Business email compromise (BEC) attacks are some of the costliest cybercrimes companies face now. In BEC attacks, criminals impersonate a legitimate email account and use it to send messages that appear to come from a known source. For example, they may send an invoice with an updated mailing address, request that an employee with purchasing authority buy gift cards or transfer funds or ask clients to wire payments to a phony account.
These attacks can be challenging to detect and prevent because they appear to be from a trusted source and generally do not include malicious attachments. They rely on psychology to be effective – users will generally trust an email that looks like it came from a colleague or a vendor.
Stopping these types of attacks requires a high level of visibility into email traffic and the ability to respond rapidly to suspicious activity.
Why a Managed SOC Makes Sense
A 24/7 Security Operations Center (SOC) can play a crucial role in defending against these attacks, but most companies lack the staff, know-how and technology to create an effective SOC. Offering SOC as a service can help MSPs monitor and secure multiple client networks, in the cloud and on-premises from a central location, but SOCs are difficult to establish and expensive to operate.
A SOC is a 24/7 commitment, and given the shortage of cybersecurity professionals, even a large MSP would be hard pressed to establish these types of services from scratch. However, by partnering with a technology provider like Barracuda, MSPs can tap into a platform that provides automated monitoring across multiple clients and the ability to identify a wide variety of threats. For example, the Barracuda SKOUT Managed XDR solution includes wraparound SOC services without the headache and expense of cobbling together a DIY solution.
Barracuda acquired SKOUT cybersecurity in 2021, which added extended detection and response (XDR) capabilities to its product line, which it offers to MSPs as a managed solution. As a result, MSPs can access around-the-clock monitoring and response without the costs and headaches of setting up various security tools, threat intelligence and machine learning capabilities, and staffing and training security teams to stay ahead of ever-changing cyber landscape.
Barracuda SKOUT Managed XDR allows MSPs to offer wraparound SOC services to their clients. With a SOC, MSPs can help clients proactively detect malicious activity and adjust defenses in response to new threat alerts. The SOC can also identify vulnerabilities before an attack and conduct detailed analysis following a breach.
Leveraging a SOC also allows companies to benefit from software tools to help identify potential BEC attacks. For example, these solutions can automatically check inboxes for BEC keywords, deleted messages, and other tell-tale signs. They can also watch for new mailbox delegates or forwarding rules to external addresses, unusual geolocation data for logins, and other suspicious activities.
A well-run SOC partner will also stay up to date on new threats and utilize analysis tools to continuously improve the performance of the security infrastructure by analyzing daily usage data and information about previous attacks. This makes it easier to sort out suspicious email activity from normal communications.
Leveraging an outsourced SOC provides security benefits without requiring the client to dedicate IT resources to these daily security tasks. In addition, it helps the MSP provide 24/7 monitoring and response without bogging down their team with time-consuming mitigation and investigation tasks.
In the case of the Barracuda SKOUT Managed Email Protection offering, the SOC includes a team of security experts to detect and respond to email threats and a holistic global threat detection network consisting of a threat database and artificial intelligence-based software for analysis and resident security analysts and engineers. It also enables centralized security policy management and provides MSPs with a central dashboard for monitoring activity across the client base.
As the number of BEC and other phishing attacks increases, a managed SOC offering will help MSPs and their clients consistently identify and block these increasingly clever cybercriminals.
Adam Khan is Vice President, Global Security Operations for Barracuda.