Our Price: $7,068.00
Our Price: $1,368.00
Our Price: $14,820.00
Our Price: $3,420.00
Our Price: $3,876.00
Application attacks are becoming increasingly complex.
Barracuda Application Protection is an integrated platform that brings a comprehensive set of interoperable capabilities together to ensure complete application security.
Barracuda makes it simple.
Combine full Web Application and API Protection (WAAP) functionality with a complete set of advanced security services and solutions that protect your applications against today’s multiplying threats. Whether your applications are deployed on-premises, in the cloud, or hybrid, Barracuda Application Protection makes it easy to keep them secure and available.
of breaches were due to bot attacks**
of breaches were due to supply chain attacks**
of data breaches were due to account takeover attacks*
** The state of application security in 2021
Start with flexible, powerful WAAP solutions.
Barracuda Web Application and API Protection (WAAP) solutions are available as appliances (hardware or virtual) that can be implemented on premises or hosted in the cloud, as a container and through an innovative SaaS solution that combines advanced functionality with ease of deployment and management. The containerized Barracuda Web Application Firewall can be deployed and managed using the SaaS version, providing the option to use either or both versions based on your needs.
With both deployment models, you get complete application security, including protection for the OWASP Top 10 Web and API threats, zero-day attacks, and many more vulnerabilities and automated threats, along with automatic detection and remediation. Compared to many competing solutions, Barracuda WAF solutions are remarkably simple to deploy, configure, and manage, with capabilities like the Machine Learning-powered Auto Configuration Engine.
Gain comprehensive protection against web app attacks.
Whether it’s a script kiddie attempting their first SQL Injection against your login form or advanced attackers attempting to compromise your app with a zero-day vulnerability, Barracuda Application Protection has you covered. It provides comprehensive protection against the OWASP Top 10 web attacks, zero-day threats, account takeover attacks, and much more with its built-in Smart Signature engine and positive security model.
Real-time attacks need real-time responses. Barracuda Active Threat Intelligence collects threat data from a large, worldwide network of sensors and customer traffic. This data is processed using machine learning in near real-time and pushed out to connected units immediately, allowing for rapid detection of new threats and attackers. Barracuda Active Threat Intelligence also holds the cloud machine-learning layer for Advanced Bot Protection and Auto Configuration Engine. Auto Configuration Engine is a service that reviews all your application traffic from connected units and provides application-specific configuration recommendations, reducing admin overhead.
Don’t let DDoS attacks bring your business to its knees.
Distributed denial-of-service (DDoS) attacks continue to be a serious threat to businesses of all kinds. By making your apps unusable or inaccessible for legitimate users, they can effectively shut down your business operations for a prolonged period of time, which can be immensely costly.
Barracuda WAAP solutions include powerful, full-spectrum DDoS protection. Covering Layer-3 to Layer-7 traffic, and blocking both volumetric and application-based DDoS attacks, this capability ensures that your business-critical applications remain available, accessible, and effective, without the interruptions that DDoS attacks seek to create.
Stop today’s most advanced, malicious bots.
Hackers are creating sophisticated bots that can mimic human app users to carry out devastating attacks. The challenge is not only to distinguish between legitimate and malicious bots, but also to sort real human users from the most advanced bots.
Barracuda Advanced Bot Protection uses artificial intelligence and machine learning in the cloud to continually improve its ability to spot and block bad bots and human-mimicking “low and slow” bots — while allowing legitimate human and bot traffic to proceed with minimal impact.
Enable secure app delivery.
Barracuda Application Protection includes a hardened SSL/TLS stack to provide a secure HTTPS front end to your applications. With pre-built templates, you can immediately set up secure TLS ciphers and protocols for standards compliance with ease. The built-in CDN with over 100 points of presence (PoPs) worldwide ensures that your application loads quickly for all your users. To ensure that only authorized personnel can access your application backends and data, Barracuda Application Protection solutions integrate with AD, LDAP, SAML, JWT, OpenID, and RADIUS, giving you granular control over which users and groups can access what data.
The built-in application delivery module enables HTTP load balancing, content routing, caching, and compression. The content routing module can be used to direct traffic to various applications based on the characteristics of incoming traffic — for instance, a different server for a PC versus mobile client. Connection pooling, caching, and compression capabilities speed traffic delivery and improve user experience by reducing server load and reducing latency.
Leverage powerful reporting capabilities.
In a world of fast-multiplying regulatory frameworks and data privacy protection rules, establishing and demonstrating compliance can be a burdensome, ongoing process that consumes ever-greater amounts of resources.
Barracuda Application Protection solutions generate detailed logs automatically, and provide customized reports on demand, making it easy to demonstrate regulatory compliance. The solution also supports many external SIEMs and log management tools such as Azure Sentinel, Loggly, Sumologic, HPE ARCsight, IBM QRadar, Splunk, and many more.
Web Application Protection
Protect against all OWASP Top 10 attacks, zero-day attacks, data leakage, and DDoS attacks. The layered traffic processing engine and Smart Signatures use fewer attack-detection signatures to detect and block web attacks, including zero-day attacks. Each Smart Signature can detect attacks found in 40 attack-specific signatures, reducing detection time and improving overall detection.
Using client source addresses, organizations can control access to web resources. Barracuda Application Protection can control access based on GeoIP to limit access only to specified regions. It is also integrated with the Barracuda Reputational Database and can identify suspicious IP addresses, bots, TOR networks and other anonymous proxies that are often used by attackers to hide their identity and location. Capabilities include the ability to block proxies, VPNs, and entire networks based on the Autonomous System Numbers (ASN).
Inspects all outbound traffic for sensitive data leakage. Content such as credit card numbers, U.S. social security numbers, or any other custom patterns are identified and can be either blocked or masked without administrator intervention. Furthermore, the information is logged and can be used by administrators to find potential leaks.
Attackers exploit third-party scripts to perform client-side digital skimming attacks, such as Magecart, to steal PII and financial data directly from the browser. These attacks are difficult to detect because these scripts are loaded directly by the browser and attackers are using sophisticated techniques to avoid detection with scanners and similar defensive methods. Barracuda Application Protection includes Client-Side Protection, a feature that automates the CSP and SRI configuration, reducing admin overhead and configuration errors. In addition to these capabilities, Barracuda Active Threat Intelligence provides visualization and reporting for these configurations, giving you deeper visibility into how these scripts are used.
Available with all plans, the on-board Antivirus engine scans and detects viruses in file uploads.
Seamless integration with Barracuda Advanced Threat Protection to provide security against advanced zero-hour threats. By analyzing files in a CPU-emulation based sandbox, it can detect and block malware embedded deep inside files uploaded to applications.
Barracuda Active Threat Intelligence automatically classifies each incoming request with risk scores based on the request parameters. These risk scores are used by the backend ML models to identify advanced threats such as bots and complex attackers and block them.
Full-Spectrum DDoS Protection
Volumetric DDoS attacks are on the rise because the computational resources that are available to attackers make it very easy to launch full-scale attacks that can bring an entire network down. Many times, the entry points for these attacks are web sites of organizations that bear the brunt of the load. Barracuda WAF-as-a-Service offers unmetered DDoS protection cloud service that scrubs traffic before it reaches the intended websites. This allows the cloud service to identify patterns of DDOS attacks in the connections and block them.
Protect against advanced application-layer DDoS (Slowloris, RUDY and Slow Read) attacks, which are different from volumetric DDoS attacks, with heuristic fingerprinting and IP reputation to distinguish real users from botnets. Secure against application DDoS using a variety of risk assessment techniques such as application-centric thresholds, protocol checks, session integrity, active and passive client challenges, historical client reputation block lists, geo-location, and anomalous idle-time detection.
Barracuda Application Protection offers rate limiting of incoming client requests based on IP and client fingerprint. Rate limiting is especially useful at peak times where some users may attempt to overload the application by sending rapid requests. Rate limiting can be enforced at an application or URL level using an unlimited number of rules.
Barracuda Application Protection protects XML, JSON, and GraphQL APIs against all application attacks, including OWASP Top 10 API threats.
Import the schema for your JSON API to automatically create security rules based on the definition of the API. Supported schemas are OpenAPI and Google API formats.
Shadow and zombie APIs are major threats for application defenders. Shadow APIs are the APIs deployed by web applications that are not known and secured. Zombie APIs are API endpoints that may no longer be in use, such as older versions of an API, but still actively respond to queries and are not secured. Barracuda Application Protection uses machine learning to detect these API endpoints from live traffic analysis and automatically secures them, reducing the attack surface drastically.
APIs are built for access using automation. However, often this capability can be misused to overload an API and bypass SLAs or completely bring down an application. Barracuda Application Protection offers rate limiting capabilities for APIs that can be enforced on an endpoint level, reducing the ability of misbehaving clients to slow down or bring down an API.
Advanced Bot Protection
Web scraping and bot spam are the most common types of bot problems faced by applications. Barracuda Application Protection uses a combination of honeypots, behavioral analysis, and signatures to detect and block these bot attacks.
Barracuda Application Protection contains a regularly updated bot signature database that contains over 10,000 individual signatures. These signatures can be used to identify and block bots before they reach your application.
Real-time attacks need real-time responses. Barracuda Active Threat Intelligence collects threat data from a large, worldwide network of sensors and customer traffic. This data is processed using machine learning in near-real time and pushed out to connected units immediately, allowing for rapid detection of new threats and attackers.
Integrations: reCAPTCHA v2 and v3; hCAPTCHA
Brute Force attacks use trial and error to attempt to identify login credentials or hidden parts of an application as part of reconnaissance. Barracuda Application Protection can identify such attacks – whether they are coming from a single IP/source or multiple IPs/sources in low and slow attacks – and block them, rendering the application safe.
Credential stuffing or password spraying attacks are forms of account takeover attacks that use databases of leaked and stolen credentials to attempt to identify password reuse and compromise applications. Barracuda Active Threat Intelligence has a database of previously leaked credentials that logins are validated against. If matches are found, these login attempts can be blocked and admins alerted.
A more sophisticated form of account takeover attack targets specific individuals in an organization to steal credentials from and use for compromising the organization. Privileged Account Protection on the Barracuda Active Threat Intelligence cloud uses behavioral analytics to understand user login and browsing patterns. When the behavior of the user varies from the pattern, admins are alerted to identify and block attacks.
Barracuda Advanced Bot Protection uses cloud-based machine learning to stop bad bots, easily blocking automated spam, web and price scraping, inventory hoarding, account takeover attacks, and much more.
Most IP addresses contain multiple users and devices behind them. Blocking an entire IP address with hundreds of users for the sins of one user typically causes significant user issues. Barracuda Application Protection can identify individual devices behind an IP address and most modules can enforce blocking at a device level or IP level as desired.
Secure Application Delivery
Barracuda Application Protection provides an integrated CDN for onboarded applications. The CDN has over 118 PoPs that can serve traffic to the nearest clients across 100 locations worldwide.
Barracuda Application Protection provides granular AAA capabilities to offload authentication and authorization for applications. Capabilities include Client Certificates, JSON Web Tokens, SAML, and OpenID Connect.
Barracuda CloudGen Access is an innovative ZTNA solution that provides secure access to applications and workloads from any device and location. Barracuda Application Protection includes Barracuda CloudGen Access licenses to provide a secure access control surface for your internal applications that are published on the internet.
Applications onboarded on Barracuda Application Protection can be configured with multiple servers to spread the load and improve uptime. Barracuda Application Protection also includes Server Health Monitoring capabilities that continuously monitor application servers to switch traffic over in case of failure, improving uptime.
Content Routing on Barracuda Application Protection uses a number of parameters on the incoming request to identify and redirect traffic to various parts of an application. This could be anything from redirecting a user to the mobile application based on the HTTP UserAgent or routing traffic for A/B testing or enabling blue-green deployments.
Many applications today are deployed using containers and microservices. While traffic from the internet to the applications (North-South traffic) is typically protected, the traffic between the microservices (East-West traffic) is not. Barracuda Application Protection provides an additional deployment module, the Containerized WAF that can work in conjunction with the SaaS model to secure this critical path.
Automation, Reporting, Analytics, and Services
Barracuda Application Protection allows all application logs (traffic and firewall) to be exported to external SIEM solutions for further retention and analysis. Multiple SIEM integrations are available out of the box and logs can be exported as JSON, Syslog, or AMQP/S.
Barracuda Active Threat Intelligence Dashboard gives you at-a-glance visibility into traffic patterns and the types of clients who visit your website. A single pane of glass provides you with a birds-eye view of traffic patterns. You can also drill down into specific applications and see every bot that has visited your website, how often it attacks, and how much data has been transferred, helping you make informed decisions on how to protect your digital property.
Barracuda Active Threat Intelligence delivers the cloud Machine Learning layer for Advanced Bot Protection and the Auto Configuration Engine. Auto Configuration Engine is a service that reviews all your application traffic from connected units and provides application-specific configuration recommendations, reducing admin overhead.
Complex deployments, frequent updates to apps, and fast deployment of new apps can easily introduce vulnerabilities. Barracuda Application Protection leverages our advanced vulnerability scanner to constantly monitor your entire deployment for vulnerabilities. When it finds vulnerabilities – even in apps that are still in development – it can remediate them automatically or with a single click. Detailed reporting of vulnerability discovery and remediation helps you demonstrate compliance.
Barracuda Application Protection is built API-First. What this means in practice is that every capability on the product can be configured and tuned using the Configuration API. Available to all users, code samples and modules for popular automation tools are also provides on our GitHub page for easy integration with your automation toolchain.
All configuration changes on Barracuda Application Protection are stored as snapshots. These snapshots are created in JSON and are editable – and use our configuration API in the backend. This capability allows easy integration with DevOps/SecOps tools and enables easily repeatable deployments to enforce uniform security policies.
|WEB APPLICATION PROTECTION|
|OWASP Top 10 Protection|
|Zero Day Attack Protection|
|IP Threat Intelligence|
|Data Leak Prevention|
|Website Supply Chain Protection|
|Anti-Virus for File Uploads|
|Risk-based Attack Detection|
|FULL SPECTRUM DDOS PROTECTION|
|Unlimited Volumetric DDoS Attack Prevention|
|Unlimited Application DDoS Attack Prevention|
|Protect JSON and GraphQL APIs|
|Schema-based API Discovery|
|ML-powered JSON API Discovery|
|ML-powered Shadow API Discovery|
|Unlimited API Rate Limiting Rules (Tarpit)|
|ADVANCED BOT PROTECTION|
|Bot Spam Detection|
|Bot Signature Database|
|CAPTCHA Insertion and Challenges|
|Brute Force Prevention|
|Credential Stuffing Protection|
|Cloud-backed Active Threat Intelligence|
|Privileged Account Protection|
|ML-powered Bot Detection|
|Client Identification and Control|
|SECURE APPLICATION DELIVERY|
|Content Delivery Network|
|Authentication, Authorization, and Access Control|
|Zero Trust Network Access|
|Load Balancing with Server Health Monitoring|
|REPORTING, ANALYTICS, AND SERVICES|
|Log Export to SIEM||One export server||Multiple export servers|
|Auto Configuration Engine|
|Virtual Patching and Scanner Integration|
|Log Storage Duration||30 Days||60 Days|
|Configuration API Access|
|Advanced Reporting and Visualization|
- Google Cloud Platform
Download the Barracuda Application Protection (PDF)
Our Price: $7,068.00
Our Price: $1,368.00
Our Price: $14,820.00
Our Price: $3,420.00
Our Price: $3,876.00