Barracuda AI engine can be applied to historical emails, using the Email Threat Scanner for Microsoft 365. This allows customers to generate a free email-risk report to see which types of attacks aren’t being stopped by your existing systems, understand the value that can provide, and provide ROI for senior executives. The Email Threat Scanner for Microsoft 365 takes one minute to set up and is completely free

Detect suspicious logins by tracking IPs that exhibit suspicious behavior, such as failed sign-ins, and share intelligence across all users and accounts. Track each user’s access patterns and alert IT administrators when Barracuda observes unusual sign-in activity such as from an unusual device or geography. The AI tracks user-level patterns and organization-wide patterns.

By detecting anomalies in internal employee communications, Barracuda can automatically detect when employee accounts become compromised and send malicious emails to internal and external recipients. Administrators get alerted when an account has been compromised, and they can take immediate action.

Barracuda automatically quarantines phishing emails that allow attackers to steal employee credentials and can lead to account takeovers.

Barracuda can automatically identify which malicious emails were sent from a compromised account and flag them for administrators.

Barracuda's account takeover remediation tool allows administrators to delete all phishing emails sent from compromised accounts from employee mailboxes.

Barracuda allows administrators to identify which external recipients received emails from compromised accounts and notify them of the attack.

Barracuda helps administrators lock out attackers from compromised accounts, preventing them from using the compromised account to launch phishing campaigns and forward emails externally.

Changes to a user’s email inbox rules can potentially indicate an account takeover. Barracuda lets IT administrators review and investigate recent changes to inbox rules. The Inbox Rules Change Feed provides visibility across the entire email environment and lets you investigate rules changes for a specific email or account.

Your emails can travel through many different servers before they reach the intended mailbox. Barracuda secures your mail by encrypting it during transport to the Barracuda Message Center, encrypting it at rest for storage in the cloud, and providing secure retrieval by your recipients through HTTPS Web access. Data in motion is secured via Transport Layer Security (TLS) and data at rest is secured via AES 256-bit encryption.

If you are sending a sensitive email, you can manually mark it for encryption. However, you can also create a policy to automatically encrypt emails based on their sender, content and other criteria. Encryption policies ensure that your organization complies with regulations designed to protect customer data, such as HIPAA.

Outbound filtering keeps sensitive data from leaving your organization while simultaneously ensuring that legitimate emails are delivered. At the same time, outbound filtering blocks outbound spam and viruses, preventing your employees or other infected clients from inadvertently sending malicious email, as well as keeping your mail server IP addresses and domains from being listed on spam-block lists.

Employees can inadvertently allow their email to be used for botnet spam. The outbound filter stops outbound spam and the spread of viruses.

Administrators can also create and enforce content policies to prevent sensitive data from being sent by email, such as credit card numbers, Social Security numbers, HIPAA data, customer lists, and other private information. Policies can automatically encrypt, quarantine, or block certain outbound emails based on their content, sender, or recipient.

Barracuda’s domain fraud protection prevents third parties from maliciously spoofing domains. The solution leverages DMARC to gain visibility into legitimate and non-legitimate emails being sent with a particular domain and enables customers to make sure their legitimate emails are delivered correctly while blocking the malicious senders.

DMARC reports are automatically gathered, analyzed, and visualized. Customers simply need to change their DNS record using the setup wizard provided. Barracuda takes care of the reporting and analysis of the DMARC logs.

Customers can get high-level insights on the different email systems sending emails with their domains and gain access to in-depth information, including which IPs are passing and failing DMARC, domain misalignment, and spoofing samples.

Barracuda helps customers correctly configure their DKIM and SPF, as well as troubleshoot common problems in SPF/DKIM configuration, such as domain misalignment.

Barracuda can help customers increase their legitimate email deliverability by ensuring that their emails pass email authentication.

By leveraging Barracuda's IP reputation databases, we can provide detailed information on the source of spoofing emails, including geographic and sender information, as well as samples of spoofing emails.

By leveraging Barracuda's IP reputation databases, we can provide detailed information on the source of spoofing emails, including geographic and sender information, as well as samples of spoofing emails.

Barracuda protects customer brands by ensuring that attackers can’t impersonate domains to trick clients, employees, and third parties.

All DMARC reports can be exported into CSV files.

Barracuda provides flexible controls for pinpoint regulation of online activity. Administrators can create policies that control user access to commonly visited websites using 150+ content categories, including pornography, violence, hacking, sports, news, dating, shopping, chat, and more. Content-filtering policies can be customized to restrict specific websites or URL paths.

Web Filtering Logs show activities related to the filtering policies you have configured. Search includes by user, action, domain, categories, and location.

Interactive reports with multiple layers of drill-down capability can be generated on users’ web browsing activity, time spent online, and by domains and content categories.

Administrators can enable automatic email alerts when there is attempted communication from your network to a known host of ransomware, bots, and other malware.

Users can report phishing and other suspicious emails to their IT administrators directly from the Outlook Essentials Message Actions add-in. This provides end users with a simpler way to report suspicious emails to their IT department. Reported messages will appear in the Incident Response dashboard for IT to review, investigate, and take corrective action.

Incident Response can help you locate potential threats looming in your Microsoft 365 account. Potential incidents comprise two categories:

• Related threats — Threats based on an incident you already created.
• Post-delivery threats — Based on Barracuda’s (community) intelligence on currently circulating threats that might already be present in your inbox.

Incident Response gives you access to Insights to glean more information about email-use patterns. This intelligence can be used to identify anomalies in delivered mail and to uncover instances of phishing attacks that might otherwise go undetected.

Identity all users who received malicious emails and clicked on links, replied to, or forwarded these messages. Automatically send them email notifications with instructions to change their passwords and other necessary remediation actions.

Use Incident Response to identify users that received malicious email and permanently remove malicious emails directly from user inboxes. This action can be taken by an IT administrator without the need to involve end users.

Use Incident Response to identify users that received malicious email and automatically send alerts notifying them of an incident. These emails can be sent in bulk to all affected users.

You can enable Incident Response to automatically remediate email messages that contain malicious URLs or attachments. All user-reported messages are automatically scanned for malicious content. When a threat is detected, all matching emails are moved from users’ mailboxes into their junk folders. Security teams will get an alert notifying them of an incident.

Email attacks come in waves. When you activate Continuous Remediation, Incident Response will continue to delete any copies of the email that appear in inboxes for 72 hours after the initial remediation has completed.

Build custom playbooks to completely automate your incident response process. Admins at any technical level can create a workflow and add complexity by defining a trigger, determining conditions, and assigning the desired actions through a simple user interface.

Incident Response RESTful API (beta) provides remote administration and configuration of Barracuda Incident Response.

Syslog Integration enables you to export your event data to a syslog server or a security information and events management (SIEM) system. With Syslog Integration, you can store your information and use it for tracking, analysis, and troubleshooting.

New content is added, every day creating endless combinations of email templates, landing pages, email account senders, and web server domains. As the threat landscape changes so will our tests, giving you access to the most up-to-date content.

All content can be found in the Content Center Marketplace, a one-stop shop for browsing, selecting, and importing the perfect content to craft your continually evolving campaigns.

Add that special touch by customizing any of the templates, so your simulated attacks come from people in positions of trust, effectively testing your workforce and teaching them to be wary of threats that only your organization may have seen.

In today’s threat landscape, you can be phished from more than just email. Train your team on every facet of threat with Barracuda’s multi-variable campaigns that include Smishing (SMS/Text), Vishing (Voicemail) and Found Physical Media. This unique capability will help prevent users from receiving the same mock phishing template in a campaign and can allow for hypothesis-based testing (A/B tests).

Using the same Smart Attachment technology found in our email campaigns, you can distribute files on portable drives and cards with watermarks in a variety of file formats to track who is willing to plug it into your network. The files won’t cause security problems even if non-employees find them as the content redirects users to landing pages designed to educate on the perils found in anonymous portable media.

Crafting effective scenarios is paramount when developing an effective anti-spear-phishing campaign, especially in long-term approaches where users would start seeing repetitive emails. Prevent that by using Barracuda’s advanced threat simulation features, including time stamping to create a sense of urgency, prompting users to respond before they can think it through, phone home macros, DLP tagging, geolocation, and more. Our patented system allows for multiple combinations of email templates, landing pages, email account senders, and web server domains in a single campaign.

Enable easy tracking of user phishing attempts with the Phish Reporting Button, simplifying the task of reporting possible threats while tying in user reporting to your training regimen.

Why stop at username and email address, when you can test based on location, job function, tenure, privileged credentials, and access to sensitive networks and applications? Barracuda gives you granular control of your reports, such as that your mid-level marketing managers in Kansas are more likely to click a link in an email on Tuesday, as well as testing and education, so your workforce isn’t inundated with emails they shouldn’t get.

More than 16,000 data points are at your disposal with Barracuda’s advanced metrics and reporting. Identify levels of risk at macro and micro levels in your organization, to help expedite remediation while keeping your workforce at maximum efficiency by targeting training to only those who need testing at that moment.

Worried about data leaking from your organization? With Barracuda’s built-in Data Loss Prevention Activator, you can track where those campaign emails and portable media drops go and who accesses it, to know who might leak your company data as well.

Is your workforce leaning hard on whether there’s an encryption symbol next to the URL when they click links in their emails? With HTTPS and SSL landing pages you can collect information from your users without the possibility of people snooping that information and using it against you, while convincing your users that they are safe.

Engage your users and make the cat-and-mouse aspect of security awareness fun by turning the workflow into a game with leaderboards and user-leveling systems. This will help train users to spot and report threats while keeping the idea of spear phishing at the forefront of their mind.

Should a CEO or accounts payable team get the same test as your engineer, nurse, or teacher? With Barracuda, you can issue risk-based surveys that provide unique insights into your user-level security posture. By being better informed about your user-level risk and validating it throughout the year, you will maintain a security plan that mirrors your organizational objectives.

To support your computer-based training initiatives, Barracuda provides supplementary materials, such as two-minute best practice videos covering topics like malware awareness and password security. In addition, there is an array of bonus training materials, including posters, newsletters, infographics, and tip sheets. Barracuda has partnered with several reputable content vendors to augment our built-in content.

Hosting production data in the cloud does not mitigate the need for backup and recovery. Emails and important documents are susceptible to corruption and risk being unrecoverable due to malicious attacks or accidental deletion. Barracuda Email Protection includes Barracuda Cloud-to-Cloud Backup, which protects Exchange Online, SharePoint Online, OneDrive for Business, and Teams data, by backing it up directly to the cloud.

Barracuda Cloud-to-Cloud Backup offers unlimited storage and retention for your Microsoft 365 email, SharePoint, and OneDrive data, including folder structure, attachments, calendars, contacts, schedules, and tasks. Recover individual files and email accounts with point-in-time accuracy, to the same account/location or to a different account/location.

Barracuda provides a cloud-based archive of all email communication, to ensure that you meet demanding business and legal requirements. It follows the accepted “best practice” approach for compliance by archiving an original copy of every email in a separate, immutable store for long-term retention and preservation.

Compliance and e-discovery capabilities provided within Microsoft 365 may be adequate for some organizations, but the “in-place” approach Microsoft takes for long-term email retention and preservation means these capabilities have inherent limitations. They can be complex and expensive to operate and are unlikely to meet the needs of organizations with more demanding compliance and discovery requirements.

Barracuda offers a cloud-based, indexed archive separate from Microsoft 365 that allows for granular retention policies, extensive search, auditing, permissions, legal hold, and export of emails that may be required in e-discovery. Litigation holds preserve email from being tampered with until the litigation hold expires or is removed.

The Barracuda Cloud Archiving Service offers easy-to-use search capabilities, ranging from the most basic search by a user for a misplaced email to advanced Boolean search strategies for an auditor during an e-discovery request.

Microsoft 365 makes email management simpler than on-premises solutions, but you have to get your legacy emails to enjoy the benefits of cloud-based email access. For most organizations, this means a cumbersome process that involves locating countless emails in disparate PST files and migrating them to the cloud.

Scans OneDrive and SharePoint for sensitive information and malicious files. Identify suspicious and malicious files, such as viruses and other types of malware. Find sensitive information, such as credentials, personal data, and financial data, where it exists, and whether it is shared inside or outside the organization.

Allows customers to define their own data classifiers to identify specific information types, such as employee or student IDs, project codenames, or other proprietary information. Enforces user-defined, role-based access control. Advanced encryption capabilities protect document previews from unauthorized access.

Supports all common file types, including Microsoft 365 documents, PDFs, ZIP files, and common image formats. Identifies sensitive information from photos, screen shots, documents scans, etc., thanks to advanced optical character recognition (OCR) capabilities.

Supports automated email notifications for admins and compliance officers when sensitive information is identified. Builds security awareness by notifying users when they store sensitive information in OneDrive or SharePoint. Helps you identify the type of sensitive data immediately. Prevents further proliferation of found data by creating redacted previews.

Full Software-as-a-Service solution — no hardware or software to manage. Takes only minutes to configure and start scanning and adds users automatically. Simple, user-based licensing.

Protect against phishing and block threats at the device level on any mobile device. Users do not need to install or maintain additional software for this protection, which eliminates the exposure associated with unreliable mobile networks and devices.

Enable your organization to create robust access policies and gain visibility into who has access to what Microsoft 365 applications and from where. Set role and attribute-based controls to grant contextual access to trusted users and devices, gain total visibility into access activities, and mitigate risks. With Certificate-Based Authentication (CBA) and dynamically-triggered multifactor authentication (MFA), you can prevent advanced MFA bypass attacks and mitigate breach risk for your employees.

Simplify provisioning for company-owned and employee-owned devices, as well as shared home computers based on app and role. Easily onboard your teams to ensure secure access to apps and web, including one-click user addition and deletion. Set and manage access controls with its policy engine.

Maintain security with continuous assessment of user and device access privileges. Manage global policies such as disk encryption and device screen lock and automatically block access for compromised devices. Improve productivity and remove friction with simple, self-service remediation steps to fix access issues.

Meet SOC Type 2 and other compliance requirements with no extra work. Zero Trust Access creates a clear system of record for your Microsoft 365 applications, delivering streamlined reports of system access across the organization. Manage, track, and verify the who, what, and when of privileged access in one product. Streamline audit and compliance reporting. Get useful insights into endpoint telemetry, define access policies, continuously monitor device security posture, and more.