Earlier this week, we introduced an updated version of Barracuda Cloud Application Protection (CAP), Barracuda’s platform for Web Application and API Protection (WAAP) to deliver an additional level of protection and make it even easier for organizations to secure their applications in a digitally transformed world.
To give you a closer look at how Barracuda and Microsoft teams collaborated on this innovative solution, we sat down to talk with Nitzan Miron, Vice President of Product Management, Application Security at Barracuda, and Nills Franssens, Principal Cloud Solution Architect at Microsoft, to get their insights on the new version of Cloud Application Protection, what makes it unique, and the teamwork that made it possible.
Q&A with Nitzan Miron and Nills Franssens
Nitzan, what is CAP, and what makes it unique and differentiated?
Nitzan: CAP is Barracuda’s cloud application protection platform, and the idea behind it is that application security has become really complex with a lot of disparate solutions and a lot of threats that businesses need to be protected from. And with CAP, we're trying to make it easy and create one platform that gives you everything you need to protect your applications in an easy-to-use package.
What makes CAP unique is the power of it and also the ease of use. It's about the ability to deploy all of these different solutions and have protection against all these advanced threats like bots, advanced malware, and client side protection. But it’s also in a platform that's easy to use, so it's not complicated to set up. You literally get started in five or 10 minutes. Our auto configuration helps you make sure you're using the right settings, so you get that power, but you don't have to work really hard to get it set up.
Nills, you have worked with Nitzan on deploying WAF-as-a-Service on Azure, right? Can you talk about your collaboration with Barracuda on this product?
Nills: Nitzan and I have been working together now for the better part of two years, and I think our collaboration has been going pretty well. I've come in and helped Nitzan and the team with some design questions, building the architecture, and connecting with the right folks at Microsoft. Then he takes that design guidance and works with his team in implementing it and getting it rolled out.
I think the good thing about our collaboration is we can talk on IM directly, so it's pretty straightforward to collaborate. The way he’s been able to apply some of our best practices in his product has been fantastic, and it’s led to a great platform.
Nitzan, what new capabilities have been added as part of CAP 2.0?
Nitzan: There are four main pieces to CAP. The first piece is client side protection, also known as Magecart protection, which is protection against attacks that have to do with the software supply chain. As you build an application, you incorporate and include pieces that are part of different libraries or modules that you use for functionality, and those can get compromised in these types of attacks and have all sorts of issues. Our client side protection will detect those issues, and we'll call them out and remediate those issues to protect you from those kinds of attacks.
The second part is the containerized WAF deployment. Before you could deploy WAF either as an appliance or as a service, now you can deploy our WAF as a container, which means you can put it in your own infrastructure. Whatever container environment you use, you can deploy the WAF there as well.
The third thing is the autoconfiguration engine, which is the ability for us to detect and recommend changes to your configuration. Rather than you having to configure everything yourself, you configure the basics, and then our system will recommend things based on your actual traffic, optimizing settings to increase your security and minimize false positives.
And then, finally, we've released active threat intelligence, and that is a combination of a few different services that we already had, as well as some new stuff, such as bot protection, vulnerability remediation, and advanced threat protection. We've put together all these different smart threat intelligence features into one cloud that we call active threat intelligence, and all of those features work together to give you the best possible security in real time.
Nils, why is CAP important to Microsoft?
Nills: CAP is important to Microsoft because it helps our joint customers operate secure applications. Part of CAP is hosted on Azure as a platform, and we collaborated on the design and the buildout of the platform itself, and now that the platform is available it allows our joint customers to use the applications that they deploy on Azure and they can then rely on Barracuda’s deep expertise in security and get the best of both worlds to operate secure applications.
Why is it important today to deploy a platform for application security? Why is the platform approach important?
Nitzan: I think it's important to deploy a platform because of the number of threats and different types of issues that could come up when you're protecting a web application. Protecting web applications is about way more than just the OWASP top 10 these days. It's bots, it's advanced threats, it's supply chain attacks, and CAP is really the recognition that no single point solution is going to protect against all of those threats. You really need a lot of solutions to come together, and by deploying a platform you get all of those solutions in one.
Nills: I think it's important using a single unified platform that includes all of the different components you need to secure web apps versus going towards a best-of-breed approach where you have to take a whole different set of building blocks and try to figure out how they can work together. With CAP you have a single platform that delivers everything out of a centralized location, and that will help you protect your web applications more easily.
Anne Campbell is the public relations manager for Barracuda. She's been with the organization since 2014, working on content and public relations for Barracuda MSP, the MSP-dedicated business unit of Barracuda. She started her career in newspaper and magazine journalism, and she brings that editorial point of view to the work she does, using it to help craft compelling stories.