Barracuda Networks, a leading provider of cloud-enabled security solutions, has announced new capabilities for its Cloud Application Protection platform to deliver an additional level of protection and make it even easier for organisations to secure their applications.
Client-side protection, the ability to deploy containerised WAF nodes, and an auto-configuration engine are just some of the new services and features the platform includes. The Cloud Application Protection also now leverages machine learning (ML), vulnerability scanning and remediation, and Advanced Threat Protection to provide active threat intelligence for stronger protection.
Highlights of Cloud Application Protection 2.0 include:
- Client-Side Protection — This new feature automatically creates and deploys protections against website skimming and supply chain attacks such as MageCart. These types of attacks are performed by infecting a script that is loaded directly by the browser, meaning that WAFs are unable to detect them. Cloud Application Protection 2.0 adds both protection and reporting capabilities against these attacks.
- Containerized WAF deployment — This new deployment option brings the same security engine as Barracuda WAF and WAF-as-a-Service, but in a container form. As more applications are now deployed in containers, they can now be protected.
- Auto-Configuration Engine — The Auto-Configuration Engine uses ML models to check an organisation's traffic patterns and provide recommendations to tighten security settings, reducing administrative overhead.
- Active Threat Intelligence — This cloud-based ML-enhanced service provides near real-time active threat intelligence to detect and stop new threats as they occur. Barracuda Active Threat Intelligence brings together the Barracuda Vulnerability Manager, Barracuda Vulnerability Remediation Service, Barracuda Advanced Threat Protection, and Barracuda Advanced Bot Protection's cloud layer, making it a single service that covers the full range from detection to remediation.
“At Barracuda, we strive to continually make security easier for our customers, and Cloud Application Protection 2.0 provides enterprise-level application security with consumer-level ease of use,” said Tim Jefferson, SVP, Engineering for Data, Networks and Application Security at Barracuda. “The powerful new capabilities we’re introducing address the application security issues organisations are most concerned about right now and also provide protection for where applications are headed next.”
The state of application security in 2021
Barracuda has recently released the results of its survey, ‘The state of application security in 2021.’ They surveyed 750 application security decision-makers responsible for their organisation’s application development and security. Participants were from the US, Europe, and APAC, and each represented organisation had 500 or more employees globally.
The top five application security challenges they pointed to were bots, supply chain attacks, vulnerability detection, API security, and security slowing down app developments. On average, respondents were successfully breached twice in the past 12 months as a direct result of an application vulnerability. 72% of respondents said their organisation suffered at least one security breach from an application vulnerability.
Overall, the findings indicate that more needs to be done to protect against application security threats, particularly newer threats. Many organisations realised issues within their systems and are looking to deploy new solutions in the coming year such as bot protection (41%), API gateway (36%), and software supply chain protection (scanning) (33%).