Lead Machine Pink 160x1200

Lead Machine Pink 160x1200

iTWire TV 705x108notfunny

Wednesday, 01 June 2022 21:49

Barracuda Launches New Capabilities for Web Application and API Protection (WAAP)

By Barracuda Networks
Tim Jefferson, SVP, Engineering for Data, Network, and Application Security, Barracuda Tim Jefferson, SVP, Engineering for Data, Network, and Application Security, Barracuda

Barracuda Cloud Application Protection strengthens web application and API security, adds account takeover protection, boosts client-side supply chain attack protection, and includes new technology integration with Venafi


  • New updates to Barracuda Cloud Application Protection platform provide powerful, easy-to-use web application, API, and bot protection capabilities to help defend against increasingly complex threats and include a new technology integration with the Venafi Trust Protection platform.
  • Barracuda Cloud Application Protection now enables continuous security compliance for web applications, including protection from advanced account takeover and client-side supply chain attacks.
  • As part of Barracuda Cloud Application Protection updates, Barracuda WAF-as-Service now includes new control and visualisation capabilities, provides easier configuration management, and enables seamless integration with automation tools.

Barracuda Networks, Inc., a leading provider of cloud-first security solutions, today announced the expansion of Barracuda Cloud Application Protection, its platform for Web Application and API Protection (WAAP). This new release adds powerful new automated API Discovery and GraphQL security capabilities, augments Account Takeover Protection capabilities, and enhances the client-side protection feature set. Additionally, the integration of the Barracuda Web Application Firewall and the Venafi Trust Protection Platform adds the ability to continually automate machine identity management for TLS certificates to stop outages and make it easy to scale web application firewall usage.

According to Gartner®, “Web applications, mobile applications and APIs are subject to increasing volumes of complex attacks. Security and risk management technical professionals responsible for application security architecture must use an appropriate mix of mitigating technologies to secure applications.”1

With this new release, Barracuda Cloud Application Protection includes continuous, automatic API Discovery using Machine Learning to improve compliance and security. This capability greatly reduces the admin overheads of importing API specs and configuring protections, while allowing development teams to build and deploy secure APIs quickly.

Additional highlights of this release include:

  • New GraphQL security capabilities that include native parsing of such requests and enforcement of security checks to protect against GraphQL specific attacks.
  • New Privileged Account Protection (PAP), backed by a Machine Learning layer, identifies risky logins and performs preconfigured actions to prevent Account Takeover attacks.
  • Enhanced Machine Learning models in the Active Threat Intelligence (ATI) layer that powers Barracuda Advanced Bot Protection to identify and detect persistent bots. In addition, the configuration feedback loop from ATI has been improved, allowing admins to perform configuration actions from the cloud dashboard.
  • Improved controls for client-side protection over the configuration and visualisation of Content-Security Policies and Sub-Resource Integrity settings. Client-side protection capabilities in Barracuda Cloud Application Protection closely track the protective requirements that are being set to block attacks like Magecart and other website supply chain attacks.
  • New capabilities for Barracuda WAF-as-a-Service make administration actions easier. The new snapshots feature allows the import and export of configuration as a JSON file to enable easier integration with automation tools. In addition, admins can perform comparisons between snapshots and setup automatic snapshots for easier configuration management. The improved CDN UI provides new control and visualisation capabilities to customers using the CDN services.

The new technology integration of Barracuda Web Application Firewall and Venafi Trust Protection Platform offers a fully featured, unified solution that enables the secure, centralized, and automated management of certificates and keys across Barracuda Web Application Firewall. This integration adds security to the managed machine identities, and eliminates the anxiety and risk associated with certificate-related downtime and risks. 

“With this release, Barracuda Cloud Application Protection adds powerful new API security, account takeover protection capabilities, and client-side protection for our customers, driven by machine learning and other advanced technologies," said Tim Jefferson, SVP, Engineering for Data, Network, and Application Security at Barracuda. “Every business needs this type of critical protection against API vulnerabilities and automated bot attacks."

“Before Barracuda WAF-as-a-Service, it’s almost like we were blind. We had no visibility into just how frequently we were being probed and attacked. Now going through the logs, our eyes have been opened, and it seems a wonder that we never suffered a serious breach in the past,” said Kieron Prince, Cloud and Infrastructure Lead at L&Q in a Barracuda  case study.

“Barracuda has earned a reputation for providing powerful, easy-to-use protection for web application and APIs,” said Dave Sasson, Chief Strategy Officer at Hanu, an award-winning Microsoft Cloud services provider and Azure Expert MSP. “These new enhancements provide our mutual customers with a higher level of protection against API, bot, and client-side attacks.”


See the Barracuda Cloud Application Protection page: >https://www.barracuda.com/cap

New: Threat Spotlight, Attempts to exploit new VMware vulnerabilities https://cuda.co/50889
Get the 2021 Gartner® Magic Quadrant™ for Web Application and API protection: https://www.barracuda.com/waapmq-2021

Get the Forrester Wave for Web Application Firewalls, Q1 2020: https://www.barracuda.com/wafwave2020

Get the e-book: The new ABCs of application security: https://www.barracuda.com/abc-appsec-ebook

1Gartner, “Protecting Web Applications and APIs from Exploits and Abuse,” by William Dupre, published 9 March 2022.

Gartner, “Magic Quadrant for Web Application and API Protection” by Jeremy D'Hoinne, Adam Hils, Rajpreet Kaur, John Watts, Published 20 September 2021.

Gartner and Magic Quadrant are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
About Barracuda
At Barracuda, we strive to make the world a safer place. We believe every business deserves access to cloud-first, enterprise-grade security solutions that are easy to buy, deploy, and use. We protect email, networks, data, and applications with innovative solutions that grow and adapt with our customers’ journey. More than 200,000 organisations worldwide trust Barracuda to protect them — in ways they may not even know they are at risk — so they can focus on taking their business to the next level. For more information, visit barracuda.com. 

Barracuda Networks, Barracuda and the Barracuda Networks logo are registered trademarks or trademarks of Barracuda Networks, Inc. in the U.S. and other countries. Other trademarks are the property of their respective owners.

Read 1085 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.

Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Share News tips for the iTWire Journalists? Your tip will be anonymous



Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News