Steven Peake | Barracuda Networks | IP Expo

Avatar Ben Fower | 08/11/2018

Steven Peake from Barracuda Networks joined us at IP Expo to talk about business security and email protection. Hosted by Bill Mew and Jillian Kowalchuk.

Bill: Next up we have Steven Peake from Barracuda Networks.

Steven: Hi, how you doing?

Bill: Steven, very welcome. Thank you for joining us. Please introduce yourself and tell everybody a little bit about Barracuda.

Steven: Yeah. Okay. So, I’m Steven Peake. I’m a system engineer within Barracuda. I go out I talk to end-users. I work with our Channel Partners to, if you like evangelise about Barracuda and what we do. Barracuda are a security firm with three tiers of product really. Network and security, we have our email protection piece and we have a data protection element as well. So, the largeness of that I think I want to talk a bit about email protection if I’m very honest.

Bill: Yeah. Yeah, lead us in there.

Steven: I guess from Barracudas perspective, we’ve been in email protection 15 years and email was a technology that was designed and built when there really wasn’t any risk in technology, nobody really knew about viruses all…

Jillian: …reply all or send all

Steven: Yeah, reply all send all, malware to all these…

Bill: …Phishing.

Steven: Phishing, everything. Yeah, these just didn’t exist and so over time these threats have evolved and Barracuda came to form if you like because we were needing that defence. We needed a way to stop these new attacks that were been delivered over email. The challenge that’s then brought is that we’ve ended up with the threats evolving also, as we move forward and we create a defence so that the attackers move forward again and so over 15 years this has continually evolved.

Bill: It’s an evolving arms race they’re arming themselves with the latest greatest technology just as quickly as the white hats are trying to do the same thing.

Steven: Yeah, exactly. Exactly. And so, so what we’ve seen is we’ve developed Gateway Technologies as its know that we’ve helped businesses defend against the mass spam. You know the Arabian prince who wants to give you many many dollars?

Jillian: Yeah

Steven: They’re really simple to defend against so things moved on and then a number of years ago the phrase of ransomware was really sort of the buzzword if you like in the industry and this is still a threat that’s out there today. But again, we’ve got very good at actually detecting what causes that and so we’ve now moved on and we’re now looking at other new versions of attacks. Very much spearfishing is the growing attack because it relies on the one person that we can’t add technology to and that’s a human being. You know that they’re trying to trick the human being into doing something and making that mistake that ultimately gives valuable information, credentials, access to an account. So it’s a real challenge. I mean, recently Barracuda had some research completed and we found that 80% of businesses today still believe email is the biggest Threat Vector, which is huge when you think networks are so distributed and there are so many web applications out there, and apps on phones, yet email is still their largest concern of having that malicious element.

Bill: Obviously given the fact that you can protect all the silicone out there, but it’s a carbon life-form that is our main problem, the users. What are you doing in terms of adding training and helping clients to address that particular problem?

Steven: So, Barracuda believe in a tiered approach to protect, protect businesses, so, it’s great having the technology and the technology in itself needs to be layered. Okay, so it’s no good just having one element or one protection against one threat to know there are multiple threats layered on top of each other. So, you need multiple defence layers also. When that technology maybe misses or doesn’t quite succeed in its aim, then yes, the human being is the person that we have to look at. What we do there and what we believe in is about user awareness and education, we do that through simulation and point in time education. So, if we can pretend to be the bad guys and without harm deliver a spear phishing campaign, and when our user then falls for that we can educate them there, then that education message for businesses is far more powerful than just trying to send an email saying hey you need to be aware of phishing attacks.

Jillian: Yes.

Steven: It doesn’t really have weight, that it has at that point in time.

Bill: But at least if they’re responding to one of your test spear phishing elements then they’re immediately educated and, that is a safe environment. then no harm has happened because it will be the reverse. They might not only make that mistake and be unaware of it, they might repeat it.

Steven: Exactly at the end of the day what we’re trying to do is educate users in a safe environment. That’s what it is about when it’s not a safe environment and it’s a real spear phishing attack well that has consequences to business. There is a growing trend for what is known as an account takeover attack and this trend is growing and growing and growing and this is about trying to get yourselves, for instance, to submit your user credentials for your email into a falsified website for instance. Once they have those credentials they can ultimately compromise your email. So we get business email compromisation going, on at that point that attacker can pretend to be you.

Jillian: Yeah, identity theft.

Steven: Why can’t we go and…

Bill: …and send stuff to all people who would trust you?

Steven: Exactly, exactly at that moment, they’ve got access to your account. They are then trusted, people believe it’s you and not an attacker at that point you’re legitimate.

Jillian: Yeah

Steven: So that is a trend that is going and increasing over and over and over. The adoption of cloud services makes this type of attack easier for the attacker to perform because cloud services are available from everywhere as a challenge.

Jillian: And so when you are, you know, giving these dormant viruses or spamware to people to know how to combat it, do you think that actually is part of the future? to make sure that people are prepared, like fire drills.

Steven: Absolutely. Yes, without the user awareness and education training elements. Then technology is great. Okay, technology solves 90-odd percent of the challenge, but technology is not perfect. We all know this, plus the attackers will evolve, we learn how to defend against one attack. They will evolve that attack and move it forward. And so, having the user educated, having that fire drill mentality really does help them defend when that attack moves on to something new and interesting for the attacker. I think also you’ve got the elements of analysis outside the back of the simulation as well. So, simulation and education is great, but actually, from a business perspective, you want the analytics out of the tool or what technology you’re using to be able to understand whether you’re good or bad. Is your training and awareness program working?  Do you need to expand the training awareness and awareness program? Posters in the office as well and a bit more of a physical presence or is just doing simulation a real driver for understanding.

Jillian: And how much communication do you have between other providers that are doing similar things in protecting? To stay ahead of the trends to identify what other problems might be coming down the pipe of instead of being in that reactionary?

Steven: So Barracuda have our threat Network.

Jillian: Okay.

Steven: Nearly all of our devices out there. We cover multiple tiers of Technology if you like all of our devices, feedback information and, feed into our threat intelligence network. that way it allows us to learn and understand a single user can see a new threat, but we can learn about the threat very quickly and push that out to our user base which then, ultimately means they’re protected and because we’re not just looking at the network we’re looking at the web applications. We’re looking at email internet traffic. So, when people are going on the internet and looking at various sites, we have a really round view to build that threat understanding.

Bill: There’s also information sharing between all the white hat phones out there when they’re new threat emerges information. because most of you are all on the same side, and actually there’s also a mirrored collaboration on the other side where the black hats find a vulnerability they tend to share it fairly widely and they have commercialised it in almost as a scary a way as you give

Steven: Yeah exactly. I mean, obviously we’re all in it to help companies and make people secure. Like you say the reverse is the same on the attacker side email attacks, phishing attacks, they’re businesses now. These are companies. They have finance departments, HR departments, they have call centers, you know that they are not a single individual sat up in a bedroom. Doing a simulation of attack or generating a whole load of spam. It’s a true business nowadays. There’s real money for the attackers to benefit from.

Bill: You can’t underestimate. None of us can afford to be complacent in any way.

Steven: Exactly, the business we found from the research we carried out is that the cost of these attacks for businesses is increasing so not they’re not necessarily paying ransoms for instance. So, if they then get hit by ransomware attacks, they’re not necessarily having to pay the ransom as it is guided by law enforcement. The recommendation is you do not pay for these attacks. But you have to have a recovery process in place.

Bill: Restoring from back-up.

Steven: Restoring from back-up exactly.

Bill: Dealing with any of the business disruptions the reputational damage that is multiple

Steven: And that’s where the cost comes in, it’s time, it’s the effort to recover, it’s the distraction of the IT departments having to do recovery and not working on the next project that moves the business forward, the reputation damage is huge for businesses are suffering these types of attacks. If your brand is then used to then perform another spear phishing attack or another spam of time. Then you’re in this world of you’re losing your brand reputation and that brand reputation can be more valuable than any individual. So, it really does have an impact not just on the technology level.

Bill: Yeah, in terms of the event here. Are there any big announcement that Barracuda are making at the minute? Do you have your colleagues are presenting here today?

Steven: So, I presented yesterday. We’re actually here in IP Expo with a number of our partners. We’ve done quite a lot of sponsorship of the events. We’ve taken a networking bar on and various bits so as in line with our partners that were here with, we’re helping them on their stands, were talking to businesses and customers about how we could potentially help them. How we can potentially solve their problems, particularly around Office 365, which is a great subject to be talking about. Lots of businesses are moving to Office 365 at the moment.  An on-note discussion and part of that is we’ve done a couple of presentations on them on the partner stands to really talk about how our email protection suite of products can help their businesses defend against the growing threats and this threat is still seen as the primary way of getting malicious and spear phishing email into the business

Bill: And you’ve identified spear phishing as one of the big threats of today?

Steven: Yes.

Bill: What are we looking ahead at tomorrow?  What are the big threats on the horizon that are keeping you awake at night?

Steven: It’s account takeover. So, spear phishing is a delivery method if you like, it’s a way to get past the security fences. Once they successfully phish credentials for instance, then they take the compromised account. How do you understand when that account is compromised? How do you understand when the behaviour changes of that account? So really, it’s that account takeover attack that really is the future of what we’re seeing and what we’re currently doing at the moment is delivering products that help businesses respond to the attacks and respond quickly because the longer the attack is not detected the more damage that could potentially have.

  • © 2019 - 2020 COMPARE THE CLOUD LTD. All rights reserved.