Barracuda Web Application Firewall v7.9.1: Deeper into Azure and a Threat Activity Heat Map

Print Friendly, PDF & Email

We are pleased to announce the availability of firmware release 7.9.1. Following is a highlight of couple of interesting new features in this release:

Adding Sign-On to Your Web Applications Using Azure AD and Web-Based SSO using SAML 

Managing identities and authentication in native Azure cloud web applications can prove to be challenging as Window Azure Authentication Directory (WAAD) does not support LDAP, but relies on the (rather overwhelming) SAML and WS Federation protocols. Both of these are hugely complex protocols and a long pole to integrate into your web applications. The Barracuda Web Application Firewall makes this simple by supporting SAML v2 Service Provider role that can offload this burden from your web applications and interoperate with the WAAD for authentication and single sign-on.

SAML is also an important protocol for Identity Federation – that is, authentication and authorization operations across organizational boundaries, or even the Internet. Within a domain, SSO can be achieved by the use of cookies, but this fails across different domains as cookies are inherently tied to a single domain tree. Non-HTTP protocols like LDAP, RADIUS and Kerberos do not provide Internet scale and are not firewall friendly, so they are also not much use for cross-domain SSO scenario. And this leads to one of the most important and accessible use case for SAML – web-based (read: HTTP) SSO across the Internet.

SAML elegantly solves this using an industry-standard specification which can use HTTP as a transport for SSO across unrelated domains, such as airline.example.com, hotels.com.ca and cars.co.uk, so that a user is not required to sign in multiple times when accessing any of these web applications.

With SAML v2 support now in the Barracuda Web Application Firewall, you are relieved of all the complexities and overhead the protocol imposes. SAML can be overwhelming, but we have strived hard to keep the configuration and UI as simple as possible while complying with important standards like SuisseID that are built upon SAML.

Attack Heat Map – This release introduces a geolocation heat map of attack sources targeting your web applications. This provides immediate insight into threat activity enabling you to identify and track attack patterns and origins. The heat map is added to the BASIC > Status page and looks like the following.

The size of the bubbles on each source country represents the volume of threat activity originating from that country. The larger the bubble, the larger the volume of threats. Hovering over any of the bubbles provides a numerical value for the number of attacks over the last hour. You can also select a different time period, e.g. day or month, from the dropdown on the top right.

If you find spikes in threat activity from certain regions, you can configure region-specific security policies from the WEBSITES > IP Reputation page.

For more technical information, refer to our techlib documentation.

Scroll to top
Tweet
Share
Share