While traditional solutions usually detect network threats after they have breached the network by sending log notifications to the administrator, the Barracuda Advanced Threat Protection (ATP) implements full system emulation, providing deep visibility into malware behavior. Files are checked against a cryptographic hash database that is constantly updated. In case the file is unknown, it is emulated in a virtual sandbox where malicious behavior can be discovered.
The Barracuda ATP offers Administrators granular, file-type-based control including automatic quarantine and blacklisting features to maintain the highest level of protection for an organization’s network.
The Barracuda Advanced Threat Protection is an optional subscription.
Botnet and Spyware Protection guards against botnet infections by blocking access to malicious sites and servers, and detects potentially infected clients based on DNS Sinkholing technology. DNS Sinkholing blocks clients from accessing malicious domains by monitoring outbound DNS requests passing through the firewall. DNS requests to malicious domains are redirected to an internal sinkhole, thereby preventing data exfiltration and identifying the victim. Once an infected client is detected, it can be isolated automatically. An alert can also be created or reported by the Barracuda Firewall Report Creator.
The Intrusion Detection and Prevention System (IDS/IPS) of the CloudGen Firewall strongly enhances network security by providing complete and comprehensive real-time network protection against a broad range of network threats, vulnerabilities, exploits, and exposures in operating systems, applications, and databases preventing network attacks such as:
- SQL injections and arbitrary code executions
- Access control attempts and privilege escalations
- Cross-Site Scripting and buffer overflows
- Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks
- Directory traversal and probing and scanning attempts
- Backdoor attacks, Trojans, rootkits, viruses, worms, and spyware
Barracuda CloudGen Firewall provides advanced attack and threat protection features such as:
- stream segmentation and packet anomaly protection
- TCP split handshake protection
- IP and RPC defragmentation
- FTP evasion protection
- URL and HTML decoding
As a result, the Barracuda CloudGen Firewall is able to identify and block advanced evasion attempts and obfuscation techniques that are used by attackers to circumvent and trick traditional intrusion prevention systems.
As part of the Barracuda Energize Updates subscription, automatic signature updates are delivered on a regular schedule or on an emergency basis to ensure that the Barracuda CloudGen Firewall is constantly up-to-date. If the firewall unit is centrally managed, the updates are conveniently distributed by the Barracuda Firewall Control Center.
In today’s world of omnipresent botnets, one of the main tasks of perimeter protection is to ensure ongoing availability of the network for legitimate requests and to detect and repel malicious denial of service attacks. With TCP SYN Flood Protection, the Barracuda CloudGen Firewall effectively functions as a generic TCP proxy, forwarding only legitimate TCP traffic to the inside of the network.
Additionally, Barracuda CloudGen Firewall allows the definition of a rate limit that is applied to the maximum number of sessions per source address to be handled by the firewall. Packets arriving at a rate faster than allowed will simply be dropped. In a massive DDoS attack, the attackers may simply aim for saturating the link by transmitting vast numbers of UDP packets. The integrated environmental monitoring feature of the Barracuda CloudGen Firewall diagnoses such conditions by link and target address monitoring. Once the response of a remote target address to regular ICMP probing fails, the system can be configured to activate different routes and uplinks (for example backup line, ISDN, xDSL). Using this feature, traffic will be unimpeded across unaffected lines and crucial site-to-site and site-to-Internet connectivity remains operational.
The Malware Protection built into the Barracuda CloudGen Firewall shields the internal network from malicious content by scanning web content (HTTP and HTTPs), email (SMTP, POP3), and file transfers (FTP) via two fully integrated antivirus engines. Barracuda Malware protection is based on regular signature updates as well as advanced heuristics to detect malware or other potentially unwanted programs even before signatures are available. Barracuda Malware Protection covers viruses, worms, Trojans, malicious java applets, and programs using known exploits on PDF, picture and office documents, macro viruses, and many more, even when using stealth or morphing techniques for obfuscation.
All Barracuda CloudGen Firewall models can apply IPS, Virus Protection, Application Control, URL Filter and even Advanced Threat Protection to SSL encrypted web traffic using the standard ' trusted man-in-the-middle' approach. SSL Interception can be fine-tuned to exempt local networks, users/groups, URL Filter categories or custom defined domains from SSL Inspection.
At the heart of every Barracuda CloudGen Firewall is a high performance stateful deep packet inspection engine examining the header as well as the data part of every passing packet. Malformed packets are disregarded, protecting the infrastructure behind the Barracuda device against network level attacks. Protocol compliant packages are then checked to match any of the defined firewall rules.
Once a data packet is opened up for inspection by the Firewall, all other security inspection mechanisms like IPS/IDS, anti-virus are also applied to the packet or stream of consecutive packets. Security inspection is done in single pas mode without the need to hand over to a separate proxy.