Barracuda Forensics & Incident Response enables your IT team to identify, track, and resolve email attacks from outside your organization, for example, a phishing or ransomware attack. You can search for any ALLOWED email (by subject and/or sender) that your users may report to you as malicious and perform remediation action on the same. Remediation options include the ability to delete a message in a users inbox, adding all senders or sender domains as a sender policy in Barracuda Essentials, and the ability to send an incident summary to the user. If users click on a fraudulent link in an email, Barracuda Forensics & Incident Response allows you to identify these users for potential security concerns on their workstations, and determine if additional security actions are necessary.
To use Barracuda Forensics & Incident Response, you must have:
- (see required features below)
- Barracuda Sentinel
- Microsoft Office 365
Barracuda Essentials and Barracuda Sentinel are part of Barracuda Total Email Protection.
Required Features in Barracuda Essentials
Verifying domains is essential for mail to flow through Barracuda Email Security Service and, in turn, for Barracuda Forensics & Incident Response to work with the emails. As described in Understanding the Domains Page, each of the domains where you want to filter email must be verified by the Barracuda Email Security Service for proof of ownership; the Barracuda Email Security Service does not process email for a domain until the verification process is complete. See Understanding the Domains Page and the deployment process for your specific platform for more details.
Link Protection Feature
If Link Protection is turned OFF when a suspicious email is received, users that are potentially affected by that incident might not be listed as Users at Risk and might not receive the proper remediation and attention.
Link Protection must be turned ON when emails are received to provide complete results for Users at Risk for a specific incident. Turning Link Protect ON after a suspicious email has already been received will not change the Users at Risk results for an incident involving that email.
In this Section