Calling Barracuda's WAF a firewall is seriously selling it short

The Barracuda Web Application Firewall (WAF) is more than a firewall, it's like the core of an independent bastion of cybersecurity, able to inspect both inbound and outgoing traffic.


Most cybersecurity products within the network security sector concentrate on one particular aspect of security and then build up tools and procedures around that area. By contrast, the Web Application Firewall (WAF) from Barracuda Networks does an excellent job of covering the entire network, or at least the parts that administrators feel need the most protection.

At its core, the Barracuda WAF is a firewall that is capable of monitoring Layer 7 network traffic, so it can look all the way down to the application level, as well as monitor the bulk of the traffic moving through Layer 4. It is deployed as hardware, a virtual appliance or within the Amazon Web Services (AWS) or Microsoft Azure public cloud. If deployed virtually or through the cloud, it will update is drivers and expand its capacity automatically based on need. If the hardware version is used, Barracuda will upgrade the box to the latest and greatest equipment every four years, free of charge.

Calling the Barracuda WAF a firewall is seriously selling it short. It’s more like the core of an independent bastion of cybersecurity, able to inspect both inbound and outgoing traffic. The WAF functions like a reverse proxy and is placed at the front of the data pathway. It intercepts all traffic, inspecting it for attacks and blocking them before they make it to any servers. In fact, it only allows traffic through that conforms to security policies, and that includes both incoming and outbound flows.

The inbound stream is generally inspected for malware, advanced persistent threats being controlled by humans, application cloaking, geofencing and other IP controls. It also can act as a defense against application-based DDoS attacks, something we tested during our review.

All outbound data is inspected to prevent sensitive information from leaving the network. It can recognize and stop credit cards, social security numbers and any other customized intellectual property from getting past the gateway to the outside world.

The interface

With so many defensive capabilities, it would be very easy for management of the WAF to get out of control, had Barracuda not perfected the simplicity of the interface. Users activate various capabilities within the firewall by creating services. Services can be created in quite a few areas including request limits, cookie security, URL protection, perimeter management, cloaking, data theft controls, URL normalization and many others.

Barracuda Web Application Firewall main dash John Breeden II/IDG

The main interface for the Barracuda Web Application Firewall is completely customizable, enabling users to concentrate on whatever aspects of network security they feel is most important.

To continue reading this article register now

Microsoft's very bad year for security: A timeline