Connect with us

Hi, what are you looking for?


Artificial Intelligence

Barracuda Launches AI-based Spear Phishing Detection

Barracuda Networks this week announced its new Sentinel product: an artificial intelligence (AI) powered spear-phishing and business email compromise (BEC) realtime detection and prevention solution.

Barracuda Networks this week announced its new Sentinel product: an artificial intelligence (AI) powered spear-phishing and business email compromise (BEC) realtime detection and prevention solution. It marks the second company in a week, following GreatHorn, to use AI to combat social engineering.

“The threat has grown exponentially over the last few years,” Asaf Cidon, vice president of content security services at Barracuda, told SecurityWeek. “According to the FBI’s latest figures, more than $5 billion has been lost to BEC fraud between 2013 and 2016 — with a 2,370% growth in spear-phishing between the beginning of 2015 and the end of 2016. BEC has become so pervasive because it is simple to do: anyone with an email account and a little on-line research into the target can produce a compelling fraudulent email.”

Not only is BEC easy to produce, it is also hard to detect. While many other email-based attacks include a payload — from a link in the body to malware in the attachment — BEC fraud has neither. It relies entirely upon social engineering that traditional defenses cannot detect.

“This problem led us to build Sentinel,” said Cidon; “an AI-based platform for real-time spear-phishing and cyber fraud defense. It relies on three individual layers to provide a comprehensive solution: artificial intelligence for fraud detection; DMARC for protection against domain spoofing and brand hijacking; and simulated attack training for identified high-risk staff.”

The AI layer is the most important, he suggested. With access to millions of mailboxes, Barracuda has taught its AI to recognize fraudulent emails. It does this in two ways. Firstly, it fingerprints communication patterns within the customer organization. It learns, for example, how the CEO normally communicates with the finance team. Deviations from this pattern — such as the sudden use of an email address not used before — immediately flag the communication as worrying.

But Sentinel also analyzes the email content for style. In an example given by Cidon, the AI engine detected urgency (use of the word ‘need’, and termination with a question-mark) and sensitivity (use of ‘bank transfer’). ‘Urgency’ is an archetypal element of social engineering. When the content analysis is coupled with the metadata fingerprint, other indicators such as the use of an external email address in either the from or reply-to fields are sufficient for the AI to recognize and quarantine the fraud.

The second layer of Sentinel sets up DMARC (Domain-based Message Authentication Reporting & Conformance) to prevent outbound domain spoofing. One common technique used by criminals is to spoof the organization’s domain in order to send apparently official messages to customers and partners to steal credentials and gain access to accounts. This layer of Sentinel helps prevent spoofing-based spear phishing and brand hijacking.

The final layer is anti-fraud training for high risk staff. The AI part of the product is used to identify high risk personnel. The product then offers a set of tools to periodically and automatically train and test the security awareness of these employees with simulated spear phishing attacks.

Advertisement. Scroll to continue reading.

Sentinel currently works with Office 365. However, Barracuda also offers a set of APIs designed to make to make the functionality easily extensible beyond email to additional messaging platforms such as G Suite, Slack, social media, and others: “In fact,” said Cidon, “to any platform used by organizations for business communication.”

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.


Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.


People on the Move

SaaS security company AppOmni has hired Joel Wallenstrom as its General Manager.

FTI Consulting has appointed Brett Callow as Managing Director in its Cybersecurity & Data Privacy Communications practice.

Mobile security firm Zimperium has welcomed David Natker as its VP of Global Partners and Alliances.

More People On The Move

Expert Insights