Now Reading
AI Can Identify Impersonation Attempts & Stops Attacks In Real-Time: Hatem Naguib, Barracuda Networks

AI Can Identify Impersonation Attempts & Stops Attacks In Real-Time: Hatem Naguib, Barracuda Networks

Hatem Naguib Barracuda

India reportedly saw the second-highest in the number of cyberattacks between the year 2016 and 2018. Additionally, the average cost for a data breach in India has also risen to 7.9% for the last two years. With such a threat in hand, making the internet a safer place for businesses and citizens is extremely crucial. Even the Indian government is unveiling an official cybersecurity strategy policy in January next year.

Considering, business leaders are aggressively worrying about data security, the cybersecurity industry is developing new technologies to mitigate the emerging threats targeting segments such as email security, data protection and cloud security. Detecting the vulnerabilities and exploits on each of these platforms is at the top of the industry’s schedule. New-age technologies like artificial intelligence (AI), machine learning (ML), and big data will be integrated with threat intelligence to address the threats appearing at various levels like endpoints, networks, devices, containers and the cloud.

According to a report, the global market for AI cybersecurity market is projected to grow at an astounding compound annual growth rate of 36% to reach $18.1 billion by the year 2023. These technologies would help the industry to address massive security requirements for building smart cities. Many companies are likely to invest in dedicated security and incident response teams to protect their infrastructure.



In the wake of such a cybersecurity revolution, Analytics India Magazine reaches out to Hatem Naguib – COO, Barracuda Networks, to know the significant developments the industry has made in order to prevent and control the new age cyber-attacks.

AIM – With the advent of even newer technologies, what are the biggest challenges in the cybersecurity space right now?

Email and internet-facing applications will continue to be the top threat vectors as we head into the coming year. Unfortunately, many organizations still have inadequate protections in place. Email threats evolve quickly as attackers tend to find new ways to evade traditional email security solutions, so businesses will require to turn to more advanced protection layer that can keep up with the changing dynamics of the industry. Web application security is also often overlooked because most organizations don’t have the resources or skills which are required to manage the solutions properly. Additionally, many customers presume that their hosting service supplies this protection, however, they may cover some, but not all their requirements. A continuing trend towards cloud-based and as-a-service application security solutions will also help make this more accessible for a broader number of organisations.

Finally, as more and more customers start to leverage public cloud infrastructure and solutions, human error will continue to be the primary source of breaches, leading to misconfigurations and overlooked vulnerabilities. CISOs will need to understand the proliferation of privacy and compliance laws that are being proposed and implemented globally. CISOs are also required to continue to make sure that they are effective enough in driving support for key security initiatives, capitalizing on the attention raised by increasing security concerns.

It will be increasingly important for security executives to focus on how to integrate security into their company culture so that everyone in the organization understands their roles in keeping the company secure.

AIM – What is the role of machine learning in cybersecurity?

ML introduces intelligence to an organization’s first level of defence against cyber threats, and it also enables organizations to deploy that intelligence across all the major categories of security tasks. ML technologies are used to process large quantities of data enabling them to make predictions and identify anomalies. It can also reduce the amount of time spent on routine tasks, which in turn enables organizations to use their resources more strategically. 

Cybersecurity systems utilize ML technologies to analyse patterns and prevent similar attacks. With machine learning, cybersecurity teams will become more proactive in preventing threats and responding to active attacks in real-time. All in all, ML makes cybersecurity simpler, more effective, and less expensive. However, the future of cybersecurity is about man and machine – using both their strengths. Machines will perform heavy tasks like data aggregation, pattern recognition, and providing insights, while humans will make key decisions.

AIM – How AI identifies and prevents cyberattacks? Also, what is the scope of AI beyond traditional security measures?

Defending against attacks launched using AI models is, of course, going to require organizations to have access to AI models of their own to defend their organizations. To stop impersonation, one must understand the internal patterns, who’s talking to whom, when, how frequently is the conversation happening, is it typically one way or not, and of course which email addresses are they using.

Having said that, an AI engine ingests many signals related to the metadata of the message and its content, which allows it to determine with a high degree of certainty, whether the message in question is spear phishing. The AI engine is powerful because it identifies impersonation attempts and stops the attacks in real-time. It also gives a view of those individuals who are at the highest risk of both being impersonated and being targeted. The trouble is that building these AI models not only takes a lot of time and effort, it also requires organizations to have access to massive amounts of data to teach the machine and deep learning algorithms employed to create the AI model to recognize cybersecurity attacks.

The more challenging aspect is that the cybersecurity attacks gets evolved on those AI models, and therefore needs to be constantly updated. AI applications are only as good as the algorithms on which they are based, and those algorithms require access to massive amounts of data to identify patterns. 

It should combine three dedicated layers of defence: 

  • Artificial Intelligence (AI) Real-Time Spear Phishing Prevention
  • Domain Fraud Visibility and Protection
  • Anti-Fraud user training

AIM – What are the types of AI applications being used in cybersecurity solutions?

The new age social engineering attacks such as spear phishing, vishing and smishing — which are on the rise — usually tend to manipulate users in a more convincing way. They are undetectable and tend to get complete access to the system, which makes them a potent threat. 

Barracuda’s total email protection provides comprehensive protection against such attacks, the powerful engine has a traditional gateway layered with an AI application that defends the network against the phishing attacks, and will prevent many of these attacks from ever getting into the system. It combines a complete email protection portfolio in a single bundle, which makes the email safe through email-filtering, spam blocking, encryption, archiving, and backup. It also protects users and data from targeted spear-phishing attacks, and account takeover with an AI engine that detects threats that traditional email gateways cannot. Additionally, it has an automated incident response, which provides remediation options to quickly and efficiently address attacks.

AIM – How is Barracuda staying ahead of the competitive security game?

Barracuda always strives to protect customers, data, and applications from today’s advanced threats by providing the most comprehensive and easy-to-use IT-security platforms. The continued shift to managed services and the public cloud will definitely create a significant market opportunity for channel partners that are prepared to provide security solutions for the as-a-service approach. 

Sophisticated and targeted attacks like spear phishing and business email compromise are fast-growing threats, and they present an opportunity for channel partners to provide innovative solutions that can detect these types of attacks and automate incident response, helping customers respond faster. Web application security presents another market opportunity that we aim to help our channel partners tackle in the coming year. 

A recent report from Gartner showed that roughly only 10 per cent of public-facing web applications are protected by firewalls. Therefore, this is a huge, gaping hole in organizations’ security posters. Many of the current application security solutions are too complicated for most organizations to deploy and manage, and despite the business having a solution in place, it usually isn’t properly configured, which leads to vulnerabilities. We plan to work together with our channel partners in 2020 to help close this gap by providing customers with cloud-based application security solutions that are easy to configure, deploy and manage.

AIM – How phishing and account take over is continuing to be one of the biggest concerns for enterprise? 

Email account takeover represents a growing threat to businesses, and cybercriminals are evolving in using these attacks innovatively. Attackers are frequently using compromised accounts through an email account takeover to launch lateral phishing attacks. An email account takeover, the attackers use legitimate enterprise accounts, which they’ve recently compromised, to send lateral phishing emails to an array of recipients, ranging from close contacts within the company to partners at other organizations. Because attackers send these lateral phishing emails from legitimate accounts, they can effectively fool many existing email protection systems and unsuspecting users. Barracuda’s research has recently uncovered fresh insights on email account takeover and lateral phishing.

See Also

We provide several innovative tools, such as the Email Threat Scanner and the Cloud Security Scanner, which channel partners can use to help show customers email threats and the vulnerabilities that exist in their public cloud environments. We also plan to build more tools like that to make it easier for channel partners to really understand customers’ environments and illustrate where their security weaknesses lie.

AIM- Can you elaborate a little bit on the concept behind the Barracuda Forensics and Incident Response?

No defense can detect 100% of email attacks, when malicious emails get through admins need to react. For many organizations security incident response is a slow, and a manual process. Addressing incidents and cleaning up can take hours if not days. Admins need to identify and verify security incidents, search through the server for malicious messages, evaluate malicious messages and links, remove malicious email from the user’s inbox and the re-set passwords. Failure to go through a thorough incident response process often results in further spread of the attack.

When a malicious email is reported to IT, Barracuda Forensics and Incident Response let them immediately search all delivered email, by sender or subject, to identify all internal users who have received it. Automated response lets you then remove all instances of the threat-bearing email. In addition, you can automatically deliver alerts to affected users that warn them about the threat or provide other instructions. It also lets you identify the users who actually opened the malicious link. It can then automatically deliver instructions to update passwords or take other required actions to limit the spread of the attack. These users can also be assigned to enhance security awareness training to prevent future incidents. 

The market response of Barracuda Forensics and Incident Response is very positive as the establishment allows businesses to find the emails that slip through the filters, and remove them as needed. When a suspicious email is reported, they can begin to and sometimes completely remediate the environment quickly – making it a big win for IT and security teams.

AIM – Can you provide us with some real-world use cases of AI being paired up with security applications?

In the past few years, there has been a new wave of industry growth of investment and innovation, as a response to ever more targeted and sophisticated social-engineering attacks. It’s been a long evolution since the days of the simple email filter. Email security solutions nowadays use sophisticated AI to learns the unique communication patterns of each organization and goes beyond the gateway by leveraging the APIs of cloud email providers.

Barracuda Sentinel is a security solution designed specifically to protect companies from phishing and account takeover attacks. It integrates directly into Office 365 and works silently in the background to learn the unique communication patterns of your company. This allows the product to identify and stop communication anomalies like a spear-phishing attack.  This is real-time protection against email threats also gets through the traditional security gateways. Barracuda Sentinel also helps organizations to fight phishing and spear-phishing attacks by using AI to scan email communications and identify malicious activity. 

For example, if someone is impersonating your boss via e-mail, Sentinel can use identifiers like location, time of communication, and keywords to determine that the email is malicious. This can help to prevent phishing and hacking attempts and the service can remove harmful emails automatically. Unlike traditional email security gateways, Sentinel can remove malicious emails directly from user’s inboxes.

AIM – What are Barracuda’s 2020 plans?

In 2020, we plan to continue to invest in innovative solutions powered and designed to protect our customers for life. Our goal is to make it easier for customers to deal with an evolving threat landscape, and keep up with the rapid pace of attacks while helping to build a safer world for all of us. By investing in the development and expansion of solutions that take prevention, detection, remediation, and automation to the next level, we can help make it faster and easier for customers to remain secure. We are committed to making this type of investment across all our product areas, from email security to network application, and also cloud security. Attackers are getting more sophisticated every day, and we want to arm channel partners and their customers with the tools they need to keep up.


Enjoyed this story? Join our Telegram group. And be part of an engaging community.


Provide your comments below

comments

What's Your Reaction?
Excited
0
Happy
0
In Love
0
Not Sure
0
Silly
0
Scroll To Top