In a breakthrough development, Barracuda Networks, Inc., a cloud-first security solutions provider, has revealed impressive results from the first half of 2023. Their AI-based pattern analysis, employed by Barracuda Managed XDR, successfully detected and neutralised thousands of high-risk incidents within a vast pool of nearly one trillion IT events.
Artificial intelligence (AI) has proven its mettle by recognising patterns of normal activity and flagging anomalies. This exceptional capability transforms it into a formidable security tool when dealing with attackers who attempt to exploit compromised accounts using valid credentials.
Spotting the Red Flags
During the initial six months of 2023, the three most frequent high-risk detections included “Impossible Travel” login detection, “Anomaly” detection, and Communication with known malicious artefacts. These threats warranted immediate defensive actions.
“Illegal travel” login detections arise when a user logs into a cloud account from two vastly distant locations in quick succession—locations that could not be feasibly reached in such a short time. While this may sometimes involve VPN usage, it often signals unauthorised access by an attacker.
Merium Khalid, Director of SOC Offensive Security at Barracuda, shared an incident: “A user logged into their Microsoft 365 account from California and, just thirteen minutes later, from Virginia. To physically achieve this, they would have had to travel at speeds exceeding 10,000 miles per hour. The IP used for the Virginia login had no known VPN association, and the user didn’t typically log in from that location. We alerted the customer, who confirmed this was an unauthorised login. They promptly reset their passwords and logged out the rogue user from all active accounts.”
“Anomaly” detections uncover unusual or unexpected account activities, such as rare login times, atypical file access, or excessive account creations. These anomalies may indicate malware infections, phishing attempts, or insider threats.
Beware of Known Malicious Artefacts
Detection of communication with known malicious artefacts points to interactions with red-flagged IP addresses, domains, or files. This could signal a malware infection or a phishing attack, necessitating immediate quarantine.
Merium Khalid stressed the significance of AI in security but also cautioned against its misuse. She advised, “To safeguard your organisation and employees from rapidly evolving, sophisticated attack tactics, implement comprehensive security measures. This includes robust authentication, regular employee training, and software updates, all supported by full visibility and continuous monitoring across networks, applications, and endpoints.”
