Barracuda Launches New Features for Web Application and API (WAAP) Protection

Strong points:

  • New updates to the Barracuda Cloud Application Protection platform deliver powerful, easy-to-use web application, API, and bot protection features to help defend against malicious attacks. complex threats and include new technology integration with the Venafi Trust Protection platform.
  • Barracuda Cloud Application Protection now enables continuous security compliance for web applications, including protection against advanced account takeover and client-side supply chain attacks.
  • As part of Barracuda Cloud Application Protection updates, Barracuda WAF-as-Service now includes new control and visualization features, easier configuration management, and enables seamless integration with automation tools.

Barracuda Networks, Inc., a leading provider of cloud-first security solutions, announced the expansion of Barracuda Cloud Application Protection, its platform for Protection of web applications and APIs (WAAP). This new release adds powerful new automated API discovery and GraphQL security features, increases account takeover protection capabilities, and improves the client-side protection feature set. Additionally, the integration of Barracuda Web Application Firewall and Venafi Trust Protection Platform adds the ability to continuously automate machine identity management for TLS certificates to stop failures and to facilitate the evolution of the use of the Web Application Firewall.

According to Gartner, “Web applications, mobile applications and APIs are subject to increasing volumes of complex attacks. Technical security and risk management professionals responsible for application security architecture should use an appropriate mix of mitigating technologies to secure applications.1

With this new version, Barracuda Cloud Application Protection includes a APIs Discovery using Machine Learning to improve compliance and security. This capability dramatically reduces the administrative overhead of importing API specifications and setting up protections, while enabling development teams to quickly build and deploy secure APIs.

Additional highlights of this release include:

  • New GraphQL security features that include native parsing of these requests and applying security controls to protect against GraphQL-specific attacks.
  • New Privileged Account Protection (PAP), backed by a layer of machine learning, identifies risky logins and executes pre-configured actions to prevent account takeover attacks.
  • Enhanced machine learning models in the Active Threat Intelligence (ATI) layer that enables Barracuda Advanced Bot Protection to identify and detect persistent bots. Additionally, ATI’s configuration feedback loop has been improved, allowing administrators to perform configuration actions from the cloud dashboard.
  • Enhanced controls for client-side protection over configuring and viewing content security policies and sub-resource integrity settings. Barracuda Cloud Application Protection’s client-side protection capabilities closely follow defined protection requirements to block attacks such as Magecart and other website supply chain attacks.
  • New features for Barracuda WAF as a service facilitate administrative procedures. The new snapshots feature allows configuration import and export as a JSON file for easy integration with automation tools. Additionally, administrators can perform comparisons between snapshots and configure automatic snapshots for easier configuration management. The enhanced CDN user interface provides new control and visualization capabilities for customers using CDN services.

The new technology integration of Barracuda Web Application Firewall and Venafi Trust Protection Platform provides a complete unified solution that enables secure, centralized and automated management of certificates and keys on Barracuda Web Application Firewall. This integration strengthens the security of managed machine identities and eliminates the anxiety and risk associated with downtime and certificate risks.

Estimate:

“With this release, Barracuda Cloud Application Protection adds powerful new API security, account takeover protection capabilities, and client-side protection for our customers, powered by machine learning and other advanced technologies” , says Tim JeffersonSVP, Engineering for Data, Network and Application Security at Barracuda. “Every business needs this kind of critical protection against API vulnerabilities and automated bot attacks.”

“Before Barracuda WAF-as-a-Service, it’s almost like we were blind. We had no visibility into how often we were being probed and attacked. Now, browsing through the logs, our eyes have been opened , and it seems amazing that we have never had a serious breach in the past,” said Kieron Prince, Cloud and Infrastructure Lead at L&Q in a Barracuda case study.

“Barracuda has earned a reputation for providing powerful, easy-to-use protection for web applications and APIs,” mentioned Dave Sasson, Chief Strategy Officer at Hanu, an award-winning Microsoft cloud service provider and Azure Expert MSP. “These new enhancements provide our mutual customers with a higher level of protection against APIs, bots, and client-side attacks.”

Resources

Visit the Barracuda Cloud Application Protection page: https://www.barracuda.com/cap

New: Threat Spotlight, attempts to exploit new VMware vulnerabilities http://cuda.co/50889

Get the 2021 Gartner Magic Quadrant for Web Application and API Protection: https://www.barracuda.com/waapmq-2021

Get the Forrester Wave for Web Application Firewalls, Q1 2020: https://www.barracuda.com/wafwave2020

Get the e-book: The New ABCs of Application Security: https://www.barracuda.com/abc-appsec-ebook

1Gartner, “Protecting Web Applications and APIs from Exploits and Abuse,” by William Dupre, published March 9, 2022.

Gartner, “Magic Quadrant for Web Application and API Protection” by Jeremy D’Hoinne, Adam Hils, Rajpreet Kaur, John Watts, published September 20, 2021.

Gartner and Magic Quadrant are registered trademarks of Gartner, Inc. and/or its subsidiaries in the United States and internationally and are used herein with permission. All rights reserved

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

About Barracuda Discover.22 EMEA Partner Conference

Barracuda Discover.22 will take place May 17-19 in Athens, Greece. The informative event covers a wide range of topics, including security threats and trends, hands-on technical sessions, new product announcements and the latest innovations in email protection, application security and cloud, network security and data protection.

About Barracuda

At Barracuda, we strive to make the world safer. We believe that every business deserves access to enterprise-grade, cloud-focused security solutions that are easy to buy, deploy and use. We protect email, networks, data and applications with innovative solutions that scale and adapt to our customers’ journeys. More than 200,000 organizations worldwide trust Barracuda to protect them – in ways they may not even know they are at risk – so they can focus on growing their business. . For more information, visit barracuda.com.

Barracuda Networks, Barracuda, and the Barracuda Networks logo are either registered trademarks or trademarks of Barracuda Networks, Inc. in the United States and other countries. Other trademarks are the property of their respective owners.