The Barracuda Web Application Firewall provides robust security against targeted and automated attacks. OWASP Top 10 attacks like SQL Injections and Cross-Site Scripting (XSS) are automatically identified and logged. Administrators have the ability to set granular controls on response, allowing them to block, throttle, redirect, or perform a number of other actions.
Advanced DDoS protection capabilities allow administrators to distinguish real users from botnets through the use of heuristic fingerprinting and IP reputation, thereby allowing them to block, throttle, or challenge suspicious traffic. It is the only product in the industry to offer integrated IP reputation intelligence that combines real-time situational insights and historical intelligence to secure against application DDoS using a variety of risk assessment techniques such as application-centric thresholds, protocol checks, session integrity, active and passive client challenges, historical client reputation blacklists, geo-location, and anomalous idle-time detection.
Adaptive profiling enables administrators to build positive security profiles of their applications by sampling web traffic from trusted hosts. Once enabled, the positive security profiles allow administrators to enforce granular whitelist rules on sensitive parts of the application. This greatly reduces the risk of attacks and helps prevent zero-day vulnerabilities by restricting input only to inputs that meet strict standards.
Often the first step of any targeted attack is to probe public-facing applications to find out details about the underlying servers, databases, and operating systems. Cloaking prevents attack reconnaissance of protected applications by suppressing server banners, error messages, HTTP headers, return codes, debug information, or backend IP addresses from leaking to a potential attacker. Without any details of the underlying infrastructure, it is much more difficult to target attacks, thereby reducing the risk of breach.
Applications that rely on XML can now be secured with an XML Firewall capability that secures applications against schema and WSDL poisoning, highly-nested elements, recursive parsing, and other XML-based attacks. This secures communications between client and application or between applications from different systems closing an often overlooked attack vector.
Deployed as a reverse-proxy, the Barracuda Web Application Firewall inspects all inbound traffic for attacks and outbound traffic for sensitive data. Content such as credit card numbers, U.S. social security numbers, or any other custom patterns can be identified by the Barracuda Web Application Firewall and either blocked or masked without administrator intervention. Best of all, the information is logged and can be used by administrators to find potential leaks.
The Barracuda Web Application Firewall is designed to provide easy, cost-effective assistance to help administrators comply with major application-specific requirements like PCI-DSS, HIPAA, FISMA, and SOX. It is certified by a number of third-party testing labs including ICSA Labs as an effective Web Application Firewall solution. The Barracuda Web Application Firewall directly satisfies section 6.6 of PCI-DSS and assists compliance with built-in PCI compliance reports. Its robust identity and access management and data loss prevention (DLP) capabilities ensure privacy of sensitive data. A FIPS 140-2 HSM model ensures that applications it protects meets the highest cryptographic standards.
Integrations: Cavium Networks
The Barracuda Web Application Firewall fully integrates Active Directory or any other RADIUS or LDAP-compatible authentication services. Combined with the strong access control capabilities, administrators can provide granular control of which users or groups can access what resources.
Integrations: CA SiteMinder
The Barracuda Web Application Firewall integrates with a number of two-factor authentication technology including client certificates, SMS PASSCODES, and hardware tokens such as RSA SecurID to provide strong user authentication.
Integrations: SMS PASSCODES, RSA SecurID
Using client source addresses, organizations can control access to web resources. The Barracuda Web Application Firewall can control access based on GeoIP to limit access only to specified regions. It is also integrated with the Barracuda Reputational Database and can identify suspicious IP addresses, bots, TOR networks and other anonymous proxies that are often used by attackers to hide their identity and location. Once an IP address is identified as a risk, administrators have the ability to block, limit, throttle, or issue a CAPTCHA challenge before allowing access.
Pre-built security templates and an intuitive web interface provide immediate security without the need for time-consuming tuning or learning how to use a new application. Included out of the box are common application templates including Exchange, SharePoint, Oracle Financials, PHP, and more.
Security organizations often use vulnerability scanners to look for exploitable weaknesses in their applications. Barracuda has the ability to integrate with popular scanners like IBM AppScan and Cenzic Hailstorm to automatically configure an application’s security template to protect against identified issues. All of this is automatically configured using the output of the scanners without any administrator intervention.
Integrations: IBM AppScan, Cenzic Hailstorm
The Barracuda Web Application Firewall maintains a complete set of web firewall, access, audit, and system logs. All logs can be exported to third-party SIEM or log management tools for deep analysis. The Barracuda Web Application Firewall integrates with HP ArcSight, RSA Envision, Splunk, and many other SIEM tools out of the box, providing instant intelligence on an application’s security posture.
Integrations: HP ArcSight, IBM QRadar, RSA enVision, Splunk, Symantec SIM
The Barracuda Web Application Firewall is augmented by an extensive network of more than 150,000 sensors that are deployed worldwide and feed into Barracuda Labs. The sensors provide valuable data used by Barracuda Labs to create the latest threat detection and protection definitions. These definitions are automatically updated and “virtually patch” automatically on units in the field, ensuring the highest security posture for critical applications at all times. It greatly reduces the time between vulnerability disclosure and vulnerability patching. This enables administrators to immediately deploy real-time security against new threats while also providing time for the development team to thoroughly analyze the underlying application source code and fix vulnerabilities as needed.
When migrating data, applications, and/or workloads to the cloud, administrators still need to safely manage both corporate and customer information. In most cases, organizations are still subject to the privacy and compliance directives of their industry, whether HIPAA, SOX, PCI, or others. By integrating the proven application security and data loss prevention capabilities of Barracuda Web Application Firewall (WAF) with Windows Azure’s native security features, administrators are in a superior position to deploy secure, reliable, and resilient cloud services in Azure while meeting any regulatory or compliance needs. To find out more about the Barracuda Web Application Firewall on Microsoft Azure, download the WAF on Azure whitepaper or visit the Barracuda TechLibrary.
Barracuda Web Application Firewalls can be clustered in active / passive or active / active pairs with failover to ensure instant recovery. Security configurations and deployments are automatically synchronized between the clusters, providing instant recovery from any outages.
The Barracuda Web Application Firewall has a built-in load balancer that can route traffic among backend servers to prevent latency from server congestion. Sophisticated application monitors can detect server issues and remove them from the server pool while redistributing traffic to the remaining servers.
The Barracuda Web Application Firewall provides proven application security and Data Loss Prevention for applications deployed on Amazon Web Services. To find out more about the Barracuda Web Application Firewall on Amazon Web Services, visit our AWS Marketplace page or visit the Barracuda TechLibrary.