Managed Web Application Firewall (WAFaaS)
Fully Managed Web Application and API Protection (WAAP)
From zero to security in minutes.
We can deploy WAF-as-a-Service — a full-featured, cloud-delivered application security service — in just minutes, ensuring complete protection for all your apps.
Our WAF-as-a-Service includes full-spectrum L3-L7 DDoS protection (volumetric and application) to protect your applications from disruptions and ensure nonstop availability.
Web application security, simplified.
Hassle-free Enterprise-level WAF-as-a-Service
Web applications are a critical part of your business and vital to how customers interact with you. Unfortunately, web apps also give attackers another gateway into your critical assets and data.
Businesses need to accurately distinguish good traffic from the bad in real-time. PurpleGuard delivers a competitively priced, highly versatile, enterprise-level, cloud-ready WAF that comes with a team of experts to eliminate the complexity of managing the WAF for you.
Complete setup and management.
From installation, deployment through to configuration, our experts ensure your web application firewall is ready to block threats against your critical web applications.
Our analysts fine-tune your managed WAF by monitoring your web application traffic, allow-listing valid requests and data, and building a policy that blocks malicious web traffic and other undesired activity.
As new threats emerge and your apps and portfolio change, our security analysts will update your policies as needed or required. Our services eliminate the steep learning curve and associated staffing costs that come with managing a WAF.
Secure Your Websites, Applications, and APIs
Everything you need to protect against today’s advanced threats
Web Application Protection
With its built-in Smart Signatures, powerful positive security model, and Machine Learning-powered Active Threat Intelligence, Barracuda Application Protection secures applications against the latest web app threats.
Full Spectrum DDoS Protection
Stop worrying about overages and limits of your DDoS protection. Barracuda Active DDoS Prevention provides true unlimited DDoS protection without any of these limitations, to prevent attackers from overwhelming your apps.
API Security
Protect websites as well as mobile and IoT application APIs from the growing threat of attacks and data breaches that cause much more havoc than traditional web application attacks, you are fully protected against API attacks.
Advanced Bot Protection
Protect websites, mobile applications, and APIs from the growing threat of advanced bots that can scrape your data, lock up your inventory, and skew your web analytics, bringing chaos for your digital business.
Secure Application Delivery
The built-in application delivery module enables HTTP load balancing, content routing, caching, and compression. The content routing module can be used to direct traffic to various applications based on the characteristics of incoming traffic.
24/7 Support
Round-the-clock assistance is available, ensuring issues are resolved quickly, keeping your operations running smoothly.
Web Application Protection
Whether it’s a script kiddie attempting their first SQL injection against your login form or advanced attackers attempting to compromise your app with a zero-day vulnerability, Barracuda Application Protection has you covered. It provides comprehensive protection against the OWASP Top 10 web attacks, zero-day threats, account takeover attacks, and much more with its built-in Smart Signature engine and positive security model.
Real-time attacks need real-time responses. Barracuda Active Threat Intelligence collects threat data from a large, worldwide network of sensors and customer traffic. This data is processed using machine learning in near real-time and pushed out to connected units immediately, allowing for rapid detection of new threats and attackers. Barracuda Active Threat Intelligence also holds the cloud machine-learning layer for Advanced Bot Protection and Auto Configuration Engine. Auto Configuration Engine is a service that reviews all your application traffic from connected units and provides application-specific configuration recommendations, reducing admin overhead.
Attackers spend a lot of time reconnoitering applications before they compromise them — and error messages from an application are very valuable to them to understand and attack your application. In addition, many applications deal with PII — credit cards, passports, license numbers, and much more. Attackers love these parts of the application since the PII can then be sold for a big payday. Many applications also have predictable URL patterns when it comes to handling account details and such, leaving them vulnerable to enumeration attacks.
Barracuda Application Protection has a built-in Data Theft Protection module that looks for error messages and PII to identify and stop them from being revealed by the application. Admins can either use the powerful built-in signatures or create their own. In addition, the powerful URL Encryption feature scrambles sensitive URLs, removing the ability of attackers to perform attacks such as enumeration — without requiring any kind of change on the application side.
Barracuda Application Protection includes a hardened SSL/TLS stack that provides a secure HTTPS front end to your applications. With pre-built templates, you can immediately set up secure TLS ciphers and protocols for standards compliance with ease. Barracuda Application Protection can also secure HTTP/2 and WebSockets-based applications from protocol-specific attacks.
Attackers today use a mix of tactics and techniques to infiltrate an application without being detected. To detect the more complex attacks starting from the initial reconnaissance attempts, Barracuda Application Protection uses machine learning to identify risky access patterns and stop the attackers. Each access of the application is evaluated by the Barracuda Active Threat Intelligence cloud, which assigns a risk score to both the request and the client. As the access to the application continues, the risk score is continually updated. Based on the score, the client is allowed or blocked.
Attackers exploit third-party scripts to perform client-side digital skimming attacks, such as Magecart, to steal PII and financial data directly from the browser. These attacks are difficult to detect because the scripts are loaded directly by the browser and attackers are using sophisticated techniques to avoid detection with scanners and similar defensive methods.
Barracuda Application Protection includes Client-Side Protection, a feature that automates the CSP and SRI configuration, reducing admin overhead and configuration errors. In addition to these capabilities, Barracuda Active Threat Intelligence provides visualization and reporting for these configurations, giving you deeper visibility into how the scripts are being used.
Full Spectrum DDoS Protection
DDoS attacks have grown in prominence over the last few years, with everyone from organized groups to script kiddies attacking various organizations. Barracuda Active DDoS Prevention stops large scale volumetric DDoS attacks from taking down your critical apps. The attacks are removed at our scrubbing centers much before they come anywhere near your network, removing any potential for downtime.
Barracuda Active DDoS Prevention blocks attacks including:
- DNS Amplification Attacks
- TCP SYN Floods
- UDP / ICMP Floods
- FIN / RST Floods
- Network Protocol Abuse, and more
Attackers for years have been attempting more subtle variations of the typical Layer 3 volumetric DDoS attack — the Layer 7 Application DDoS attack. In this form, the attack occurs using HTTP & HTTPS based methods such as GET floods, SSL Floods & other protocol attacks. Starting with the Mirai botnet a few years ago, these attacks have become more popular, and most botnets now have the ability to execute these attacks. Barracuda WAF-as-a-Service and Web Application Firewall have advanced capabilities to detect and block these automated attacks.
Attacks blocked include:
- SlowLoris Attacks
- RUDY, Slow Read
- HTTP Floods
- HTTP Cache Bypass Flood Mitigation
- SSL Floods
- SSL Protocol attacks
- And more
Sometimes malicious users and bots can attempt to access an application at a very high rate for various purposes. It could be someone rapidly refreshing a page to be the first to book a ticket or a bot attempting a malicious login. Barracuda WAF-as-a-Service and Web Application Firewall include unlimited Rate Limiting rules that can be applied to any part of the applications. These rate limiting rules will ensure that no one user can overload or compromise an application with huge numbers of accesses in a short period of time. Rate Limiting typically works on IP addresses — however, with Barracuda solutions, you can also use Device Detection to block specific devices behind an IP address, rather than banning an entire IP address.
API Protection
APIs are under constant development and most modern web applications are backed by APIs. However, these APIs are very frequently unknown (shadow APIs) and unprotected. Additionally, as API versions change, older endpoints are often left unprotected (zombie APIs.) Barracuda’s Machine Learning-powered API discovery looks at live traffic to your API endpoints to discover these shadow and zombie endpoints. Once discovered, the solution automatically turns on security settings, reducing the attack surface and blocking attacks. The best part? The discovery is always running, ensuring that your applications are continuously protected.
A hardened TLS front end provides a secure access layer to your APIs. Content routing allows you to add newer API versions or perform rollouts and testing without needing to configure the entire API setup from scratch. As you add newer APIs, in addition to API discovery, you can also import either updated API contract documents or virtual patches from supported scanners to automatically configure security for your new API endpoints. Add authentication and authorization with OpenID Connect, SAML, JSoN Web Tokens, and other integrations to restrict API access to authorized users.
Each request to your API is logged with all the headers and other details, making it easy for you to troubleshoot any issues. The reporting and syslog modules have multiple integrations, giving you quick and thorough visibility into traffic patterns and changes in behavior.
Advanced Bot Protection
Barracuda protects your websites, mobile applications, and APIs against the worst application attacks, no matter what form they take. Attacks such as OWASP Top 10, DDoS, or bot attacks that use scraping, denial of inventory, and credential stuffing are no match for our proven application security solution. In addition to Web Application and API Protection (WAAP), Barracuda Advanced Bot Protection adds ML-powered security to protect against business-logic attacks from automated threats, including the OWASP Automated Threat list.
Our customers rely on us every day with confidence because our solution has been deployed globally and continually improved for over a decade. Best of all, our solution makes it simple to deliver the application security you need with industry-leading ease of use.
Barracuda’s Active Threat Intelligence service collects data from thousands of deployments, honeypots, and other sources, and distills this into actionable intelligence. Barracuda Advanced Bot Protection combines this threat intelligence with cloud-based machine-learning models to identify and detect almost-human bots and other advanced attackers. Block bots and advanced attackers without impairing customer experience.
Current defense mechanisms like CAPTCHA and IP blocks can be awkward and impair the customer experience. Barracuda learns your application’s traffic patterns to intelligently block automated attacks against your business logic, while letting your legitimate customers experience the application the way you intended. Barracuda Advanced Bot Protection uses advanced fingerprinting to identify each client, and lets you easily respond with tools like tarpits, timed blocks, IP reputation, and fingerprint-based actions to slow down and block bots.
Malicious bots can cause big problems including loss of revenue, regulatory fines, or reputational loss from breaches. Barracuda provides you with a single flexible solution that is easy to deploy and simple to manage. It uses machine learning to protect you from all application security risks, while allowing legitimate application traffic to proceed with full efficiency. Whether you choose physical or virtual appliances, public cloud instances, containers, or a SaaS delivery model, you’ll benefit from the same robust, proven application security engine.
The Active Threat Intelligence Dashboard gives you at-a-glance visibility into traffic patterns and the types of clients who visit your website. A single pane of glass provides you with a bird’s-eye view of traffic patterns. Want to get granular? You can drill down into specific applications and see every bot that has visited your website, how often it attacks, and how much data has been transferred, helping you make informed decisions on how to protect your digital property.
Secure App Delivery
Barracuda protects your websites, mobile applications, and APIs against the worst application attacks, no matter what form they take. Attacks such as OWASP Top 10, DDoS, or bot attacks that use scraping, denial of inventory, and credential stuffing are no match for our proven application security solution. In addition to Web Application and API Protection (WAAP), Barracuda Advanced Bot Protection adds ML-powered security to protect against business-logic attacks from automated threats, including the OWASP Automated Threat list.
Our customers rely on us every day with confidence because our solution has been deployed globally and continually improved for over a decade. Best of all, our solution makes it simple to deliver the application security you need with industry-leading ease of use.
Barracuda’s Active Threat Intelligence service collects data from thousands of deployments, honeypots, and other sources, and distills this into actionable intelligence. Barracuda Advanced Bot Protection combines this threat intelligence with cloud-based machine-learning models to identify and detect almost-human bots and other advanced attackers. Block bots and advanced attackers without impairing customer experience.
Current defense mechanisms like CAPTCHA and IP blocks can be awkward and impair the customer experience. Barracuda learns your application’s traffic patterns to intelligently block automated attacks against your business logic, while letting your legitimate customers experience the application the way you intended. Barracuda Advanced Bot Protection uses advanced fingerprinting to identify each client, and lets you easily respond with tools like tarpits, timed blocks, IP reputation, and fingerprint-based actions to slow down and block bots.
Malicious bots can cause big problems including loss of revenue, regulatory fines, or reputational loss from breaches. Barracuda provides you with a single flexible solution that is easy to deploy and simple to manage. It uses machine learning to protect you from all application security risks, while allowing legitimate application traffic to proceed with full efficiency. Whether you choose physical or virtual appliances, public cloud instances, containers, or a SaaS delivery model, you’ll benefit from the same robust, proven application security engine.
The Active Threat Intelligence Dashboard gives you at-a-glance visibility into traffic patterns and the types of clients who visit your website. A single pane of glass provides you with a bird’s-eye view of traffic patterns. Want to get granular? You can drill down into specific applications and see every bot that has visited your website, how often it attacks, and how much data has been transferred, helping you make informed decisions on how to protect your digital property.
Protect your Web Applications and APIs.
Web Application Protection, Full Spectrum DDoS Protection, API Security, Advanced Bot Protection, Secure Application Delivery & Managed Services in one subscription.
Learn more about the capabilities of Barracuda Application Protection.
Advanced
Comprehensive Web Application and API Protection for your applications everywhere.
Start Now| WEB APPLICATION PROTECTION |
Protect against all OWASP Top 10 attacks including SQL Injections, XSS, Cross-Site Request Forgery and more.
Application Protection’s layered traffic processing engine and Smart Signatures use fewer attack-detection signatures to detect and block web attacks, including zero-day attacks. Each Smart Signature can detect attacks found in 40 attack-specific signatures, reducing detection time and improving overall detection.
The combination of Smart Signatures and positive security model ensure that most zero-day attacks are stopped before exploitation. In addition, Active Threat Intelligence collects threat data from a large, worldwide network of sensors and customer traffic. This data is processed using machine learning in near real-time and pushed out to connected units immediately, allowing for rapid detection of new threats and attackers.
Identify suspicious IP addresses, bots, TOR networks and other anonymous proxies that are often used by attackers to hide their identity and location. Capabilities include the ability to block proxies, VPNs, and entire networks based on the Autonomous System Numbers (ASN)
Control access to web resources based on Geo-IP to limit access only to specified regions.
Inspects all outbound traffic for sensitive data leakage. Content such as credit card numbers, U.S. social security numbers, or any other custom patterns are identified and can be either blocked or masked without administrator intervention. Furthermore, the information is logged and can be used by administrators to find potential leaks.
Client-Side Protection, a feature that automates the CSP and SRI configuration, reducing admin overhead and configuration errors. In addition to these capabilities, Active Threat Intelligence provides visualization and reporting for these configurations, giving deeper visibility into how these scripts are used.
On-board, regularly updated antivirus engine scans and detects viruses in file uploads.
Active Threat Intelligence automatically classifies each incoming request with risk scores based on the request parameters. These risk scores are used by the backend ML models to identify advanced threats such as bots and complex attackers and block them.
|
FULL SPECTRUM DDOS PROTECTION
|
Unmetered DDoS protection cloud service that scrubs traffic before it reaches the intended websites. This allows the cloud service to identify patterns of DDOS attacks in the connections and block them.
Protect against advanced application-layer DDoS with risk-assessment techniques, heuristic fingerprinting and IP reputation to distinguish real users from botnets.
Application Protection offers rate limiting of incoming client requests based on IP and client fingerprint. Rate limiting is especially useful at peak times where some users may attempt to overload the application by sending rapid requests. Rate limiting can be enforced at an application or URL level using an unlimited number of rules.
Hosting and security for application DNS records, including protection against DDoS attacks.
|
API SECURITY
|
Barracuda Application Protection protects JSON, and GraphQL APIs against all application attacks, including OWASP Top 10 API threats.
Import the schema for your JSON API to automatically create security rules based on the definition of the API. Supported schemas are OpenAPI and Google API formats.
Barracuda Application Protection uses machine learning to detect unprotected API endpoints from live traffic analysis and automatically secures them, reducing the attack surface drastically.
Shadow APIs are the APIs deployed by web applications that are not known and secured. Barracuda Application Protection uses machine learning to detect these API endpoints from live traffic analysis and automatically secures them, reducing the attack surface drastically.
Barracuda Application Protection offers rate limiting capabilities for APIs that can be enforced on an endpoint level, reducing the ability of misbehaving clients to slow down or bring down an API.
|
ADVANCED BOT PROTECTION
|
Barracuda Application Protection uses a combination of honeypots, behavioral analysis, and signatures to detect and block web scraping.
Barracuda Application Protection uses a combination of honeypots, behavioral analysis, and spam signatures to detect and block these bot attacks.
Barracuda Application Protection contains a regularly updated bot signature database that contains over 10,000 individual signatures. These signatures can be used to identify and block bots before they reach your application.
Barracuda Application Protection has multiple methods of challenging bots and attackers to both slow and stop them down. These methods include JavaScript challenges and CAPTCHAs.
Barracuda Application Protection can identify brute force attacks – whether they are coming from a single IP/source or multiple IPs/sources in low and slow attacks – and block them, rendering the application safe.
Barracuda Active Threat Intelligence has a database of previously leaked credentials that logins are validated against. If matches are found, these login attempts can be blocked and admins alerted.
Barracuda Active Threat Intelligence collects threat data from a large, worldwide network of sensors and customer traffic. This data is processed using machine learning in near-real time and pushed out to connected units immediately, allowing for rapid detection of new threats and attackers.
Privileged Account Protection on the Barracuda Active Threat Intelligence cloud uses behavioral analytics to understand user login and browsing patterns. When the behavior of the user varies from the pattern, admins are alerted to identify and block account takeover attacks.
Barracuda Advanced Bot Protection uses cloud-based machine learning to stop bad bots, easily blocking automated spam, web and price scraping, inventory hoarding, account takeover attacks, and much more.
Barracuda Application Protection can identify individual devices behind an IP address and most modules can enforce blocking at a device level or IP level as desired.
|
SECURE APPLICATION DELIVERY
|
Barracuda Application Protection provides an integrated CDN for onboarded applications. The CDN has over 118 PoPs that can serve traffic to the nearest clients across 100 locations worldwide.
Barracuda Application Protection provides granular AAA capabilities to offload authentication and authorization for applications. Capabilities include Client Certificates, JSON Web Tokens, SAML, and OpenID Connect.
Applications protected by the Application Protection Advanced plan are provided a shared IP public IP address.
Barracuda CloudGen Access is an innovative ZTNA solution that provides secure access to applications and workloads from any device and location. Barracuda Application Protection includes Barracuda CloudGen Access licenses to provide a secure access control surface for your internal applications that are published on the internet.
Applications onboarded on Barracuda Application Protection can be configured with multiple servers to spread the load and improve uptime. Barracuda Application Protection also includes Server Health Monitoring capabilities that continuously monitor application servers to switch traffic over in case of failure, improving uptime.
Content Routing on Barracuda Application Protection uses a number of parameters on the incoming request to identify and redirect traffic to various parts of an application. This could be anything from redirecting a user to the mobile application based on the HTTP UserAgent or routing traffic for A/B testing or enabling blue-green deployments.
Barracuda Application Protection provides an additional deployment module, the Containerized WAF that can work in conjunction with the SaaS model to secure East-West traffic in microservices.
Applications protected by the Application Protection Premium plan are provided with individual public IP addresses.
REPORTING, ANALYTICS, AND SERVICES
Barracuda Application Protection allows all application logs (traffic and firewall) to be exported to external SIEM solutions for further retention and analysis. One export server
Auto Configuration Engine is a service that reviews all your application traffic from connected units and provides application-specific configuration recommendations, reducing admin overhead.
Barracuda Application Protection leverages our advanced vulnerability scanner to constantly monitor your entire deployment for vulnerabilities. When it finds vulnerabilities – even in apps that are still in development – it can remediate them automatically or with a single click.
Duration of firewall and traffic log storage on the Application Protection platform. 30 days
Barracuda Application Protection is built API-First. What this means in practice is that every capability on the product can be configured and tuned using the Configuration API. Available to all users, code samples and modules for popular automation tools are also provides on our GitHub page for easy integration with your automation toolchain.
All configuration changes on Barracuda Application Protection are stored as snapshots. These snapshots are created in JSON and are editable – and use our configuration API in the backend. This capability allows easy integration with DevOps/SecOps tools and enables easily repeatable deployments to enforce uniform security policies
Barracuda Active Threat Intelligence Dashboard gives you at-a-glance visibility into traffic patterns and the types of clients who visit your website.
Premium
Includes everything from Advanced. Add machine learning capabilities, automated API discovery, complex bot threat mitigation, and client-side protection.
| WEB APPLICATION PROTECTION |
Protect against all OWASP Top 10 attacks including SQL Injections, XSS, Cross-Site Request Forgery and more.
Application Protection’s layered traffic processing engine and Smart Signatures use fewer attack-detection signatures to detect and block web attacks, including zero-day attacks. Each Smart Signature can detect attacks found in 40 attack-specific signatures, reducing detection time and improving overall detection.
The combination of Smart Signatures and positive security model ensure that most zero-day attacks are stopped before exploitation. In addition, Active Threat Intelligence collects threat data from a large, worldwide network of sensors and customer traffic. This data is processed using machine learning in near real-time and pushed out to connected units immediately, allowing for rapid detection of new threats and attackers.
Identify suspicious IP addresses, bots, TOR networks and other anonymous proxies that are often used by attackers to hide their identity and location. Capabilities include the ability to block proxies, VPNs, and entire networks based on the Autonomous System Numbers (ASN)
Control access to web resources based on Geo-IP to limit access only to specified regions.
Inspects all outbound traffic for sensitive data leakage. Content such as credit card numbers, U.S. social security numbers, or any other custom patterns are identified and can be either blocked or masked without administrator intervention. Furthermore, the information is logged and can be used by administrators to find potential leaks.
Client-Side Protection, a feature that automates the CSP and SRI configuration, reducing admin overhead and configuration errors. In addition to these capabilities, Active Threat Intelligence provides visualization and reporting for these configurations, giving deeper visibility into how these scripts are used.
On-board, regularly updated antivirus engine scans and detects viruses in file uploads.
Active Threat Intelligence automatically classifies each incoming request with risk scores based on the request parameters. These risk scores are used by the backend ML models to identify advanced threats such as bots and complex attackers and block them.
|
FULL SPECTRUM DDOS PROTECTION
|
Unmetered DDoS protection cloud service that scrubs traffic before it reaches the intended websites. This allows the cloud service to identify patterns of DDOS attacks in the connections and block them.
Protect against advanced application-layer DDoS with risk-assessment techniques, heuristic fingerprinting and IP reputation to distinguish real users from botnets.
Application Protection offers rate limiting of incoming client requests based on IP and client fingerprint. Rate limiting is especially useful at peak times where some users may attempt to overload the application by sending rapid requests. Rate limiting can be enforced at an application or URL level using an unlimited number of rules.
Hosting and security for application DNS records, including protection against DDoS attacks.
|
API SECURITY
|
Barracuda Application Protection protects JSON, and GraphQL APIs against all application attacks, including OWASP Top 10 API threats.
Import the schema for your JSON API to automatically create security rules based on the definition of the API. Supported schemas are OpenAPI and Google API formats.
Barracuda Application Protection uses machine learning to detect unprotected API endpoints from live traffic analysis and automatically secures them, reducing the attack surface drastically.
Shadow APIs are the APIs deployed by web applications that are not known and secured. Barracuda Application Protection uses machine learning to detect these API endpoints from live traffic analysis and automatically secures them, reducing the attack surface drastically.
Barracuda Application Protection offers rate limiting capabilities for APIs that can be enforced on an endpoint level, reducing the ability of misbehaving clients to slow down or bring down an API.
|
ADVANCED BOT PROTECTION
|
Barracuda Application Protection uses a combination of honeypots, behavioral analysis, and signatures to detect and block web scraping.
Barracuda Application Protection uses a combination of honeypots, behavioral analysis, and spam signatures to detect and block these bot attacks.
Barracuda Application Protection contains a regularly updated bot signature database that contains over 10,000 individual signatures. These signatures can be used to identify and block bots before they reach your application.
Barracuda Application Protection has multiple methods of challenging bots and attackers to both slow and stop them down. These methods include JavaScript challenges and CAPTCHAs.
Barracuda Application Protection can identify brute force attacks – whether they are coming from a single IP/source or multiple IPs/sources in low and slow attacks – and block them, rendering the application safe.
Barracuda Active Threat Intelligence has a database of previously leaked credentials that logins are validated against. If matches are found, these login attempts can be blocked and admins alerted.
Barracuda Active Threat Intelligence collects threat data from a large, worldwide network of sensors and customer traffic. This data is processed using machine learning in near-real time and pushed out to connected units immediately, allowing for rapid detection of new threats and attackers.
Privileged Account Protection on the Barracuda Active Threat Intelligence cloud uses behavioral analytics to understand user login and browsing patterns. When the behavior of the user varies from the pattern, admins are alerted to identify and block account takeover attacks.
Barracuda Advanced Bot Protection uses cloud-based machine learning to stop bad bots, easily blocking automated spam, web and price scraping, inventory hoarding, account takeover attacks, and much more.
Barracuda Application Protection can identify individual devices behind an IP address and most modules can enforce blocking at a device level or IP level as desired.
|
SECURE APPLICATION DELIVERY
|
Barracuda Application Protection provides an integrated CDN for onboarded applications. The CDN has over 118 PoPs that can serve traffic to the nearest clients across 100 locations worldwide.
Barracuda Application Protection provides granular AAA capabilities to offload authentication and authorization for applications. Capabilities include Client Certificates, JSON Web Tokens, SAML, and OpenID Connect.
Applications protected by the Application Protection Advanced plan are provided a shared IP public IP address.
Barracuda CloudGen Access is an innovative ZTNA solution that provides secure access to applications and workloads from any device and location. Barracuda Application Protection includes Barracuda CloudGen Access licenses to provide a secure access control surface for your internal applications that are published on the internet.
Applications onboarded on Barracuda Application Protection can be configured with multiple servers to spread the load and improve uptime. Barracuda Application Protection also includes Server Health Monitoring capabilities that continuously monitor application servers to switch traffic over in case of failure, improving uptime.
Content Routing on Barracuda Application Protection uses a number of parameters on the incoming request to identify and redirect traffic to various parts of an application. This could be anything from redirecting a user to the mobile application based on the HTTP UserAgent or routing traffic for A/B testing or enabling blue-green deployments.
Barracuda Application Protection provides an additional deployment module, the Containerized WAF that can work in conjunction with the SaaS model to secure East-West traffic in microservices.
Applications protected by the Application Protection Premium plan are provided with individual public IP addresses.
REPORTING, ANALYTICS, AND SERVICES
Barracuda Application Protection allows all application logs (traffic and firewall) to be exported to external SIEM solutions for further retention and analysis. Multiple export server
Auto Configuration Engine is a service that reviews all your application traffic from connected units and provides application-specific configuration recommendations, reducing admin overhead.
Barracuda Application Protection leverages our advanced vulnerability scanner to constantly monitor your entire deployment for vulnerabilities. When it finds vulnerabilities – even in apps that are still in development – it can remediate them automatically or with a single click.
Duration of firewall and traffic log storage on the Application Protection platform. 60 days
Barracuda Application Protection is built API-First. What this means in practice is that every capability on the product can be configured and tuned using the Configuration API. Available to all users, code samples and modules for popular automation tools are also provides on our GitHub page for easy integration with your automation toolchain.
All configuration changes on Barracuda Application Protection are stored as snapshots. These snapshots are created in JSON and are editable – and use our configuration API in the backend. This capability allows easy integration with DevOps/SecOps tools and enables easily repeatable deployments to enforce uniform security policies
Barracuda Active Threat Intelligence Dashboard gives you at-a-glance visibility into traffic patterns and the types of clients who visit your website.
Need something more customized?
Our security experts can help you find the best solution for your organization.
Protecting against the OWASP Top 10 with Barracuda Cloud Application Protection.
DESCRIPTION | BARRACUDA WEB APPLICATION FIREWALL SOLUTION |
Restrictions on what authenticated users are allowed to do are often not properly enforced. Attackers can exploit these flaws to access unauthorized functionality and/or data, such as access other users’ accounts, view sensitive files, modify other users’ data, change access rights, etc | Intelligently profiles web traffic to build a positive security profile that can be used as a whitelist of valid application resources and usage; traffic anomalous to this profile is denied. Web-based Allow Deny Rules (ADRs) allow for granular specification of precise application domains that are accessible with and without authentication. Provides a granular URL and form-level rules engine that restricts access to unauthorized resources. Seamless integration with multiple credentialing systems, e.g., LDAP, RADIUS, SiteMinder, RSA SecurID, SAML, AD FS, etc., provides strong single and multifactor access control |
DESCRIPTION | BARRACUDA WEB APPLICATION FIREWALL SOLUTION |
Many web applications and APIs do not
properly protect sensitive data such as
financial, healthcare, and PII. Attackers may
steal or modify such weakly- protected
data to conduct credit card fraud, identity
theft, or other crimes. Sensitive data may
be compromised without extra protection,
such as encryption at rest or in transit,
and requires special precautions when
exchanged with the browser
| Intercepts and filters server responses to prevent data leakage of sensitive information like SSN and credit card numbers. Custom patterns can also be defined and blocked or masked from being leaked. Sensitive information can be masked inside logs. Implements strong cryptography in SSL offloading and instant SSL features to secure data in transit. Instant SSL easily transforms HTTP-only applications to use an HTTPS front-end, which is offloaded to the Barracuda Web Application Firewall. Enables usage of the most secure TLS protocols, with cipher- suite selection, Perfect Forward Secrecy (PFS), and HSTS |
DESCRIPTION | BARRACUDA WEB APPLICATION FIREWALL SOLUTION |
Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization | Employs a mix of positive and negative security for filtering all web-based
inputs inside URL, forms, cookies, and headers to prevent known and unknown
(zero-day) attacks. Blocks any inputs that can be executed unintentionally inside
interpreters. Detects obfuscated malicious payloads meant to evade detection.
Deep inspects entire client requests – URL, query and form parameters,
cookies, headers, etc., to detect script injection. Prior to inspection, it
de-obfuscates (normalizes) all malicious payloads for common encoding
schemes and applies other protocol and limit-based checks.
|
DESCRIPTION | BARRACUDA WEB APPLICATION FIREWALL SOLUTION |
Broad category representing different
weaknesses, expressed as “missing or
ineffective control design”.
|
Provides comprehensive API for all the configuration elements, which can be
used to implement a secure development life cycle (SDLC) policy. For inherent
flaws in the backend application, virtual patching can be done to suitably handle
implementation risks.
|
DESCRIPTION | BARRACUDA WEB APPLICATION FIREWALL SOLUTION |
Exploits application stack vulnerabilities
such as unpatched software, zero-day
threats, and undeleted default accounts.
Also exploits misconfigured HTTP
headers and verbose error messages
that contain sensitive information.
|
Filters application error or status responses to prevent attackers from profiling
software vulnerabilities or identifying sensitive application-related information.
Employs a mix of positive and negative security for filtering all web-based
inputs to prevent known and unknown (zero-day) attacks. Applies strong
authentication and authorization policies to secure access control. Proxies
traffic to prevent direct access to backend servers.
XML firewall protects against XML attacks including XXE attacks. All untrusted
user inputs are validated, and any malicious data is identified and blocked.
Protects the entire API attack surface, including dynamically generated URLs
and URLs that use resource names as directories. Allows for virtual patching to
easily close any open vulnerabilities. Protects the XML parser against any types
of attacks and enables SSL/TLS and AAA offload to completely secure the
API surface. |
DESCRIPTION | BARRACUDA WEB APPLICATION FIREWALL SOLUTION |
Occurs when attackers can take control of and exploit vulnerable libraries, frameworks, and other modules running with full privileges. | Implements a hardened operating system and networking stack that proxies and shields vulnerable system stacks and components. Achieves security through obscurity by cloaking or masking responses that expose information about libraries, frameworks, and other modules. Virtual patching capability, with integration with over 25 well known vulnerability scanners, ensures that any identified vulnerabilities are automatically patched on the Barracuda WAF. Barracuda WAF provides support for implementing a Content Security Policy and Sub Resource Integrity to safeguard users of the application and to ensure that external files/library references are monitored for changes. |
DESCRIPTION | BARRACUDA WEB APPLICATION FIREWALL SOLUTION |
Application functions related to
authentication and session management
are often not implemented correctly,
allowing attackers to compromise
passwords, keys, or session tokens, or
to exploit other implementation flaws to
assume other users’ identities.
| Enforces session security and integrity in web applications by encrypting session tokens. Prevents MITM, MITB, and cookie replay attacks. Protects against tampering of hidden variables. Integrates with hardened browsers to prevent client-side session hijacking by keyloggers, framegrabbers, and other client-side malware. |
DESCRIPTION | BARRACUDA WEB APPLICATION FIREWALL SOLUTION |
Insecure deserialization often leads to remote code execution. Even if deserialization flaws do not result in remote code execution, they can be used to perform attacks, including replay attacks, injection attacks, and privilege escalation attacks. | XML and JSON firewalls ensure that all XML, JSON and SOAP requests are inspected and validated. Also inspects all incoming requests for deserialization attack patterns and block any matching requests. Enforce size checks on all incoming traffic and block attacks against the parsers. |
DESCRIPTION | BARRACUDA WEB APPLICATION FIREWALL SOLUTION |
Insufficient logging and monitoring, coupled with missing or ineffective integration with incident response, allows attackers to further attack systems, maintain persistence, pivot to more systems, and tamper, extract, or destroy data. Most breach studies show time to detect a breach is over 200 days, typically detected by external parties rather than internal processes or monitoring. |
Provides extensive logging and reporting for all HTTP/HTTPS requests with
ready integration with multiple SIEM vendors. Detailed log entries provide
visibility into each part of the incoming request. This enables a centralized
auditing and regulatory compliance framework for any protected application.
Powerful reporting and notification modules provide a large number of
pre-canned reports and threshold-based notifications to immediately
identify security issues.
|
DESCRIPTION | BARRACUDA WEB APPLICATION FIREWALL SOLUTION |
Occurs whenever the web application
is fetching a remote resource without
validating the user-supplied URL. It allows
an attacker to coerce the application to
send a crafted request to an unexpected
destination, even when protected by
security controls such as firewalls, VPN or
any type of network access control list.
|
Sanitizes all user input to ensure that client supplied data is not malicious.
ACLs can be created to block HTTP redirections. Additional checks can be
implemented for parameters and headers of a request to implement a strict
control on input values.
|
Our Services
Our latest content
Check out what's new in our company !
Personalized Workouts
Our experienced fitness coaches design workouts that align with your goals, fitness level, and preferences.
Nutritional Guidance
Achieve holistic health with personalized nutritional advice that complements your workouts, promoting overall well-being.
Progress Tracking
We monitor your progress meticulously, adjusting your plan as needed to ensure continuous improvement and results.
Ready to Embrace Your Fitness Journey?
Contact us today to embark on your path to a healthier, more vibrant you. Your fitness journey begins here.