Barracuda Launches Cloud Application Protection 2.0; Releases Security Research

Barracuda Networks Inc., a provider of cloud-enabled security solutions, announced significant new capabilities for its Cloud Application Protection platform to deliver an additional level of protection and make it even easier for organizations to secure their applications in a digitally transformed world.

These new services and features include client-side protection, the ability to deploy containerized WAF nodes, and an auto-configuration engine.

In addition, Cloud Application Protection leverages machine learning, vulnerability scanning and remediation, and Advanced Threat Protection to provide active threat intelligence for more powerful protection.

Cloud Application Protection is Barracuda’s platform for Web Application and API Protection (WAAP). According to Gartner: “By 2023, more than 30 percent of public-facing web applications and APIs will be protected by cloud web application and API protection (WAAP) services, which combine distributed denial of service (DDoS) protection, bot mitigation, API protection and web application firewalls (WAFs). This is an increase from fewer than 15 percent today.”

Barracuda recently surveyed hundreds of IT security decision makers from organizations around the world, and the top five application security challenges they pointed to were bots, supply chain attacks, vulnerability detection, API security, and security slowing down app developments.

Highlights of Cloud Application Protection 2.0 include:

  • Client-Side Protection — This feature automatically creates and deploys protections against website skimming and supply chain attacks such as MageCart. These types of attacks are performed by infecting a script that is loaded directly by the browser, meaning that WAFs are unable to detect them. Cloud Application Protection 2.0 adds protection and reporting capabilities against these attacks.
  • Containerized WAF deployment — This deployment option brings the same security engine as Barracuda WAF and WAF-as-a-Service, but in a container form. As more applications are now deployed in containers, they can now be protected.
  • Auto-Configuration Engine — The Auto-Configuration Engine uses machine learning models to check an organization’s traffic patterns and provide recommendations to tighten security settings, reducing administrative overhead.
  • Active Threat Intelligence — This cloud-based machine learning-enhanced service provides near real-time active threat intelligence to detect and stop new threats as they occur. Barracuda Active Threat Intelligence brings the Barracuda Vulnerability Manager, Barracuda Vulnerability Remediation Service, Barracuda Advanced Threat Protection, and Barracuda Advanced Bot Protection’s cloud layer, making it a single service that covers the full range from detection to remediation.

In addition to these features, Cloud Application Protection 2.0 adds an Azure Sentinel integration that allows defenders to see the most important information in the specific context, allowing for rapid responses. Customers also can choose to create rules on Azure Sentinel to perform configuration tasks using the WAF API to close the feedback loop when newer attacks are detected.

A workbook that sets up an Azure Sentinel workspace with a dashboard specific to Barracuda WAF or WAF-as-a-Service is available in the Azure portal, making it easy for administrators to deploy this integration.

In other news from Barracuda, it has released key findings from a report it commissioned called “The State of Application Security in 2021.”

The research surveyed 750 application security decision makers responsible for their organization’s application development and security to get their perspectives on data breaches, top application security vulnerabilities, and the most important product capabilities needed to defend against multi-vector application attacks.

Overall, the findings indicate that more needs to be done to protect against application security threats, particularly newer threats like bot attacks, API attacks, and supply chain attacks. Highlights from the report include:

  • On average, respondent organizations were breached twice in the past 12 months as a direct result of an application vulnerability.
  • 72 percent of respondents say their organization suffered at least one breach from an application vulnerability.
  • 32 percent say their organization suffered two breaches due to an applications vulnerability.
  • 14 percent were breached three times for due to application vulnerabilities.
  • The range of application security-related challenges facing organizations extends beyond difficulties securing multiple attack vectors.
  • Respondents identified their top application security challenges as bad bots (43 percent), software supply chain attacks (39 percent), vulnerability detection (38 percent), and securing APIs (37 percent).
  • Bot-based attacks are the most likely contributor to successful security breaches resulting from application vulnerabilities in the past 12 months.
  • 44 percent of respondents say bot attacks contributed to a successful security breach that exploited a vulnerability in the organization’s applications in the last 12 months.

“Applications have been steadily rising as one of the top attack vectors in recent years, and the rapid shift to remote work in 2020 only intensified this,” said Tim Jefferson, SVP, Engineering for Data, Networks and Application Security, Barracuda. “Organizations are struggling to keep up with the pace of these attacks, particularly newer threats like bot attacks, API attacks, and supply chain attacks, and they need help filling these gaps effectively.”