Barracuda Networks – Barracuda Web Application Firewall 460
November 01, 2012
$8,898 base with one year Energize Updates.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Clean interface with solid feature set.
- Weaknesses: May be underpowered and no 24-hour replacement option.
- Verdict: A good buy for small to midsized businesses, though larger enterprises may want something more.
Relatively inexpensive, but with a strong feature set, the Barracuda Web Application Firewall provides affordable security without skimping on features or breaking the bank.
Shipped as a rack-mountable appliance, Barracuda made setup of the device extremely simple. Following the quick-start guide, it was a simple matter of setting our interface IPs, updating the firmware and configuring a service - all completely straightforward. From unboxing to completing our first policy configuration, we were up and running in about 15 minutes.
Anyone who has used a Barracuda Networks product in the past will instantly be familiar with the user interface. A clean statistical dashboard is presented on logging in, and all device configuration categories are arranged in tabs across the top. By hovering over each tab, the relevant subscreens are displayed. Administrators can get from one configuration or report page to any other with a single click. Multiple administrator roles can be defined with granular control allowed per user over which configuration and report screens to display. The device can be deployed in the industry standard reverse proxy mode, a bridge path mode or one-armed proxy mode. Although we chose to go the reverse proxy route, we liked the flexibility the device offered.
The product supports application acceleration and content caching and offers an implementation of SSL offloading it calls InstantSSL, which functions as one would expect. Some of the solution's default policies include parameter attack filtering against SQL injection, OS command injections, directory traversal, XSS and others, digital signing or encryption of cookies, server error suppression, file extension blocking, request sizing limits and cookie replay protection.
The product offers traffic monitoring in a passive mode, allowing administrators to observe violation reports and adjust policies if false positives are detected. An automated policy tuner integrates with the firewall logs and generates exceptions or tunes existing policies. The policy tuner also allows granular rules to be created governing specific portions of a web application, such as a web form.
We were pleased with Barracuda's documentation. The two-page quick-start guide gave us everything we needed to have a basic configuration in minutes. The website offers more in-depth administrator's guides, a best practices guide, and a variety of whitepapers. Everything was well organized and easy to find.
The product ships with basic support included, which gives users eight-hours-a-day/five-days-a-week phone and email support and a year's worth of Energize Updates. For an additional yearly fee, administrators can purchase the company's enhanced support package, which includes 24/7 phone and email support and hardware replacement within one business day.
The cost of Barracuda's enhanced support package is $1,549 per year. We would have liked to see a 24-hour replacement option instead of just one business day. But, the price per unit is almost low enough to keep a spare on hand. At a cost of $8,898 (with one year Energize Updates), the Barracuda Web Application Firewall is a solid value.
SC Magazine Articles
- Blasphemy! Godless malware preys on nearly 90 percent of Android devices
- 'Password attacks' continue; Citrix becomes latest victim
- Guccifer 2.0 out - Cozy Bear, Fancy Bear hacked DNC, Fidelis analysis shows
- Acer breach caused by improperly stored data
- Check Point tracks two waves of Cerber ransomware hitting U.S., UK
- CEO sacked after aircraft company grounded by whaling attack
- Microsoft warns of new, self-propagating ransomware in the wild
- Wendy's POS breach 'considerably' bigger than first thought
- No hacking required: Israeli researchers show how to steal data through PC components