Stop intrusion, ransomware, and data exfiltration.
Application security is critical for all organizations, especially industrial companies that are using enterprise resource planning and other web-based software suites. Web applications with insecure code or misconfigured security can be used to deploy malware, steal data, and carry out other types of attacks. Vulnerabilities found in commonly used software can compromise an entire supply chain or international company.
Barracuda Application Protection provides complete web application protection against automated and advanced attacks on applications and APIs. Simplified policy administration and an easy-to-use interface allow you to respond quickly to unexpected and widespread threats. Advanced vulnerability discovery and remediation strengthens your protection without adding IT overhead.
Keep your website online and responsive.
Your website is an important communication tool for customers, employees, and other interested parties. When shipping giant Maersk was disrupted by NotPetya, the company was faced with global disruption. The company website kept the public informed on cargo flows, new bookings, and employee safety. This communication helped reassure the public of business continuity, and it reduced the number incoming requests for status updates.
Barracuda Application Protection supports load balancing and performance optimization of all types of web requests and web applications. Out-of-band server health monitoring and an integrated content delivery network keep your website responsive and resilient during unusual bursts of traffic.
Block DDoS and other automated bot attacks.
Malicious bots scan the internet for unpatched vulnerabilities and other security gaps. Sophisticated bots can launch multistep attacks that lead to advanced persistent threats or widescale ransomware attacks. Botnets have been used to hijack user accounts, establish crypto mining operations, and launch distributed denial of service (DDoS) attacks that disable websites and other services.
Barracuda Advanced Bot Protection defends your applications from malicious bots attempting to hijack user accounts through credential stuffing or brute-force attacks. Full spectrum DDoS protection stops attacks from overloading your applications. Barracuda Application Protection identifies and blocks damaging traffic while allowing acceptable bot activity to proceed.
Stop API and mobile attacks.
Companies use an application programming interface (API) to enable different applications to communicate with each other. Many industrial APIs work in the background to standardize data formats or operationalize historical data. Industry 4.0 capabilities aren’t possible without APIs, but security experts predict those APIs will soon become the most frequent vector for application attacks.
Barracuda API Protection defends this threat vector with continuous API discovery that monitors API traffic for unknown or abandoned API endpoints. Gain full visibility into your applications and traffic and enforce uniform policies across the enterprise.
Defend your company from Log4j attacks.
Log4j is an open-source tool that allows developers to create, manage, and transmit log events in a consistent way. A vulnerability discovered in 2021 allows threat actors to compromise IT and OT networks that are exposed to certain versions of Log4j. Siemens and other vendors issued security advisories on affected products and risk mitigation.
The current version of Log4j does not include this vulnerability, yet thousands of applications and servers remain unpatched and at risk. Like many forgotten or hidden industrial control systems (ICS) devices, Log4j resides in a blind spot of cybersecurity. As a best practice, Barracuda recommends finding and patching all Log4j installations to the latest version and including Log4j in patch management strategies.
Barracuda Web Application Firewall and Barracuda WAF-as-a-Service include protective configurations that block attacks against critical vulnerabilities like Log4j. These configurations are kept updated against new variants that attempt to evade security.
