Critical email security data is now accessible through an integration with Barracuda and Amazon Security Lake

Companies continue to be severely impacted with sophisticated phishing and impersonation attacks that originate in email. Cybertalk reported that roughly 90% of data breaches occurred on account of phishing, and that 65% of attackers leveraged spear phishing as their primary attack vector. Yet email security data and telemetry has been traditionally siloed in specific email solutions, forcing security analysts and CISOs into overly complicated workflows to perform threat detection and incident response whenever email attacks are involved.

We are excited to announce that Barracuda Email Protection security findings can now be integrated into Amazon Security Lake from Amazon Web Services (AWS) via a real-time data stream. The impact is significant — not only is complexity and cost reduced, but customers can respond faster to security issues and address a variety of security use cases such as threat detection, investigation, and incident response with a complete picture of their entire threat landscape.

Last August, AWS partnered with a number of cybersecurity providers to build the Open Cybersecurity Schema Framework (OCSF) standard. The goal of OCSF was to provide a more approachable solution to the significant efforts required today to normalize data across multiple sources and thus obtain a holistic view of an organization’s security environment. 

OCSF provided a unique opportunity for Barracuda to standardize the massive amounts of email attack data we collect. In fact, Barracuda was involved with the creation of the actual email-related activities in the OCSF schema. For this data to be truly useful, Amazon Security Lake provided the missing link here — the ability for organizations to easily aggregate and manage their email security data along with the rest of their security information.

Benefits of integrating email security data into Amazon Security Lake

The value of incorporating email threat data into Security Lake is three-fold. First, by pulling all security data together in a single cohesive site and under a single framework, aka “language,” the time it takes organizations to respond to threats is reduced — they are spending less time normalizing data. Second, organizations’ ability to create effective detections is increased, not just because they can more easily get to the data, but because the data is that much richer. And finally, a single data source and common schema reduces the learning curve across all security teams.

Organizations get a more complete picture of all their threat vectors when email security data is included. Inclusion of this data in Security Lake makes it available to any other security solutions and AWS Services that support OCSF. This can substantially reduce complexity and costs and address a variety of security use cases such as threat detection, investigation, and incident response. This single schema allows for faster analysis of the data, as well as integration to other Amazon partner solutions that support OCSF.

“We’re very excited that the integration of Barracuda Email Protection with Amazon Security Lake is now generally available,” said Fleming Shi, CTO of Barracuda. “Customers who take advantage of this integration will have optimal access to the data from their email threat vector, which can provide timely and actionable signals to their existing security tools, ultimately achieving greater efficacy with threat detection and incident response. The integration will also help reduce reliance on sifting through tons of log data and the risk of missing critical recovery objectives. Overall, it will help companies increase their ability to prevent cyberattacks from advancing and essentially shut down the attack chain.”

Amazon Security Lake is a purpose-built data lake for security data, built in the customer’s account. The data lake is backed by an Amazon Simple Storage Service (Amazon S3) bucket and organizes data as a set of Lake Formation tables. Barracuda Email Protection supports sending events to Amazon Security Lake in real time when new phishing email attacks are detected. Through Amazon Security Lake, Barracuda Email Protection customers can use this data along with the security and analytics solutions of their choice. Supported functions range from simple in-place queries to ingestion of this OCSF-compliant data to build more extensive threat matrices and scenarios.   

Security professionals will likely see a correlation between Mitre’s ATT&CK and OCSF. The former, developed by not-for-profit Mitre Corporation, is a highly popular framework that currently supports a wide number of sub-techniques. However, it is a proprietary schema controlled by Mitre, and security experts have long recognized a need for vendor-agnostic and extensible schema that can evolve with the market and at the pace at which threats and products evolve. OCSF addresses that, particularly across the broad range of key security providers who have already adopted OCSF. CSO Online’s August 2022 article on OCSF provides an excellent overview on the strategy and vision behind OCSF, and Paul Agbabian’s December 2022 GitHub post provides a detailed look at the OCSF.

For more information on how you can use Barracuda Email Protection OCSF data with Amazon Security Lake, please visit https://campus.barracuda.com/to/emailprotection-awssecuritylake. Customers not already leveraging Barracuda Email Protection can visit the Barracuda website or the AWS Marketplace to learn more about Barracuda’s comprehensive Email Protection solutions.