There is room for improvement in the management of multiple domains. Enhancing this aspect to better meet the diverse needs of our customers would be beneficial. After four years, they should offer a replacement with a new hardware appliance, providing upgraded equipment and ensuring continued performance.
There is room for improvement in the speed of the interface; specifically, the cloud interface is a bit slow. I work exclusively in the cloud and not on-premises. The cloud interface is quite slow, especially when you're searching or navigating between menus. So, in the future, I'd like to see a faster interface.
Few customers require an on-premises fabric ATP box for attack detection and response. These customers are government organizations that don't want their data to be on-cloud.
Learn what your peers think about Barracuda Email Security Gateway. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
Barracuda could improve its log and export options like PDF and HDML. It can also bring in more detailing in their console so that it could be better. Some new features should be expanded and made accessible for better protection.
Customer Service Staff at a financial services firm with 201-500 employees
Real User
Top 20
2023-06-12T14:53:37Z
Jun 12, 2023
Barracuda should have a sandbox feature in the appliances. That's the only thing missing. In my company, we have four appliances, and we have to use a third-party brand for sandboxing. Moreover, sometimes phishing emails still pass through, which is a drawback. I would say it's about 80% to 90% effective.
My customers were sending OPT bulk emails and Barracuda Email Security Gateway was not able to handle it. We have to go with another different solution, such FortiMail for the task. We are implementing these combinations of the Barracuda and FortiGate, for email security. The FortiGate FortiMail security gateway we use to send only the bulk email, not for receiving emails. In a future release, they should provide machine learning capabilities on the on-premise version. Other vendors, such as Palo Alto and Check Point are coming out with machine learning and artificial intelligence features.
Assistant Manager, Information Technology Systems at Getz Pharma
Real User
Top 20
2022-10-26T22:12:23Z
Oct 26, 2022
The initial setup can be a little bit complex. When we implemented Barracuda three years back, although the deployment went smoothly, we also needed to implement some changes regarding the configuration, which were affecting the stamp control rate. Some options were not so easy to remember and we had to search for directions. For example, if I want to change the mail flow settings, there are two different options available in Barracuda. If I apply a change on one option and didn't change the configuration on the other option, the mail flow doesn't work. Yet the second option is always hidden. I always need to search for it when I need to change some mail flow settings.
Vice President Information Technology at Makeready
Real User
Top 10
2022-10-13T17:56:42Z
Oct 13, 2022
The UI could be a little cleaner and require less clicking around in different modules. They give the illusion of a single pane of glass, but as you click around to different products, you're actually being transferred into a different system.
Barracuda's spam database isn't on par with its competitors. Users complain about the spam email they're receiving, and we report the issue. Barracuda said they are going to update their system to block the malicious email we received, but we're still getting the same spam. The signatures are not in their database. They need to update their spam signatures because spam is bypassing Barracuda.
Barracuda Email Security Gateway can improve reporting and anti-spam. The anti-spam engine is not working well. We are seeing a lot of problems where spam is going through the gateway. Additionally, access privilege should be given to the IT support, because they don't have a lot of privileges. We are forced to give our IT support administrative access in order to clear and deliver emails and this should not be happening. In the future, having a schedule reporting for quarantine for all users or for selected users, without reading the content of the message would be helpful.
Computer Networks and Systems Support Engineer at a real estate/law firm with 11-50 employees
Real User
2022-08-19T09:08:58Z
Aug 19, 2022
It's good, but some spam isn't always detected. It doesn't always detect the most recent signatures or spam. The database is not updated automatically. Other solutions, such as Microsoft Exchange Online, automatically receive the most recent threat data and malware data types. I believe the Barracuda database is not being updated. That is why we are looking, and we are evaluating whether Defender for Office 365 or a Microsoft solution is better than Barracuda. That is why we are downloading all of this research to see which of the market leaders we should switch to. Spam is not always detected, and it should be more automated. We have seen that some emails are allowed by these emails, which are then stopped by Microsoft. We now have two layers of defense. Barracuda and we also have Microsoft Exchange online, but we would like to switch to one or upgrade this. We are looking for any and all solutions. That is what we are investigating right now. Because we want to ensure that some are stopped here by Barracuda and the entry point. However, for those that are not caught or blocked by Barracuda, we have the next layer of Exchange Online, which comes into the picture and checks it, sees it, and blocks it.
Barracuda Email Security Gateway can improve email detection. We have some emails that are bypassing the threat scanning. There are some impersonation emails passing through.
Barracuda Email Security Gateway should add auto-remediation to improve the solution. Additionally, there are times when we have false positives and our general emails get locked, we have mentioned this to Barracuda.
Barracuda itself should be actually working on their DMARC setup. There is a little bit of downtime in terms of that. There are some times when legit emails are trapped on Barracuda and we are unable to get that information unless we actually log on to the network to find out. The good thing is that we get logs now and you can schedule the logs and you'll be able to see the logs in the event. The user gets to see the logs. In the event you don't receive the email, so you can schedule it for every hour or whatever schedule is important for the organization. We set ours at one hour and in the event, if there's an email that didn't reach you, you'll get a notification after an hour to say, okay, this email was trapped and you are able to self-release it with the user's login, or IT can release it. I can't think of any other features that are needed.
The solution has to improve in a very specific way. When we allow our customers to send or scan email through our Barracuda Email Security Gateway, we are permitting their email server IP address, but not any domain. One of our customers has an email server where they are hosting five domains within their server. They are sending and receiving email through that server by using Barracuda Email Security Gateway. Therefore, we allow their IP address to send email through our Barracuda Email Security Gateway, then we declare MX for receiving email on behalf of our customers. After receiving the email, we deliver it to the specific IP address of the customer. Since we are only allowing the IP address, if an incident happens within a customer's email server or an email server gets compromised, then it starts sending spam. That creates a huge problem for the solution as it allows all emails because the customer's IP address is allowed to relay email through our Barracuda Email Security Gateway. Barracuda should add an option where it can add multiple domains, such as abc.com, bbc.com, and cbc.com. Therefore, this domains' emails will be allowed and other domains' emails will not be relayed through Barracuda Email Security Gateway. Whereas, if you allow the IP address, then any of the domain's emails will be relayed through Barracuda Email Security Gateway. That is the drawback that I have observed. So, Barracuda should work on this.
Director at a tech services company with 11-50 employees
Real User
2021-08-31T16:59:46Z
Aug 31, 2021
The solution could improve by adding DomainKeys (DKIM) functionality. This is something that is essentially required nowadays for outbound security. They do not have it on their on-premise solution appliance but they have alternate arrangements for their cloud solution. You cannot force clients to go to the cloud for one feature, it would be a great benefit to have it on-premise.
Barracuda Email Security Gateway is a robust security solution that allows users to protect themselves from external threats as well as from potential data leaks. It can be managed and monitored from a centralized location. Users can efficiently and easily keep track of every aspect of their security suite all at one time. Customized protections can also be set up in a matter of minutes.
Benefits of Barracuda Email Security Gateway
Some of the benefits of using Barracuda Email Security...
There is room for improvement in the management of multiple domains. Enhancing this aspect to better meet the diverse needs of our customers would be beneficial. After four years, they should offer a replacement with a new hardware appliance, providing upgraded equipment and ensuring continued performance.
Sometimes, Barracuda Blacklist blocks the general IP list from the source domains. They block the genuine sources, too.
There is room for improvement in the speed of the interface; specifically, the cloud interface is a bit slow. I work exclusively in the cloud and not on-premises. The cloud interface is quite slow, especially when you're searching or navigating between menus. So, in the future, I'd like to see a faster interface.
Few customers require an on-premises fabric ATP box for attack detection and response. These customers are government organizations that don't want their data to be on-cloud.
Barracuda Email Security Gateway should include ATP in the next release.
Some customers experience issues with integration.
Barracuda could improve its log and export options like PDF and HDML. It can also bring in more detailing in their console so that it could be better. Some new features should be expanded and made accessible for better protection.
Barracuda should have a sandbox feature in the appliances. That's the only thing missing. In my company, we have four appliances, and we have to use a third-party brand for sandboxing. Moreover, sometimes phishing emails still pass through, which is a drawback. I would say it's about 80% to 90% effective.
The solution should add automatic alerts to the mobile.
Barracuda isn't catching everything. We're still getting quite a few phishing emails, so we're looking for something else.
We are using the tool’s 400 model which does not offer accurate spam detection. We have also had performance issues with the tool.
My customers were sending OPT bulk emails and Barracuda Email Security Gateway was not able to handle it. We have to go with another different solution, such FortiMail for the task. We are implementing these combinations of the Barracuda and FortiGate, for email security. The FortiGate FortiMail security gateway we use to send only the bulk email, not for receiving emails. In a future release, they should provide machine learning capabilities on the on-premise version. Other vendors, such as Palo Alto and Check Point are coming out with machine learning and artificial intelligence features.
I have noticed that it takes a little time to get familiar with after deploying and some tweaks need to be done as things come up.
The pricing is a little bit high, and it is causing the company to rethink renewal. If they could lower the pricing, that would be ideal.
The initial setup can be a little bit complex. When we implemented Barracuda three years back, although the deployment went smoothly, we also needed to implement some changes regarding the configuration, which were affecting the stamp control rate. Some options were not so easy to remember and we had to search for directions. For example, if I want to change the mail flow settings, there are two different options available in Barracuda. If I apply a change on one option and didn't change the configuration on the other option, the mail flow doesn't work. Yet the second option is always hidden. I always need to search for it when I need to change some mail flow settings.
The UI could be a little cleaner and require less clicking around in different modules. They give the illusion of a single pane of glass, but as you click around to different products, you're actually being transferred into a different system.
Barracuda's spam database isn't on par with its competitors. Users complain about the spam email they're receiving, and we report the issue. Barracuda said they are going to update their system to block the malicious email we received, but we're still getting the same spam. The signatures are not in their database. They need to update their spam signatures because spam is bypassing Barracuda.
Barracuda Email Security Gateway can improve reporting and anti-spam. The anti-spam engine is not working well. We are seeing a lot of problems where spam is going through the gateway. Additionally, access privilege should be given to the IT support, because they don't have a lot of privileges. We are forced to give our IT support administrative access in order to clear and deliver emails and this should not be happening. In the future, having a schedule reporting for quarantine for all users or for selected users, without reading the content of the message would be helpful.
It's good, but some spam isn't always detected. It doesn't always detect the most recent signatures or spam. The database is not updated automatically. Other solutions, such as Microsoft Exchange Online, automatically receive the most recent threat data and malware data types. I believe the Barracuda database is not being updated. That is why we are looking, and we are evaluating whether Defender for Office 365 or a Microsoft solution is better than Barracuda. That is why we are downloading all of this research to see which of the market leaders we should switch to. Spam is not always detected, and it should be more automated. We have seen that some emails are allowed by these emails, which are then stopped by Microsoft. We now have two layers of defense. Barracuda and we also have Microsoft Exchange online, but we would like to switch to one or upgrade this. We are looking for any and all solutions. That is what we are investigating right now. Because we want to ensure that some are stopped here by Barracuda and the entry point. However, for those that are not caught or blocked by Barracuda, we have the next layer of Exchange Online, which comes into the picture and checks it, sees it, and blocks it.
Barracuda Email Security Gateway can improve email detection. We have some emails that are bypassing the threat scanning. There are some impersonation emails passing through.
Barracuda Email Security Gateway should add auto-remediation to improve the solution. Additionally, there are times when we have false positives and our general emails get locked, we have mentioned this to Barracuda.
Barracuda itself should be actually working on their DMARC setup. There is a little bit of downtime in terms of that. There are some times when legit emails are trapped on Barracuda and we are unable to get that information unless we actually log on to the network to find out. The good thing is that we get logs now and you can schedule the logs and you'll be able to see the logs in the event. The user gets to see the logs. In the event you don't receive the email, so you can schedule it for every hour or whatever schedule is important for the organization. We set ours at one hour and in the event, if there's an email that didn't reach you, you'll get a notification after an hour to say, okay, this email was trapped and you are able to self-release it with the user's login, or IT can release it. I can't think of any other features that are needed.
The solution has to improve in a very specific way. When we allow our customers to send or scan email through our Barracuda Email Security Gateway, we are permitting their email server IP address, but not any domain. One of our customers has an email server where they are hosting five domains within their server. They are sending and receiving email through that server by using Barracuda Email Security Gateway. Therefore, we allow their IP address to send email through our Barracuda Email Security Gateway, then we declare MX for receiving email on behalf of our customers. After receiving the email, we deliver it to the specific IP address of the customer. Since we are only allowing the IP address, if an incident happens within a customer's email server or an email server gets compromised, then it starts sending spam. That creates a huge problem for the solution as it allows all emails because the customer's IP address is allowed to relay email through our Barracuda Email Security Gateway. Barracuda should add an option where it can add multiple domains, such as abc.com, bbc.com, and cbc.com. Therefore, this domains' emails will be allowed and other domains' emails will not be relayed through Barracuda Email Security Gateway. Whereas, if you allow the IP address, then any of the domain's emails will be relayed through Barracuda Email Security Gateway. That is the drawback that I have observed. So, Barracuda should work on this.
Artificial intelligence improvement could be used to help block spam and phishing mail that is directly delivered to users.
Some of the phishing emails are not being blocked. Another problem is that we are not able to manage the date and time in our time zone.
The solution could improve by adding DomainKeys (DKIM) functionality. This is something that is essentially required nowadays for outbound security. They do not have it on their on-premise solution appliance but they have alternate arrangements for their cloud solution. You cannot force clients to go to the cloud for one feature, it would be a great benefit to have it on-premise.