The Barracuda Web Application Firewall (WAF) offers complete protection from application-layer distributed denial-of-service (DDoS) attacks, as well as protection against known and unknown zero-day application-layer vulnerabilities. So how does it stack up against these claims? This is what we found.
Advanced DDoS Protection
The web application firewall makes use of IP reputation as well as heuristic fingerprinting to differentiate between real users and botnets. This allows administrators to block, challenge or throttle suspicious traffic. As far as we know, this is the only product of its type to offer this kind of intelligence which can combine real-time and historical situations and insights to protect against application DDoS attacks.
Typically, one of the first steps of an attack involves probing web applications in an attempt to discover what software and hardware is under the covers, such as servers, operating systems and databases. The Barracuda WAF includes server cloaking. This feature prevents probing of the web application by preventing error messages, server banners, HTTP headers, debug information, return codes and back-end IP addresses from getting to a potential hacker.
This application firewall features automatic updates and virtual patching. This feature means a much-reduced time frame between the discovery of new vulnerabilities and issuing patches or updates. This ensures that vulnerabilities exist for the shortest possible time and protection is maintained at the highest level.
Enhanced Access Control
The Barracuda WAF includes access control and authentication abilities that will restrict access to your sensitive data and applications only to users you authorise. This offers increased levels of privacy and security. It also keeps detailed logs that allow you to see user activity across all your protected applications.
Easy Installation and Management
The WAF is designed for easy installation and setup and can begin to provide immediate protection, out of the box. It is also highly configurable and highly tailored, advanced configurations are possible. Once installed, it begins providing alerting, logging and reporting for compliance, management or early-warning detection. Barracuda also provides a free cloud-based management solution to help customers manage all their security applications.
This application firewall analyses inbound traffic for attacks and outbound traffic for attempts to remove sensitive data. It can identify different types of personal information, such as credit card numbers, bank details and other custom, user defined data patterns. The identified information is then either masked or blocked without the need for any administrator interaction.
Physical and Virtual Options
The Barracuda WAF is reasonably priced and available as both an appliance-based or a virtual firewall with dedicated AWS and Azure versions. With its ease of use, out-of-the-box protection as well as unique advanced features, it is well worth considering as first line protection for your web applications