Innovative AI-based pattern analysis bolsters cybersecurity against hackers. (Pexels)

Barracuda’s 2023 Security Report Shows AI Stopping Hackers

Febin MathewSeptember 3, 23 Artificial Intelligence, cybersecurity

Barracuda Networks, Inc., a leading provider of cloud-first security solutions, has announced a significant achievement in the first half of 2023. Utilizing their AI-powered pattern analysis through Barracuda Managed XDR, they effectively identified and resolved numerous high-risk incidents from a massive collection of nearly one trillion IT events.

The power of artificial intelligence

Artificial intelligence (AI) has demonstrated its power by recognizing patterns of normal behavior and reporting anomalies. This exceptional feature turns it into a formidable security tool when dealing with attackers trying to exploit compromised accounts with valid credentials.

Spotting red flags

In the first six months of 2023, the top three high-risk detections included “Impossible Travel” check-in, “Anomaly” detection, and Communication with known malicious objects. These threats require immediate defensive action.

“Illegal trip” login detections occur when a user logs into a cloud account from two very distant locations in quick succession – locations that cannot be reached in such a short time. While this may sometimes involve the use of a VPN, it often involves unauthorized access by an attacker.

Merium Khalid, Director of SOC Offensive Security at Barracuda, commented on the incident: “A user logged into his Microsoft 365 account from California and just 13 minutes later from Virginia. To achieve this physically, he would have had to travel at over 10,000 miles per hour. The IP address used to log into Virginia did not had a known VPN connection and the user did not normally log in from that location. We notified the customer who confirmed this was an unauthorized login. They immediately reset their password and logged the rogue user out of all active accounts.”

“Anomaly” detection reveals unusual or unexpected account activity, such as infrequent login times, atypical file permissions, or excessive account creation. These anomalies can be a sign of malware infections, phishing attempts, or insider threats.

Beware of known harmful items

Detecting communications with known malicious artifacts refers to interactions with red-flagged IP addresses, domains, or files. This could be a sign of a malware infection or phishing attack, requiring immediate quarantine.

Merium Khalid emphasized the importance of artificial intelligence in security, but also warned against its misuse. He advised: “To protect your organization and employees from rapidly evolving, sophisticated attack tactics, implement comprehensive security measures. This includes robust authentication, regular employee training and software updates, all supported by complete visibility and continuous monitoring of networks, applications and endpoints.”