Barracuda Introduces New Features for Web Application and API (WAAP) Protection – CRN

Barracuda Networks announced the expansion of Barracuda Cloud Application Protection, its web application and API (WAAP) protection platform. This new release adds powerful new automated API discovery and GraphQL security features, increases account takeover protection capabilities, and improves the client-side protection feature set. Additionally, the integration of Barracuda Web Application Firewall and Venafi Trust Protection Platform adds the ability to continuously automate machine identity management for TLS certificates to stop failures and to facilitate the evolution of the use of the Web Application Firewall.

According to Gartner, “Web applications, mobile applications, and APIs are subject to increasing volumes of complex attacks. Technical security and risk management professionals responsible for application security architecture should use an appropriate mix of mitigating technologies to secure applications. »1
With the launch of new WAAP features, Barracuda Cloud Application Protection now includes a continuous and automatic API. Discovery using Machine Learning to improve compliance and security. This will significantly reduce the administrative overhead of importing API specifications and setting up protections, while allowing development teams to quickly build and deploy secure APIs.

Tim Jefferson, SVP, Engineering for Data, Network, and Application Security at Barracuda noted that “the all-new Barracuda Cloud Application Protection adds powerful new API security, account takeover protection capabilities, and client-side protection. for our customers, driven by the machine. learning and other advanced technologies. Every business needs this kind of critical protection against API vulnerabilities and automated bot attacks. »

Additional highlights of the new WAAP version include:

  • New GraphQL security features that include native parsing of these requests and applying security controls to protect against GraphQL-specific attacks.

  • New Privileged Account Protection (PAP), backed by a layer of machine learning, identifies risky logins and executes pre-configured actions to prevent account takeover attacks.

  • Enhanced machine learning models in the Active Threat Intelligence (ATI) layer that enables Barracuda Advanced Bot Protection to identify and detect persistent bots. Additionally, ATI’s configuration feedback loop has been improved, allowing administrators to perform configuration actions from the cloud dashboard.

  • Enhanced controls for client-side protection over configuring and viewing content security policies and sub-resource integrity settings. Barracuda Cloud Application Protection’s client-side protection capabilities closely follow defined protection requirements to block attacks such as Magecart and other website supply chain attacks.

  • New Barracuda WAF-as-a-Service features make administrative actions easier. The new snapshots feature allows configuration import and export as a JSON file for easy integration with automation tools. Additionally, administrators can perform comparisons between snapshots and configure automatic snapshots for easier configuration management. The enhanced CDN user interface provides new control and visualization capabilities for customers using CDN services.

The new technology integration of Barracuda Web Application Firewall and Venafi Trust Protection Platform provides a complete unified solution that enables secure, centralized and automated management of certificates and keys on Barracuda Web Application Firewall. This integration strengthens the security of managed machine identities and eliminates the anxiety and risk associated with downtime and certificate risks.

“Before Barracuda WAF-as-a-Service, it’s almost like we were blind. We had no visibility into how often we were being probed and attacked. Now, browsing through the logs, our eyes have been opened , and it seems amazing that we have never experienced a serious breach in the past,” said Kieron Prince, head of cloud and infrastructure at L&Q.

“Barracuda has earned a reputation for providing powerful, easy-to-use protection for web applications and APIs. These new enhancements provide our mutual customers with a higher level of protection against APIs, bots and client-side attacks,” said Dave Sasson, Chief Strategy Officer at Hanu, an award-winning Microsoft Cloud Service Provider and Azure Expert MSP. .

Comments are closed.