Barracuda WAF gives protection against data loss,application-layer DDoS and known and previously unknown zero-day application-layer attack modalities. when new threats emerge, Barracuda WAF blocks them thus ensuring the highest security for critical applications every time.With strong authentication and access control capabilities, Barracuda WAF ensures security and privacy by restricting access to sensitive applications or data to authorized users.
Barracuda WAF is designed in a way to provide instant security.The op notch security tools ensure easy deployments into existing environments along with providing granular logging,alerting and reporting for management, compliance or early warning detection.
Barracuda Web Application Firewall
Deployment Options: Physical Appliance | Virtual Appliance | AWS | Azure
Comprehensive Security for Critical Applications
Barracuda Web Application Firewall (WAF) is the ideal solution for organizations looking to protect web applications from data breaches and defacement.With WAF,administrators do not need to wait for clean code or even know how an application works to secure their applications. Organizations can ensure robust security with Barracuda WAF hardware or virtual appliance deployed either on-premises or in the cloud.
Barracuda Vulnerability Manager
The Barracuda Vulnerability Manager is a cloud-based web application vulnerability scanner that finds web security flaws such as those on the OWASP Top 10, including SQL injection, cross-site scripting, and others.
Along with Barracuda WAF, the vulnerability Manager provides a comprehensive solution that detects and secures against web application threats. Threats and issues identified by Barracuda vulnerability Manager can easily be imported into WAF which automatically generates mitigation rules and apply them with a single click.
Provides Constant Protection from Evolving Threats
Barracuda WAF provides superior protection against data loss, application-layer DDoS, and known and previously unknown zero day application-layer attack modalities.
when new threats emerge, the Barracuda WAF will acquire new capabilities to block them. These definitions are automatically updated and will “virtually patch” automatically on units in the field, ensuring the highest security posture for critical applications at all times. This greatly reduces the time between vulnerability disclosure and vulnerability patching.
Granular Identity and Access Management
Barracuda WAF has powerful authentication and access control capabilities that ensure security and privacy by limiting access to sensitive applications or data to authorized users. Integrated Identify Access and Management pre-authenticates on the perimeter before access is allowed to critical web applications.
User Access Control can be offloaded from multiple applications on a single consolidated device. Detailed audit logging provides clear visibility into user activity across all protected applications.
Intuitive Administration & Management
Barracuda WAF is integrated with the best-of-breed security tools to provide instant security and it also ensures easy deployments into existing environments while providing granular logging, alerting and reporting for management,compliance, or early warning detection.It can also be deployed in High Availability clusters to provide redundancy and seamless fail over capabilities in response to outages thereby ensuring maximum application up time.
Scalable Security for Public & Private Clouds
Most of the enterprises has gone "cloud-computing" now.One of the major concerns carrying over from traditional IT-data and application security-has not changed and requires the same diligence in the cloud as with on-premise solutions. Barracuda WAF cam be readily plugged into private cloud environments as well as third-party cloud platforms like Microsoft Azure or Amazon Web Services.
Application Attack and DDoS Protection
Barracuda WAF provides robust security against targeted and automated attacks. OwASP Top 10 attacks like SQL Injections and Cross-Site Scripting (XSS) are automatically identified and logged. Administrators have the ability to set granular controls on response, allowing them to block, throttle, redirect, or perform a number of other actions.
Barracuda WaF comes with advanced DDoS protection capabilities which allow administrators to distinguish real users from botnets through the use of heuristic fingerprinting and IP reputation, thereby allowing them to block suspicious traffic.
Barracuda is the only product in the industry to offer integrated IP reputation intelligence that combines a real-time situational insights and historical intelligence to give protection against application DDoS using a variety of risk assessment techniques such as application-centric thresholds, protocol checks, session integrity, active and passive client challenges, historical client reputation blacklists, geo-location, and anomalous idle-time detection.
Adaptive profiling enables administrators to build positive security profiles of their applications by sampling web traffic from trusted hosts. Once enabled, the positive security profiles allow administrators to enforce granular white list rules on sensitive parts of the application. This greatly reduces the risk of attacks and helps prevent zero-day vulnerabilities by restricting input only to inputs that meet strict standards.
The aim of any targeted attack is to probe public-facing applications in order to find out details about the underlying servers,databases and operating systems. Cloaking prevents attack reconnaissance of protected applications by suppressing server banners,error messages, HTTP headers,return codes,debug information or backened IP addresses from leaking to a potential attacker.
Applications that rely on XML can now be secured with an XML Firewall capability that secures applications against schema and WSDL poisoning, highly-nested elements,recursive parsing, and other XML-based attacks. This secures communications between client and application or between applications from different systems closing an often overlooked attack vector.
Web Scraping Protection
Web scraping involves copying large amounts of data from a website or application using automated tools. This is often done for commercial advantages that are to the detriment of the organization that owns the web application. The aim of any attacker is to undercut competition,steal leads and hijack marketing campaigns and appropriate data via the web application.
Barracuda WAF gives protection against web scraping by detecting and blocking malicious bots from accessing the website. It comes with advanced detection techniques include the ability to set honey traps to identify malicious bots and headless browser detection. Site administrators can also set white lists for allowing specific bots, such as search engine crawlers to access the website. Barracuda WAF validates all bot traffic against known signatures before allowing them access to the website.
Data Loss Prevention
Barracuda WAF inspects all inbound traffic for attacks and outbound traffic for sensitive data. Contents such as credit card numbers,US social security numbers or any other custom patterns can be identified by the WAF and can either be blocked or masked without administrator intervention.
Iron-clad URL Tamper Prevention via URL Encryption
Barracuda WAF, models 660 and above, come with a unique URL Encryption feature that allows administrators to encrypt URLs before they are sent to clients. The original URLs or the directory structure are never exposed externally to prying eyes. Users of the web applications interact and navigate the site using only encrypted URLs, which are decrypted by the WAF on the way back in. The decryption process immediately identifies URL query or parameter tampering, malicious content injection or blind forceful browsing attacks.
Barracuda WAF is designed to provide easy, cost-effective assistance to help administrators comply with major application-specific requirements like PCI-DSS, HIPAA, FISMA, and SOX. It is certified by a number of third-party testing labs including ICSA Labs as an effective Web Application Firewall solution. It directly satisfies section 6.6 of PCI-DSS and assists compliance with built-in PCI compliance reports. Its robust identity and access management and data loss prevention (DLP) capabilities ensure privacy of sensitive data.
Web-Based Identity and Access Management
Barracuda WAF fully integrates Active Directory or any other RADIUS or LDAP-compatible authentication services and it is combined with the strong access control capabilities ,administrators can provide granular control over which users or groups are able to access specific resources.
Streamline Identity Federation with Identity Providers, including Azure AD
Barracuda WAF supports the SAML v2 protocol for authentication and web based single sign-on (SSO),thereby it can act as a SAML Service Provider (SP) to SAML-compliant Identity Providers (IdP), saving you from the complexities of implementing SAML on your web servers.
In order to provide strong user authentication ,Barracuda WaF integrates with a number of two-factor authentication technologies including client certificates, SMS PASSCODES, and hardware tokens such as RSA SecurID.
Client IP Reputation & User Access Control
Barracuda WAF can control access based on GeoIP to limit access only to specified regions.It is integrated with Barracuda Reputational database and can identify suspicious IP addresses, bots, TOR networks and other anonymous proxies that are often used by attackers to hide their identity and location. Once an IP address is identified as a risk, administrators have the ability to block, limit, throttle, or issue a CAPTCHA challenge before allowing access.
Pre-Built Security Templates
Pre-built security templates and an intuitive web interface provide immediate security without the need for time-consuming tuning or learning how to use a new application. Included out of the box are common application templates including Exchange, SharePoint, Oracle Financials, PHP, and more.
Automate and Scale with a RESTful API
With cloud computing,data centers have become increasingly programmable and DevOps has now become a key area of focus in network,compute and security tiers.Barracuda WAF comes with a REST API that enables you to configure and monitor the appliance pro grammatically. REST API allows you to automate, reduce time-to-market and costs by leveraging economies of scale in a programmable environment.
Custom Templates for Increased Productivity
Barracuda Web Application Firewall features security templates provide the ability to define baseline security settings to use as a model for security policies. By using templates, you can quickly create security policies designed to safeguard a specific application, web-portal, platform, framework or parts thereof. Templates increase productivity, reduce manual errors and deployment time, and ensure policy compliance.
Vulnerability Scanner Integration
Barracuda has the ability to integrate with popular scanners like IBM AppScan and Cenzic Hailstorm to automatically configure an application’s security template to protect against identified issues. All of this is automatically configured using the output of the scanners without any administrator intervention.
Integrations: Barracuda Vulnerability Manager, Cenzic Hailstorm, HPE Security WebInspect , HPE Security Fortify On Demand , IBM AppScan.In addition, the Barracuda Web Application Firewall integrates with over 20 vulnerability scanners via Denim Threadfix integration
Intuitive, Drill-down Reporting
Get immediate insight into compliance, threat activity, web traffic and regulatory compliance with powerful graphical reporting.More than 50 different pre-defined reports are available, which can be easily customized further, using numerous filters for attack types, traffic, time range, and more.Generated reports are interactive, with drill-down capability. Reports span PCI compliance, security, audit, web traffic and geo-location analytics. They can be generated on-demand, or scheduled for periodic delivery to multiple recipients over email or FTP.
Comprehensive Logging & Reporting
All client requests, administrator modifications, and firewall actions are logged. This provides a comprehensive audit log for compliance and security policy tuning. Data from the logs are used by the Web Application Firewall to build graphical reports on attacks, web traffic, compliance or a number of other analytical reports. Logs can also be exported to 3rd party analytics suite via Syslog or FTP.
Proactive Risk Monitoring via Customizable Alerts
Scheduling alert notifications for risk monitoring and analysis is an important requirement for proactive security administrators. This involves massive multiple security appliances in the data center. Without any correlation or consolidation, advanced persistent threat (APT) activity can go unnoticed.
In order to overcome this, Barracuda WAF comes with alert consolidation and correlation. Custom notifications can be defined using multiple elements like severity, attack type, application, threshold and frequency (for example, configuring thresholds for SQL Injection frequency on application X and also monitoring forceful browsing for the same application).
By this, important threat activity does not get drowned in the noise,lowers risk profile and operational costs and increase productivity.You can also customize alert notifications for hardware components and individual system modules.
Automatic Security Updates
Attack definitions and signatures on the Barracuda WAF are enhanced by an extensive network of more than 150,000 sensors deployed world wide,which provides Barracuda Labs with data.The information originating from these sensors provide valuable data that is issued by Barracuda Labs to create current security definitions. These definitions are automatically updated and loaded as virtual patches to the Barracuda Web Application Firewall appliances in the field. These updates ensure the highest security posture for critical applications at all times and greatly reduces the time between vulnerability disclosure and repair vulnerabilities.
Automatic updates allow administrators to immediately implement real-time security against new threats; they also provide time to the application development teams to exhaustively analyze the issues in the underlying application and fix vulnerabilities when necessary.
High Availability Clustering
For ensuing instant recovery Barracuda WAF can be clustered in active / passive or active / active pairs with fail over . Security configurations and deployments are automatically synchronized between the clusters, providing instant recovery from any outages.
Application Load Balancing and Monitoring
Barracuda WAF supports load balancing of all types of applications. It also monitor server health by tracking server responses to actual requests and marking the server as out-of-service when errors exceed a user configured threshold.In addition, WAF can also perform out-of-band health checks,requests created and sent to a server at configured time intervals to verify its health.
Cloud Edition for Microsoft Azure
When migrating data, applications, and/or workloads to the cloud, administrators still need to safely manage both corporate and customer information. In most cases, organizations are still subject to the privacy and compliance directives of their industry, whether HIPAA, SOX, PCI, or others. By integrating the proven application security and data loss prevention capabilities of Barracuda Web Application Firewall (WAF) with Microsoft Azure’s native security features, administrators are in a superior position to deploy secure, reliable, and resilient cloud services in Azure while meeting any regulatory or compliance needs.
Cloud Edition for Amazon Web Services
Barracuda WAF provides proven application security and Data Loss Prevention for applications deployed on Amazon Web Services. AWS Security Competency certified Barracuda Web Application Firewall integrates with AWS Elastic Load Balancer, Cloud Formation Templates and more to support bootstrapped configuration and auto scaling.