Barracuda adds social engineering training capability with PhishLine acquisition

Barracuda said this new capability is something that their partners have been asking for, and will allow them to take a more full-featured offering to their customers – which will be an additional revenue generator as well.

Ezra Hookano, Barracuda’s VP of Channels

Barracuda has filled what they perceived to be the only real hole in their security portfolio with the acquisition of PhishLine LLC. PhishLine makes a SaaS platform for social engineering simulation and training that lets end users train their employees basic self defense against targeted attacks stemming from email.

Anti-phishing capability itself is something that Barracuda had offered previously. Training end users to make employees more resistant to these kinds of social engineering attacks is new for them, however.

“We are pretty effective at blocking most things,” said Ezra Hookano, Barracuda’s VP of Channels. “Almost no product can overcome user error, however. This fills our last remaining hole, by providing the capability to train users the type of things they shouldn’t be clicking on. A large number of our MSP reseller customers, and a decent number of our traditional channel partners, have been asking for this capability.”

Gartner’s Magic Quadrant for Security Awareness Computer-Based Training classifies PhishLine as a Visionary.

“PhishLine conducts simulated phishing attacks, but also trains end users how to interact with email,” Hookano said. “We believe that adding their platform to our ability to see advanced threats will give us an advantage over any one else doing this. The speed at which we will be able to deploy phishing attacks happening today into training will be significant, and the combined signature gathering capabilities makes this a very formidable combination.”

PhishLine also brings strength in customer segments which Barracuda has been targeting, and where it is looking to expand its presence.

“They have one of the higher-end platforms in their segments, and a lot of expertise with higher level customers,” Hookano said. “In addition to these enterprise customers, they also are strong in the SLED and healthcare verticals, which for us are very important.”

PhishLine started out selling direct, with a traditional enterprise sales model, and gradually brought channel partners in to what became a hybrid model, because of field-based demand generation. They have a relatively small channel, albeit a high value one, with several partners who are strong in the enterprise space. Hookano acknowledged that the key task for Barracuda here will be to adapt the channel model PhishLine was using to make it accessible to Barracuda’s much larger partner base.

“They are very early in their channel development,” he said. “We will figure out a channel model that works for x thousands of partners, and get that ramped up pretty quickly.”

Hookano said that no technical integration between the products which would require development time is necessary.

“Technically, there’s nothing we have to do to make our product integrate with theirs,” he explained. “Any of our packages will fit with their separate SaaS training. They could be bought totally separate and work together.”

The plan is to put together sales bundles, however, along with training.

“Most VARs who are already selling email security and Office 365 will understand this product, so the main thing that we need to do is put a package together,” Hookano said. “We will work out a pricing and promotion strategy, as well as how we train all the sales folks. We are beginning having that discussion with partners now. Because PhishLine is cloud-based and SaaS, its easy to give temporary licenses to see how it works.”

Hookano said that this acquisition is a big deal for Barracuda’s channel partners which will strengthen their ability to go to market with their customers.

“This is what their end users need, and every end user understands how critical it is,” he indicated. “Tons and tons of end users have been wanting this kind of product, and it hasn’t been available for the broad market. There are other providers in the space, but none of them have the capability to bring the full channel to bear like we do.

“In addition to blocking everything, we also have to train end users not to let things in,” Hookano added. “This will make our partners more effective in offering a total protection program – and give them an additional revenue stream by putting it in the form of a product.”