Barracuda Web Security Service
Cloud-Based Web Content Filtering and Malware Protection
Sorry, this product is no longer available, please contact us for a replacement.
Barracuda Web Security Service Overview:
Barracuda's powerful Web Security Service provides a complete and affordable way to easily manage web security via a cloud-based, highly scalable solution. Built for maximum performance and cloud intelligence, the Barracuda Web Security Service lets you scale security to all offices or users easily and cost-effectively.
The Barracuda Advantage
- Increased security and reduced costs
- Direct-to-cloud access
- World class customer support
- Full SSL inspection
- Run in data centers throughout the world to reduce latency
- Real-time analytics
- Inspects every byte of traffic for comprehensive protection
- Policies by users, locations, and AD groups
The Barracuda Web Security Services provides an affordable and simplified way to protect your entire network.
Security Management with Ease
Cloud-based web security that gives you full defense in depth by protecting you from a broad range of threats including malicious URL requests, viruses, advanced persistent threats, adware, spyware, botnets, cross-site scripting and much more.
The Barracuda Web Security Service sits between your organization and the internet, protecting your business from cyber threats. It globally monitors and manages your network and user activity from a single management console.
Protect Distributed Locations and Remote Users Against Web-Borne Threats
As a cloud-based service, the Barracuda Web Security Service provides a convenient option to deploy Barracuda's powerful web security technology for organizations looking to leverage the scalability and flexibility of the cloud. Ideal for safeguarding users on and off the network, the solution unites award-winning spyware, malware, and virus protection with a powerful policy and reporting engine.
Barracuda Web Security Service architecture:
Cloud-based protection that safeguards your network from malicious activity while also allowing customizable access to areas of the web that are critical to business agility.
Comprehensive Web Filtering Made Easy
Today's connected business needs a fast, easy way to employ robust web security and policy enforcement. The Barracuda Web Security Service leverages the elasticity of the cloud to ensure quick, easy deployment, seamless scalability, and reliable security. Users are protected everywhere they use the web – from their company desktop computers to their off-network mobile devices.
Spyware and Virus Protection
The Barracuda Web Security Service uses a continually updated database to identify and block access to sites known to host spyware and viruses. It also detects installed spyware trying to access the Internet. Upon discovery, it blocks the spyware activity and notifies the administrator. By using dual-layer virus blocking, decompressing archives, and blocking file types, the antivirus engine in the Barracuda Web Filter protects the network from aggressive viruses.
All Barracuda products are supported by Barracuda Central, a 24x7 advanced security operations center that works continuously to monitor and block the latest Internet threats. Barracuda Central collects data from more than 150,000 collection points worldwide and analyzes it to develop defenses, rules, and signatures. As new threats emerge, Barracuda Central is quick to respond to early outbreaks and delivers the latest definitions through Barracuda Energize Updates. These updates require zero administration and ensure that the Barracuda Web Security Service provides comprehensive and accurate protection against the latest Internet threats.
In addition to standard port/protocol-based policies, the Barracuda Web Security Service uses real-time deep packet inspection technology to analyze protocols independent of their port of destination servers. By integrating Layer 7 protocol analysis with policy controls, the Barracuda Web Filter enables complete control over application usage.
The Barracuda Web Security Service provides flexible controls for pinpoint regulation of online activity. Administrators can create policies that control user access to 99.7 percent of commonly visited websites using 95 content categories including pornography, violence, hacking, sports, news, dating, shopping, chat, and more. Content filtering policies can be customized to restrict specific websites or look for patterns in web addresses.
The Barracuda Web Security Service’s image/multimedia safe search feature prevents search engines such as Google, Yahoo, and MSN from displaying objectionable thumbnail images in search results. Administrators can also create policies that control web file downloads based on their file types.
YouTube for Schools
YouTube for Schools is an invaluable resource for educators, serving as a portal to a wide array of high-quality educational videos. The Barracuda Web Security Service makes it easy and safe to use this resource, by automatically redirecting all YouTube requests to the YouTube for Schools portal.
Intuitive Dashboard Views
The Barracuda Web Security Service provides an intuitive dashboard interface for quick understanding of the threats and activities of users on the network that features top spyware and malware threats, application requests, and user activity.
In addition to its powerful web filtering and malware protection capabilities, the Barracuda Web Security Service allows administrators to generate reports on user and network activity as well as the latest security threats.
The Barracuda Web Security Agent
The Barracuda Web Security Agent (WSA) is a tamper-proof client that can be installed on remote, off-network laptops or desktops to help implement a consistent web security policy across localized and distributed workforces. The Barracuda WSA supports both Windows and Mac OS X devices.
The Barracuda Safe Browser
The Barracuda Safe Browser is a full-featured web browser that enforces compliance with the policies configured. The Barracuda Safe Browser is currently available for iOS-based devices.
Cloud-Based Centralized Management
The Barracuda Web Security Service is integrated with the Barracuda Cloud Control (BCC) web-based management portal, which leverages Barracuda’s global cloud infrastructure to enable organizations to centrally manage all their devices through a “single pane of glass” interface. Administrators have a global view of all their devices, as well as the ability to centrally manage policies and configuration. The intuitive interface makes it easy for small and medium-sized organizations to implement and manage the firewalls with minimal IT overhead.
Easy-to-Use Policy Configuration
As a cloud-based service with an intuitive web interface, organizations are able to set configuration and administration rules in a matter of minutes. The intuitive web interface puts system information, logs, powerful policy features, and reports a few clicks away. Reporting requires no database administration.
|Inline Anti-Virus and Anti-Spyware|
|Signature-based anti-malware protection for any file size|
|Full inbound/outbound file inspection with near-zero latency|
|True file type by users, groups, and destinations|
|Web Access Control|
|Ensure outdated versions of browsers are forced to upgrade|
|Ensure known browser vulnerabilities are patched|
|Mobile Applications and Devices|
|Granular reporting of mobile applications and device types||-|
|Security policy for mobile applications||-|
|Cloud Application Controls|
|Granular application controls (i.e., allow viewing/block uploads)|
|Streaming media - YouTube, Hulu, Google video, etc.|
|Social networking and blogs - Facebook, Twitter, Orkut, etc.|
|Webmail and Web IM - Gmail, Yahoo mail, Hotmail, etc.|
|Collaboration, business applications|
|Advanced Threat Detection|
|*See other table for ATP features.|
|SSL inspection of any content with 2048 bit certificate support|
|Granular policy for exclusion of content to be inspected|
|*Advanced Threat Detection (ATP) Features||Basic||Advanced|
|Botnet protection (C2 servers)|
|Botnet protection (C2 traffic)||-|
|Cross-site scripting (XSS) protection (cookie stealing; potentially malicious requests)||-|
|Fraud protection - known phishing sites||-|
|Fraud protection - suspected phishing sites|
|Fraud protection - spyware callback||-|
|Fraud protection - web spam||-|
|Malicious active content protection - browser exploits||-|
|Malicious active content protection (malicious content and sites, vulnerable ActiveX controls, file format vulnerabilities, blocked malicious URLs)||-|
|P2P file sharing protection (BitTorrent)|
|P2P anonymizer protection (Tor)|
|P2P VoIP protection (Google Talk, Skype)||-|
|Suspicious content protection (PageRiskTM)||-|
|Suspicious destinations protection (blocked countries)||-|
|Unauthorized communication protection (IRC tunneling)||-|
|Unauthorized communication protection (SSH tunneling)||-|
|Unauthorized communication protection (Anonymizers)|
Barracuda Web Security Service Technology
Barracuda Web Security Service is a cloud solution that protects organizations against web-based malware, filters web content and provides visibility about web activity through features for monitoring and reporting. It provides these capabilities through a cloud platform that was purpose-engineered for web security and policy enforcement in highly distributed network environments. Barracuda Web Security Service enforces Internet usage policies by blocking access to undesirable web content and Internet applications while protecting networks against spyware downloads, spyware websites and viruses. By leveraging the cloud, Barracuda Web Security Service provides central management of security and policies for all users regardless of their locations on and off the network including remote locations and mobile users. Barracuda Web Security Service gives administrators clear visibility into web use and security issues then gives them the powerful policy enforcement tools needed to isolate users from Internet threats, conserve network bandwidth and filter web content for compliance and productivity. With award-winning features and a simple pricing model, Barracuda Web Security Service is the easy, affordable way for organizations to provide uniform web security to all users and locations.
Primarily a cloud service, Barracuda Web Security Service offers a variety of deployment options to perfectly customize web filtering to any network environment. Web traffic can be forwarded directly to the cloud proxy with minimal configuration. Remote users can be filtered using software agents and the new Barracuda Safe Browser app for iPhones and iPads that transparently redirect web traffic to the cloud proxy. Gateway appliances can be optionally deployed to complement the cloud service by providing advanced application control, caching and granular identity management. Barracuda Web Security Service can be deployed using combinations of the cloud service, apps, and gateways with administrators managing all deployment options through a unified management portal in the cloud.
Centralized Management and Reporting
Barracuda Web Security Service's intuitive cloud portal provides centralized control over all aspects of the service. From the portal, administrators can configure web access policies, monitor web use and generate aggregated reports across any number of sites and users. All deployment options are managed through the portal as well. For more granular control, administration can be delegated to users with specific roles (like report generation and policy management) and assigned control over specific users and groups. The cloud-based management framework makes it easy to implement a uniform web security policy in highly distributed environments.
|Real-Time Threat Protection:
Barracuda Web Security Service provides several ways to create and enforce granular policies for specific users and groups. Administrators can automatically upload user and group information from their directory servers using the Barracuda Directory Synch Tool or import user data in LDIF files. Domain and remote users can be transparently identified when enforcing policies. Barracuda Web Security Gateways transparently authenticate domain users by integrating with authentication servers on the network. Barracuda Web Security Service gateway appliances integrate with popular LDAP directory servers including Microsoft Active Directory, Novell eDirectory and IBM Lotus Domino Directory. Gateways also support NTLM and Kerberos schemes to authenticate users with their Microsoft Windows credentials. This is particularly useful in terminal services, Network Address Translation (NAT) and other thin client environments such as Citrix where multiple client computers share a single IP address. Also, the Barracuda Web Security Agent and the Barracuda Safe Browser app forward user credentials when redirecting traffic from remote computers to the cloud service. This enforces the same policies whether users are on or off the network.
|Remote and Mobile User Filtering:
Barracuda Web Security Service extends protection to remote and mobile users through the Barracuda Web Security Agent (WSA), a downloadable client installed on off-network Windows and Mac computers. With the WSA installed, web traffic from off-network client computers is transparently filtered through the Barracuda Web Security Service. Web browsing policies applied to users on the network are also enforced on off-network users. In addition to forwarding web traffic, the WSA also provides local control over applications. The WSA can be centrally configured through the cloud portal. It is tamper-proof once installed on client computers. For iPhones and iPads, users can download the Barracuda Safe Browser app. It is a full-featured mobile browser. It enforces policies for user access to web content while providing a secure Internet browsing environment.
Recreational web browsing can degrade employee productivity and expose the network to malware. Barracuda Web Security Service lets administrators regulate access to websites using 95 content categories. Administrators can block, accept, warn or log access to domains based on an organization's policies. Barracuda Web Security Service can use the "safe search" filtering features built into image search engines and automatically rewrite URLs for image searches to restrict objectionable content. Barracuda Web Security Service also regulates access to over 50 web applications such as communication and instant messaging clients, P2P and file-sharing software and streaming media. This control lets organizations boost user productivity, optimize use of bandwidth, secure the network and block exposure to inappropriate content.
Option For On-Premises Protection:
Barracuda Web Security Service sets the standard for deployment flexibility. Besides the cloud service and agents, it offers the Barracuda Web Security Gateway appliance as an option for on-premises web security. This appliance integrates with network directory services. It also locally caches web content to save bandwidth and provide advanced layer 7 application control. The gateway can provide local security and policy enforcement or forward traffic to the cloud proxy. Administrators manage and configure these gateway appliances through the same central cloud portal as the cloud service and the agents. Gateways can be deployed with the cloud service, safe browser apps and software agents for true hybrid web security.
Transparent User Authentication:
Barracuda Web Security Service provides several ways to create and enforce granular policies for specific users and groups. Administrators can automatically upload user and group information from their directory servers using the Barracuda Directory Synch Tool or import user data in LDIF files. Domain and remote users can be transparently identified when enforcing policies. Barracuda Web Security Gateways transparently authenticate domain users by integrating with authentication servers on the network. Barracuda Web Security Service gateway appliances integrate with popular LDAP directory servers including Microsoft Active Directory, Novell eDirectory and IBM Lotus Domino Directory. Gateways also support NTLM and Kerberos schemes to authenticate users with their Microsoft Windows credentials. This is particularly useful in terminal services, Network Address Translation (NAT) and other thin client environments such as Citrix where multiple client computers share a single IP address. Also, the Barracuda Web Security Agent forwards user credentials when redirecting traffic from remote computers to the cloud service. This enforces the same policies whether users are on or off the network.
Barracuda Web Security Service has a powerful policy engine that supports creating granular rules that can be applied to users, groups and IP address ranges. The policy engine's URL categories can be combined with allow lists (whitelists) and block lists (blacklists) to regulate access to websites. Administrators can fine tune access policies by creating complex rules to regulate upload and download of specific content types or file extensions on websites. For example, an administrator can let users access social networking sites, but restrict content uploads. In addition, thresholds for web use can be set based on time factors, connections and bandwidth. Administrators have full control over the rules' order of execution. Administrators can also individualize the user experience with custom blockpage messages, email alerts and override passwords.
Barracuda Web Security Service provides cloud-based monitoring and reporting for clear visibility into web and threat activity. An interactive dashboard in the cloud UI provides a high-level overview of web use and security across any number of locations and users protected by the service. From the dashboard, administrators can quickly drill down to detailed real-time forensic information about the web activity of specific users. In addition to real-time visibility, Barracuda Web Security Service provides over 50 different reports on all aspects of web use including user activity, time spent, bandwidth and security. Reports can be viewed ad-hoc or scheduled for recurring automatic email delivery. By storing all report and log data securely in the cloud, Barracuda Web Security Service makes it fast and easy to view Internet use aggregated across locations and remote users without any added software or hardware or performing any database administration.
Barracuda Web Security Service filters content in SSL traffic without decrypting it and exposing it to security risks. HTTPS traffic directly proxied to the service is filtered using information in the web request. Alternately, the Barracuda Web Security Gateway monitors Domain Name System (DNS) traffic generated by HTTPS requests and stores an internal database mapping IP addresses to domain names. Using this database, the gateway can apply policies based on the IP address without decrypting the traffic to identify domain names.
Barracuda Web Security Service is purpose built as a true SaaS solution on a global, multi-tenant platform that delivers high-performance, high-availability services to users.
1. High AvailabilityWith processing centers on six continents, Barracuda Web Security Service handles billions of web requests every month from customers in more than 50 countries. Barracuda Web Security Service's network infrastructure has redundant, high-speed connections to major Internet backbones for unmatched reliability. The platform includes intelligent route-optimization technology that dynamically identifies the best paths for web traffic. The Barracuda network operations center continuously monitors traffic to and from our data centers as well as the data flow within the data centers. Barracuda Web Security Service's data centers are SAS 70 compliant facilities designed for redundancy, fast disaster recovery and the highest throughputs available.
2. Low LatencyBarracuda Web Security Service's massively scalable, multi-tenant service infrastructure ensures users don't experience delays while web browsing. A blend of traffic processing centers and processing nodes around the world ensure the fastest, most reliable performance in the industry. The processing nodes provide proxies and security scanning while traffic processing centers separately handle reporting and archival logs ensuring high-speed throughput. When users connect to Barracuda Web Security Service, the globally load-balanced architecture automatically routes them to the fastest processing node based on distance and network latency.
3. Data SecurityIn addition to high availability and low latency, the Barracuda Web Security Service cloud infrastructure provides the highest level of privacy and security. Network and application security is seamlessly integrated into the platform architecture and software. All server-to-server data communications are encrypted with industry standard technologies including secure HTTP and SSL. Data communications between the service and end users can also be SSL protected using certificates signed by industry standard root authorities. The data centers are secured by robust 24x7 physical security.
Frequently Asked Questions:
What are the differences between the Basic and the Advanced suite?
The primary difference between the basic and the advanced suites are the Advanced Threat Detection features available. The basic package offers protection from Botnets - Block known botnet server only, fraud protection - Known phishing sites, P2P file sharing (BitTorrent) and P2P anonymizer protection (Tor) and unauthorized communication protection - anonymizer. These are also called as "Reputation based threat detection." This sets the basic package at par with other security offerings in the marketplace that offer similar features in their starter package. The features in the advanced package offer much more functionality are absolutely needed to protect from suspicious phishing sites, web spam and unauthorized communication protection from IRC and SSH tunneling.
Why cloud-based internet security?
By providing a cloud based security solution you can reduce the cost, complexity, and overhead associated with multiple layers of on premise security equipment. Moreover, a cloud based solution can offer you system wide powerful and real time system reporting. This allows you to scale quickly and efficiently to account for unpredictable surges in customer demand.
Why is scalability so important now?
The ability to scale has always been important, but scaling with agility was always challenging with a strictly hardware based solution. Our customers are dispersed across the world and they want the same seamless experience in whichever office environment they’re working in on any given day of the week. With a network of datacenters all across the world we provide that solution and help to allay any concerns around performance latency. Moreover with a cloud based solution consistent system wide updates can happen in an instant further protecting customers from the latest malicious threats to their environment.
Why should I consider the advanced package?
The basic package offers a very basic set of Advanced Threat Detection functionality. Cyber-attacks are getting more sophisticated. In order to detect and deter these threats you need to use a wider range of sophisticated tools. Features like botnet — C2 control traffic, vulnerable active X controls, cross-site scripting, cookie stealing, browser exploits, suspicious content and destination protection, are absolutely needed for enhanced protection.
Can I see a demo of this service?
Please contact your Barracuda sales representative to schedule a demo.
What happens to the classic Barracuda Web Security Service?
We will continue to support existing customers and offer renewals to them. However, we suggest that even existing customers evaluate the new richer features of our new WSS offering.
The new service offering provides enhanced reporting capabilities and full visibility to HTTPS (SSL) sites. It's a cloud based web content security engine that's purpose built for highly distributed and dispersed network environments. The service and can be centrally managed for all users.
How many users does the license support?
We offer licenses that support from 50–2500 end users and offer two types of licenses, Basic and Advanced. We do offer the ability to purchase more than 2500 end user licenses for educational facilities. Please contact Barracuda sales for details.
Is there an evaluation period for the Web Security Service?
Yes, there is a 30-day trial evaluation period. Please contact Barracuda sales for details.
Does the new Web Security Service employ Barracuda agents on the end user devices?
No this is an agent-less offering.
Where are the cloud data centers located?
There are approx. 100 worldwide data centers supporting this solution.
How does this type of protection fit into a comprehensive security strategy?
This is available as a standalone service or in conjunction with our NGF (hybrid model). We have the option to deploy gateway appliance and use the cloud either as policy orchestration layer or enforcement as well, but for the most part, what we've seen in our customer base ... I think we're going to see two types of customers.
Some customers will opt for the pure standalone cloud based web solution, which is pretty straight forward deployment. But we'll also have customers who operate in a distributed environment with a large number of locations. In these instances it makes sense to offload some of the more compute intense operations like URL filtering and reporting and malware scanning to the cloud.
We're going to see one type of customer that just wants a stand alone cloud based web solution, and that's pretty straight forward. I think the other type of customer is around next generation firewalls. Because, and G firewalls when they are deployed in the distributed environment we have large number of sights, large number of locations, it makes sense to offload some of the more computer intensive operations like URL filtering and reporting and malware scanning off the cloud.
Our next generation firewalls are a perfect solution for distributed enterprises and for hybrid deployments. It makes sense that we also have a solution for cloud based URL filter and reporting and web content filtering in general that can scale to distributor hybrid environments. A firewall is always recommended to implement a robust defense in depth strategy.
Is there an upgrade/migration path for existing customers?
Existing customers who wish to upgrade to the new service need to be re-provisioned on the new service.
Download the Barracuda Web Security Service Datasheet (.PDF)
Download the Barracuda Web Security Service Technology Datasheet (.PDF)