Barracuda full logo

All WAFs are not created equal

Argomenti:
15 lug 2020
|
Christine Barry

Barracuda Web Application Firewall has a long history of evolution and innovation. This includes API integration with Barracuda CloudGen Firewall, deep integration with native cloud services, and most recently its cloud-native version, Barracuda WAF-as-a-Service.

It should be noted there are a lot of choices for WAFs, but few measure up to the Barracuda solution. Let’s take a closer look at where various types of WAFs fall short.

VM-style competitors


When we look at VM-style competitors, none outside of Barracuda offer an automated virtual patching or remediation service. This is a key shortcoming. If a vendor can’t proactively patch and manage new vulnerabilities with its WAF, then the task falls to IT admins. Few, if any, have the time for such maintenance activities. Another shortcoming among most of the larger WAFs is a lack of adaptive profiling. Web attacks are like a war of attrition — attackers are always trying new techniques and varying their profiles, which has allowed them to evade many of the top WAFs.

Simplistic competitors


With simplicity often comes trade-offs. When we look at features from the more simplistic, often SaaS-based WAF competitors, a few shortcomings stand out. These shortcomings include Advanced Threat Protection, JSON/XML API inspection, and load balancing. While one could argue that load balancing can be just as easily handled by a dedicated load balancer, there is an economy of operation in allowing a WAF to help balance the loads it is monitoring. When it comes to Advanced Threat Protection, few of the simpler WAFs use advanced techniques like sandboxing to identify sophisticated threats. Finally, APIs are becoming a new and successful attack vector, so using a WAF to inspect them before they enter your infrastructure is another way to enhance your security.

In short, all WAFs are not created equal. For Barracuda, we were able to migrate an already-robust WAF to a WAF run in the cloud as a service. All the same features are available, but its SaaS-driven setup takes minutes and just a few clicks. For many customers, this can be the best of both worlds.

For a free 30- day trial of Barracuda WAF-as-a-Service, visit our website here

Christine Barry

Christine Barry Senior Chief Cybersecurity Storyteller e Content Manager presso Barracuda. Prima di unirsi a Barracuda, Christine è stata ingegnere di campo e project manager per clienti K12 e SMB per oltre 15 anni. Possiede diverse credenziali in tecnologia e gestione dei progetti, un Bachelor of Arts e un Master of Business Administration. Si è laureata presso l'Università del Michigan.

Connettiti con Christine su LinkedIn qui.

 

Unisciti alla nostra community su Reddit!

Post correlati:
Partner Spotlight: soluzioni innovative per le moderne minacce informatiche
Partner Spotlight: soluzioni innovative per le moderne minacce informatiche
 Partner Spotlight: Ripensare il mix di sicurezza per affrontare le esigenze in evoluzione
Partner Spotlight: Ripensare il mix di sicurezza per affrontare le esigenze in evoluzione
 Chiudere le lacune di sicurezza nascoste con Barracuda Managed Vulnerability Security
Chiudere le lacune di sicurezza nascoste con Barracuda Managed Vulnerability Security
 Prossimi webinar da non perdere
Prossimi webinar da non perdere
Cerca nel blog

The Ransomware Insights Report 2025

Risultati chiave sull'esperienza e l'impatto del ransomware sulle organizzazioni a livello mondiale

Scarica il report

Iscriviti al blog di Barracuda.

Iscriviti per ricevere i Threat Spotlight, commenti del settore e altro ancora.

Sicurezza della vulnerabilità gestita: correzione più rapida, meno rischi, conformità più semplice

Scopri quanto può essere facile individuare le vulnerabilità che i criminali informatici vogliono sfruttare

GUARDA IL WEBINAR

Sign up to receive threat spotlights, industry commentary, and more.

Get all the latest news, research, and analysis delivered right to your inbox.