Barracuda Application Protection Reviews

Barracuda Application Protection is used primarily to protect public-facing web applications from common threats such as SQL injection, cross-site scripting, bot traffic, and malicious requests. Day-to-day, it serves as a web application firewall and application security layer to monitor inbound traffic, block suspicious activity, manage security policies, and maintain availability for business-critical applications. It also helps with SSL management and visibility into application-layer attacks.

The best features of Barracuda Application Protection are its web application firewall protection, API security, bot mitigation, DDoS protection, and centralized visibility. The platform highlights protection against OWASP Top 10 threats, API discovery security, machine learning-based bot defense, and detailed analytics dashboards. What stands out most is the ease of managing security policies while still getting strong protection for public-facing applications. It does a good job of blocking threats such as SQL injection, cross-site scripting, and suspicious automated traffic without creating too much administrative overhead.

Another valuable feature is the visibility; the dashboards and logs make it easier for our team to understand attack trends, traffic behavior, and policy actions, which helps during investigations and tuning. The flexibility is also appreciated as it works well for cloud, hybrid, and modern API-driven environments, so it adapts nicely as applications grow. Overall, it combines security and usability in a practical way.

One additional feature that stands out is the balance between strong security and ease of use. Barracuda Application Protection offers advanced protection, but the management experience is still straightforward compared to some more complex platforms. The flexibility for hybrid and cloud environments is also appreciated. As applications move or scale, it is easier to maintain consistent protection. SSL offloading and performance optimization features also help improve user experience while keeping security controls in place.

One area where Barracuda Application Protection could be improved is reporting customization. The dashboards are useful, but more flexible executive-level and technical reporting options would help different teams. Another area is policy tuning for complex applications. While the platform is strong overall, some advanced environments need extra fine-tuning to reduce false positives or adapt custom rules. Deeper integrations with third-party CM and DevSecOps workflows would streamline operations further. Overall, it is a solid platform, but more customization and smoother advanced tuning would make it even better.

A simpler onboarding experience for new administrators would be beneficial. The platform has many strong features, but teams without deep WAF experience may need time to become fully comfortable with advanced settings. More AI-driven recommendations for rule tuning, anomaly prioritization, and false positive reduction would help smaller teams operate more efficiently. Another area is pricing flexibility for growing organizations or mid-sized businesses. Overall, the product is strong, but easier management and smarter automation would make it even more attractive.

Barracuda Application Protection has been in use for around two years, mainly to protect internet-facing applications and improve web security.

Barracuda Application Protection has been stable and reliable in our experience. There have been no major downtime incidents related to the platform itself. Day-to-day operations such as traffic inspection, policy enforcement, and logging have been consistent. Barracuda also promotes high-availability features such as load balancing, server health monitoring, and global deployment options, which align with what we have seen in practice. Like any security platform, occasional tuning or maintenance is required, but overall, reliability has been good. Stability is considered one of its strengths.

Barracuda Application Protection has scaled well as our environment and application traffic grew. The platform supports cloud, on-premises, hybrid, containerized deployments, load balancing, CDN capabilities, and multi-environment protection, which helps when applications expand. From a practical standpoint, adding new applications and increasing traffic volumes has been manageable without major redesign. Additional services were able to be onboarded while keeping consistent security policies. It has also handled seasonal traffic spikes and new deployments smoothly. Scalability is considered one of its strengths, especially for organizations expecting growth or managing multiple web applications.

The experience with customer support for Barracuda Application Protection has been generally positive. Support has been reached mainly for configuration guidance, policy tuning, and a few urgent troubleshooting cases. The support team was responsive and technically knowledgeable, especially when handling application security or traffic-related issues. Barracuda provides support through phone, live chat, email, and a customer portal, with 24/7 coverage options depending on the support plan. For high-priority issues, response times were good, and communication was clear. For standard requests, turnaround can vary based on severity, but overall the experience has been dependable. Support is considered one of the stronger parts of the platform.

Before Barracuda Application Protection, the primary reliance was on native firewall rules, reverse proxy protections, and some basic cloud security controls. Those worked for general traffic filtering, but they lacked deep web application protection, centralized visibility, and easier management for modern applications. The transition to Barracuda was made to gain stronger WAF capabilities, better bot and application-layer threat protection, and a more centralized platform for managing multiple internet-facing services.

ROI has been observed mainly through time saved and reduced incident handling effort. After deploying Barracuda Application Protection, routine web attack traffic is blocked automatically, so our team spends less time on repetitive investigations. Web-related alert triage time has reduced by around 40%, and some investigations that earlier took 30 minutes now take closer to 10 to 15 minutes. It also helped avoid potential downtime during suspicious traffic spikes, which has clear business value.

The experience with pricing and licensing for Barracuda Application Protection has been generally positive. It is not the cheapest option, but it offers good value when considering the combined security features such as WAF, bot protection, DDoS defense, and centralized management. Barracuda offers subscription-based models and cloud options, depending on deployment needs. Setup cost was reasonable because deployment was fairly straightforward compared to some heavier enterprise platforms. Pre-built templates and onboarding tools helped reduce implementation time. Licensing should be planned carefully based on the number of applications, traffic volume, and required add-on protections. Proper sizing of the environment before purchase is important to ensure value. Overall, for organizations protecting public-facing applications, the cost has been justified by reduced risk and easier operations.

Before choosing Barracuda Application Protection, several other options were evaluated, such as Cloudflare Application Services, Imperva Application Security platform, AWS WAF, and Microsoft Azure Application Gateway WAF. These are commonly considered alternatives in the WAF and WAAP space. Barracuda Application Protection was selected because it offered a good balance of strong protection, easier administration, flexible deployment options, and practical value for our environment. Some alternatives were stronger in very large enterprise scenarios, but Barracuda Application Protection was a better fit for our operational needs and team size.

A specific example of how Barracuda Application Protection helped stop a real threat occurred when one of our public web portals started receiving a sudden spike of suspicious requests targeting login and search fields. The traffic pattern suggested automated probing and possible SQL injection attempts. Barracuda Application Protection identified the abnormal request behavior, blocked the malicious patterns through its WAF policies, and rate-limited the offending sources. Because of that protection, the application remained available, and there was no impact on legitimate users. Without that protection layer, the attack could have caused performance issues or exposed vulnerabilities in the application. It was a good example of how proactive application-layer security helps in real-time.

In addition to threat protection, Barracuda Application Protection is used to improve application availability and simplify security management for multiple web services. It provides centralized visibility into traffic, attack trends, and policy changes. It is also used during new application deployments, where having a ready security layer helps publish services faster while still maintaining protection standards. This supports both security and operational efficiency.

The dashboards and analytics are used regularly, usually daily for monitoring and weekly for trend reviews. For our SEC and application teams, they are useful for quickly checking spikes in blocked traffic, unusual request patterns, bot activity, and policy triggers. The analytics have definitely helped catch issues that might have been missed otherwise. One example was a gradual increase in automated requests targeting a login page. It was not large enough to trigger a major outage alert, but the dashboard trends showed abnormal behavior over time. That allowed for early investigation, tightening of controls, and blocking the activity before it became a larger brute-force issue. The analytics are also helpful for tuning rules and reducing false positives because it is possible to see exactly what was blocked, allowed, or changed. Barracuda Application Protection provides detailed traffic visibility, real-time logs, and reporting that support this kind of operational monitoring.

Barracuda Application Protection has a positive impact by improving the security and availability of our public-facing applications. It has helped reduce exposure to common web attacks, such as injection attempts, bot traffic, and suspicious requests, which gives more confidence when publishing internet-facing services. Operationally, it has also reduced manual effort because many protections are automated through policies and real-time blocking. Our teams spend less time reacting to routine web threats and more time on improvements. Another positive impact is better visibility; there is now clearer insight into traffic behavior and attack trends, which helps during investigations and planning. Overall, it has strengthened our application security posture while supporting smoother business operations.

Initial advice would be to first understand which applications are most critical and exposed to the internet. Then align Barracuda Application Protection policies around those priorities. Time should be spent on initial tuning and testing, especially for custom applications, so a balance between strong protection and minimal false positives is achieved. For those running hybrid or growing environments, planning centrally from the start is important so policy management stays simple as you scale. Overall, it is a strong option for organizations that want practical web application security without excessive operational overhead.

Barracuda Application Protection has been a solid and dependable solution for protecting public-facing applications. It gives a good balance of security, visibility, and ease of management. For organizations that need practical web application protection without excessive complexity, it is definitely worth evaluating. Overall, Barracuda Application Protection is rated an eight out of ten. It provides strong web application security, good visibility, and reliable protection for internet-facing services, though there is still room for improvement in advanced customization, onboarding simplicity, and reporting flexibility.

Barracuda Application Protection specifically helps with securing our mobile apps and remote users by providing full-spectrum security DOD-level protection, which is a big help for us for the security of our data. Implementing Barracuda Application Protection has had a measurable and strategic impact on our overall business objectives. Within the first six to seven months of deployment, I saw a 60% reduction in security incidents, incidents affecting the web application which directly translated into fewer service interruptions and less time spent on incident response.

Overall, Barracuda Application Protection has made it so easy to manage all our applications.

The best features Barracuda Application Protection offers include ease of setup on a firewall for security for VPN users, and configuration is easy to do and use for our security team with its features and pictures of instruction. Additionally, ease of deployment, less costly, easy to manage application, scalability is good, and security features are strong. It contains a lot of granularity, especially with URL profiles, protection, and JSON security.

Granular controls and JSON security have helped our team by providing a secure gateway to protect application integrity as well as the data going from our organization to the users remotely, as well as the ones in the offices.

I would also add that it has been good in lessening threats from the outside, and being able to set as many rules as needed is a big plus for us.

I do not have much to say about the improvement, but a more innovative solution for sniffing more on the network would be great, and having the advanced ability to close off ports when they could be getting tested from hackers for intrusion would be helpful.

I would also add that the user interface should be improved to be more user-friendly and customizable.

Previously, I was using Cloudflare.

I decided to switch from Cloudflare to Barracuda Application Protection because it is very easy to use, the cost is very cost-effective, it has simplicity to configure and deploy in my current environment, and it has automated standard policies, which is easy to maintain.

I have seen a return on investment; it lessens threats from the outside. Ease of use for our security team to be able to use templates and configure to our specs, combined with its high-level security protection features such as DOD-level protection, shows its readiness to secure our data and network lines, which is brilliant.

My advice to others looking into using Barracuda Application Protection is that it is simple, very simple, cost-effective, easy to set up and use, and easy to configure and deploy in any environment. It lessens threats from outside or from within.

I have additional thoughts about Barracuda Application Protection; it is a good tool for providing threat protection, especially for our email that comes in from the outside. Capturing potential spam and malware from emails from outside our network has been good, keeping us alert for anything coming in from the outside that could compromise our network.

I rate this product a 9 out of 10.

My main use case for Barracuda Application Protection is that it is a very exceptional piece of security in a virtual and remote world. It provides full-spectrum security DOD-level protection, which is a big help for us for the security of our data. It also provides ease of setup on the firewall for security for all our VPN users. Additionally, configuration is easy to do and use for our security team, which benefits from its features and instructional pictures.

The best features that Barracuda Application Protection offers are DOD-level protection and its readiness to secure our data and network lines. Built-in templates are easy to use and good to customize to make them work how we do things. Overall, it keeps us alert for anything coming in from the outside that could compromise our network.

Barracuda Application Protection has positively impacted my organization by lessening threats from outside. The ease of use for our security team to be able to use templates and configure to our own specs has also been a benefit. Being able to set as many rules as you like is also a big advantage to our side.

Barracuda Application Protection could be improved with a more user-friendly interface to enable all types of people to be able to use it, especially the less technical users. More support categories should be integrated.

I have been using Barracuda Application Protection for three years.

I find Barracuda Application Protection to be very stable.

Barracuda Application Protection is very scalable. It grows with our needs in my organization.

The customer support for Barracuda Application Protection has been very responsive and helpful in resolving all our issues on time. My user experience with them has been great and phenomenal.

I previously used the Palo Alto Networks Next-Generation Firewalls PA-Series before switching to Barracuda Application Protection.

I have seen a return on investment from Barracuda Application Protection. Implementing it has had a measurable and strategic impact on our overall business objective. Within the first six months of deployment, we have seen a 60% reduction in security incidents affecting the web application, which directly translated into fewer service interruptions and less time spent on incident response.

My experience with the pricing, setup cost, and licensing is that the setup was straightforward and easy with no hassle. The cost is relevant, pocket-friendly, and cost-effective.

Before choosing Barracuda Application Protection, I evaluated other options like HP and Juniper Access Points.

My advice to others looking into using Barracuda Application Protection is that it is a great tool to have in your organization to prevent attacks from outside. It is a great tool that helps in bot identification and protecting all our applications in any organization. It is also cost-effective to provide zero-day vulnerabilities.

Barracuda Application Protection is the next-generation tool to protect all our organization apps and is very cost-effective.

I found this interview to be straightforward, very easy, and overall, great. I would rate this review a 9.

My main use case of Barracuda Application Protection has been around securing internet-facing web applications and APIs, especially from common web attacks, bot traffic, and API-based threats. In my role, I mainly worked on evaluating it from a solution perspective rather than full-scale deployment. We looked at how it can protect applications against the OWASP Top 10 vulnerabilities, handle bot mitigation, and provide visibility into API traffic, which is becoming a major attack surface now. During the evaluation, we focused on how it fits into a typical enterprise environment, for example, protecting customer-facing applications such as login portals, payment gateways, and APIs. We also checked how easy it is to deploy in different models like SaaS or virtual appliance and how it integrates with existing security tools. Another key area we looked at was policy tuning and false positive handling, because in real environments, business traffic should not be impacted. So we analyzed the logging, reporting, and how effectively it identifies malicious versus legitimate traffic. Overall, the use case was to understand how Barracuda Application Protection can act as a centralized web application and API protection layer, especially for organizations looking for a combined WAF plus API security plus bot protection solution.

During our evaluation, Barracuda Application Protection had a positive impact mainly in terms of improved visibility and better handling of automated attack traffic. One of the key improvements we noticed was identifying and controlling bot-driven traffic, especially on sensitive endpoints like login pages. It helped reduce repeated suspicious requests and gave better control over credential stuffing scenarios through rate-limiting and bot detection. Another positive impact was around centralized visibility. Barracuda Application Protection provided clear insights into incoming traffic, attack patterns, and policy actions, which made it easier to understand what kind of threats applications are exposed to. This is very useful for both security monitoring and decision-making.

We also saw improvement in application-layer security coverage, as it was able to effectively detect and block common OWASP attacks during testing, which increases the overall confidence in protecting public-facing applications. From an operational perspective, Barracuda Application Protection simplified management by combining WAF, API protection, and bot mitigation in one place, reducing the need to handle multiple tools separately. Overall, the main outcomes were better threat visibility, improved protection against automated attacks, and a more streamlined security approach for web applications and APIs.

One of the best features of Barracuda Application Protection is its comprehensive security coverage across web applications and APIs in a single platform. Instead of just acting as a traditional WAF, it combines multiple layers of protection, which is very useful in modern environments. First, its WAF capabilities for OWASP Top 10 protection are very strong. It can effectively detect and block common attacks such as SQL injection, cross-site scripting, and other application-layer threats, which are critical for protecting public-facing applications. Another key feature is API security, which is becoming increasingly important. Barracuda Application Protection provides visibility into API traffic, helps identify abnormal behavior, shadow APIs, and misuse, which traditional WAFs struggle with.

Both the bot protection and rate-limiting capabilities are also very valuable, especially for protecting login portals and preventing automated attacks such as credential stuffing and scraping. It helps differentiate between legitimate users and malicious bots based on behavior analysis. Additionally, DDoS protection at the application layer is well-integrated, which helps in handling traffic spikes and ensuring application availability. From an operational perspective, logging, reporting, and visibility are strong points. Barracuda Application Protection provides clear insights into traffic patterns, attack types, and policy actions, which makes troubleshooting and tuning much easier. Lastly, the flexible deployment options such as SaaS, container-based, and virtual appliance make it adaptable to different enterprise environments, whether on-premises or cloud.

One area where Barracuda Application Protection can improve is in policy tuning and ease of configuration, especially for complex application and API-heavy environments. During evaluation, the initial setup was straightforward, but fine-tuning policies to avoid false positives required a deeper understanding and manual effort. Another area is advanced analytics and reporting. While Barracuda Application Protection provides good visibility, having a more intuitive dashboard, deeper insights, and easier correlation of events would help security teams in faster decision-making and threat analysis. There is also some scope for improvement in API security visibility, especially around detailed discovery and classification of APIs, as this is becoming a critical area for modern applications. Additionally, documentation and guided workflows could be enhanced to help new users quickly understand best practices for deployment and tuning, particularly for teams that are not very experienced with WAF solutions. Overall, Barracuda Application Protection is strong from a security standpoint, but improvement in usability, analytics, and API-level visibility would make it even more effective and easier to operate.

One additional area for improvement would be around integration with other security tools. While Barracuda Application Protection does support integrations, having more seamless and out-of-the-box integration with SIEM or SOAR platforms would make it easier for organizations to automate workflows and correlate security events across multiple tools. Also from a support and onboarding perspective, enhancing guided support, best practice recommendations, and faster troubleshooting assistance would further improve the overall user experience, especially for teams during the initial deployment and tuning phase. These improvements would make the solution not only strong from a security standpoint but also more effective to operate in complex enterprise environments.

I have had a few months of exposure to Barracuda Application Protection, mainly during evaluation and comparison exercises as part of customer discussion and solution assessment.

An important aspect we observed during the evaluation was around integration and tuning challenges, which are quite common with any WAF solution. From an integration perspective, connecting Barracuda Application Protection into an existing environment was relatively straightforward, especially when placing it in front of the application as a reverse proxy. However, the real effort came during the tuning phase. Since login portals and APIs are very sensitive, even small false positives can impact real users. For example, during initial testing, some legitimate login requests were flagged due to strict security policies, especially when there are unusual parameters or headers. So we had to carefully analyze the logs and fine-tune the rules to ensure balance between security and user experience. Another challenge was handling dynamic or API-based traffic where request patterns change frequently. In such cases, proper understanding of application behavior was required before enabling stricter protection.

On the positive side, Barracuda Application Protection provided good visibility through logs and reporting, which helped in identifying why traffic was blocked and made the tuning process easier. Overall, while security capabilities were strong, a key learning was that proper tuning and understanding of application traffic is critical to get the best results without impacting business operations.

In our case, we evaluated Barracuda Application Protection primarily in a public cloud-oriented setup, as most of the applications we were assessing were internet-facing and hosted in cloud environments. However, one of the advantages we noticed is that Barracuda Application Protection supports flexible deployment models, including SaaS, virtual appliance, and container-based options. This makes it suitable not only for cloud but also for hybrid or on-premises environments, depending on the organization's architecture. From an evaluation perspective, the cloud-based deployment felt more straightforward and easier to integrate, especially for quick testing and scalability. At the same time, it is clear that the solution can adapt well to hybrid setups where some applications are still hosted on-premises.

For our evaluation, we used AWS as the cloud provider. Most of the applications we assessed were hosted in AWS, so it made sense to evaluate Barracuda Application Protection in that environment to see how well it integrates and performs in a typical cloud setup. For our evaluation, we primarily used a trial evaluation setup, so it was not a full purchase through the AWS Marketplace. The focus was more on testing the capabilities and integration within our AWS environment.

One additional improvement I noticed during the trial is around the initial onboarding and learning curve. While Barracuda Application Protection is feature-rich, new users may take some time to fully understand policy structure and best practices. More guided onboarding, templates, or pre-configured policies based on common use cases would help accelerate adoption. Another area is real-time alerting and notification. While Barracuda Application Protection provides good visibility through logs and dashboards, having more customizable and proactive alerting mechanisms would help security teams respond faster to critical events without constantly monitoring the dashboard. These are relatively small enhancements, but they would improve overall usability to make the solution more efficient for day-to-day operations.

My advice would be to clearly understand your application architecture and traffic patterns before implementing Barracuda Application Protection. This helps in getting the most value from the solution, especially when it comes to policy tuning and avoiding false positives. I would also recommend starting with a phased approach, initially deploying in monitoring mode, analyzing the traffic, and then gradually moving to blocking policies. This ensures that security is enforced without impacting legitimate users. Another important point is to focus on bot protection and API security as these are key risk areas today, especially for login portals and public-facing applications. Lastly, make sure to plan for integration with your existing security ecosystem such as SIEM or monitoring tools so that you get better visibility and centralized management. Overall, Barracuda Application Protection is a strong solution, but getting the best results depends on proper planning, tuning, and understanding your environment. I would rate this solution an overall eight out of ten.

My main use case for Barracuda Application Protection encompasses most of their capabilities. I have used it for APIs, protecting applications, and securing applications for these types of instances.

Barracuda Application Protection's best features are protecting APIs and defending against zero-day vulnerabilities.

Barracuda Application Protection has been effective at handling zero-day vulnerabilities for me, and it has caught specific threats. There were several times when Barracuda Application Protection triggered alerts, and I ensured that those threats were addressed before any vulnerability occurred.

Barracuda Application Protection has positively impacted my organization by reducing security impact and threat impact. It has helped me as an architect understand what the threat is, what the analysis shows, and it resolves immediately. That is a best use case scenario, and I would recommend this for everyone.

I believe Barracuda Application Protection could be significantly improved with better usability and integration with other tools.

Barracuda Application Protection's WAF serves as a primary defense, but I believe it can be improved. The response time is slow, and the WAF is something that adds more value to that aspect. I would also recommend improving API integration with the API layers and CDN networks, along with the response time of the application, as these need considerable improvement.

I have been using Barracuda Application Protection for more than a year and a half.

Barracuda Application Protection is stable in my organization.

I was not implementing a complete solution and was only deploying it on a few services. Because of that limited implementation, I did not implement a fully scalable application, which is why it was performing stable.

I previously tested between Qualys, Qualys scan, Aqua scan, and Barracuda. Each has its own pros and cons, but I feel that Qualys, Aqua Securities, and Barracuda are at the same level, and I think Barracuda is the winner.

Before choosing Barracuda Application Protection, I evaluated between Aqua scan and Barracuda, and Barracuda proved to be the winner.

I have not noticed a return on investment. I was testing this out, and I am not sure how much this constituted a return on investment.

My experience with pricing, setup cost, and licensing is that I feel it is a bit costlier, but the features that it provides are good. However, I am not the one making decisions on costing and limiting, as that is at the organizational level. I am satisfied, and even management shares the same concerns. We have other applications or open-source tools that are not as good as Barracuda, but we could manage with those, so I feel the pricing is too high.

I can share a specific outcome where Barracuda Application Protection was helpful. There was a use case where an e-commerce platform was under a credential attack where attackers were hammering endpoints with millions of requests using leaked credentials. Barracuda Application Protection triggered an alert for abnormal activity using machine learning and implemented rate-limiting and IP blocking based on reputation. It also prevented account takeovers by rate-limiting the number of user requests. That was an instance where I could see how helpful Barracuda Application Protection was.

The main advice I would give to others considering Barracuda Application Protection is that it stands out with its zero-day vulnerability protection, which is excellent. It performs very well with threat detection and finding anomalies, and it is effective at preventing DDoS attacks, which are common in the data centers of any organization. My only concerns are that it is not very user-friendly and the response time is slow. I would rate this product a seven out of ten.

My main use case for Barracuda Application Protection is that we put this in front of our web apps, normally in cloud and sometimes in on-premises to filter traffic.

A quick specific example of an application where I used Barracuda Application Protection in this way is that we had multiple use cases where we had websites such as e-commerce websites, healthcare websites, and financial websites. So we deployed Barracuda Application Protection in front of it in cloud, and it blocked a lot of DDoS protection and some credential stuffing, bots, SQL injections, and these kinds of things for us.

The best features Barracuda Application Protection offers are that it is easy to deploy. It has strong WAF rules. Bot protection is very good. Barracuda Application Protection has cloud and on-premises support, which is beneficial.

Out of those features, easy deployment stands out for me the most because when you deploy, you want to make sure you understand what you are doing. So I think easy deployment is one of the important factors and also the bot protection.

Barracuda Application Protection has positively impacted my organization by reducing the noise. It has saved our websites and applications because it sits in front of them. So that has been very beneficial.

I measured that impact by noticing fewer incidents, fewer downtimes, and better SLAs.

Barracuda Application Protection can be improved as it still has a lot of false positives in learning mode and complex tuning is needed sometimes. Their support can be slow in critical situations.

I would add that they need to work really hard on false positives because most of the time it blocks legitimate API calls and disturbs their own ruling and everything which I have to work on manually. For small businesses, there is no guideline available, so you have to work on your own.

I have been using Barracuda Application Protection for around three to four years now.

Barracuda Application Protection is stable.

Barracuda Application Protection's scalability is good.

The customer support for Barracuda Application Protection is not very good, but it is acceptable.

I have not used a different solution before.

My experience with pricing, setup cost, and licensing for Barracuda Application Protection is that it was normal. Pricing and setup cost are not that much. It is normal.

We have not evaluated other options before choosing Barracuda Application Protection.

My advice to others looking into using Barracuda Application Protection is that if they want something which is easy to set up, at the same time provides basic capabilities of bot protection and everything, it is a good solution as compared to AWS WAF. I would rate this product a 7.

My main use case for Barracuda Application Protection involves using seven-layer protections such as application protections, URL filtering, web filtering, traffic filtering, DDoS, and rate limit authentications, along with SSL certificate authentications. For web-based applications, we enabled only the URL filtering.

We recently set up high availability with Barracuda Application Protection by integrating two Barracuda products, a physical box, in an active-passive setup, integrating dual ISP internet connections, and enabling applications along with URL filtering and security policies. That is the main use case.

I provide examples of how we enable URL filtering based on customer requirements, where they want to block some specific sites and open some specific sites that we have enabled, so blocking and enabling applications with it.

Barracuda Application Protection has positively impacted my organization by managing traffic well. It enhances access security, operational efficiency, and user experience, leading to customer satisfaction. Operational satisfaction and operational efficiency are also improved from a security perspective. It is the one box where we can implement malware protection and block malware, which is a main concern these days.

What I understand about Barracuda Application Protection is that it is a single product and single device where we can get all layers of protections, including seven layers, Layer 3, Layer 4, and Layer 7 as well. With one single box, we can get all features, which is excellent. Based on the license, we have enabled DDoS as well. All of the features are very good, and it is good to go.

Among all those features, I found Layer 3 and Layer 4 DDoS and network flooding to be especially helpful as we enabled protections to monitor and manage network bandwidth by preventing attack types such as SYN flood, UDP flood, and ICMP floods. We also enable protections with SYN cookies and real-time protections that are good with this product.

Additionally, I can say that deeper API security features such as automation, API discovery, scheme validations, and improved protections for modern environments are needed. The integration flexibility with SIEM products and automation tools could enhance analytic and monitoring incident response workflows.

I believe automation should be incorporated within the product as it is essential in this AI era. There should be capabilities that allow for providing topologies, protocols, interface IPs, and details in a simple diagram to gather and integrate information as per requirements without any physical or personnel intervention. Zero-touch provisioning and improved AI capability should be enhanced so someone unfamiliar with Barracuda Application Protection can still configure with ease.

I have used this product very rarely, but definitely one or twice lead project we implemented with Barracuda

Barracuda Application Protection is stable, and we are using it without any impacts for seven months.

Barracuda Application Protection has good scalability, and the environment easily adapts to it.

I have interacted with customer support once, and they immediately responded to my email and provided remote assistance to us in a very quick time, resolving the issues efficiently.

I implemented Barracuda Application Protection according to our project requirement, switching from high-cost solutions such as Palo Alto and Cisco ASA, which have similar capabilities but are more expensive compared to Barracuda Application Protection.

I do not have specific return on investment metrics to share at this time as I am a technical person and focus on the technical aspects of Barracuda Application Protection, which I can recommend as a good product for future use.

Our company has a partner relationship with this vendor.

I do not have specific return on investment metrics to share at this time as I am a technical person and focus on the technical aspects of Barracuda Application Protection, which I can recommend as a good product for future use.

Cost saving is one of the major points observed since this product is less costly compared to others. We observed several measurement improvements after implementing Barracuda Application Protection, where traffic reduced security alerts by approximately 40 to 43 percent. The availability and response times also improved, making it cost-effective and user-friendly.

My experience with pricing, setup cost, and licensing of Barracuda Application Protection is good, although my team does not manage costing. A different procurement team handles that, but overall my experience with licensing and pricing is good.

We evaluated other options such as FortiGate and Palo Alto, but based on specific requirements from the client side, we decided to go with Barracuda Application Protection.

I would consider my overall experience to be limited, but I am happy to work with this product. Barracuda Application Protection is a new product for me, and I always try to learn the good opportunities it offers. The product is a strong silent shield in front while preventing bad traffic from being created, keeping applications strong with user flow and trust. I give this review a rating of ten out of ten.

Barracuda Application Protection is a web application and API protection platform that secures web apps, APIs, and users from threats such as DDoS and bots. For this project, Barracuda Application Protection is used for API protection, which performs application protection against SQL injection and bot attacks. It protects against DDoS attacks and also protects from data leakage and zero-day threats. Barracuda Application Protection simplifies application security management across cloud, on-premises, and hybrid environments.

Barracuda Application Protection is used because it is easy to deploy and set up. The straightforward setup process is how it is used daily. Barracuda Application Protection supports SaaS, virtual machines, hardware, and container deployments, and it provides quick implementation compared to traditional WAF. The workflow involves completing the application development part and then moving to API protection to check for particular attacks or abuse. Data leakage and zero-day threats are managed through Barracuda Application Protection.

The team has majorly relied on the easy configuration and deployment capabilities of Barracuda Application Protection, where it provides quick deployment when these configurations are applied. The strong logging and analytics capabilities help monitor all analytics.

Barracuda Application Protection has significantly improved security posture. It reduces the attack surface using WAF plus API protection and automates threats with machine learning-based bot protections. It has provided zero-trust access to applications, detecting and mitigating threats in real-time. A 50 to 60% reduction in security incidents has been reported after the deployment of Barracuda Application Protection.

The 50 to 60% reduction in security incidents is achieved by reducing the attack surface using WAF plus API protection. Barracuda Application Protection also provides zero-trust access to applications and has helped detect and mitigate threats in real-time, which contributes to this significant reduction in security incidents after deployment.

The interface of Barracuda Application Protection is generally intuitive but can become complex for advanced configurations. Improvements are needed in this area.

Additional areas where Barracuda Application Protection needs improvement include the interface design and the introduction of artificial intelligence features inside the bot protection system. The console has many options that can feel overwhelming initially and requires improvement.

Barracuda Application Protection offers global customer support, which is beneficial.

I find the most valuable features of Barracuda Application Protection to be primarily the embedded AI, which makes our work significantly easier. The machine learning features are also excellent because you need to learn your environment and then instruct it how it should behave to stop false positives. I assess the effectiveness of Barracuda Application Protection's automated security controls in managing application security as good because they have their own scoring system. With the machine learning component, when there is a false positive, you can tell it not to block that item again, and it works effectively in that manner.

When it comes to reporting and analytics by Barracuda Application Protection, I find it adequate, but the reporting is very data-based and requires you to import it into Power BI to generate your own reporting. The reporting functionality is quite poor in its current state.

I would very much appreciate improvements to Barracuda Application Protection, particularly in the reporting function. The current reporting is very data-heavy and requires extensive analysis. They need to create reporting that I can generate and present to my directors or executives seamlessly without appearing to manipulate the data. From the client point of view, clients need to be able to log in and generate reports without us working with Power BI on the data.

Besides the reporting aspect, there is not much additional improvement that they can implement. The reporting part is very tedious. Regarding pricing improvements, I find the pricing of Barracuda Application Protection to be a concern because in our country with the Rand currency, we are less fortunate. Compared to the dollar and current inflation rates, the product becomes quite expensive for us.

I have been working with Barracuda Application Protection for approximately five years.

In terms of technical support, they are good and provide us with support where we need it. I do not see any issues in this area.

The initial setup for Barracuda Application Protection is very straightforward, easy, and seamless. As long as you have all your APIs and integrations in place, the setup is straightforward and ready to proceed.

I find the pricing of Barracuda Application Protection to be somewhat steep and expensive. However, it remains a good tool overall, even though the pricing is higher compared to their competitors. I would rate this review a seven out of ten.

Barracuda Application Protection is used primarily for end-to-end backup. The incremental backup is a day-to-day process, and it is easy to use for all the servers and the client machine. Barracuda Application Protection is used exclusively for backup purposes, which involves incremental backup in day-to-day operations and easy restoration using Barracuda backup solutions.

The best features Barracuda Application Protection offers include easy installation, incremental backup, and daily email reports.

Regarding the easy installation and daily email reports, it is easy to install, and the quick backup allows for a quick restoration for the machine and the servers, making it a fast process.

Barracuda Application Protection protects against ransomware, achieving a 67% protection rate because it is based on a Linux system, reducing the chances of encryption and providing strong ransomware protection.

Barracuda Application Protection has positively impacted my organization as it is used for multiple clients, and I am also backing up the Exchange servers, which frequently experience attacks in customer environments, allowing for quick restoration, even from yesterday or the day before yesterday.

There is nothing in Barracuda Application Protection that needs any updates, but improving ransomware protection from 67% to 100% would be beneficial.

Improving the operating system structure, firmware, and overall performance would enhance loading times for devices.

Barracuda Application Protection has been used for the last three years.

Barracuda Application Protection is stable.

The scalability of Barracuda Application Protection is good, with normal CPU, memory, and overall system utilization.

Customer support for Barracuda Application Protection is good.

Before Barracuda Application Protection, I had multiple solutions, and as a system integrator, I provided various options, preferring Barracuda Application Protection as it is easy to use and easy to restore, unlike some other solutions such as Synology.

A return on investment has been seen as it is not necessary to take a backup and check customer environments day-to-day. It is easy to use for simply taking a backup without needing more engineers or employees, and it is a one-time setup.

The pricing, setup cost, and licensing for Barracuda Application Protection are not excessive. The licensing and cost are normal for the Barracuda backup appliance.

Other options were not evaluated before choosing Barracuda Application Protection.

Quick restoration with Barracuda Application Protection has allowed restoration of backups multiple times, not just once. As a system integrator, I manage multiple customers' requirements for backups.

For others looking into using Barracuda Application Protection, it is easy to use. I rate Barracuda Application Protection an eight out of ten.