Barracuda Buys Training Provider PhishLine To Bolster Protection Against Email-Borne Threats

Storage and security vendor Barracuda has purchased social engineering simulation and training platform player PhishLine to help customers better measure and report on risks.

The Campbell, Calif.-based company said combining PhishLine's platform with Barracuda's artificial-intelligence-driven protection against phishing and spearphishing will provide end users with a more complete defense against email-borne targeted attacks.

"Security awareness training is an important and quickly evolving area, particularly with increasingly targeted attacks making the human element a critical link in the security value chain," BJ Jenkins, Barracuda president and CEO, said in a statement. "PhishLine has a culture of developing innovative email protection solutions, including social engineering and data analysis offerings."

[Related: Private Equity Strikes Again: Thoma Bravo To Buy Barracuda Networks For $1.6 Billion]

PhishLine's data analysis tools will allow customers to measure and report on risks at macro and micro levels across both the human and process layers, the company said. The Waukesha, Wis.-based company was launched in 2011 and currently employs 14 people, according to LinkedIn.

"An effective security strategy demands a collaborative effort between the employees using the network and the security technology designed to protect it," Mark Chapman, PhishLine's president and CEO, said in a statement.

Barracuda's stock price is up $0.01 (0.04%) to $27.43 per share in trading early Wednesday. Terms of the deal weren't disclosed, and Barracuda didn't immediately respond to requests for additional comment.

Virtually every customer Encore Technology Group speaks with about security is looking for additional end-user training, according to President and CTO Michael Knight. Demand for training is strongest in the K-12 sector due to the regulatory issues around student data, but it also is robust among commercial and enterprise customers given the risk phishing poses to important data, according to Knight.

"Everyone has recognized that this is a significant threat," Knight said.

The Greenville, S.C.-based solution provider is able to provide documentation and technical information on its own, Knight said, but relies on third-party providers for specific training around social engineering and understanding of a platform.

"As far as the channel goes, training is an easy add-on sale," Knight said. "This was a very important acquisition for Barracuda."

Integrating end-user training into the security offering itself provides partners and customers alike with a more streamlined experience, according to Encore Technology Group's Knight. He said selling email security and the associated training from two different companies forces solution providers to work with multiple SKU lines and makes the pitch a little more complex.

"Now that it's all under one umbrella, it's a completely integrated security solution," Knight said.

PhishLine's SaaS platform includes multivariable attack simulations across email, text message, voice and USB/mobile media; data capture, analytics and reporting; and continual, complex analysis of employee performance. The company has received three patents, and has eight additional ones pending.

"We now have more resources to innovate and execute on our customers' ideas," Chapman said in a blog post. "The improved brand recognition and complementary technology will help us realize the product road map of our dreams."

Integrating PhishLine's data insight with Barracuda's security portfolio will enable customers to better protect their technical assets, people, brands and businesses, the company said. PhishLine also will enable end users to further improve security processes, accuracy and effectiveness around Barracuda's advanced artificial intelligence capabilities focused on spearphishing and cyberfraud.

"PhishLine is known to be a powerful enterprise offering," Chapman said in the blog post. "The Barracuda team knows how to refine traditionally complex products with elegant simplicity. The combined resources will create new security awareness solutions that are both powerful and easy to use."