Barracuda Advanced Threat Protection (BATP)
Strengths: Ransomware defense in depth that fits almost any environment – from the datacenter to the cloud to Office 365. Website and documentation is solid, if occasionally challenging to find except at the individual product level.
Weaknesses: If there is a weakness, it is that the product suite is challenging to deploy.
Verdict: This is not for the faint-hearted, but if you opt for this you can be assured that it and Barracuda will serve you very well, indeed.
When we looked at this we were surprised at the configuration. For example, we had not thought of a next generation firewall as a defense against ransomware. However, on further consideration we decided that it isn't really the firewall that's doing the work all by itself. It is the combination of tools that does the trick. This is a three-phase system. It deals with the attack phase, the infection phase and, if all else fails, the recovery phase.
Barracuda is well-known for its ability to manage emails and, in fact, that is a critical first step to managing ransomware. The tool looks for known malicious and typosquated addresses. The company partners with a third party to manage the malware with emphasis on heuristics. But should the malware make it to the computer, the solution interdicts the communication with the command-and-control server as the downloader attempts to fetch the ransomware. Of course, it's possible that all will fail and the infection will start before the tool can stop it. In that case, as we've seen, it may be necessary to roll back some encrypted files to their pre-encryption state. The backup system does that.
The system is managed through a cloud portal and that is where we started our evaluation. The landing page is what you're expect for a solid, competent product. From here you can manage accounts, devices, groups and users. We especially liked the reporting. There are lots of details available starting with a very high level overview: are we looking at something malicious, suspicious, or clean?
From there we get a deeper dive into the ransomware. This draws on advanced anti-virus analysis, behavioral heuristics and sandboxing. The ATD (Advanced Threat Detection) reports show all of the clean, suspicious and malicious email attachments for the selected period, including a summary and a list of individual reports that go into greater detail on the attachments.
There is a version of this product suite, called Barracuda Essentials for Office 365, specifically for MS Office 365. While it is functionally similar it is specifically molded to the needs of Office 365 users.
This is not a simple system. But it is a system recalling the days when we preached - as we should continue to - defense in depth. This is a collection of very specialized tools, tightly coupled to perform a number of tasks, important among them, managing ransomware. This is not a ransomware management tool exclusively and to get the most out of it you really need the whole kit.
Of course, at this level comes some complexity in deploying and configuring the products that make up the suite. We found deployment in our lab quite challenging and we learned quickly that missing some of the tools exposed part of the ransomware management process to possible failure. So our advice is to plan your deployment very carefully and get all of the help you need from Barracuda. Don't skimp on the tool set and don't skimp on the planning, setup and configuration. This could allow ransomware to leak through to your users.
Standard support is 8/5 but 24/7 is available as an enhanced service.
But, if you do your due diligence, you'll have a very serviceable environment that handles ransomware and other problems very nicely. This is, however, an ecosystem in itself and that, perhaps - along with its biggest challenge - is its greatest strength.