Q&A: Hardening your network with Barracuda Firewall Insights

Barracuda CloudGen Firewall is a uniquely capable network firewall and SD-WAN solution that uses the proprietary TINA VPN protocol to optimize network efficiency and operational uptime.

Barracuda Firewall Control Center provides aggregated and simplified management of multiple CloudGen Firewalls — that is, it is primarily intended to let admins deliver configuration and other data from a central management portal to a large number of firewalls.

Barracuda Firewall Insights, on the other hand, is a product that is intended to receive data from multiple firewalls and integrate that data in a way that gives admins consolidated visibility across their entire distributed network.

To help our customers understand the specific use cases and benefits of Barracuda Firewall Insights, we sat down with Jesus Cordero, our Director of SASE and Cloud Systems Engineering, to ask a few questions.

Q&A with Systems Engineering Director Jesus Cordero

What is the basic purpose of Barracuda Firewall Insights?

To put it as simply as possible, Barracuda Firewall Insights is built around three key pillars. The first is SD-WAN visibility. By consolidating SD-WAN data and reporting from multiple firewalls — whether you have 3 or 1,000 — Firewall Insights makes it easy for a single IT admin to monitor the behavior of all your firewalls and tunnels. So, for example, you can very quickly spot a tunnel that is underperforming, which may indicate that you need to switch to a new ISP or adjust certain configuration parameters.

The second pillar is around understanding user behaviors by monitoring actual traffic throughout the network. For example, if admins receive a notification that a questionable web search has exposed the company to a potential threat, it’s not necessary to go through the log files for each firewall to zero in on the problem. Because Firewall Insights consolidates all the logs from multiple firewalls, all you need to do is examine one set of logs to find the issue.

And the third pillar is around reporting. When building Firewall Insights, we looked at our existing products and identified the most useful and functional reporting capabilities, the ones that our customers most valued. And we thought about what CloudGen Firewall owners would most need in terms of generating reports that solve their problems.

So, we took those features and built them into Firewall Insights, and I think we were very successful. Not only is there a vast array of preconfigured reports available, but users can quite easily learn how to create their own custom reports.

Can you talk more about the specific benefits of network visibility?

Yes. In terms of visibility, we are all quite aware of the current shortage of experienced IT and security personnel. The people who spent their careers building complex networks from the ground up are retiring, and the people beginning their careers are simply lacking that expertise in network architecture. For many companies, this is a real problem, as it takes a long time to onboard new IT admins and get them up to speed on how their network is configured.

So, with Firewall Insights, a new network admin can come into an organization with a large, distributed network and use it to instantly discover and visualize the entire network, with the ability to drill down to specific nodes and devices. And this greatly accelerates their time to understand the network that they are managing.

Can Firewall Insights help with regulatory compliance?

Oh yes, absolutely. Now, actual compliance with regulations such as GDPR depends on instituting the right kinds of security controls, and of course that’s not what Firewall Insights does. But in terms of demonstrating compliance, in the case of an audit for example, the product’s reporting capabilities make it extremely simple and easy to create very specific reports that are designed precisely to demonstrate that regulated data is being protected correctly.

And while we’re talking about reporting, I should also mention how these capabilities make it very easy to demonstrate ROI, as well as to justify improvements. So, a use case would be when a manager wants to make the case for approving investment in a new ISP or other infrastructure for example, they can instantly produce visually interesting reports that demonstrate the need, such as by showing where there is too much latency or too many failovers.

Is there an operational technology/industrial internet of things use case for Firewall Insights?

Consider the case of a large industrial manufacturing concern. They may have thousands of robots and other automated systems that need to be protected. Now, they might decide to put all these systems behind a single firewall, but what happens when admins are alerted to an attempted intrusion? Do they shut down the whole operation while they address the issue? Obviously that’s unacceptably costly.

Instead, they’re going to segment the operation and use a separate firewall for each unit, whether that’s a single machine or a small integrated group. So now you have hundreds or thousands of firewalls. Again, what happens when there’s a security incident? Manually examining the logs of all those firewalls is very impractical and time-consuming. But with Firewall Insights, those logs are concentrated into a single interface, making it very quick and easy to identify the specific site of the attack and isolate it, without impacting the overall industrial operation.