Barracuda Security Suite
Best-of-Breed Security in an Integrated Platform
This product is no longer available
Barracuda Security Suite Overview:
Today's businesses need a method to secure their network from multiple threat vectors without compromising features or performance. The Barracuda Security Suite offers a new way to provide integrated security using best-of-breed components, at an affordable price.
Secure Multiple Threat Vectors without Performance Compromises
Have you secured all your threat vectors? Hackers look for any point of entry into your network. Each one of these entry points is a threat vector that needs to be secured from attacks. Leaving even one threat vector unprotected puts your entire network and data at risk. Barracuda Security Suite protects three of the most vulnerable threat vectors without performance compromises.
The Barracuda Security Suite includes three best-of-breed network security solutions in one integrated platform to create a strong security posture against current and future threats.
- Barracuda Firewall: Provides next-generation app control at a granular level, enabling administrators to grant permissions and regulate app usage to prevent network intrusions.
- Barracuda Web Filter: Provides content filtering and malware, virus and spyware protection, blocking website exposure for increased productivity.
- Barracuda Spam Firewall: Provides inbound and outbound email filtering to prevent email-borne threats and data leaks.
The Barracuda Advantage
The Barracuda Security Suite includes comprehensive network, content, and email security solutions, easily managed from a single pane of glass. These best-of-breed components provide full-featured security functionality without any limitations or restrictions.
The Barracuda Security Suite is an integrated platform providing seamless functionality and management. It is preconfigured for ease of deployment and use.
Secure All Your Threat Vectors
The Barracuda Security Suite defends against attacks using Barracuda Real-Time Protection providing comprehensive updates to protect your network from zero-hour vulnerabilities.
Secures against Data Leaks and Email-Borne Threats
Only one out of 10 emails received is legitimate. Today’s email-borne malware poses the greatest threat to your network. As virus attacks become more sophisticated and complex, the potential for the destruction and release of information severely impacts productivity and can lead to financial loss. The Barracuda Security Suite scrutinizes all inbound and outbound email traffic to protect organizations from email-borne threats and data leaks. As a complete email security solution, organizations can encrypt messages and leverage the cloud to spool email if mail servers become unavailable. As a result, your network is protected from potential harm increasingly common in the outside world.
Barracuda Security Suite enables you to protect your organization’s network, web, and email threat vectors with three best-of-breed products: Barracuda Firewall, Barracuda Spam Firewall and Barracuda Web Filter. Barracuda Security Suite includes these products in a pre-packaged, pre-configured solution. These best-of-breed components provide full-featured security functionality—no limitations or restrictions.
The Barracuda Security Suite provides these products in an integrated platform. All the products are pre-configured to work together. Barracuda Security Suite includes pre-configured network zones consisting of LAN, WAN and DMZ. Traffic from the LAN can be routed to the Internet either directly or through the web filter.
Application Visibility and Control
The Barracuda Security Suite analyzes network traffic up to Layer 7, leveraging advanced fingerprints to identify applications and content traffic. Based on the fingerprints, a flexible set of actions, including allowing, blocking, resetting, and redirecting connection attempts and traffic, can be defined. A library of hundreds of applications is currently fingerprinted. Furthermore, granular policies can be set for specific application features (e.g., limiting audio calls on Skype). These fingerprints are dynamically updated so that security policies and signatures remain up-to-date.
Intrusion Detection and Prevention (IPS)
The Barracuda Security Suite Intrusion Detection and Prevention System (IDS/IPS) strongly enhances network security by providing complete and comprehensive real-time network protection against thousands of network-based threats, vulnerabilities, exploits, and exposures in operating systems, applications, and databases to prevent network attacks such as:
- SQL injections and arbitrary code executions
- Access control attempts and privilege escalations
- Cross-Site Scripting and buffer overflows
- Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks
- Directory traversal and probing and scanning attempts
- Backdoor attacks, Trojans, rootkits, viruses, worms, and spyware
By providing advanced attack and threat protection features such as stream segmentation and packet anomaly protection, TCP split handshake protection, IP and RPC defragmentation, FTP evasion protection, as well as URL and HTML decoding, the Barracuda Security Suite is able to identify and block advanced evasion attempts and obfuscation techniques that are used by attackers to circumvent and trick traditional intrusion prevention systems.
The IPS can also be used in combination with SSL Inspection.
As part of the Barracuda Energize Updates subscription, automatic signature updates are delivered on a regular schedule or on an emergency basis to ensure that the Barracuda Security Suite is constantly up-to-date.
Quality of Service (QoS) and Traffic Prioritization
Granular QoS settings enable an organization to set bandwidth policies for applications, services, and users. In addition, traffic prioritization can be set to ensure that latency-sensitive or business-critical applications are always given priority. Pre-built policies enable organizations to immediately begin implementing one of eight pre-defined bandwidth policies. Pre-defined policies can easily be customized to individual customer needs.
Full User Identity Awareness
The Barracuda Security Suite authenticates users with Active Directory, NTLM, LDAP/LDAPS, RADIUS, and x.509 digital certificates. User- and group-specific policies, including time-based access controls, are integrated into the firewall rules, making it easy for administrators to customize network access, application usage, and bandwidth allocation for specific users and groups.
User Identity Awareness includes connections via Microsoft Terminal Servers.
One Stop for Firewall Rules
The intuitive interface is designed so that a single configuration encompasses every component of a firewall rule. This includes link balancing and QoS configurations necessary to ensure uptime and full control of network traffic. A drag-and-drop interface enables quick-and-easy prioritization of rules.
Link Optimization and Failover
To ensure the best and most cost-efficient connectivity, the Barracuda Security Suite provides a wide range of built-in uplink options including unlimited leased lines, up to six DHCP lines, four xDSL lines, two ISDN lines, and one UMTS line. Administrators can bond multiple low-cost WAN links such as DSL lines to increase bandwidth at reduced costs. Further, by eliminating the need to purchase additional devices for uplink balancing, security-conscious customers will have access to a WAN connection, even if one or two of the existing WAN uplinks are severed.
Inbound Link Balancing
The Barracuda Security Suite performs inbound link balancing by distributing inbound traffic across multiple links, leveraging its authoritative DNS services. This ensures that the Authoritative DNS server always provides the IP address of the best link when responding to DNS queries.
The Barracuda Security Suite provides VPN capabilities that can be used from within a web browser. Unlike a traditional client-to-site VPN, SSL VPN does not require the installation of client software on the end user's computer. Use SSL VPN to grant remote users access to web applications, client and server applications, as well as internal network resources like Outlook Web Access, SMB, RDP, Telnet, SSH, SMTP, POP3, VNC, IMAP4, webDAV, and HTTP and HTTPS web forwards.
The Barracuda Security Suite provides support for a suite of protocols to connect remote employees. The appliance supports IPsec-based VPN, PPTP, and the Barracuda Network Access VPN client. The VPN tunnel can be authenticated using a comprehensive set of mechanisms including NTLM, RADIUS, LDAP/LDAPS, Active Directory, and Local Authentication. Barracuda Networks provides VPN clients for Windows, Mac OS X, Linux, and Debian—downloadable right from the user interface.
IPsec VPNs ensure secure connectivity to other remote sites or a centralized office. Barracuda includes unlimited site-to-site licenses to connect as many sites as needed to the Barracuda Security Suite.
The Barracuda Security Suite provides flexible controls for pinpoint regulation of online activity. Administrators can create policies that control user access to 99.7 percent of commonly visited websites using 95 content categories including pornography, violence, hacking, sports, news, dating, shopping, chat, and more. Content filtering policies can be customized to restrict specific websites or look for patterns in web addresses.
The Barracuda Security Suite's image/multimedia safe search feature prevents search engines such as Google, Yahoo, and MSN from displaying objectionable thumbnail images in search results. Administrators can also create policies that control web-file downloads based on file type.
Spyware and Virus Protection
The Barracuda Security Suite uses a continually updated database to identify and block access to sites known to host spyware and viruses. It also detects installed spyware trying to access the Internet. Upon discovery, it blocks the spyware activity and notifies the administrator. By using dual-layer virus blocking, decompressing archives, and blocking file types, the antivirus engine in the Barracuda Security Suite protects networks from aggressive viruses.
Not only does the Barracuda Security Suite prevent the potential download of malware onto the network, it can also remove it if it has been downloaded onto a computer on the network.
The Barracuda Malware Removal Tool performs a comprehensive scan of computers for any traces of spyware or other malware. This thorough scan quickly identifies potential threats residing on a computer and provides the option for removal of those that have been found.
Web 2.0 and Social-Media Regulation
The Barracuda Security Suite provides granular control over Web 2.0 sites and web applications, including social media platforms. Scanning and inspecting SSL-encrypted traffic for specific categories and domains enable granular policy enforcement. Administrators can also configure the Barracuda Security Suite to monitor and archive outbound web application communications like Facebook posts, tweets, and web-based email to a message archiving solution, such as the Barracuda Message Archiver. These messages can be indexed and then mined for forensic analysis. Suspicious activity alerts can also be generated using predefined or customized categories.
Organizations can control online content normally hidden by SSL. This includes content found in social-media platforms, web-based email, and search engines. Administrators can specify domains and URL categories for which SSL-encrypted traffic will be decrypted and scanned for malware and policy. Not only can organizations restrict entire platforms, it’s now possible to enforce granular access for secure websites (e.g., YouTube for Schools).
To budget computing resources and ensure adherence to corporate policies, IT and HR administrators often require detailed information about how Internet users in the network are spending time online. In addition to its powerful web filtering and malware protection capabilities, the Barracuda Security Suite allows administrators to generate more than 60 different reports on Internet activity.
Interactive reports with multiple layers of drill-down capability can be generated on users’ web browsing activity, by domains and content categories, by time spent online, and/or by bandwidth consumption.
The Barracuda Web Security Agent
The Barracuda Web Security Agent (WSA) is a tamper-proof client that can be installed on remote, off-network laptops or desktops to help implement a consistent web security policy across localized and distributed workforces. The Barracuda WSA supports both Windows and Mac OS X.
The Barracuda Safe Browser
The Barracuda Safe Browser is a full-featured web browser that enforces compliance with the policies configured on the Barracuda Security Suite.
The Barracuda Security Suite leverages Barracuda Central to identify email from known spammers and determine whether domains embedded in email lead to known spam or malware domains. It leverages many of the same industry-leading techniques found in the Barracuda Spam Firewall that protect against attempts to embed text inside images with the intent of hiding content from traditional spam filters.
As virus attacks become more sophisticated and complex, email infrastructure requires advanced virus protection. The potential for the destruction and release of information, or the disruption of a network severely impacts productivity and can lead to financial loss.
The Barracuda Security Suite scans email and incoming files using three powerful layers of virus scanning technology. It also decompresses archives for complete protection. Powerful virus definitions are automatically updated via Energize Updates to maintain the most up-to-date protection against email-borne viruses.
To provide protection from tainted internal email, a Microsoft Exchange Plug-In allows organizations to protect against the spread of viruses that don’t access the email gateway. The virus definitions are also regularly updated to ensure the latest protection.
Denial of Service (DoS) Attack Protection
Not every attack is focused on planting a virus or on getting users to send their credit card number or to click on a malicious link. Often, the objective of the attack is focused on disabling a network or mitigating its effectiveness. As a cloud-based service, the Barracuda Security Suite is positioned to stop spammers before they overload an email server.
The Barracuda Security Suite ensures that email can still be delivered even during email server failures or loss of connectivity. In the event of on-premises disruptions, email can be spooled in the Cloud Protection Layer for up to 96 hours. An alternate destination can also be specified for delivery, if delivery to the primary destination fails.
During email server outages, the email for all mail servers is visible through the Cloud Protection Layer. From the message log, you can see the status of all spooled emails, and whether mail has been re-delivered.
Cloud Protection Layer
The Barracuda Security Suite is integrated with a cloud-based service that pre-filters email before delivery to the on-site Barracuda Spam Firewall. The Cloud Protection Layer is continuously updated with definitions in real time with updates from Barracuda Central. The elasticity of Barracuda’s global cloud infrastructure provides the flexibility to handle email surges during specific periods of the day and during Denial of Service attacks.
The Cloud Protection Layer ensures that an organization’s email security infrastructure scales with the increasing growth in email volume and attachment sizes, as well as the growth of companies. By leveraging the bandwidth and computing power of the CPL, organizations can easily scale their email security solution.
The Barracuda Security Suite offers a number of encryption features. It is fully integrated with a cloud-based email encryption service for outbound email. Email that matches policy or is marked for encryption via the Barracuda Outlook Add-in is securely sent via TLS to the Barracuda Message Center.
The Barracuda Message Center uses AES with 256-bit keys to encrypt email. To encrypt email traffic between sites over the Internet, the Barracuda Security Suite Message Transport Agent supports SMTP over TLS. This can be used between other email servers that support SMTP over TLS.
Outbound filtering prevents organizations from being put on spam block lists and prevents sensitive data in email from leaving the organization. Employees can inadvertently cause internal systems to become a source for botnet spam. Using a subset of its defense layers, the Barracuda Security Suite’s outbound filtering stops outbound spam and viruses. It also lets administrators enforce content policies for data loss prevention (DLP) and meet other content standards in outgoing email. Predefined filters and custom policies can be used to detect sensitive data and block or encrypt email.
|Users||100 - 300|
|Active Web TCP Connections||2,000 - 5,000|
|Firewall Throughput||1,500 Mbps|
|Form Factor||1U Rackmount Chassis|
|Copper Ethernet NICs||8 x Gbe Copper Ports|
|Dimensions (WxDxH; in)||16.8 x 15.9 x 1.7|
|Power Supply||Single, Internal|
|Web 2.0 Application Control|
|IPsec VPN (Client-to-Site)|
|IPsec VPN (Site-to-Site)|
|Outbound Email Filtering|
|Cloud Protection Layer|
|Advanced Policy Creation|
|Network Threat Protection|
|Centrally Manageable via Barracuda|
|Ethernet Bypass Hardware|
|MS Exchange/LDAP Accelerator|
|Per User Settings and Quarantine|
Barracuda Security Suite Ports and Internal Network
This diagram illustrates the virtual network in the Barracuda Security Suite interconnecting the web interface with the Barracuda virtual appliances. Ensure that the virtual appliance internal IP addresses do not conflict with other devices in your internal network. The diagram also illustrates how the physical ports are connected to the virtual appliances. Most of the ports are connected to just the Barracuda Firewall Vx. LAN4 is connected to the Barracuda Web Filter Vx. The MGMT port is connected to the Barracuda Security Suite web interface.
Barracuda Security Suite Deployment
- Connect the WAN1 portto a DHCP enabled switch or router connected to the Internet. The Barracuda Security Suite should automatically obtain the uplink WAN IP address.
- You can also statically assign WAN IP address from within the Barracuda Firewall Vx and bind the static WAN IP address to port WAN2.
- LAN1 handles traffic coming directly from the Barracuda Firewall Vx and carries any email traffic from the Barracuda Spam Firewall Vx destined for your email server. It also carries any general network traffic. LAN1 traffic bypasses the Barracuda Web Filter Vx.
- LAN4 handles traffic coming directly from the Barracuda Security Suite Web Filter. The filtered traffic is forwarded to web clients (http or https) on the internal network.
Download the Barracuda Security Suite Datasheet (.PDF)
- Pricing and product availability subject to change without notice.