Barracuda Web App Firewall 460 Vx Virtual ApplianceSecurity and DDoS Protection Against Automated & Targeted Attacks
List Price: $6,099.00
Our Price: $5,794.00
List Price: $15,549.00
Our Price: $14,771.00
List Price: $24,399.00
Our Price: $23,179.00
Barracuda Web Application Firewall Vx is a virtual appliance providing complete and powerful security for Web applications and Web sites. It offers every capability needed to deliver, secure and manage enterprise Web applications from a single appliance through an intuitive, real-time user interface.
- Single point of protection for inbound and outbound traffic for all Web applications
- Protects Web sites and Web applications against application layer attacks
- Delivers best practices security right out of the box
- Monitors traffic and provides reports about attackers and attack attempts
Comprehensive Security for Critical Applications
With hundreds of lines of code to check - and vulnerabilities often subtle and hard to find - a serious data breach is often the first sign that a web application has problems. Having secured thousands of production applications against more than 11 billion attacks since 2008, the Barracuda Web Application Firewall is the ideal solution for organizations looking to protect web applications from data breaches and defacement. With the Barracuda Web Application Firewall, administrators do not need to wait for clean code or even know how an application works to secure their applications. Organizations can ensure robust security with a Barracuda Web Application Firewall hardware or virtual appliance, deployed either on-premises or in the cloud.
Protect servers, applications, and data from web-based attacks:
Protect Applications and Data from Advanced Threats
The Barracuda Web Application Firewall blocks an ever-expanding list of sophisticated web-based intrusions and attacks that target the applications hosted on your web servers—and the sensitive or confidential data to which they have access.
The Barracuda Advantage
Constant Protection from Evolving Threats
The Barracuda Web Application Firewall provides superior protection against data loss, DDoS, and all known application-layer attack modalities. Automatic updates provide defense against new threats as they appear. As new types of threats emerge, it will acquire new capabilities to block them.
Identity and Access Management
The Barracuda Web Application Firewall has strong authentication and access control capabilities that ensure security and privacy by restricting access to sensitive applications or data to authorized users.
Affordable and Easy to Use
Pre-built security templates and intuitive web interface provide immediate security without the need for time-consuming tuning or application learning. Integration with security vulnerability scanners and SIEM tools automates the assessment, monitoring, and mitigation process.
Provides Constant Protection from Evolving Threats
The Barracuda Web Application Firewall Vx provides superior protection against data loss, application-layer DDoS, and known and previously unknown zero day application-layer attack modalities. As new types of threats emerge, the Barracuda Web Application Firewall Vx will acquire new capabilities to block them. These definitions are automatically updated and will “virtually patch” automatically on units in the field, ensuring the highest security posture for critical applications at all times. This greatly reduces the time between vulnerability disclosure and vulnerability patching.
Key Features: Application Attack & DDoS Protection, Automatic Security Updates, Adaptive Profiling, Server Cloaking, XML Firewall, Data Loss Prevention
Delivers Maximum Application Uptime and Performance
The Barracuda Web Application Firewall Vx can also be deployed in high availability clusters to provide redundancy and seamless failover capabilities in response to outages. It can also monitor application server status and intelligently distribute traffic to ensure high application performance and maximum uptime.
Application Attack & DDoS Protection
The Barracuda Web Application Firewall Vx provides robust security against targeted and automated attacks. OWASP Top 10 attacks like SQL Injections and Cross-Site Scripting (XSS) are automatically identified and logged. Administrators have the ability to set granular controls on response, allowing them to block, throttle, redirect, or perform a number of other actions.
Advanced DDoS protection capabilities allow administrators to distinguish real users from botnets through the use of heuristic fingerprinting and IP reputation, thereby allowing them to block, throttle, or challenge suspicious traffic. It is the only product in the industry to offer integrated IP reputation intelligence that combines real-time situational insights and historical intelligence to secure against application DDoS using a variety of risk assessment techniques such as application-centric thresholds, protocol checks, session integrity, active and passive client challenges, historical client reputation blacklists, geo-location, and anomalous idle-time detection.
Adaptive profiling enables administrators to build positive security profiles of their applications by sampling web traffic from trusted hosts. Once enabled, the positive security profiles allow administrators to enforce granular whitelist rules on sensitive parts of the application. This greatly reduces the risk of attacks and helps prevent zero-day vulnerabilities by restricting input only to inputs that meet strict standards.
Often the first step of any targeted attack is to probe public-facing applications to find out details about the underlying servers, databases, and operating systems. Cloaking prevents attack reconnaissance of protected applications by suppressing server banners, error messages, HTTP headers, return codes, debug information, or backend IP addresses from leaking to a potential attacker. Without any details of the underlying infrastructure, it is much more difficult to target attacks, thereby reducing the risk of breach.
Applications that rely on XML can now be secured with an XML Firewall capability that secures applications against schema and WSDL poisoning, highly-nested elements, recursive parsing, and other XML-based attacks. This secures communications between client and application or between applications from different systems closing an often overlooked attack vector.
Data Loss Prevention
Deployed as a reverse-proxy, the Barracuda Web Application Firewall Vx inspects all inbound traffic for attacks and outbound traffic for sensitive data. Content such as credit card numbers, U.S. social security numbers, or any other custom patterns can be identified by the Barracuda Web Application Firewall Vx and either blocked or masked without administrator intervention. Best of all, the information is logged and can be used by administrators to find potential leaks.
The Barracuda Web Application Firewall Vx is designed to provide easy, cost-effective assistance to help administrators comply with major application-specific requirements like PCI-DSS, HIPAA, FISMA, and SOX. It is certified by a number of third-party testing labs including ICSA Labs as an effective Web Application Firewall solution. The Barracuda Web Application Firewall Vx directly satisfies section 6.6 of PCI-DSS and assists compliance with built-in PCI compliance reports. Its robust identity and access management and data loss prevention (DLP) capabilities ensure privacy of sensitive data. A FIPS 140-2 HSM model ensures that applications it protects meets the highest cryptographic standards.
LDAP & RADIUS Authentication
The Barracuda Web Application Firewall Vx fully integrates Active Directory or any other RADIUS or LDAP-compatible authentication services. Combined with the strong access control capabilities, administrators can provide granular control of which users or groups can access what resources.
The Barracuda Web Application Firewall Vx integrates with a number of two-factor authentication technology including client certificates, SMS PASSCODES, and hardware tokens such as RSA SecurID to provide strong user authentication.
Client IP Reputation & User Access Control
Using client source addresses, organizations can control access to web resources. The Barracuda Web Application Firewall Vx can control access based on GeoIP to limit access only to specified regions. It is also integrated with the Barracuda Reputational Database and can identify suspicious IP addresses, bots, TOR networks and other anonymous proxies that are often used by attackers to hide their identity and location. Once an IP address is identified as a risk, administrators have the ability to block, limit, throttle, or issue a CAPTCHA challenge before allowing access.
Pre-Built Security Templates
Pre-built security templates and an intuitive web interface provide immediate security without the need for time-consuming tuning or learning how to use a new application. Included out of the box are common application templates including Exchange, SharePoint, Oracle Financials, PHP, and more.
Vulnerability Scanner Integration
Security organizations often use vulnerability scanners to look for exploitable weaknesses in their applications. Barracuda has the ability to integrate with popular scanners like IBM AppScan and Cenzic Hailstorm to automatically configure an application’s security template to protect against identified issues. All of this is automatically configured using the output of the scanners without any administrator intervention.
Logging & Reporting
The Barracuda Web Application Firewall Vx maintains a complete set of web firewall, access, audit, and system logs. All logs can be exported to third-party SIEM or log management tools for deep analysis. The Barracuda Web Application Firewall Vx integrates with HP ArcSight, RSA Envision, Splunk, and many other SIEM tools out of the box, providing instant intelligence on an application’s security posture.
Automatic Security Updates
The Barracuda Web Application Firewall Vx is augmented by an extensive network of more than 150,000 sensors that are deployed worldwide and feed into Barracuda Labs. The sensors provide valuable data used by Barracuda Labs to create the latest threat detection and protection definitions. These definitions are automatically updated and “virtually patch” automatically on units in the field, ensuring the highest security posture for critical applications at all times. It greatly reduces the time between vulnerability disclosure and vulnerability patching. This enables administrators to immediately deploy real-time security against new threats while also providing time for the development team to thoroughly analyze the underlying application source code and fix vulnerabilities as needed.
In a cloud environment, applications are still vulnerable to the same targeted SQL injections, DDoS, and other attacks experienced by on-premises applications. Consequently, it is important to deploy a web application firewall (WAF) to secure cloud applications from threats. Fortunately, the Barracuda Web Application Firewall can be readily plugged into third-party cloud platforms like Microsoft Windows Azure to provide strong security at the source.
High Availability Clustering
Barracuda Web Application Firewalls can be clustered in active / passive or active / active pairs with failover to ensure instant recovery. Security configurations and deployments are automatically synchronized between the clusters, providing instant recovery from any outages.
Application Load Balancing and Monitoring
The Barracuda Web Application Firewall Vx has a built-in load balancer that can route traffic among backend servers to prevent latency from server congestion. Sophisticated application monitors can detect server issues and remove them from the server pool while redistributing traffic to the remaining servers.
The Barracuda Web Application Firewall Vx is available in multiple editions that can handle up to 100 Mbps of traffic. For more capacity and performance, the edition 660 Vx can be easily expanded by licensing added CPU cores on the virtual-host cluster.
|Model Comparison||360 Vx||460 Vx||660 Vx|
|Backend Servers Supported||1-5||5-10||150-300|
|Throughput||25 Mbps||50 Mbps||4 Gbps|
|Number of Cores Supported||2||3||4+|
|HTTP/S, FTP Protocol Validation|
|Protection Against Common Attacks|
|Form Field Meta Validation|
|Web Site Cloaking|
|Outbound Data Theft Protection|
|Granular Policies to HTML Elements|
|Protocol Limit Checks|
|File Upload Control|
|Logging, Monitoring and Reporting|
|Authentication and Authorization|
|Vulnerability Scanner Integration|
|AV for File Uploads|
The screen-shots below illustrate deploying the Barracuda Virtual Appliance on a VMware ESX/ESXi hypervisor. Other deployment options are available. Please refer to the Setup Guide or contact Barracuda Networks.
Barracuda Virtual Appliance FAQ:
What is a “virtual appliance”?
A virtual appliance is a software image designed to run inside a virtual machine. When deployed inside a virtualization platform, such as VMware, multiple virtual appliances can share the physical resources of a single host computer while remaining logically isolated from each other. Barracuda Networks currently offers virtual appliance versions of many of its popular hardware appliance solutions to leverage the benefits of virtualization.
What are the benefits of Barracuda Virtual Appliances?
Barracuda Virtual Appliances provide the same technology found in the Barracuda Networks hardware solutions and are ideal for enterprises that are standardizing hardware platforms or with existing virtual environments. Barracuda Virtual Appliances can be deployed on standard virtualization platforms and can co-exist with other virtual machines, thereby enabling optimal usage of hardware resources. As the organization grows, virtual appliances can be scaled for capacity without changing any hardware or software configurations. Also, virtual appliances can be easier to backup and restore using standard mechanisms for disaster recovery.
What are the System requirements to run the Barracuda Virtual Appliance?
Currently, Barracuda Virtual Appliances are supported on VMware ESX/ESXi 3.5 Update 2 and higher with a minimum of 512 Mb RAM (1 Gb recommended) and 40 Gb available hard disk space. For information regarding other hypervisors or virtual infrastructures (like VMware Server, CITRIX XenApp, Microsoft Hyper-V), please contact us.
Are Barracuda Virtual Appliances as easy to deploy as the Barracuda Networks hardware appliances?
Yes. Barracuda Virtual Appliances are specifically designed for ease of deployment in new or existing virtualization environments. The virtual appliances are fully encapsulated with the virtual hardware configuration and the setup process is simple. Once the virtual appliance is installed, configuration and administration is through the same intuitive Web based user interface as that on the appliance. Instructions can be found in the online setup guides available as part of the download or under the Documentation section at www.barracuda.com/virtualization.
Do the Barracuda Virtual Appliances receive Energize Updates?
Yes. The Barracuda Networks Energize Updates subscription provides the latest security updates and is an essential part of purchasing either a Barracuda Networks hardware solution or a virtual appliance.
How does an administrator interact with a Barracuda Virtual Appliance?
Once deployed, Barracuda Virtual Appliances are administered through the same simple Web based user interface found on the hardware equivalents. This makes it very easy for administrators of Barracuda Networks hardware appliances to support Barracuda Virtual Appliances without learning a new usage model.
Can I make copies of my Barracuda Networks virtual appliance and deploy them for redundancy?
Every active instance of a Barracuda Virtual Appliance must be supplied a unique license token that is obtained during the process of requesting an evaluation. If you choose the ZIP deployment method, the same ZIP file can be used for multiple deployments, but each deployment must be provisioned with a unique token. Cold backups, snapshots, host migration and other backup or disaster recovery operations are fully supported.
Can I cluster a Barracuda Virtual Appliance with its hardware counterpart?
Yes. The “Linked Management” feature can be used to cluster a combination of Barracuda Virtual Appliances and hardware equivalents as appropriate.
What is an OVF template?
Open Virtualization Format (OVF) is a standard to package and distribute virtual machines. It is a portable, platform independent file format that is supported by several hypervisors. An OVF file encapsulates the complete specification of a virtual machine including all the virtual disks, virtual hardware configuration (CPU, memory, networking) and storage. Barracuda Virtual Appliances are distributed as OVF templates that facilitate quick provisioning with little or no manual intervention.
How do I update the firmware on a Barracuda Virtual Appliance?
New firmware releases will be available periodically and are included in the Energize Updates subscription. Once the virtual appliance is deployed, administrators can check for available firmware releases and upgrade as appropriate.
How are the Barracuda Virtual Appliances priced?
Barracuda Virtual Appliances do not involve any per user or setup fees. A Barracuda virtual appliance is licensed for a certain number of cores. As the organization grows, administrators can easily expand the capacity of these virtual appliances by licensing them for additional cores as needed without the overhead of provisioning any additional hardware or software.
How can I evaluate a Barracuda Virtual Appliance?
A 30-day evaluation copy of any Barracuda Virtual Appliance can be obtained by filling the evaluation request form online at www.barracuda.com/virtualization. This will generate an email with download and activation instructions.
Where can I get more information?
Please contact us!
Download the Barracuda Web App Firewall Vx Series Data Sheet (PDF).
List Price: $6,099.00
Our Price: $5,794.00
List Price: $15,549.00
Our Price: $14,771.00
List Price: $24,399.00
Our Price: $23,179.00