Web Application Firewalls

All WAFs are not created equal

Print Friendly, PDF & Email

Barracuda Web Application Firewall has a long history of evolution and innovation. This includes API integration with Barracuda CloudGen Firewall, deep integration with native cloud services, and most recently its cloud-native version, Barracuda WAF-as-a-Service.

It should be noted there are a lot of choices for WAFs, but few measure up to the Barracuda solution. Let’s take a closer look at where various types of WAFs fall short.

VM-style competitors

When we look at VM-style competitors, none outside of Barracuda offer an automated virtual patching or remediation service. This is a key shortcoming. If a vendor can’t proactively patch and manage new vulnerabilities with its WAF, then the task falls to IT admins. Few, if any, have the time for such maintenance activities. Another shortcoming among most of the larger WAFs is a lack of adaptive profiling. Web attacks are like a war of attrition — attackers are always trying new techniques and varying their profiles, which has allowed them to evade many of the top WAFs.

Simplistic competitors

With simplicity often comes trade-offs. When we look at features from the more simplistic, often SaaS-based WAF competitors, a few shortcomings stand out. These shortcomings include Advanced Threat Protection, JSON/XML API inspection, and load balancing. While one could argue that load balancing can be just as easily handled by a dedicated load balancer, there is an economy of operation in allowing a WAF to help balance the loads it is monitoring. When it comes to Advanced Threat Protection, few of the simpler WAFs use advanced techniques like sandboxing to identify sophisticated threats. Finally, APIs are becoming a new and successful attack vector, so using a WAF to inspect them before they enter your infrastructure is another way to enhance your security.

In short, all WAFs are not created equal. For Barracuda, we were able to migrate an already-robust WAF to a WAF run in the cloud as a service. All the same features are available, but its SaaS-driven setup takes minutes and just a few clicks. For many customers, this can be the best of both worlds.

For a free 30- day trial of Barracuda WAF-as-a-Service, visit our website here

Scroll to top