Barracuda Managed XDR uses AI to uncover cyber incidents

IT security company Barracuda has used AI as a powerful security tool to build patterns of normal activity and identify anomalies - leading to the detection of thousands of high-risk incidents in nearly one trillion IT events that were collected.

Barracuda Managed XDR’s AI-based pattern analysis detected and neutralised thousands of high-risk incidents. It shows how AI used as a powerful security tool could become a new solution for enterprises moving forward.

Similar reports have recently highlighted how AI could work to prevent malicious cyber activity, citing the importance of businesses, regulators and government bodies continuing to implement ‘AI-for-good’ strategies.

Identity abuse cyberattacks becoming more sophisticated over time

Between January and July 2023, Barracuda’s Managed XDR platform collected 950 billion IT events from customers’ integrated network, cloud, email, endpoint and server security tools.

During this time, Barracuda uncovered that the most widely encountered high-risk incidents (threats that require immediate defensive action) involved a type of identity abuse. These attacks have become increasingly sophisticated over time, but they were spotted and blocked by the Managed XDR platform with the aid of AI-based account profiling.  

These cyber events include logins, network connections and traffic flows, to email messages and attachments, files created and saved, application and device processes, changes to configuration and registry and any specific security warnings. 

0.1% of these events (985,000) were classed as ‘alarms’ and activity that could be malicious and required further investigation. 

Out of these, 1 in 10 (9.7%) was flagged to the customer for checking, while a further 2.7% were classed as high risk and passed to a SOC analyst for deeper analysis. 6,000 required immediate defensive action to contain and neutralise the threat.

The most common high-risk detections by Managed XDR

Managed XDR uncovered that ‘impossible travel’ login events are part of the most frequent high-risk detections in the cyber landscape. Impossible travel events, according to Barracuda, occur when a detection shows a user is trying to log into a cloud account from two geographically different locations in rapid succession.

It is often a sign that a ‘bad actor’ has gained access to a user’s account and the company has detected and blocked hundreds of attempted business email compromise (BEC) attacks.

Additionally, Barracuda cites ‘Anomaly’ detections as significant as these identify unusual or unexpected activity in a user's account. 

These could include rare or one-off login times, unusual file access patterns, or excessive account creation for an individual user or organisation. Detections like this could indicate malware infections, phishing attacks and insider threats and the team has issued over 400 alerts for this kind of activity since January 2023.

Finally, it cites malicious artifacts as significant as they identify communication with red flagged or known malicious IP addresses, domains, or files. This can also be a sign of a malware infection or a phishing attack, according to Barracuda, who suggests that businesses quarantine the computer and investigate the infection. 

Cybersecurity in a rapidly evolving threat landscape

Although AI can be used in an ethical way, there is a darker side to AI systems as they can be used with malicious intent by cyber attackers.

Organisations have already highlighted issues surrounding AI activity in line with cyber fraud and criminal activities with high levels of sophistication. Barracuda highlights how generative AI tools can create highly convincing emails that closely mimic a legitimate company's style, making it much more difficult for individuals to discern whether an email is legitimate or cyber fraud.

As cyber threats have become increasingly more sophisticated throughout 2023, ensuring safety and integrity of sensitive information within businesses has become a top priority.

Barracuda Managed XDR suggests robust authentication measures, such as multi-factor authentication at a minimum but ideally moving to Zero Trust approaches, as well as continuous training resources at all levels, particularly with regard to phishing attacks. 

Merium Khalid, Director of SOC Offensive Security at Barracuda, told Cyber Magazine: “Everyone has a distinctive digital profile in terms of how, where and when they work. If an IT event falls outside these pattern perimeters the AI-based detection triggers an alert. 

“However, while AI can significantly enhance security, it can also be used for malicious purposes – to create highly convincing emails or adapt malicious code to specific targets or changing security conditions, for example.

She continued: “To secure your organisation and employees against rapidly evolving, increasingly intelligent attack tactics, you need deep, multi-layered security that includes robust authentication measures, regular employee training and software updates, underpinned by full visibility and continuous monitoring across the network, applications, and endpoints.”

******

For more insights into the world of Cyber - check out the latest edition of Cyber Magazine and be sure to follow us on LinkedIn & Twitter.

Other magazines that may be of interest - Technology Magazine | AI Magazine.

Please also check out our upcoming event - Cloud and 5G LIVE on October 11 and 12 2023.

******

BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.

BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.