Barracuda Networks integrates with new Amazon Security Lake

Barracuda is one of the first security vendors to announce support  for the newly introduced Security Lake technology, which they deem ideally suited for their cloud email offering

Cybersecurity vendor Barracuda Networks has extended their long-term partnership with AWS with the announcement that Barracuda Email Protection has been fully integrated with Amazon Security Lake from Amazon Web Services [AWS]. The Amazon Security Lake was a feature announcement at the AWS Re:Invent event in Las Vegas this year. The integration allows customers to easily access their security data from an email security solution, at less cost, and to address a variety of security use cases such as threat detection, investigation, and incident response.

Amazon Security Lake is a data lake for security logs, but it does much more than just publish them in a single repository.

“The Amazon Security Lake has two major components,” said Fleming Shi, Barracuda’s CTO. “One is the OCSF [Open Cybersecurity Schema Framework] foundation framework, which Amazon cofounded, along with a lot of other vendors like SPLUNK and Palo Alto Networks. This is important because security is teamwork, and OCSF opens up opportunities for different vendors to participate. If you are able to use the same data models you can provide information that is much easier to consume.  That is why even though we were not a founding vendor, we quickly became involved with the project.”

The Security Lake’s second main feature is its being able to interact with Amazon S3 to make it more consumable.

Fleming Shi, Barracuda’s CTO

“If you do log ingestion on a SIEM that can be expensive,” Shi said. “It’s not just about publishing logs, putting them in pipeline and identifying what’s actionable. The Security Lake looks for signals that are much more actionable. It fits in with AWS’s focus this year, which is all about data – making it available, efficient and cost-friendly, and how to interact data without copying data in order to save money. In this way, data is made more of a federation. The Security Lake is one example of providing those signals. So Barracuda moved quickly to turn our security actionable data into signals, and quickly published it into the Security Lake in the right format.”

Shi said that Barracuda’s email solution is optimally primed to benefit from the Security Lake’s capabilities.

“I deeply believe that email is most commonly the early phase in an attack,” he stressed. “If we can provide better signals, we can short circuit an attack from happening at all. Today customers get this with a consolidated toolset, but they will now be able to get it from a single tool like a Security Lake.”

Shi said that ideal target markets for the Security Lake is MSPs or MSSPs who can help SMBs, as well as larger companies who want to make use of this service.

“The SMBs well suited for this would be 50-200 seat companies who already have some AWS capabilities, but it will also extend down to professional offices like  lawyers and dentists, who likely have an MSP handling their IT,” he indicated. Making this available through the Security Lake makes it easier for MSPs to help their customers crush the first phase of the attack. Once the attack gets into the network, it may be too late.”

Barracuda will not be charging partners or customers directly for access to the Security Lake, but there are other requirements.

“The customer or partner will need to have the Security Lake turned on, which means that they have to be an AWS customer,” Shi stated. “We enable the ingestion into the Security Lake, but beyond that everything from that point on involving us is behind the scenes.”

While AWS provides more revenue opportunities for partners than in earlier days, most partners still tend to be unenthusiastic about working through it, but Shi emphasized that it’s part of a business model that is the future for much of the channel.

“Barracuda put our email security suite on the AWS Marketplace recently, and it has been doing well,” he said. “Channel partners will increasingly add value by providing guidance in the future, providing more than single attack surface advice. Ransomware for example isn’t just about email or firewalls. It involves multiple phases of attacks. The partner’s role will be to see the future of how attacks will evolve, which means that signals from multiple sources are necessary. This involves much more than just transactional support. It also means that selling will be increasingly driven by use cases. So the partner won’t be telling partners that they need the protection of email security, but that they need to prevent specific things like doxxing, taking a company’s information and making it public.

“This is just the beginning with a hyperscaler as large as AWS,” Shi concluded. “We believe the transition to the cloud is happening and the theme of the data driven future is here.”