We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
Accept
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda Email Security Gateway
Overview Documentation Training Certification Materials

Back to Knowledgebase

What is the difference between Intent, Real-time,Multi-level, and ZeroHour Intent filtering on the Barracuda Spam Firewall?

  • Type: Knowledgebase
  • Date changed: 2 years ago

Solution #00004872

 

Scope:

Applies to all Barracuda Spam Firewalls.

 

Answer:


Unlike traditional antivirus solutions, which perform analysis against data stored on a single system, Barracuda Real-Time Protection is based on data collected from thousands of global honeypots and Barracuda Spam Firewalls across the Internet. This data consists of binary signatures, or ‘fingerprints,’ for message components such as message bodies, email attachments and inline images. Zero-Hour Intent matches URIs in message bodies. When unknown fingerprints are detected, the Barracuda Spam Firewall submits these fingerprints in real-time to Barracuda Central. When these fingerprints are growing in a viral or otherwise spam-like pattern, your barracuda blocks these Messages for Zero Hour Intent.


After identifying these URIs as spam outbreaks, Barracuda Central updates the spam definitions downloaded by the Barracuda Spam Firewall through Energize Updates. Upon the next Energize Update, the Barracuda Spam Firewall can block the spam variants associated with the new outbreak via the Barracuda Spam Firewall’s traditional protection layers.

The Intent Analysis layer of the Barracuda Spam Firewall performs analysis for all domains and URLs inside of email messages to identify links pointing to spam websites.

The Barracuda Spam Firewall stores a local database of these spam patterns as part of the energize update process. The local database is updated several times per hour.

Unfortunately, spam attacks are frequently launched using new domains that have never been associated with spam. Due to this dynamic nature of spam, there is a small window of opportunity for spam to get through in between the energize updates.

Enter the Real-time Intent analysis. This analysis step on the Barracuda Spam Firewall checks a real-time server at Barracuda Central. The Real-time Intent analysis allows the identification of any new domains that have been identified in emerging spam campaigns. Real-time Intent focuses on the name servers that belong to the domains in question. It will analyze them for known spam tactics and ensure they are not malicious. This provides Barracuda Networks customers continuous coverage from the activities of spammers.

 

Link to this page:

https://campus.barracuda.com/solution/50160000000IH6cAAG