Are you the Next Cybercrime Headline? …and how to make sure you are not! Danny Milrad Director, Product Marketing June 2016 This webinar will discuss the how specific Barracuda products help make your journey to, and experiences with, Office 365 secure, productive, and hassle-free. Let’s take a closer look….today, we’ll look at email security.

Agenda Evolving Threat Landscape Real World Examples How To Protect Your Company Next Steps

It Starts With a Simple Email…

Phase 1: Research Research: The hacker learns as much as possible about the organization. Tracks publicly available information from…SEC filings, social media, news articles, professional networks, etc.

Phase 2: “Gone Phishing” Social Engineering: Psychological manipulation of people into performing actions or divulging confidential information Phishing: e-mail sent that appears to come from a legitimate business—a bank, or credit card company—requesting "verification" of information

Phase 3: Deploy Payload Deploy Advanced Persistent Threat: APT deployed after successful research and phishing APT deposited on target, sits in stealth mode to remain undetected APT will map organization data and defenses Identify who has access to target information

Payload Examples Typosquatting Malware Also called URL Hijacking Notion is to trick the recipient into thinking the link is genuine Dangerous to mobile users Examples: Arnazon.com vs. Amazon.com Bankamerica vs. bankofamerica.com Malware Email may or may not contain content Malware is sitting somewhere in attachment, on site (from link), waiting for a visitor The visitor – the “drive-by” – becomes infected Most Drive-by Malware is Ransomware – unseen until encryption is complete and ransom is delivered Typosquatting – also known as URL hijacking, is a popular means of social engineering, and many people fall for it. The idea behind this is to trick the recipient into thinking the link is genuine and clicking on it. The couple of examples above might seem easy to catch at first glance – but people receive hundreds of emails a day, and if they are reading emails on a cell phone, it’s very difficult sometimes to identify a deliberately malformed link. And once it’s clicked, the damage is done. And what kind of damage is that?

Next thing you know…You’re a Headline!!

FBI: $2.3 Billion Lost to CEO Email Scams Email security is no longer just about preventing excessive spam and viruses – the attacks are real, they are sophisticated, and they are costly. Nearly every day there is a new story about malware – and a lot of it is ransomware, which can cost you dearly.

So how do you protect your company? Educate Your employees are the first line of defense Train them what to look for and what to do Run exercises, have prepared response Be Vigilant Multi-layered Email Security Advanced Threat Detection Link Protection

Comprehensive Email Security Solution Should Have: Inbound & Outbound Email Filtering Identity/Reputation/Connection Management IP Analysis Virus, Malware Scanning Fingerprint, Intent, Image Analysis

Beyond Email Security Bulk email categorization Email Encryption CPL Ability to categorize emails based on type of email: transactional, marketing, social media, corporate, and mailing lists Email Encryption Pull based email encryption No key management required Single account/password will handle manage all encrypted messages from any Barracuda email security solution CPL Barracuda Real Time Protection

Beyond basic email security (cont.) Cloud Protection Layer Pre-filtering for spam and viruses done in the cloud before delivery to the Barracuda Spam Firewall Offloads CPU-intensive tasks like antivirus and DDoS filtering to the cloud Exchange Anti-virus Ability to leverage virus scanning for internal emails

Spear Phishing Protection Sender Spoof Protection Block incoming emails with the same to and from domain Rules to help in blocking spoofing attempts Domain name similarity To and from domain name are the same, but reply-to goes to a different domain including free email addresses Wire transfer fraud through impersonation

Advanced Defenses Phishing, Ransomware, Zero-day attacks On the increase and in the news Microsoft’s Exchange Online Protection doesn’t protect! Advanced Threat Detection (ATD) Sandboxes any suspicious attachments “Detonates” (opens) in sandbox to detect malware Optional for ESS; Standard for Essentials Link Protection Similar to ATD – redirects suspicious URLs to sandbox Detects “typosquatting” (deliberate mis-spellings) Included in ESS and Essentials

Barracuda Threat Intelligence

Barracuda Essentials Cloud-based multi-layer email security, archiving, backuo for email Works with O365, Exchange, Lotus, Google Apps, etc. Compatible with on-premises and hybrid configurations Built on proven Barracuda SaaS solutions Low cost, per user licensing Single SKU for simple quoting/bundling Centralized management Includes 90 Day PST Enterprise Comprehensive security, archiving and backup solution for on-premises Exchange & other Cloud email services Centralized administration through Barracuda Cloud Control Per User Licensing

Centralized Management

Recapping – why comprehensive security? Email is an easy target Everybody uses it Readers follow visual queues Links and attachments are ubiquitous Attackers are sophisticated Malware, such as Ransomware, is sold to attackers Attackers merely need to plant it Once attacked, nearly impossible to de-encrypt Impacted users = bottom-line business costs So why do you care about comprehensive email security? It’s simple – email is an easy target. It’s absolutely critical for business – so everybody uses it. And because people get so much email, they are easily duped by social engineering and by clever hacks. Links and attachments are ubiquitous – again, nobody is unused to seeing attachments nor to clicking on links. The problem is, how do they know this is safe? The answer s, they don’t. Attacks have become very sophisticated, and often appear very innocent. The bad actors creating the malware and the attackers are often different people – one is focused on programming, the other is focused on getting it launched by unsuspecting users. Ransomware is the flavor-of-the-month, because it’s instantly monetized. All an attacker needs to do is plant it – attacks are virtually impossible to reverse. It WILL cost you money.

Is comprehensive security easy to use? It’s virtually automatic You simply turn it on Barracuda does the rest This is modern-day security for advanced attacks Identifies and protects against socially- engineered attacks Provides Link Protection for malware-free URL clicks Advanced Threat Detection examines attachments without risk of malware / infections / ransomware The good news is that comprehensive email security is very easy to use. Because attacks have become so sophisticated, human intervention can no longer be counted upon to identify and stop these threats. So companies like Barracuda are building comprehensive threat detection that is virtually automatic – we do the work, you don’t have to. This is a modern-day approach to today’s advanced attacks. Socially-engineered attacks have little chance of success when the malicious links they depend on are opened in a sandbox, and when malicious attachments are scanned and detonated before they ever reach their targets.

Learn more about Comprehensive Email Security! Talk to your Barracuda Account Manager Talk to your Barracuda Partner Visit: www.barracuda.com/office365 www.barracuda.com/emailsecurity Ask for a demo Free 30-day Evaluation It’s simple – learn more about Comprehensive Email Security. Talk to any of our specialists, and ask for a demonstration. Even easier – sign-up for a free 30-day evaluation, you can do it right from our website. We also have solutions that can run in an on-premises environment, on virtual machines, and in public clouds like AWS or Azure. The important thing is – you need comprehensive protection!

Danny Milrad dmilrad@barracuda.com