Barracuda Networks Centralizes Security Across Azure SD-WAN

Barracuda Networks announced today it has extended the CloudGen WAN gateways that it deploys in Microsoft Azure Virtual WAN Hubs to enable cybersecurity teams to apply multi-factor authentication to remote users using policies enforced by Microsoft Azure Active Directory (AD).

Tim Jefferson, senior vice president of engineering for data, network and application security at Barracuda Networks, said this capability, scheduled to be available by the end of the year, enables IT organizations to implement a zero-trust architecture based on identity across a software-defined wide area network (SD-WAN) based on CloudGen WAN Gateways.

The CloudGen WAN service enforces policies across all gateways and sites globally, with each user granted access to only their authorized applications using fine-grained policies based on their specific role. Today most organizations are relying on virtual private networks (VPNs) to provide access to corporate networks. However, most organizations don’t have a way to centralize the management of security policies across VPNs, which Jefferson said means once end users gain access to the network they can access any application.

Barracuda Networks is also extending the reach of CloudGen WAN to include two devices for industrial endpoints. That capability means the company is now extending a zero-trust architecture to machines in addition to end users, said Jefferson.

Like many providers of firewalls, Barracuda Networks is evolving its portfolio by employing SD-WANs to create a software-defined perimeter. Rather than requiring IT organizations to deploy a raft of appliances that need to be managed, the company has opted to leverage the SD-WAN capabilities that Microsoft makes available via its Azure cloud service. The gateways from Barracuda Networks provides the mechanism for securing that network traffic.

Jefferson said in the wake of the COVID-19 pandemic many organizations are now re-evaluating their approach to networking and security. With the bulk of employees in many cases relying on cloud applications it doesn’t make sense to backhaul cloud network traffic through a local data center before routing it to a local office where employees can access the data they need through a remote office. SD-WANs route cloud traffic directly from the cloud provider to the remote office across a secure public internet connection to ensure application performance by reducing overall network latency. Employees working from home will still need to be provided with VPN tunnels to access on-premises applications, but the management of security policies across the SD-WAN are now centralized, he said.

Of course, there are now multiple approaches to creating zero-trust architectures across SD-WANs. Barracuda Networks is making a case for an approach that revolves around an instance of a Microsoft AD platform that many enterprise IT organizations already use to manage access on corporate networks. It’s not clear to what degree organizations plan to continue to rely on AD to manage access to cloud applications, but Microsoft says one of the core reasons why organizations should employ Azure over other cloud rivals is because it’s a more natural extension of existing IT environments that revolve around Windows servers.

It’s still early days as far as how networking and security will evolve in the post-COVID-19 age. However, it’s apparent that organizations going forward are not going to be well-served by approaches to managing remote access that were developed more than a decade ago.