We just raised a $30M Series A: Read our story

Barracuda WAF-as-a-Service OverviewUNIXBusinessApplication

Barracuda WAF-as-a-Service is #22 ranked solution in top Web Application Firewalls. IT Central Station users give Barracuda WAF-as-a-Service an average rating of 8 out of 10. Barracuda WAF-as-a-Service is most commonly compared to Azure Front Door:Barracuda WAF-as-a-Service vs Azure Front Door.
What is Barracuda WAF-as-a-Service?

From zero to security in minutes
Configuring traditional web application firewalls can take days of effort. But Barracuda WAF-as-a-Service—a full-featured, cloud-delivered application security service—breaks the mold. Deploy it, configure it, and put it into full production—protecting all your apps from all the threats—in just minutes.

Barracuda WAF-as-a-Service was previously known as Barracuda WAF as a Service.

Buyer's Guide

Download the Web Application Firewall (WAF) Buyer's Guide including reviews and more. Updated: November 2021

Barracuda WAF-as-a-Service Customers
Salvation Army
Barracuda WAF-as-a-Service Video

Barracuda WAF-as-a-Service Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
SR
Senior Information Security Engineer at a tech services company with 10,001+ employees
Real User
Top 20
A web application firewall that is useful to identify and stop known attacks.

Pros and Cons

  • "I like its ability to identify known attacks, including DDOS attacks. It's valuable because software must be able to stop known attacks. Application attacks are evolving all the time. When it comes to software-as-a-service, we need to have software that knows about all the latest attacks. It should also protect against major unknown attacks."
  • "We found it a bit slow when accessing it through the web browser. The URL also exposed the user name and the hashed password. When I log into my Barracuda WAF user portal, I could see the username and the hashed password on the URL itself. So, it is not very secure, and it is important to take that off."

What is our primary use case?

We have a web application on AWS, and we wanted just one minimum utility firewall to take care of one site with limited traffic. It is an internal website that is used by less than 200,000 employees. To protect that site, we use Barracuda WAF.

The internal website and the firewall were deployed only last year. We are running it on a minimal configuration, and no extensive changes were made. We will be making changes to the configuration periodically based on the requisites.

What is most valuable?

I like its ability to identify known attacks, including DDOS attacks. It's valuable because software must be able to stop known attacks. Application attacks are evolving all the time. When it comes to software-as-a-service, we need to have software that knows about all the latest attacks. It should also protect against major unknown attacks.

The main part is preventing unknown OS attacks and providing a blacklist of IP addresses. This vast service allows us to check for those blacklisted IPs and prevent traffic from those IPs.

What needs improvement?

We found it a bit slow when accessing it through the web browser. The URL also exposed the user name and the hashed password. When I log into my Barracuda WAF user portal, I could see the username and the hashed password on the URL itself. So, it is not very secure, and it is important to take that off.

I would like to have a threat radar that is updated on their security database. I would like to see if their IP is getting updated and the data detection notifications are the same as in the server.

For how long have I used the solution?

I have used Barracuda WAF-as-a-Service over the last 18 months.

What do I think about the stability of the solution?

We did not see any issues with the performance.

How are customer service and technical support?

Technical support was good, and they respond very well. 

On a scale from one to ten, I would give Barracuda technical support an eight.

Which solution did I use previously and why did I switch?

We used to use the Alert Logic web application firewall, but that was for a different client. In AlertLogic, there was not much transparency to see the different types of attacks. We couldn't do any customization for the website. We used to create profiles under which we would mention the different types of attacks. But if I wanted to make any custom changes on one website, I would have to make that in a profile and reflect it on all the other profiles. But with Barracuda, I can customize the changes on the website level.

How was the initial setup?

The initial setup was straightforward and took us less than four hours to install and deploy. Our environment is in AWS, and they had the package installed and available in the AWS marketplace. We discussed the throughput of our website and what would be the appropriate appliance and the instance that we would need to implement to download the software package. 

It is like a multilayer website view, but we had only one entry point for the internet traffic. Just one instance of WAF was enough at that time, but we will be extending it to two availability zones. 

We don't have to do maintenance because the signatures get updated periodically, and Barracuda does all the upgrades for us. We could look for support from the customer team to manage those maintenance activities.

What about the implementation team?

The Barracuda team helped us. Our administration team is very small, and it's just a two-member team.

What other advice do I have?

I would recommend Barracuda WAF to potential customers.

On a scale from one to ten, I would give Barracuda WAF-as-a-Service an eight.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer:
Flag as inappropriate
JB
Manager Information Technology at a tech services company with 11-50 employees
Real User
Top 10
Easy plug and play feature, automated policies, and simple configuration

What is our primary use case?

The solution can be used to provide application security.

What is most valuable?

The most valuable features of the solution are it is plug and play, has automated policies, a simple configuration, and is easy to create rules.

What needs improvement?

The solution can improve by bundling Security Operation Center (SOC) with the WAF-as-a-Service, it would provide a lot more value to customers.

For how long have I used the solution?

I have been using this solution within the last 12 months.

What do I think about the stability of the solution?

It is a stable solution.

What do I think about the scalability of the solution?

I have found the solution very simple to scale.

How was the initial setup?

The installation of the solution is easy.…

What is our primary use case?

The solution can be used to provide application security.

What is most valuable?

The most valuable features of the solution are it is plug and play, has automated policies, a simple configuration, and is easy to create rules.

What needs improvement?

The solution can improve by bundling Security Operation Center (SOC) with the WAF-as-a-Service, it would provide a lot more value to customers.

For how long have I used the solution?

I have been using this solution within the last 12 months.

What do I think about the stability of the solution?

It is a stable solution.

What do I think about the scalability of the solution?

I have found the solution very simple to scale.

How was the initial setup?

The installation of the solution is easy. However, it is beneficial if the administrator has some experience in application coding.

What other advice do I have?

I would recommend this solution to others because Barracuda has been in the industry for more than 20 years. There are many use cases for this solution.

I rate Barracuda WAF-as-a-Service an eight out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate