| Share

Barracuda Launches Cloud Application Protection 2.0 to Defend Web Apps From Evolving Attack Vectors

Platform blocks supply chain attacks, uses machine learning to stop bad bots, adds containerised WAF to protect apps deployed in containers


  • Client-Side Protection automatically creates and deploys protections against website skimming and supply chain attacks such as MageCart.
  • New deployment option brings the same security engine as Barracuda WAF and WAF-as-a-Service to containers.
  • Cloud Application Protection leverages machine learning, vulnerability scanning and remediation, and Advanced Threat Protection to provide active threat intelligence.
  • Auto-configuration engine automatically tightens security settings to address current threats.


Campbell, Calif – 18 May 2021 - Barracuda Networks, Inc., a leading provider of cloud-enabled security solutions, today announced significant new capabilities for its Cloud Application Protection platform to deliver an additional level of protection and make it even easier for organisations to secure their applications in a digitally transformed world. These new services and features include client-side protection, the ability to deploy containerised WAF nodes, and an auto-configuration engine. In addition, Cloud Application Protection now leverages machine learning, vulnerability scanning and remediation, and Advanced Threat Protection to provide active threat intelligence for more powerful protection.


Cloud Application Protection is Barracuda’s platform for Web Application and API Protection (WAAP). According to Gartner: “By 2023, more than 30% of public-facing web applications and APIs will be protected by cloud web application and API protection (WAAP) services, which combine distributed denial of service (DDoS) protection, bot mitigation, API protection and web application firewalls (WAFs). This is an increase from fewer than 15% today.” (1)


“At Barracuda, we strive to continually make security easier for our customers, and Cloud Application Protection 2.0 provides enterprise-level application security with consumer-level ease of use,” said Tim Jefferson, SVP, Engineering for Data, Networks and Application Security at Barracuda. “The powerful new capabilities we’re introducing address the application security issues organisations are most concerned about right now and also provide protection for where applications are headed next.”


Barracuda recently surveyed hundreds of IT security decision makers from organisations around the world, and the top five application security challenges they pointed to were bots, supply chain attacks, vulnerability detection, API security, and security slowing down app developments.


Highlights of Cloud Application Protection 2.0 include:

  • Client-Side Protection — This new feature automatically creates and deploys protections against website skimming and supply chain attacks such as MageCart. These types of attacks are performed by infecting a script that is loaded directly by the browser, meaning that WAFs are unable to detect them. Cloud Application Protection 2.0 adds both protection and reporting capabilities against these attacks.
  • Containerized WAF deployment This new deployment option brings the same security engine as Barracuda WAF and WAF-as-a-Service, but in a container form. As more applications are now deployed in containers, they can now be protected.
  • Auto-Configuration Engine The Auto-Configuration Engine uses machine learning models to check an organisation’s traffic patterns and provide recommendations to tighten security settings, reducing administrative overhead.
  • Active Threat Intelligence — This cloud-based machine learning-enhanced service provides near real-time active threat intelligence to detect and stop new threats as they occur. Barracuda Active Threat Intelligence brings together the Barracuda Vulnerability Manager, Barracuda Vulnerability Remediation Service, Barracuda Advanced Threat Protection, and Barracuda Advanced Bot Protection’s cloud layer, making it a single service that covers the full range from detection to remediation.


In addition to these features, Cloud Application Protection 2.0 adds an Azure Sentinel integration that allows defenders to quickly see the most important information in the specific context, allowing for rapid responses. Customers can also choose to create rules on Azure Sentinel to perform configuration tasks using the WAF API to close the feedback loop when newer attacks are detected.


A workbook that sets up an Azure Sentinel workspace with a dashboard specific to Barracuda WAF or WAF-as-a-Service is now available in the Azure portal, making it easy for administrators to deploy this integration.


Customer quotes


“Barracuda Cloud Application Protection brings together all the features and performance we need with the ease of use that we want,” said Zach Peer, director of technology and managed hosting at One North. “As long-time customers, we are confident that the solution is providing the best protection possible against all the latest threats.”


“Bots and supply chain attacks are becoming major concerns for us, so we’re excited to see Barracuda introduce a range of new protections that will help us fight the latest threats,” said David Gooding, Head of Strategy and Digital Operations at KOIOS DatalytiX. “It provides us peace of mind, and the auto-configuration engine makes it easier to stay ahead of latest tricks from cybercriminals and further protects our customers and their data.”



Get more information on Barracuda Cloud Application Protection 2.0 platform: https://www.barracuda.com/cap 


Get more information about Barracuda WAF-as-a-Service: https://www.barracuda.com/waf-as-a-service 


Read the report: The state of application security in 2021: https://www.barracuda.com/appsec-report-2021     


Read the blog post: http://cuda.co/46348

(1) Gartner, “Magic Quadrant for Web Application Firewalls”, Jeremy D'Hoinne, Adam Hils, Rajpreet Kaur, John Watts, 19 October 2020.


About Barracuda 

At Barracuda we strive to make the world a safer place. We believe every business deserves access to cloud-enabled, enterprise-grade security solutions that are easy to buy, deploy, and use. We protect email, networks, data, and applications with innovative solutions that grow and adapt with our customers’ journey. More than 200,000 organisations worldwide trust Barracuda to protect them — in ways they may not even know they are at risk — so they can focus on taking their business to the next level. For more information, visit barracuda.com. 

Barracuda Networks, Barracuda and the Barracuda Networks logo are registered trademarks or trademarks of Barracuda Networks, Inc. in the U.S. and other countries. Other trademarks are the property of their respective owners.