Barracuda strengthens email security against rapidly advancing attacks

Barracuda has introduced Integrated Email Protection, a new integrated cloud email security solution designed to safeguard Microsoft 365 and Google Workspace against threats that are no longer limited to reaching the inbox. The company considers this launch a new phase: email has become an operational layer where users, automation, and artificial intelligence interact, and attacks can evolve even after the message has been delivered.

The announcement comes with an important warning. According to Barracuda Research, a modern email attack can escalate from initial phishing to identity theft, bypassing multifactor authentication, and compromising an endpoint within minutes. The company also notes that one in seven compromised accounts is already used to launch new attacks—a pattern that could increase as attackers incorporate more AI-driven automation.

From inbound filtering to continuous response

For years, email security was straightforward: block spam, detect malware, filter suspicious links, and thwart impersonations before the message reached the user. This approach remains necessary, but it is beginning to fall short against attacks that evolve after delivery, exploit legitimate accounts, or rely on stolen credentials.

Integrated Email Protection aims to address this with a more continuous logic. Barracuda claims the solution detects, reevaluates, and remediates threats throughout the attack lifecycle—not just when the email enters the inbox. This includes the ability to recover messages after delivery, which is crucial when a URL becomes malicious hours later or when a seemingly legitimate account is compromised.

The solution is part of BarracudaONE, the platform that consolidates telemetry from email, identity, network, data, and applications. The goal is to correlate signals across different domains to better assess risk and respond more quickly. In security, such correlation can make a difference: a suspicious email carries less weight if linked to anomalous login activity, permission changes, or unexpected activity on an endpoint.

CapabilityWhat it offers
ICES ProtectionIntegrated cloud email security
Continuous DetectionThreat reevaluation before and after delivery
Autonomous RemediationElimination or containment of messages and risks
CompatibilityMicrosoft 365 and Google Workspace
No MX changeAPI-based deployment without altering email flow
BaileyAI assistant explaining decisions and actions
MultitenantDesigned also for MSPs
BarracudaONECorrelation with identity, network, data, and application signals

One practical aspect of the announcement is the API-based deployment, which requires no changes to MX records and does not interrupt the email flow. For many organizations, especially SMBs and teams with limited technical resources, avoiding complex migrations can be as important as the detection capabilities themselves.

AI for attacking, AI for explaining

Barracuda presents Integrated Email Protection as a response to the age of agentic AI. The term may sound ambitious, but the concern is concrete: attackers can use automation to create more personalized campaigns, quickly move compromised accounts, test bait at scale, and chain attack phases with less human intervention.

The company aims to differentiate itself not just by automating responses but also by explaining what its system has done. That’s where Bailey, its AI assistant, comes in—offering simple-language explanations of decisions made. Barracuda states that Bailey can unify results from Microsoft 365, Google Workspace, and Barracuda’s own platform within a conversational interface, and also explain why decisions might differ between providers.

This is valuable in real operations. Automation can save time, but it often faces resistance if it acts as a black box. IT teams need to know why an email was quarantined, why a delivered message was removed, or why a URL is considered malicious. If the tool allows clear review or reversal of actions, adoption becomes easier.

Barracuda also introduces a unified quarantine that consolidates Microsoft quarantined emails within its own console, with automatic rescanning before releasing messages. This can reduce the effort of switching between panels and help maintain a more consistent security posture, especially in environments where Microsoft Defender is present but may not cover all operational needs.

MSPs at the center of the design

Integrated Email Protection is designed for both single-tenant and multi-tenant environments—a key point for Managed Service Providers. MSPs often manage many clients simultaneously, each with different maturity levels, policies, and risk exposure. In this context, misprioritized alerts waste time, and manual investigations reduce margins.

Barracuda claims its solution allows for faster identification, investigation, and risk elimination across client portfolios. The promise isn’t just improved detection but also simplified operations and demonstrated value through integrated reporting. Among the new features is a value report quantifying threats blocked before, during, and after delivery.

Measurement matters because email security often suffers from perception issues: when everything works, it seems like nothing is happening. Showing what threats have been blocked, what has been remediated after delivery, and how much manual effort has been saved helps justify investments, both for end enterprises and managed services.

Barracuda also states that its Barracuda IQ engine draws from extensive threat intelligence and analyzes around 1.5 billion URLs daily. This highlights the scale of the problem: email can no longer be protected solely with static rules, blacklists, or ad hoc reviews. The rapid pace of malicious URLs, compromised domains, and baiting tactics requires continuous review of what previously seemed safe.

A defense more aligned with real attacks

Barracuda’s announcement aligns with a broader cybersecurity trend: email security is merging with identity, XDR, data protection, and automated response. It makes sense. A phishing attack rarely ends with the email—if successful, it leads to credentials, MFA, sessions, internal apps, data, and endpoints.

Therefore, modern email security is moving away from a simple gateway to a response platform. Detecting the initial email is important, but so is understanding what user actions followed, whether logins occurred, which accounts were compromised, whether internal emails were sent from compromised accounts, and what messages should be recalled from other mailboxes.

The challenge will be balancing automation with control. Tools that respond too late are ineffective against fast-moving attacks. Those that act too aggressively risk interrupting legitimate communication. Explainability, reversibility, and visibility will be essential for teams to trust increasingly automated decisions.

Integrated Email Protection doesn’t eliminate the need for good basic practices: training, phishing-resistant MFA, access policies, permission reviews, backups, and incident response. But it does reflect a harsh reality for many organizations: email remains a primary attack vector, and attackers no longer wait for security teams to manually review every threat.

Frequently Asked Questions

What is Barracuda Integrated Email Protection?
An integrated cloud email security solution aimed at protecting Microsoft 365 and Google Workspace from modern threats.

How does it differ from traditional email filters?
It offers continuous protection that detects and remediates threats throughout the attack lifecycle, even after email delivery.

What role does AI play in the solution?
AI is used to prioritize threats, correlate signals, automate responses, and explain decisions through Barracuda’s AI assistant, Bailey.

Why is this important for MSPs?
Because it’s designed for multi-tenant environments, allowing management of multiple clients from a single platform, reducing manual investigation and operational load.

Does it require changing MX records?
No. Barracuda indicates it deploys via API architecture without any MX record changes or disruption to normal email flow.

via: es.barracuda

Scroll to Top