Decoding the world of cybersecurity

Barracuda targets email attacks after delivery

Barracuda has launched Integrated Email Protection for Microsoft 365 and Google Workspace, combining AI-assisted detection, verdict explanation, quarantine control, and message clawback.

Barracuda targets email attacks after delivery
Summary
  • Barracuda has launched Integrated Email Protection for Microsoft 365 and Google Workspace environments.
  • The product uses AI and BarracudaONE telemetry to detect, explain, and remediate email threats before, during, and after delivery.
  • The launch reflects a wider shift towards email security that connects identity compromise, MSP operations, cloud collaboration, and automated response.

Barracuda has launched Integrated Email Protection, an Integrated Cloud Email Security product designed to detect, explain, and remediate email threats across Microsoft 365 and Google Workspace environments before, during, and after message delivery.

The product runs on the BarracudaONE platform and is aimed at both single-tenant customers and managed service providers operating across multiple tenants. Barracuda says it can correlate signals across email, identity, network, data, and applications, explain Microsoft 365 and Google Workspace verdicts, consolidate quarantine workflows, and claw back messages after they have reached inboxes.

Barracuda is presenting the launch alongside research into the speed of modern email attacks. The company says its red team recreated a multistage AI-powered attack in which a single phishing email progressed to identity theft, multifactor authentication bypass, and endpoint compromise in minutes. It also says one in seven compromised accounts is now used to launch additional attacks.

Rohit Ghai, chief executive officer at Barracuda, said: “Email is no longer a human-centric communication platform; it’s an operational fabric where humans and AI interact.”

That view reflects a wider change in enterprise email security. Email is no longer only a message-delivery channel. It is connected to identity, collaboration, workflow automation, file access, SaaS applications, and increasingly AI-assisted business processes. A mailbox compromise can become a cloud account takeover, internal phishing campaign, data access incident, or fraud attempt.

The old model of email security as a mainly pre-delivery control is under pressure as attacks change after arrival. A message can appear benign when delivered and become dangerous later if a link is weaponised, a destination changes, or an internal account is compromised and used to send trusted messages. Phishing-as-a-service kits, automation, and AI-generated content add further speed and scale.

Barracuda Integrated Email Protection is designed around continuous reassessment and automated remediation. Its Bailey AI assistant is intended to explain detection decisions in plain language, while the product’s unified quarantine feature brings Microsoft-quarantined emails into Barracuda for review and rescanning. Its message clawback capability is designed to remove threats after delivery.

Ghai said the product “correlates cross-domain signals in real time and turns them into automated, explainable action partners and customers can trust and control.”

The MSP use case is commercially and operationally important. Many UK and European organisations rely on MSPs to operate Microsoft 365, Google Workspace, endpoint protection, backup, identity administration, and email security. A single MSP may need to investigate and remediate the same campaign across many customer tenants, while attackers can move across accounts and tenants faster than manual review allows.

Automated remediation can reduce that burden where approval, reversibility, logging, and accountability are clear. If an AI-assisted system can claw back messages, consolidate verdicts, and take tenant-wide actions, organisations need to understand which actions are automatic, which require review, and how decisions can be audited or reversed.

Customer comments in the launch material focus on exactly that operational layer. Scott Harris, chief information officer at TriRx Pharmaceuticals, said: “It goes beyond stopping attacks at delivery – proactively identifying and removing threats wherever and whenever they appear.”

Ignace Quaghebeur, ICT manager at Braem NV, said the product’s quarantine view would allow his team to “see and control both Barracuda and Microsoft Defender quarantines in one place.”

The identity dimension is central to the product’s relevance. A phishing email that steals credentials does not remain an email problem. It can become a cloud account takeover, data access incident, internal phishing campaign, financial fraud attempt, or lateral movement path. Email security therefore needs to connect with identity monitoring, conditional access, backup, incident response, and data protection.

Barracuda’s launch sits inside a market shift towards email security as part of a larger resilience model. Native cloud controls, gateways, collaboration security tools, and ICES products are converging around the same problem: threats evolve after delivery, compromised accounts become infrastructure for further attacks, and response speed increasingly determines the scale of damage.

Prevention remains important, but the decisive control is often how quickly an organisation can detect, reverse, and recover from a bad interaction involving a user, mailbox, link, or automated workflow. Barracuda is placing its product in that response window, where identity, SaaS telemetry, MSP operations, and remediation now meet.

×