Barracuda launches new Web Application Protection and Application Programming Interface (WAAP) features
Barracuda Networks, Inc. announces the development of Barracuda Cloud Application Protection, Web Application, and API Protection Platform (WAAP). This new release adds powerful automated API discovery and GraphQL security capabilities, enhances account takeover protection capabilities, and improves the suite of client-side protection features. Additionally, the integration of the Barracuda Web Application Firewall and the Venafi Trust Protection system enables continuous machine identity management to automate TLS certificates to end disruptions and facilitate scalability.
• New updates to the Barracuda Cloud Application Protection Platform provide powerful, easy-to-use web application, API, and bot protection capabilities to better defend against increasingly complex threats. It also includes new technology integration with the Venafi Trust Protection platform.
• Barracuda Cloud Application Protection now delivers ongoing security compliance for web applications, including protection against advanced account takeover and customer-side supply chain attacks.
• As part of the Barracuda Cloud Application Protection updates, the Barracuda WAF-as-a-Service Web Application Firewall includes new control and visualization features, facilitates configuration management, and enables seamless integration with automation tools.
According to Gartner®, “Web applications, mobile applications, and APIs are subject to increasing volumes of complex attacks. Risk and security professionals responsible for application security architecture must use a range of appropriate mitigation techniques to secure applications.” 1 With this new release, Barracuda Cloud Application Protection includes automatic and persistent API detection using machine learning to improve compliance and security. This capability significantly reduces the administrative burden of importing API specifications and setting protections, while allowing development teams to quickly build and deploy secure APIs.
Other features of this version
• New GraphQL security features that include native analysis of these queries and implementation of GraphQL-specific security controls to protect against attacks.
• New premium account protection, powered by a layer of machine learning, to identify risky logins and implement pre-built actions to prevent account takeover attacks.
• Enhanced machine learning models in the active threat tracking layer that take advantage of Barracuda Advanced Bot Protection to identify and detect persistent bots. In addition, the configuration feedback loop has been improved in active threat tracking, allowing administrators to perform configuration actions from a cloud-based dashboard.
• Enhanced controls for client side protection from configuring and visualizing content security policies and sub-resource integration settings. The client-side protection capabilities of Barracuda Cloud Application Protection closely match the protection requirements that are set to prevent attacks such as Magecart and other supply chain attacks on websites.
• New Barracuda WAF-as-a-Service capabilities make administrative procedures easier. The new Snapshot feature allows configuration to be imported and exported as a JSON file for easier integration with automation tools. Additionally, administrators can perform snapshot comparisons and configure automatic snapshots to manage the configuration more easily. An improved user interface for a Content Delivery Network (CDN) provides new control and visualization capabilities for customers using CDN services.
The new technology integration between Barracuda Web Application Firewall and the Venafi Trust Protection platform provides a complete, unified solution that enables secure, centralized, and automated management of certificates and keys in Barracuda Web Application Firewall. This integration enhances the security of managed device identities and eliminates the risks and disruptions associated with certificates.
“Before we implemented Barracuda WAF-as-a-Service, we were kind of blind. We had no vision of how often we were being investigated and attacked. Miraculously we’ve never had a serious breach in the past,” acknowledged Kiron Prince, Head of Cloud and Structure Infrastructure at L&Q, in a Barracuda case study.
“Barracuda has earned a solid reputation for providing robust, easy-to-use protection for web applications and APIs,” said Dave Sasson, Chief Strategy Officer at Hanu, a Microsoft cloud provider and Azure MSP expert. It targets API, bot-based, and client-side attacks.”