Barracuda Unveils New Capabilities for Web Application and API Protection

Barracuda Networks, a supplier of cloud-first security solutions, has expanded its Barracuda Cloud Application Protection platform for Web application and API protection (WAAP). This new version increases the client-side protection feature set by adding strong new automated API Discovery and GraphQL security capabilities, as well as augmenting Account Takeover Protection features.

Additionally, the Barracuda Web Application Firewall and Venafi Trust Protection Platform integration would give the ability to continuously automate machine identity management for TLS certificates to prevent outages and make web application firewall usage easy to scale.

Barracuda Cloud Application Protection now features continuous, automated API Discovery powered by machine learning to boost compliance and security. This technology would significantly minimize the administrative burden of importing API specs and enabling safeguards, allowing development teams to swiftly construct and deploy secured APIs.

The Barracuda Cloud Application Protection platform improvements include a new technological combination with the Venafi Trust Protection platform, which would provide strong, easy-to-use web application, API, and bot protection features to help fight against increasingly complex threats.

Barracuda Web Application Firewall’s new technological integration with Venafi Trust Protection Platform provides a fully featured, unified solution for the safe, centralized, and automated administration of certificates and keys across Barracuda Web Application Firewall. This integration offers security to managed machine identities while also removing the worry and danger of certificate-related outages and hazards.

Barracuda Cloud Application Protection now protects online applications from sophisticated account takeover and client-side supply chain threats, allowing for ongoing security compliance.

Barracuda WAF-as-Service now incorporates improved control and visualization capabilities, simplified configuration administration, and seamless connection with automation tools as part of the Barracuda Cloud Application Protection upgrades.

Additional highlights of this updated product release include:

  • New GraphQL security features include native processing of such requests and security check enforcement to defend against GraphQL-specific attacks.
  • Privileged Account Protection, which is powered by machine learning, detects hazardous logins and takes pre-determined steps to avoid account takeover assaults.
  • To identify and detect persistent bots, the Active Threat Intelligence (ATI) layer that underpins Barracuda Advanced Bot Protection has improved machine learning models. ATI’s configuration feedback loop has also been strengthened, allowing administrators to execute configuration actions directly from the cloud dashboard.
  • Improved controls for client-side protection over the configuration and visualization of Content-Security Policies and Sub-Resource Integrity settings. Client-side protection capabilities in Barracuda Cloud Application Protection closely track the protective requirements that are being set to block attacks like Magecart and other website supply chain attacks.
  • Barracuda WAF-as-a-Service now has new capabilities that would make management tasks easier. The new snapshots feature lets users import and export settings as a JSON file, making interaction with automation tools much easier. Administrators may also compare snapshots and set up automated snapshots to make configuration maintenance easier. Customers who use CDN services now have expanded control and visualization possibilities thanks to the updated CDN UI.

“With this release, Barracuda Cloud Application Protection adds powerful new API security, account takeover protection capabilities, and client-side protection for our customers, driven by machine learning and other advanced technologies,” said Tim Jefferson, SVP, Engineering for Data, Network, and Application Security at Barracuda. “Every business needs this type of critical protection against API vulnerabilities and automated bot attacks.”