The ability to respond to successful cyberattacks

Emanuela Puglisi, Senior Channel Business Sales Manager DACH at Barracuda Networks

Email security now involves more than just defending against cyber threats. Rather, it is also about being able to react quickly and effectively when a threat makes it into the email inbox, because even the most advanced security measures are not 100 per cent secure. Malware, phishing and social engineering are constantly evolving, and while security tools adapt to these developments, attackers in turn

looking for new ways to circumvent these protections. That’s why security managers need an approach that combines prevention with the ability to respond quickly and at scale to incidents. Ideally, this approach should be automated to more efficiently locate, contain and neutralise threats without the need for human intervention and without disrupting day-to-day business.

Protection is more than just prevention

The primary purpose of email security solutions is to detect and block email-based threats before they reach the recipient’s inbox. However, in today’s rapidly evolving threat landscape, there is always a risk, however small, that a threat will make it this far. When it does, acting quickly is crucial. An attacker can use every minute of access to a compromised account to move laterally on the network, distribute malware, steal sensitive data or compromise business processes.

Manual response processes can be inadequate in such cases. They are resource-intensive, relatively slow and probably not available 24/7. It can take IT managers hours or even days to detect a security breach, identify affected users, isolate malicious emails and take appropriate action. This costs time and resources that could be better used for value-adding activities. The solution to this challenge lies in the automation of incident response processes – a fast and effective approach to countering threats that make it into the company via email, stopping them from spreading and isolating them in time to protect users and sensitive data.

Why automation makes sense

Automated incident response avoids the limitations and potential errors of manual email security processes. Automation also provides the scalability needed to manage a significant number of incidents, even for organisations with limited IT resources. Most automated incident response solutions provide IT managers with advanced tools for proactively searching for and analysing threats. These tools combine insights from user reports of suspicious emails with open source information to help IT security professionals correctly assess the likely risk and impact of an incident. Malicious emails are then automatically and promptly removed from the

inboxes of the affected users. Response guides also help to further optimise the corresponding processes by executing predefined actions based on predefined events and conditions.

In addition to improved email security, automating incident response also offers concrete business advantages. Faster responses to email threats, for example, can significantly reduce the risk of business interruptions and the associated damage. IT managers can increasingly focus on strategic priorities again, rather than on repetitive tasks. Not only does this increase efficiency within the company, but fewer manual processes also reduce IT and IT security costs.

Integrate incident response into a solid email security strategy. Automated incident response is a critical component of basic email security, but it is not the only one. Other key elements include:

• A high-performance email security solution with advanced identity theft protection
• and AI-powered capabilities to detect new and sophisticated
• threats
• Strict multi-factor authentication policies and access controls to
• protect applications and content from unauthorised access
• Regular training for employees to raise awareness of the
• latest threats
• Clearly defined processes for identifying and reporting suspicious emails
• All these elements protect a company from most threats that can reach the company
• via email. But remember: defenders have to be successful every time,
• attackers only need to be successful once. With automated incident response, this success for the
• attackers is pushed back even further.