Barracuda Web Application Firewall 960 - BWF960A
- 150-300 Backend Servers
- 5 Gbps Throughput
- 180,000 HTTP Transactions/Sec.
- 30,000 HTTP Connections/Sec.
- 50,000 HTTPS Connections/Sec.
- 1,800,000 Concurrent Connections
The Barracuda Web Application Firewall blocks an ever-expanding list of sophisticated web-based intrusions and attacks that target the applications hosted on your web servers—and the sensitive or confidential data to which they have access.
Barracuda Web Application Firewall gives your DevOps and application security teams comprehensive security that is easy to deploy and manage. Physical, virtual, and in the cloud—Barracuda Web Application Firewall eliminates application vulnerabilities and protects your web applications against application DDoS, SQL Injection, Cross-Site Scripting, and other advanced attacks.
The Barracuda Advantage
- State-of-the-art security utilizing full reverse-proxy architecture
- Malware protection for collaborative web applications
- Employs IP Reputation intelligence to defeat DDoS attacks
- No user-based or module-based licensing
- Designed to make it easier for organizations to comply with regulations such as PCI DSS and HIPAA
- Cloud-based scan with Barracuda Vulnerability Manager
- Automatic vulnerability remediation
Constant Protection from Evolving Threats
The Barracuda Web Application Firewall provides superior protection against data loss, DDoS, and all known application-layer attack modalities. Automatic updates provide defense against new threats as they appear. As new types of threats emerge, it will acquire new capabilities to block them.
Identity and Access Management
The Barracuda Web Application Firewall has strong authentication and access control capabilities that ensure security and privacy by restricting access to sensitive applications or data to authorized users.
Affordable and Easy to Use
Pre-built security templates and intuitive web interface provide immediate security without the need for time-consuming tuning or application learning. Integration with security vulnerability scanners and SIEM tools automates the assessment, monitoring, and mitigation process.
Secure Applications On-Premises or in the Public Cloud
The Barracuda Web Application Firewall provides comprehensive, reverse-proxy-based protection for applications deployed in physical, virtual, or public cloud environments data centers. In addition to applications hosted on-premises, Barracuda Web Application Firewall can natively scale and migrate with applications deployed in public cloud platforms like Amazon Web Services (AWS) and Microsoft Azure.
Available with flexible pricing options including bring-your-own-license and pay-as-you-go via AWS Marketplace and Azure Marketplace, the Barracuda Web Application Firewall is built to can help you seamlessly transition from on-premises to cloud infrastructures while maintaining the same familiar experience.
Comprehensive inbound attack protection including the OWASP Top 10 Built-in caching, compression, and TCP pooling ensure security without performance impacts Identity-based user access control for web applications Built-in data loss prevention ICSA certified
Application Attack and DDoS Protection
The Barracuda Web Application Firewall provides robust security against targeted and automated attacks. OWASP Top 10 attacks like SQL Injections and Cross-Site Scripting (XSS) are automatically identified and logged. Administrators have the ability to set granular controls on response, allowing them to block, throttle, redirect, or perform a number of other actions.
Advanced DDoS protection capabilities allow administrators to distinguish real users from botnets through the use of heuristic fingerprinting and IP reputation, thereby allowing them to block, throttle, or challenge suspicious traffic. It is the only product in the industry to offer integrated IP reputation intelligence that combines real-time situational insights and historical intelligence to secure against application DDoS using a variety of risk assessment techniques such as application-centric thresholds, protocol checks, session integrity, active and passive client challenges, historical client reputation blacklists, geo-location, and anomalous idle-time detection.
Adaptive profiling enables administrators to build positive security profiles of their applications by sampling web traffic from trusted hosts. Once enabled, the positive security profiles allow administrators to enforce granular whitelist rules on sensitive parts of the application. This greatly reduces the risk of attacks and helps prevent zero-day vulnerabilities by restricting input only to inputs that meet strict standards.
Often the first step of any targeted attack is to probe public-facing applications to find out details about the underlying servers, databases, and operating systems. Cloaking prevents attack reconnaissance of protected applications by suppressing server banners, error messages, HTTP headers, return codes, debug information, or backend IP addresses from leaking to a potential attacker. Without any details of the underlying infrastructure, it is much more difficult to target attacks, thereby reducing the risk of breach.
Protection for Mobile Applications, REST APIs and AJAX
Applications that rely on XML can now be secured with an XML Firewall capability that secures applications against schema and WSDL poisoning, highly-nested elements, recursive parsing, and other XML-based attacks. This secures communications between client and application or between applications from different systems closing an often overlooked attack vector.
based single sign-on (SSO), which means that it can act as a SAML Service Provider (SP) to SAML-compliant Identity Providers (IdP), saving you from the complexities of implementing SAML on your web servers. This facilitates SSO between the cloud and on-premise web applications as well as interoperability with Azure AD which supports SAML 2.0.