Barracuda Networks CloudGen Firewall SC2 Overview:
Properly managing enterprise networks is critical to key business operations as more businesses adopt industrial internet of things (IIoT). As these networks grow larger and more complex, it’s important to implement robust security and performance of endpoint devices. Barracuda Secure Connector appliances are an essential tool for optimizing the performance, security and availability of IIoT deployments.
Securing the industrial internet of things
Barracuda Secure Connector appliances are designed and built from the ground up to provide comprehensive, nextgeneration security while being simple to deploy and maintain, and highly scalable. Need to connect micro-offices, point of sales and machine-to-machine business? With Secure Connector you’re all set.
Easy to setup and maintain: Secure Connector
The Secure Connector is a hardware appliance purpose-built to be an onpremises connectivity device that ensures high-performance and tamper-proof VPN connections to protect the data flow and, thus, guarantee data continuity.
Next-generation security and connectivity enforcement
Depending on the size of your SecureConnector deployment, either a Barracuda CloudGen Firewall (when operating up to 250 Secure Connector units) or a dedicated Secure Access Controller (above 250 Secure Connector deployments) can act as the connectivity and security enforcement hub for the data stream. Both CloudGen Firewall and Secure Access Controller provide full next-generation firewall functionality and can be run on VMware, Hyper-V, XenServer, or KVM environments as well as directly in Microsoft Azure, Amazon Web Services, and Google Cloud Platform.
Grows with your needs
Integration within the Barracuda Firewall Control Center architecture ensures that your deployment can grow with your needs without technical or financial trapdoors. The template-based configuration in combination with zero-touch deployment ensures easy rollout of additional devices and maintain compliance without the need of trained IT personnel on the ground.
CloudGen Firewall Technology:
Secure Your Networks Perimeter
Barracuda CloudGen Firewall S provides several layers to protect an organization’s IoT network
Intrusion Detection and Prevention
The built-in Intrusion Detection and Prevention System (IDS/IPS) strongly enhances network security by providing complete and comprehensive real-time network protection for your operating systems, applications, and databases against a broad range of threats and attacks.
By providing advanced attack and threat protection features such as stream segmentation and packet anomaly protection, TCP split handshake protection, IP and RPC defragmentation, FTP evasion protection, as well as URL and HTML decoding, the Secure Access Concentrator (SAC) can identify and block advanced evasion attempts and obfuscation techniques used by attackers to circumvent and trick traditional intrusion prevention systems.
As part of Barracuda’s Energize Updates subscription, automatic signature updates are delivered on a regular schedule or on an emergency basis to ensure that the SAC is constantly up-to-date. If the firewall unit is centrally managed, the pattern updates are conveniently distributed by the Barracuda NextGen Control Center.
Malware Protection
The optional Malware Protection shields your internal network from malicious content by scanning web / email content and file transfers via two fully integrated antivirus engines. Malware Protection is based on regular signature updates as well as advanced heuristics to detect malware or other potentially unwanted programs even before signatures are available.
The Malware Protection covers viruses, worms, trojans, malicious java applets, and programs using known exploits on, for example, PDFs, pictures and office documents, macro viruses, even when using stealth or morphing techniques for obfuscation.
Advanced Threat Detection
Barracuda’s Advanced Threat Detection (ATD) uses next-generation sandbox technology powered by full-system emulation to catch not only persistent threats and zero-day exploits, but also advanced malware designed to evade detection. Files are forwarded to a cloud-based sandbox environment, where they are executed and analyzed to identify suspicious and malicious behavior.
Barracuda ensures flexible and simple deployment with your existing network infrastructure—no additional hardware is required since resourceintensive sandboxing is offloaded to the cloud. The cloud database is continuously updated by all SACs with enabled ATD. Processing of already known files is thereby speeded up.
The administrator has full policy control over how PDF documents, Microsoft Office files, EXEs/MSIs/DLLs, Android APKs, compressed files, and archives are emulated and delivered to the client. Based on identified malware activity, infected users can be automatically quarantined, thus preventing the malware from spreading within the network.
Customizable, on-demand analysis reports for any emulated file provide full insight and details on malicious activities, file behavior, system-registry entries, and evasion and obfuscation techniques. This also enables network activities, such as establishing encrypted connections to Botnet Command and Control Centers for increased security posture, to evade scaled botnet attacks.
Web Filtering
The web filtering options for the SAC enable highly granular, real-time visibility into online activity, broken down by individual users and applications. Administrators can thus easily create and enforce effective Internet content and access policies. Web filtering protects user productivity, blocks malware downloads and other web-based threats, and enables compliance by blocking access to unwanted websites and servers, thereby providing an important additional layer of security alongside application control.
Controlling Application Usage
Mobile devices, online applications, social networks, and streaming media have caused an enormous increase in nonbusiness network data traffic, pushing bandwidth capacities to their limits and causing degradation in performance of business-critical applications.
The Barracuda CloudGen Firewall F-Series gives administrators granular control over applications, allowing them to define rules for forwarding data traffic using the best respective transmission channels based on type of application, user, content, time of day, and geographical location.
Block unwanted applications, control acceptable traffic, and ensure business continuity
Application Control
The Barracuda CloudGen Firewall family provides powerful and extremely reliable detection and classification of thousands of applications and sub-applications by combining Deep Packet Inspection (DPI) and behavioral traffic analysis – no matter if the protocols are using advanced obfuscation, port hopping techniques, or encryption. It allows the creation of dynamic application policies and facilitates the establishment and enforcement of acceptable access and use policies for users and groups by application, application category, location, and time of day. Barracuda CloudGen Firewalls combine application control with seamless integration of authentication schemes like Active Directory, RADIUS, or LDAP/S. As a result, administrators are always on top of what users are doing to on the organization’s network. Barracuda CloudGen Firewalls feature advanced application-based routing path selection and Quality of Service (QoS) capabilities. These provide additional business value and security by significantly improving network quality and availability, and by reducing direct line cost due to saved bandwidth.
For rich reporting and drill-down capabilities, Barracuda CloudGen Firewalls come with real-time and historical application visibility that shows application traffic on the corporate network, thus providing a basis for deciding which connections should be given bandwidth prioritization, which is crucial to QoS optimization for business-critical applications. Furthermore, it lets admins adjust and refine corporate application use policies.
Personalized Application Control
On top of thousands of applications that are delivered out of the box and constantly updated, Barracuda CloudGen Firewalls provide a way to easily create user-defined application definitions for best-in-class application control customized and tailored to an organization’s specific needs.
Application-Based Provider Selection
The combination of next-generation security and adaptive WAN routing lets Barracuda CloudGen Firewalls dynamically assign available bandwidth for several links not only based on protocol, user, location, and content, but also based on applications, application categories, and web filter categories. This keeps expensive, highly available lines free for business and mission-critical applications, while significantly reducing response times and freeing up additional bandwidth.
Deep Application Context
The deep application context analysis allows for a more thorough inspection of the application data stream by continually evaluating the actual intention of applications and the respective users. By this means, administrators can gain detailed insight into what a specific application was used for, or if a user was trying to circumvent the corporate application usage policy.
User Identity Awareness & Control
Barracuda CloudGen Firewalls support the authentication of users and enforcement of user-aware firewall rules, web filter settings, and application control by seamlessly integrating with Microsoft Active Directory.
- Microsoft and Citrix terminal service environments
- Microsoft Active Directory
- NTLM
- RADIUS
- RSA SecurID
- LDAP/LDAPS
- TACACS+
- and more..
Application Risk and Usage Report
The Application Usage and Risk Report is a predefined report in the Barracuda Report Creator tool providing automated reports and risk analysis based on the network traffic that is traversing the network. It provides an overview on how effective the currently deployed technologies are in detecting and enforcing the corporate application usage policies and recommends what should be taken into account when redefining these policies. The report creation can be started manually (on-demand) or scheduled (including automated email distribution). And - of course - this report is fully customizable to comply with possible branding requirements.
Central Management across the IoT
To centralize management across an IoT network and organization networks, the Barracuda NextGen Control Center lets administrators manage and configure security, content, traffic management, and network access policies from a single interface. Template-based configuration and globally available security objects enable efficient configuration across thousands of locations.
The Barracuda NextGen Control Center helps significantly reduce the cost associated with security management while providing extra functionality both centrally and locally at the managed gateway. Software patches and version upgrades are centrally controlled from within the management console, and deployment can be applied to all managed devices.
Highly customizable administrative roles can be defined to delegate administrative capabilities for specific departments or locations.
Scalable Deployment
Managing the security issues in a widely distributed enterprise network can be painful and extremely time consuming. Managing a system may take only 15 minutes per day. But having 20 systems in place results in five hours per day – just to manage the existing system.
With the Barracuda NextGen Control Center, managing multiple SACs takes the same amount of time as managing one.
- Create pre-configured templates for easy rollout.
- Have all information of the enterprise security deployment available in real time.
- Create reports for either one or all F-Series compounds.
Lifecycle Management
Scalable Barracuda CloudGen Firewall F-Series offer companies sustainable investment protection. Energize Updates automatically provide the latest firmware and threat definitions to keep the appliance up-to-date. With a maintained Instant Replacement subscription, organizations receive a new appliance with the latest specs every four years.
Barracuda CloudGen Firewall FAQ:
What is a Next Generation Firewall?
Next generation firewalls are the successors of traditional firewall and unified threat management (UTM) devices. Traditional firewalls generally perform packet forwarding and blocking functions and often incorporate packet inspection techniques. UTM devices usually add content security functions but typically fail to tightly integrate those functions tightly with network management, network access and WAN connectivity capabilities of enterprise-class firewalls.
To protect networks in the presence of social media and other Web 2.0 applications, a next generation firewall infrastructure intelligently combines network security, content security, Layer 7 application profiling and network access control to detect application-specific attacks, enforce application-aware inbound and outbound access policies, and perform application-aware traffic routing and prioritization across the wide area network (WAN).
Based on over a decade of R&D and real-world deployments in over 1,000 of the most demanding enterprise customer environments, the Barracuda CloudGen Firewall is the most advanced next generation firewall on the market today.
What is a Network Security Gateway?
Network security gateways are the successors of traditional firewalls, unified threat management (UTM) devices, and the latest cycle of "next-generation" firewalls. Traditional firewalls forward packets and block functions often employing packet inspection. UTM devices usually add content security functions. Next-generation firewalls add detection and control of social media and Web 2.0 applications, but typically fail to integrate these functions tightly with link management, WAN management, and SSL VPN remote connectivity.
In comparison, the Barracuda CloudGen Firewall, the first true network security gateway, starts by integrating an advanced network firewall with Layer 7 application recognition and user awareness, content security, malware protection, plus IPS in a suite of security technologies. It tightly integrates these features with intelligent network link aggregation and traffic management, VPN WAN management, and optimization for seamless remote office integration and SSL VPN for remote client security. As a network security gateway, the Barracuda CloudGen Firewall weaves a seamless fabric of security, performance optimization, high-availability, and centralized management into network infrastructures while simplifying network architecture.
Why do I need a Next Generation Firewall?
As you organization relies on more cloud-based applications like Office 365, Salesforce, and Dropbox, internet connectivity becomes even more important. Our Barracuda CloudGen Firewalls combine powerful application awareness and network routing capabilities to provide the highest levels of internet availability for users and critical applications.
What are the major capabilities of the Barracuda CloudGen Firewall?
The Barracuda CloudGen Firewall is a next generation firewall and VPN that provides:
- Integrated content security and network access control
- Optimization of intelligent traffic flow across the WAN
- Industry-leading centralized management capabilities
What are the differences among the F-Series, S Series and X-Series firewalls?
The Barracuda CloudGen Firewall F-Series is designed for network engineers who manage distributed enterprise environments. It provides all the security functionality one expects from an enterprise next-generation firewall, including application detection and prioritization, IPS, malware protection, URL filter and even DDoS protection. Furthermore, its powerful traffic optimization features, extremely resilient site-to-site connectivity capabilities, and extensive logging and auditing tools make the F-series an ideal fit for organizations that need to efficiently manage and scale massive firewall deployments.
The Barracuda CloudGen Firewall F-Series provides remote connectivity in an affordable and easy to deploy solution. It is designed from the ground up to support Internet of Things initiatives where thousands of remote devices need to be connected to a headquarters or data center. The SC appliances are managed via a NextGen Control Center, and security features like IPS, application detection etc. are provided at the Secure Access Concentrator where the VPN for each SC appliance terminates.
The Barracuda CloudGen Firewall X-Series is ideal for small to medium-sized organizations looking for a simple, yet powerful next-generation firewall that provides IPS, application detection, URL filter, malware protection and some basic email security. Designed for the resource-constrained IT professional, the X-Series’ intuitive web interface has a low learning curve while providing and easy-to-use management interface.
How do I know if I should get the X-Series or F-Series?
If you only have a few locations to manage (e.g., between one and three) and are looking for a firewall that is application aware and easy to use with a Web UI, then the X-Series firewall is ideal for you.
If you have a lot of remote locations to manage, secure and connect (e.g., more than three) and need a solution to seamlessly manage, protect and optimize your network, the F-Series firewall is right for you.
If you have to securely connect large numbers of devices to backhaul traffic to your HQ or data center, want to centrally administer the deployment and stay scalable, then the F-Series is the perfect choice for you.
Can I centrally manage multiple firewalls from one place?
Yes, all the Barracuda CloudGen Firewall Series—X, F, and S—can be centrally managed from a single pane of glass. The F and F-Series utilize the Barracuda NextGen Control Center to manage massive firewall deployments. The NextGen Control Center is available in physical, virtual and cloud form factors depending on your infrastructure requirements. The X-Series firewall can be centrally managed from Barracuda Cloud Control, which is the same web-based portal that IT administrators use to control their other Barracuda products.
What is the difference in terms of deployment between the F, S and X-Series firewalls?
The Barracuda CloudGen Firewall F-Series can easily be deployed as "standalone" and provides great value this way, but its full potential and cost savings is unleashed when it’s centrally managed using a NextGen Control Center.
The F-Series firewall cannot be deployed as standalone, but needs one or multiple Secure Access Concentrators for VPN tunnel termination and a NextGen Control Center for central management. The Web UI on the SC appliances is only intended for initial setup.
The Barracuda CloudGen Firewall X-Series is designed to be used as standalone, and can optionally (at no extra charge) be connected to the Barracuda Cloud Control portal for convenient remote management.
What level of support can I expect to receive from Barracuda?
Regardless of whether you’re using the X-Series or F-Series firewalls, you can expect the same level of award-winning support from Barracuda’s expertly trained technicians. Barracuda offers 24x7 support with no phone trees, ensuring that you will always speak to an in-region technician who is ready to help.
Does the Barracuda CloudGen Firewall help my organization troubleshoot network problems?
All Barracuda NG Control Center and Barracuda CloudGen Firewall appliances come with extensive network connectivity troubleshooting and visualization tools. Even for large networks it typically only takes a few mouse clicks to analyze and remediate a problem in the central audit log or access cache screen.
What is included in the Energize Updates subscription for the Barracuda CloudGen Firewall?
Energize Updates from Barracuda Central deliver updates on the extensive library of definitions for intrusion prevention and Layer 7 application profiling. In addition, Energize Updates subscriptions also provide access to Basic Support, Firmware Maintenance and optional participation in the Barracuda Early Release Firmware program
What if I have more questions about the Barracuda CloudGen Firewall?
For additional assistance or for a product demonstration of the Barracuda CloudGen Firewall, please contact us.