Barracuda Networks announced today a managed cloud-based web application firewall (WAF) service that cybersecurity professionals can configure using a five-step wizard process.
Nitzan Miron, vice president of product management for application security services for Barracuda Networks, said the Barracuda WAF-as-a-Service is designed for organizations that want to be able to customize a WAF policy to suit individual application requirements without having to update the WAF themselves whenever a new cybersecurity threat appears. All the updates to the WAF are managed by Barracuda Networks as part of the cloud service, and the WAF service comes with templates for applying baseline application security policies to widely used applications such as WordPress and SharePoint, Miron said.
Using a virtual appliance that Barracuda deploys on its cloud service, the Barracuda WAF-as-a-Service routes all network traffic through that cloud service before sending it on to the customer, said Miron. That approach enables Barracuda Networks responsible for combating everything from distributed denial of service (DDoS) attacks to identifying new zero-day threat using the Barracuda real-time threat intelligence service.
Cybersecurity professionals can opt to customize every policy themselves or employ a zero-touch option, under which all settings are managed automatically via the Barracuda Vulnerability Remediation Service (BVRS). BVRS enables administrators to find, automatically fix and continuously monitor web application vulnerabilities.
Barracuda WAF-as-a-Service eliminates the need for cybersecurity professionals to spend time deploying and updating firewalls. It’s also designed to make firewalls much more accessible, said Miron. The five-step wizard process for setting up a WAF takes about 10 minutes and is designed such that users need only a minimal understanding of their application security requirements. As such, Barracuda WAF-as-a-Service is designed to appeal to both savvy users as well as application developers and owners that prefer to treat cybersecurity as just another cloud service, he said.
It’s unclear to what degree hard-pressed cybersecurity professionals themselves will want to get out of the business of provisioning and managing WAFs. As the number of potential threats that need to be investigated continues to escalate, more IT security functions are becoming automated. Pushing WAF security into the cloud may be ultimate logical conclusion.
The good news is that cybersecurity enabled by WAFs is about to become more accessible. As applications become more distributed, many IT security organizations are having a hard time keeping up the pace at which applications need to be secured. A cloud service enables IT security professionals to redirect those requests to enable developers to self-service their own requirements in keeping with policies defined and validated by the IT security team.
In the meantime, as IT security professionals look to push the point at which cybersecurity attacks are combated as far away as possible from where applications reside, more reliance on the cloud is inevitable. It’s now more a matter of what form that reliance will ultimately take.