There is room for improvement in the management of multiple domains. Enhancing this aspect to better meet the diverse needs of our customers would be beneficial. After four years, they should offer a replacement with a new hardware appliance, providing upgraded equipment and ensuring continued performance.

The UI could be a little cleaner and require less clicking around in different modules. They give the illusion of a single pane of glass, but as you click around to different products, you're actually being transferred into a different system.

The solution should add automatic alerts to the mobile.

Barracuda itself should be actually working on their DMARC setup. There is a little bit of downtime in terms of that. There are some times when legit emails are trapped on Barracuda and we are unable to get that information unless we actually log on to the network to find out. The good thing is that we get logs now and you can schedule the logs and you'll be able to see the logs in the event. The user gets to see the logs. In the event you don't receive the email, so you can schedule it for every hour or whatever schedule is important for the organization.

We set ours at one hour and in the event, if there's an email that didn't reach you, you'll get a notification after an hour to say, okay, this email was trapped and you are able to self-release it with the user's login, or IT can release it.

I can't think of any other features that are needed. 

There is room for improvement in the speed of the interface; specifically, the cloud interface is a bit slow. I work exclusively in the cloud and not on-premises. The cloud interface is quite slow, especially when you're searching or navigating between menus.

So, in the future, I'd like to see a faster interface.

Barracuda's spam database isn't on par with its competitors. Users complain about the spam email they're receiving, and we report the issue. Barracuda said they are going to update their system to block the malicious email we received, but we're still getting the same spam. The signatures are not in their database. They need to update their spam signatures because spam is bypassing Barracuda.

The initial setup can be a little bit complex.

When we implemented Barracuda three years back, although the deployment went smoothly, we also needed to implement some changes regarding the configuration, which were affecting the stamp control rate. Some options were not so easy to remember and we had to search for directions.

For example, if I want to change the mail flow settings, there are two different options available in Barracuda. If I apply a change on one option and didn't change the configuration on the other option, the mail flow doesn't work. Yet the second option is always hidden. I always need to search for it when I need to change some mail flow settings.

The downsides of the solution stem from the fact that it is an expensive product, and one may see too many false positives when using it, making them both areas where improvements are required.

The pricing is a little bit high, and it is causing the company to rethink renewal. If they could lower the pricing, that would be ideal. 

Some customers experience issues with integration.

My customers were sending OPT bulk emails and Barracuda Email Security Gateway was not able to handle it. We have to go with another different solution, such FortiMail for the task. We are implementing these combinations of the Barracuda and FortiGate, for email security. The FortiGate FortiMail security gateway we use to send only the bulk email, not for receiving emails. 

In a future release, they should provide machine learning capabilities on the on-premise version. Other vendors, such as Palo Alto and Check Point are coming out with machine learning and artificial intelligence features.

Barracuda Email Security Gateway can improve reporting and anti-spam. The anti-spam engine is not working well. We are seeing a lot of problems where spam is going through the gateway. Additionally, access privilege should be given to the IT support, because they don't have a lot of privileges. We are forced to give our IT support administrative access in order to clear and deliver emails and this should not be happening.

In the future, having a schedule reporting for quarantine for all users or for selected users, without reading the content of the message would be helpful.

Barracuda does not provide support for DMARC for outgoing emails. DMARC stands for Domain-based Message Authentication, Reporting, and Conformance.

For troubleshooting it at the core, We have to open a separate support to provide accessibility to the IT team, facilitating engineers to get into it and offer support. We have to establish a separate support tunnel at the customer site to make it accessible to the cloud, allowing the tagged engineers, potentially situated in another country, to provide remote support to the customers.

The dashboard's UI could be improved to make changes to the blocklist. We currently have to go into the mail and check the list and the dashboard, and it would be better if we could directly block particular domains or emails instead.

Barracuda should have a sandbox feature in the appliances. That's the only thing missing. In my company, we have four appliances, and we have to use a third-party brand for sandboxing.

Moreover, sometimes phishing emails still pass through, which is a drawback. I would say it's about 80% to 90% effective.

I have noticed that it takes a little time to get familiar with after deploying and some tweaks need to be done as things come up.

Barracuda Email Security Gateway can improve email detection. We have some emails that are bypassing the threat scanning. There are some impersonation emails passing through.

Barracuda Email Security Gateway should add auto-remediation to improve the solution. Additionally, there are times when we have false positives and our general emails get locked, we have mentioned this to Barracuda.

We had a case where right before a link was redirected and there was no chance to ignore it. A few days ago there was a feature request to clean and redirect a link because it was a false positive. Let us say false positive in the link protection and there's no easy way to correct it.

Two things:

1) The backup and recovery of the rule set stored in the device.

2) In denial of service condition, the events-per-second flow creates little jerk in term of delay.

When we are considering the enterprise security, we are interested in adding the additional controls in the environment. Barracuda device has a weak distinction‎ in its backup and recovery

Let me share a practical example: We have a Barracuda installed in a primary and backup location, it's difficult to include the exact configuration of a primary device to backup device, it has a time constraint ‎and effort based work. This area should be considered, as Barracuda has established their good appearance in the market.

Another area that should be considered for improvement ‎is the constant DoS attacks and bulk messages in the form of spam appearance on the device.

In a case of denial, condition on a ratio of 1200 to 1800 events per second would downgrade the performance of the device.

This was my practical role in testing the capability of this device, apart from the above two areas of improvement, this device has marvelous results in term of capacity, content, sources, and attachments.

Sometimes, Barracuda Blacklist blocks the general IP list from the source domains. They block the genuine sources, too.

The pricing needs improvement.

I would like to have better integration with third-party archival vendors to facilitate moving data in and out. This is definitely an area that should be worked on.

Having better user admin controls from an application perspective would also be helpful.

Barracuda could improve its log and export options like PDF and HDML. It can also bring in more detailing in their console so that it could be better. 

Some new features should be expanded and made accessible for better protection.

Barracuda has shown difficulty in providing us with the solutions we sought. We have found ourselves sending many emails to their outside domain. They have not demonstrated the reporting system we required when reports were sought. 

As the solution is cloud-based there is no need to install anything on-premises. Some of the settings we have configured on the cloud and done integration with our domain server. Once integrated with the system, all the mails pass solely through the gateway. What we see is that there are times when genuine mails are blocked and others when spam mail makes its way through. 

The solution has to improve in a very specific way. When we allow our customers to send or scan email through our Barracuda Email Security Gateway, we are permitting their email server IP address, but not any domain. One of our customers has an email server where they are hosting five domains within their server. They are sending and receiving email through that server by using Barracuda Email Security Gateway. Therefore, we allow their IP address to send email through our Barracuda Email Security Gateway, then we declare MX for receiving email on behalf of our customers. After receiving the email, we deliver it to the specific IP address of the customer. Since we are only allowing the IP address, if an incident happens within a customer's email server or an email server gets compromised, then it starts sending spam. That creates a huge problem for the solution as it allows all emails because the customer's IP address is allowed to relay email through our Barracuda Email Security Gateway. 

Barracuda should add an option where it can add multiple domains, such as abc.com, bbc.com, and cbc.com. Therefore, this domains' emails will be allowed and other domains' emails will not be relayed through Barracuda Email Security Gateway. Whereas, if you allow the IP address, then any of the domain's emails will be relayed through Barracuda Email Security Gateway. That is the drawback that I have observed. So, Barracuda should work on this.

Few customers require an on-premises fabric ATP box for attack detection and response. These customers are government organizations that don't want their data to be on-cloud.

Barracuda isn't catching everything. We're still getting quite a few phishing emails, so we're looking for something else.

We are using the tool’s 400 model which does not offer accurate spam detection. We have also had performance issues with the tool.

Barracuda Email Security Gateway should include ATP in the next release.

It's good, but some spam isn't always detected. It doesn't always detect the most recent signatures or spam. 

The database is not updated automatically. Other solutions, such as Microsoft Exchange Online, automatically receive the most recent threat data and malware data types. I believe the Barracuda database is not being updated. That is why we are looking, and we are evaluating whether Defender for Office 365 or a Microsoft solution is better than Barracuda. 

That is why we are downloading all of this research to see which of the market leaders we should switch to.

Spam is not always detected, and it should be more automated. We have seen that some emails are allowed by these emails, which are then stopped by Microsoft.

We now have two layers of defense. Barracuda and we also have Microsoft Exchange online, but we would like to switch to one or upgrade this. We are looking for any and all solutions.

That is what we are investigating right now. Because we want to ensure that some are stopped here by Barracuda and the entry point. However, for those that are not caught or blocked by Barracuda, we have the next layer of Exchange Online, which comes into the picture and checks it, sees it, and blocks it.

The solution requires better API integration. It's really lacking right now. If there was API access that allowed us to integrate some of our own technology or features in there that would be ideal.

The deep scanning feature needs to be improved. It's not as effective as we need it to be. We need to understand a bit more about how it's scanning and blocking and how, if it's possible, to tweak the settings.

The solution has quite a few outdated videos. When you watch them and try to follow them for doing certain tasks, you quickly realize they are out of date. They need to update their video documentation for their user base.

In the past, I would have said that the reporting could be improved, but they've gotten better at that in recent versions. Although I don't use reporting routinely, it's something I do when I need to check something or pull some kind of statistical report. Also, I had some difficulty in the past with the system getting swamped and overwhelmed trying to process all incoming traffic. The appliance didn't have the resources to keep up. Obviously the network is getting more and more spam and virus traffic which adds to the problem. Since I had a service contract with Barracuda, they were able to resolve the issue by shipping me newer replacement hardware with significantly more computing resources. This was all at no cost.

Two improvements that are needed include an enhancement in the proxy feature, as well as the ability to more fully automate patches and updates.

Artificial intelligence improvement could be used to help block spam and phishing mail that is directly delivered to users. 

An improvement I would encourage is that sometimes the spam filtering is a little too aggressive. You can not get granular enough to back off what is considered spam and what is not. So it is fine that they have predefined settings for spam, but not so good that it can not be modified. If we could go in and modify the settings or affect the way it is treating spam, I think that would allow for more versatility and better results.  

Some of the phishing emails are not being blocked. Another problem is that we are not able to manage the date and time in our time zone.

The pricing of this solution could be improved.

The reports are standard, and it would be nice to be able to customize them.

It would be nice if the appliance itself was scalable, rather than having to replace it.

We had an incident where we didn't want to receive any emails or spam from a certain site and email address. We selected the mail ID, and we send it to Barracuda for analysis to see if it's spam or something like that. As of now, we haven't gotten any update or notification as to what happened with it.

I would like to see there be better implementation.

The solution should include an improvised anti-phishing feature, since it blocks certain genuine emails. 

The scalability needs improvement, it's the only feature that is required.

I would like to see all of the latest security details available on the device, and it should only be cloud-based, not on-premises.

The technical support service is outsourced and the accents are difficult to understand, even for people like us from the same region.

The reporting can be improved.

The user interface needs to be more responsive. The performance of the actual device is pretty good but the interface lags sometimes.

Its integration with other solutions can be improved. There should be integration for telemetry information, system information, and other types of information with other solutions. Barracuda currently doesn't have that. Barracuda has its own platform. Its integration with firewalls is quite good, and it communicates really well with firewalls, but I have not seen any other integration. Based on what I know, it does have an API at the backend, but I have not used it. 

There are limited administration controls that should be improved. Additionally, the reports available currently are not enough.

One aspect of the product that can be improved is the availability of support. We don't have the availability of support 24/7, and it takes some time to get answers. These technical support people are in some other country, and our time zone is not supported. 

We have to often give them remote access to resolve issues, so potentially it is a security risk also. Sometimes clients who we resell to will not accept that risk because you are opening a secured doorway to the internet. That can be a bit of headache in those cases, which we end up having to work-around.

Actually the rest of the product is very good and it is otherwise meeting our requirements. I would only hope they would provide better support in our country.

This product can always be made more secure.

The DMARC security is somewhat weak and could be strengthened. Email classification is not directly integrated with Barracuda Email Security and that kind of classification would be helpful. 

The solution could improve by adding DomainKeys (DKIM) functionality. This is something that is essentially required nowadays for outbound security. They do not have it on their on-premise solution appliance but they have alternate arrangements for their cloud solution. You cannot force clients to go to the cloud for one feature, it would be a great benefit to have it on-premise.