Barracuda Web Application Firewall: Overview and Analysis

See our complete list of Top Web Application Firewall Vendors
See user reviews of Barracuda Web Application Firewall

Bottom line

The Barracuda Web Application Firewall combines a reverse-proxy?security architecture with application acceleration. SMEs and other enterprises looking for a good-enough WAF at a decent price point should consider this product, along with those seeking support for public cloud platforms.

Product Description

The Barracuda Web Application Firewall can deal with complex threats with inspection capabilities that don’t affect throughput. It combines a reverse-proxy?security architecture with application acceleration. Features include web application security, API security, mobile application security, app backend security, application acceleration and delivery, and identity and access control. The company offers a series of appliances for SMEs through large enterprises. The vendor delivers its Web Application Firewall line in physical or virtual appliances. It is also available on the Microsoft Azure, AWS and VMware vCloud Air platforms.

Barracuda WAF Features Rated

Security: Good. Barracuda WAF protects applications from the attacks that are categorized by OWASP, as well as additional attacks such as DDoS, Slow Client, session hijacking, and XML/SOAP-based attacks. This is applicable to both HTTP and HTTPS application traffic. Security Policies define matching criteria for requests and specify what actions to take when a request matches.

Performance: Good. The company reports 190,000 transactions and 70,000 connections per second, as well as 2.8 million concurrent connections and throughput of 10 Gbps for the highest end model. Testing by Miercom, a third party testing organization, achieved the numbers claimed in the hardware datasheet. Miercom also said the WAF detected 100% of cross-site scripting, SQL injection, system command injection and file inclusion vulnerabilities; and achieved HTTP performance of 7.6 Gbps throughput (this was not for its highest end model).

Value: Very Good. Barracuda offers good performance for the price.

Implementation: Very good. The average time to onboard an application in passive security enforcement is two minutes. The time taken to fine-tune the security policy depends on the complexity of the application but on average is less than one hour. Miercom tests noted the WAF can be deployed in one hour from unboxing to full operation.

Management: Good. Gartner clients give mixed feedback on the management interface’s ease of use for daily tuning of WAF configurations. Some of the feedback is that the UI is non-intuitive and disorganized.

Support: Best in class. Barracuda WAF has a variety of support packages. Gartner said: “Gartner clients consistently give good marks to Barracuda’s post-sale customer support. Barracuda partners cite the vendor’s focus on customer satisfaction as a reason they choose to sell Barracuda WAF.”

“Working with other vendors such as Imperva, Cisco, Big-IP, Sophos, Palo Alto, name it; pails in comparison to working with Barracuda. Never have I worked with a vendor that felt like side by side partnerships to their level,” said an executive manager in the communications industry.

Cloud features: Very good. The product is delivered as an appliance, virtual machine for on-premises deployments and also supports public cloud providers like AWS, Microsoft Azure and GCP. A new CloudGen WAF is purpose-built for public cloud and can be automated by DevOps and SecOps teams.

Barracuda WAF

Security Qualifications

PCI and HIPAA compliance, ICSA certified.

Delivery

The product is delivered as an appliance, virtual machine for on-premises deployments and also supports public cloud providers like AWS, Microsoft Azure and GCP.

Pricing

List prices for appliances range from just a few thousand dollars to tens of thousands of dollars for the highest-performance enterprise-ready models.

Drew Robb
Drew Robb
Drew Robb has been a full-time professional writer and editor for more than twenty years. He currently works freelance for a number of IT publications, including ServerWatch and CIO Insight. He is also the editor-in-chief of an international engineering magazine.

Top Products

Top Cybersecurity Companies

Cybersecurity is the hottest area of IT spending. That's why so many vendors have entered this lucrative $100 billion+ market. But who are the...

Top Endpoint Detection and Response (EDR) Solutions

Endpoint security is a cornerstone of IT security, so our team put considerable research and analysis into this list of top endpoint detection and...

Top CASB Security Vendors for 2021

Any cloud-based infrastructure needs a robust cloud access security broker (CASB) solution to ensure data and application security and integrity. After carefully surveying the...

Best SIEM Tools & Software for 2021

Security Information and Event Management (SIEM, pronounced "sim") is a key enterprise security technology, with the ability...

Related articles