I assess the impact of Barracuda WAF-as-a-Service on compliance efforts regarding security events as good in terms of compliance, although there are a few issues. There is one issue regarding local data storage, as they do not have that capability, and we are storing the data in another foreign country, which is against the law. Data is supposed to be within the South African border. In my opinion, the main direction for improvement should be around the licensing part, as it should not be quite complex. The price of their licensing model is a bit steep. However, for other features such as web application threat detection and data compliance, they are very good, especially for application trafficking and caching. The pricing and SIEM integration sometimes create challenges, and we need to get professional help with those areas. For the next release, Barracuda WAF-as-a-Service should include advanced APIs and perhaps AI-driven detections. They can improve the integration with SIEM and SOAR.
I see that cost can be a limitation for small businesses. Additionally, if they can provide more advanced features and customization for specific use cases, that would be beneficial. Apart from that, I do not feel there are any other problems. From our perspective, there is not an issue. All the data I have shared is in favor of Barracuda because the ROI they have given us is tremendous, and they are doing really well in terms of product, scalability, and service. We have seen that it is a great solution with no issues from our end.
One significant area for improvement in Barracuda WAF-as-a-Service lies in its market positioning and pricing strategy. Additionally, it could operate in a local data center. This limitation hinders its adoption in regions with strict data regulations.
My company had faced some downtime or an outage twice with Barracuda WAF-as-a-Service due to backend problems. The stability of the product is an area of concern where improvements are required. I don't know much about what additional features are required in the product's future releases since I think it has almost all users. One feature I want in the solution stems from the fact that there are almost 17 applications protected in our company with the help of Barracuda WAF-as-a-Service. If I need to block one IP address for all 17 applications together, it is not possible, and I need to block the IP address on each application separately, making it a time-consuming process. It would be great if the product allows users to block an IP address for all the applications in an environment in one go rather than having to block the IP address separately for each application.
Senior Information Security Engineer at a tech services company with 10,001+ employees
Real User
Mar 8, 2021
We found it a bit slow when accessing it through the web browser. The URL also exposed the user name and the hashed password. When I log into my Barracuda WAF user portal, I could see the username and the hashed password on the URL itself. So, it is not very secure, and it is important to take that off. I would like to have a threat radar that is updated on their security database. I would like to see if their IP is getting updated and the data detection notifications are the same as in the server.
Barracuda WAF-as-a-Service streamlines cloud security with features like automatic updates, real-time detection, and bot protection. It enhances AWS environments with simplified management and threat intelligence.Barracuda WAF-as-a-Service provides robust application security, leveraging automatic security updates and real-time attack detection to defend against threats. Its centralized dashboard offers an intuitive management experience, complemented by automated policies. Real-time threat...
I assess the impact of Barracuda WAF-as-a-Service on compliance efforts regarding security events as good in terms of compliance, although there are a few issues. There is one issue regarding local data storage, as they do not have that capability, and we are storing the data in another foreign country, which is against the law. Data is supposed to be within the South African border. In my opinion, the main direction for improvement should be around the licensing part, as it should not be quite complex. The price of their licensing model is a bit steep. However, for other features such as web application threat detection and data compliance, they are very good, especially for application trafficking and caching. The pricing and SIEM integration sometimes create challenges, and we need to get professional help with those areas. For the next release, Barracuda WAF-as-a-Service should include advanced APIs and perhaps AI-driven detections. They can improve the integration with SIEM and SOAR.
I see that cost can be a limitation for small businesses. Additionally, if they can provide more advanced features and customization for specific use cases, that would be beneficial. Apart from that, I do not feel there are any other problems. From our perspective, there is not an issue. All the data I have shared is in favor of Barracuda because the ROI they have given us is tremendous, and they are doing really well in terms of product, scalability, and service. We have seen that it is a great solution with no issues from our end.
One significant area for improvement in Barracuda WAF-as-a-Service lies in its market positioning and pricing strategy. Additionally, it could operate in a local data center. This limitation hinders its adoption in regions with strict data regulations.
My company had faced some downtime or an outage twice with Barracuda WAF-as-a-Service due to backend problems. The stability of the product is an area of concern where improvements are required. I don't know much about what additional features are required in the product's future releases since I think it has almost all users. One feature I want in the solution stems from the fact that there are almost 17 applications protected in our company with the help of Barracuda WAF-as-a-Service. If I need to block one IP address for all 17 applications together, it is not possible, and I need to block the IP address on each application separately, making it a time-consuming process. It would be great if the product allows users to block an IP address for all the applications in an environment in one go rather than having to block the IP address separately for each application.
The solution can improve by bundling Security Operation Center (SOC) with the WAF-as-a-Service, it would provide a lot more value to customers.
We found it a bit slow when accessing it through the web browser. The URL also exposed the user name and the hashed password. When I log into my Barracuda WAF user portal, I could see the username and the hashed password on the URL itself. So, it is not very secure, and it is important to take that off. I would like to have a threat radar that is updated on their security database. I would like to see if their IP is getting updated and the data detection notifications are the same as in the server.