Barracuda Launches New Features for Web Application and API (WAAP) Protection

Barracuda Cloud Application Protection strengthens web application and API security, adds protection against account takeover, strengthens protection against client-side supply chain attacks, and includes new technology integration with Venafi

Strong points:

  • New updates to the Barracuda Cloud Application Protection Platform deliver powerful, easy-to-use web application, API and bot protection features to help defend against increasingly complex threats and include a new technological integration with the Venafi Trust Protection platform.
  • Barracuda Cloud Application Protection now enables continuous security compliance for web applications, including protection against advanced account takeover and client-side supply chain attacks.
  • As part of Barracuda Cloud Application Protection updates, Barracuda WAF-as-Service now includes new control and visualization features, easier configuration management, and enables seamless integration with automation tools.

Barracuda Networks, Inc., a leading provider of cloud-first security solutions, today announced the expansion of Barracuda Cloud Application Protection, its web application and API (WAAP) protection platform. . This new release adds powerful new automated API discovery and GraphQL security features, increases account takeover protection capabilities, and improves the client-side protection feature set. Additionally, the integration of Barracuda Web Application Firewall and Venafi Trust Protection Platform adds the ability to continuously automate machine identity management for TLS certificates to stop failures and to facilitate the evolution of the use of the Web Application Firewall.

According to Gartner®, “Web applications, mobile applications and APIs are subject to increasing volumes of complex attacks. Technical security and risk management professionals responsible for application security architecture should use an appropriate mix of mitigating technologies to secure applications.1

With this new release, Barracuda Cloud Application Protection includes automatic and continuous API discovery using Machine Learning to improve compliance and security. This capability dramatically reduces the administrative overhead of importing API specifications and setting up protections, while enabling development teams to quickly build and deploy secure APIs.

Additional highlights of this release include:

  • New GraphQL security features that include native parsing of these requests and applying security controls to protect against GraphQL-specific attacks.
  • New Privileged Account Protection (PAP), backed by a layer of machine learning, identifies risky logins and executes pre-configured actions to prevent account takeover attacks.
  • Enhanced machine learning models in the Active Threat Intelligence (ATI) layer that enables Barracuda Advanced Bot Protection to identify and detect persistent bots. Additionally, ATI’s configuration feedback loop has been improved, allowing administrators to perform configuration actions from the cloud dashboard.
  • Enhanced controls for client-side protection over configuring and viewing content security policies and sub-resource integrity settings. Barracuda Cloud Application Protection’s client-side protection capabilities closely follow defined protection requirements to block attacks such as Magecart and other website supply chain attacks.
  • New Barracuda WAF-as-a-Service features make administrative actions easier. The new snapshots feature allows configuration import and export as a JSON file for easy integration with automation tools. Additionally, administrators can perform comparisons between snapshots and configure automatic snapshots for easier configuration management. The enhanced CDN user interface provides new control and visualization capabilities for customers using CDN services.

The new technology integration of Barracuda Web Application Firewall and Venafi Trust Protection Platform provides a complete unified solution that enables secure, centralized and automated management of certificates and keys on Barracuda Web Application Firewall. This integration strengthens the security of managed machine identities and eliminates the anxiety and risk associated with downtime and certificate risk.

“With this release, Barracuda Cloud Application Protection adds powerful new API security, account takeover protection capabilities, and client-side protection for our customers, powered by machine learning and other advanced technologies” , said Tim Jefferson, SVP, Engineering for Data, Network and Application Security at Barracuda. “Every business needs this kind of critical protection against API vulnerabilities and automated bot attacks.”

“Before Barracuda WAF-as-a-Service, it’s almost like we were blind. We had no visibility into how often we were being probed and attacked. Now, browsing through the logs, our eyes have been opened , and it seems amazing that we have never had a serious breach in the past,” said KieronPrinceHead of Cloud and Infrastructure at L&Q in a Barracuda case study.

“Barracuda has earned a reputation for providing powerful, easy-to-use protection for web applications and APIs,” said David Sassondirector of strategy at Hanuan award-winning Microsoft Cloud Service Provider and Azure Expert MSP. “These new enhancements provide our mutual customers with a higher level of protection against APIs, bots, and client-side attacks.”


See the Barracuda Cloud Application Protection page: >

New: Threat Spotlight, attempts to exploit new VMware vulnerabilities
Get the Gartner 2021® Magic Quadrant™ for Web Application and API Protection:

Get Forrester Wave for Web Application Firewalls, Q1 2020:

Get the e-book: The New ABC of Application Security:

1Gartner, “Protecting Web Applications and APIs from Exploits and Abuse,” by William Dupre, published March 9, 2022.

Gartner, “Magic Quadrant for Web Application and API Protection” by Jeremy D’Hoinne, Adam Hils, Rajpreet Kaur, John Watts, published September 20, 2021.

Gartner and Magic Quadrant are registered trademarks of Gartner, Inc. and/or its subsidiaries in the United States and internationally and are used herein with permission. All rights reserved

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
About Barracuda
At Barracuda, we strive to make the world safer. We believe that every business deserves access to enterprise-grade, cloud-focused security solutions that are easy to buy, deploy and use. We protect email, networks, data and applications with innovative solutions that scale and adapt to our customers’ journeys. More than 200,000 organizations worldwide trust Barracuda to protect them – in ways they may not even know they are at risk – so they can focus on growing their business. . For more information, visit

Barracuda Networks, Barracuda, and the Barracuda Networks logo are either registered trademarks or trademarks of Barracuda Networks, Inc. in the United States and other countries. Other trademarks are the property of their respective owners.

Comments are closed.