Latest Version Includes Support for SAML and JSON Payload Inspection
- With the latest version of Barracuda Web Application Firewall, version 8.0, Barracuda released support for the latest enhancements to Barracuda Control Server, its on-premises platform for central management, to further streamline the management of product updates, shared policies, and services across multiple clusters and data center locations.
- Building on its support for Microsoft Azure AD, Barracuda Web Application Firewall now offers enhanced support for Security Assertion Markup Language (SAML) to enable it to work with a broader range of systems utiliisng SAML, including Microsoft ADFS, Swiss ID, and more.
“As virtualisation continues to foster dispersion of applications and data, we have seen our customers distribute security enforcement points across different parts of the network and across data centers,” noted Stephen Pao, GM Security, Barracuda. “While security enforcement points disperse, IT operations managers continue to express their desire to manage those dispersed enforcement points from a single pane of glass. The enhancements made to Barracuda Web Application Firewall and Barracuda Control Server came from direct customer feedback around many of these use cases.”
Streamlined Centralised Management Across Clusters and Data Centers
The latest version of Barracuda Web Application is designed to work with the latest enhancements to the Barracuda Control Server, available for on-premises deployments as a virtual appliance. The Barracuda Control Server provides a scalable, centralised console for unified management, control, and visibility across multiple Barracuda appliances and virtual appliances.
Highlights of the latest Barracuda Control Server release include:
- Service-Level Configuration Templates– Service-Level configuration templates are typically used when promoting individual services across various phases of a deployment lifecycle. For example, as an individual web application is moved through alpha, beta, stage, and production environments, configuration templates can be used to migrate settings associated with that individual application. Previously, the Barracuda Control Server supported migration of configurations at an appliance-level, not at an individual service level.
- Shared Policy Templates – Shared policy templates are used to ensure consistent security policy across multiple services within a single physical or virtual appliance configuration, as well as across appliances.
- Centralised Firmware Revision Management– Barracuda Control Server now includes an interface that can be used to centrally manage similar and disparate product revisions across a deployment. Previously, Barracuda Control Server only supported product update management at an appliance or configuration group level.
Enhanced Support for SAMLv2 Access Control
In addition to application security, the Barracuda Web Application Firewall provides a front end for access control to web applications, including single-sign on and multi-factor authentication. Last October, Barracuda announced the ability for the Barracuda Web Application to federate identity with Microsoft Azure AD, a SAML-based identity provider.
To further increase compatibility with additional SAML use cases, the latest version of Barracuda Web Application Firewall adds additional capabilities. Highlights include:
- SAML-based Conditional Access Rules – Several applications require conditional access based on certain attributes associated with the user. These attributes could be organisational – like role, group membership, or personal – like device type, age, postal code, etc. Administrators can now create such conditional access rules based on the attributes in SAML assertions from the Identity Provider (IdP). Conditional access rules can be granularly created across different security domains within the web application.
- Support for Multiple IdP – Users can now log into protected web applications through multiple trusted SAML providers. The Barracuda Web Application Firewall provides the users with IdP selection dialogs to specify their preferred IdP for authentication and assertion requests.
These new capabilities allow the Barracuda Web Application Firewall to extend beyond the simpler SAML use cases for Azure AD to support other SAML identity providers including Microsoft ADFS and Swiss ID.
Enhanced JSON Payload Inspection
Changes in web programming techniques used in cloud, SaaS, and mobile applications continue to challenge traditional service-oriented architecture (SOA) gateways and intrusion detection systems (IDS). In particular, increased use of JSON and REST based technology has changed both the usage and interaction over customarily used Hyper Text Transfer Protocol (HTTP) transactions. The latest version of Barracuda Web Application Firewall enhances its ability to secure JSON payloads, to provide comprehensive security for REST APIs and dynamic web applications.
Barracuda Total Threat Protection
Barracuda Web Application Firewall and Barracuda Control Server are part of the Barracuda Total Threat Protection initiative, which is aimed at providing powerful, integrated security protection across multiple threat vectors at an affordable cost. Barracuda Total Threat Protection is designed to protect multiple threat vectors – including email, web applications, remote access, web browsing by network users, mobile Internet access, and network perimeters – that span private and public cloud deployments. It includes the combination of award-winning security solutions, a common management interface, a single point of support, and affordability.
About Barracuda Networks, Inc. (NYSE: CUDA)
Barracuda (NYSE: CUDA) provides cloud-connected security and storage solutions that simplify IT. These powerful, easy-to-use and affordable solutions are trusted by more than 150,000 organisations worldwide and are delivered in appliance, virtual appliance, cloud and hybrid deployments. Barracuda’s customer-centric business model focuses on delivering high-value, subscription-based IT solutions that provide end-to-end network and data security.