Barracuda WAF-as-a-Service Reviews

My main use case for Barracuda WAF-as-a-Service is protecting web applications running on HTTP and HTTPS sockets from OWASP Top 10 attacks, malicious bots, account takeover attempts, and L3 to L7 DDoS attacks.

Barracuda WAF-as-a-Service is a cloud-delivered web application firewall designed to protect web applications and APIs from threats such as OWASP Top 10 attacks, malicious bots, account takeover attempts, and L3 to L7 DDoS attacks. It is positioned as a fast to deploy and manage WAF service with pre-built templates, centralized policy control, API protection, and automation support through REST APIs. Barracuda WAF-as-a-Service is a cloud WAF that helps protect websites and APIs quickly without the overhead of deploying and managing traditional web appliances.

Barracuda WAF-as-a-Service offers several best features including a cloud-delivered WAF for web apps and APIs, fast setup via deployment wizard and templates, protection against OWASP Top 10 and zero-day style web threats, API security for REST, JSON, and GraphQL APIs including discovery and exposure of shadow APIs, bot protection, unmetered L3 and L7 DDoS protection, automation support, and compliance visibility and reporting.

I find API security, web app and API security, and bot protection to be the most valuable day-to-day features of Barracuda WAF-as-a-Service. Using Barracuda is very easy and fast due to the fast deployment wizard, allowing deployment based on wizards or templates. Onboarding applications is very easy with a turnaround time of only one or two days. API security covers all API types, starting with REST, JSON, and GraphQL APIs. Bot protection includes malicious learning backend for malicious bots, credential stuffing, brute force, and account takeover defense.

Barracuda WAF-as-a-Service has impacted my organization positively with fast deployment and simple onboarding. One of the strongest points is the speed of deployment, which features a three-step deployment wizard, pre-built templates, and quick onboarding, making it suitable for teams that want protection fast without complex infrastructure setup. For example, if a business wants to protect a customer portal or public website quickly, Barracuda can be onboarded in a minute using pre-defined templates instead of spending days tuning an appliance.

Another strength is strong API and application protection. Barracuda WAF-as-a-Service protects both traditional web applications and modern APIs, including REST, JSON, and GraphQL, and it supports API discovery to identify exposed shadow and zombie APIs. Bot and account takeover protection is included along with DDoS protection which adds application level DDoS that protects L3 to L7 type of DDoS threats like HTTP flood. There is a good balance of simplicity and control.

I notice faster time to detection because since the onboarding uses a wizard and template, the organization can reduce deployment effort by 30 to 50% faster deployment effort for standard web app onboarding. There is lower operational overhead since the solution is delivered as a service, allowing customers to avoid appliance lifecycle management and benefit from automated updates and managed service characteristics. From an ROI and impact perspective, there is a 20 to 35% reduction in day-to-day administrative effort. Additionally, there is reduced business impact from downtime because built-in L3 to L7 DDoS protection and application layer security can reduce outage risk and service disruption for customer-facing applications.

Regarding improvements for Barracuda WAF-as-a-Service, the UI and user experience can feel dated. While the interface is functional and centralized, some third-party reviews indicate that the UI can feel outdated, and enhancements are required to provide an executive look that can be aligned with modern and intuitive next-generation competitors.

The licensing and cost structure perspective may need clear planning. Barracuda service is customizable but external references note that licensing and cost planning can become complex.

Advanced analytics and executive reporting could be better. The platform provides visibility and compliance reporting but organizations looking for a very polished executive dashboard, deep attack visualization, or broader cloud-native security context may find it more focused on WAF operation.

Barracuda WAF-as-a-Service is best suited for app and API protection and is not a full CNAPP platform. It is strong for application layer protection but is not positioned as a full CNAPP covering posture management. Modernizing the UI further, simplifying packaging and licensing clarity, enhancing the executive reporting and risk dashboard, and expanding broader cloud-native integration would be beneficial improvements.

I have been using Barracuda WAF-as-a-Service for almost eight years.

I do not see any latency with Barracuda WAF-as-a-Service. It is a software as a service, so the provider maintains all the infrastructure and it is very scalable, so I do not see any challenge.

Barracuda WAF-as-a-Service is extremely accurate in detection and reporting, and I find very few false positives. When deploying this solution, you have to take care of a few things very cautiously, especially understanding how the application works and defining the policy carefully. Otherwise, it could bring false positive alert fatigue. Alert fatigue depends on who is implementing the solution. If experienced and expert people with Barracuda implement the solution, you will get less alert fatigue.

Barracuda WAF-as-a-Service can handle increases in traffic or new applications easily since this particular solution is built for that specific purpose.

Barracuda WAF-as-a-Service provides good support and the support team is very cooperative and helpful.

I purchased Barracuda WAF-as-a-Service via a partner and not through the AWS Marketplace.

Barracuda WAF-as-a-Service is a cloud-delivered web application firewall designed to protect web applications and APIs from threats such as OWASP Top 10 attacks, malicious bots, account takeover attempts, and L3 to L7 DDoS attacks. It is positioned as a fast to deploy and manage WAF service with pre-built templates, centralized policy control, API protection, and automation support through REST APIs. Barracuda WAF-as-a-Service is a cloud WAF that helps protect websites and APIs quickly without the overhead of deploying and managing traditional web appliances.

I maintain all the governance and security for Barracuda WAF-as-a-Service as per the standard. Each organization has certain compliance requirements that they need to adhere to, and these are already in place with Barracuda. I fully agree with the policy mapping that is shown when designing the WAF policy and it is very much in line with compliance strategy.

Since the solution is delivered as a service, customers avoid appliance lifecycle management and benefit from automated updates and managed service characteristics. From an ROI and impact perspective, there is a 20 to 35% reduction in day-to-day administrative effort. Additionally, built-in L3 to L7 DDoS protection and application layer security can reduce outage risk and service disruption for customer-facing applications.

The licensing and cost structure perspective may need clear planning. Barracuda service is customizable but external references note that licensing and cost planning can become complex.

If organizations have any public-facing application, they should use WAF-as-a-Service and Barracuda is a good choice, but there are other choices as well. When choosing any solution, you have to check other aspects such as the people aspect, people, process, and technology. These three have to be consolidated. If any organization needs suggestions, they could reach out to me for help in choosing the right solution.

Barracuda WAF-as-a-Service is best suited for app and API protection and is not a full CNAPP platform. It is strong for application layer protection but is not positioned as a full CNAPP covering posture management. Modernizing the UI further, simplifying packaging and licensing clarity, enhancing the executive reporting and risk dashboard, and expanding broader cloud-native integration would be beneficial. I would rate my overall experience with this solution as an eight.

We primarily use Barracuda WAF-as-a-Service for raising security incidents by proactively blocking malware, ransomware, and phishing attacks to reduce breach risk and response time. Apart from that, we use it for streamlining added sites without performance drops, which also helps to support the growth of our teams. Additionally, we reduce hardware costs by decommissioning on-premises firewalls during our cloud migration with minimal disruption and a familiar UI for quick adoption.

When I mention reducing breach risk and streamlining added sites, there is one specific case I want to tell you about where Barracuda WAF-as-a-Service helped us directly. About three to four months back, there was a ransomware attack where it reportedly sent notifications to the admin panel, and Barracuda blocked the malware and phishing attack, sharing an advanced report with our team. This allowed us to directly contact the team, minimizing the risk of data breach. This was one case where we observed the benefits, and there have been multiple instances since we started using it.

The best features that Barracuda WAF-as-a-Service offers are an intuitive centralized dashboard, allowing us to manage policies, Internet protocol servers, antiviruses, anti-DDoS attacks, and traffic shaping across multiple sites. This feature enables seamless scaling of our environments, especially as we work within Amazon Web Services. Additionally, real-time threat intelligence helps us to detect threats in real-time. Another major feature I love is application control and VPN support, providing granular visibility and protection without needing separate appliances.

The centralized dashboard is helping us streamline visibility across our admin panels and provides site-to-site visibility deployed directly to our AWS environment, securing VPC traffic and ensuring the firewall is in place. The real-time threat intelligence is an advanced feature helping us track real-time attacks, such as anti-DDoS attacks, ransomware, or viruses that can compromise system integrity. Through the intuitive centralized dashboard, we can manage policies and set rules, assisting us effectively.

I see that cost can be a limitation for small businesses. Additionally, if they can provide more advanced features and customization for specific use cases, that would be beneficial. Apart from that, I do not feel there are any other problems. From our perspective, there is not an issue. All the data I have shared is in favor of Barracuda because the ROI they have given us is tremendous, and they are doing really well in terms of product, scalability, and service. We have seen that it is a great solution with no issues from our end.

I have been working in my current field for more than ten years.

Barracuda WAF-as-a-Service is definitely a stable solution, and I give it a ten out of ten as we have not faced any downtime, crashes, or lag.

Scalability is good for Barracuda WAF-as-a-Service; we can scale up or down based on our needs, as it comes with this model directly from the AWS Marketplace, which is really great.

Customer support for Barracuda WAF-as-a-Service is rated ten out of ten. We had an incident requiring direct support, and the representatives were really helpful, resolving our query within forty-five minutes, so it stands at ten out of ten for me.

Positive

We did not use any other solution prior to Barracuda WAF-as-a-Service; this is the first time we have used this service.

The initial deployment of Barracuda WAF-as-a-Service was really smooth. The team collaborated with our team and assisted with configuration. As we use a pay-as-you-go model, the licensing and every detail is managed well, backed by the AWS Marketplace, making it an excellent experience. Everything from provisioning to policies was set up on time, so my initial deployment experience was very positive with no issues at all.

The integration of Barracuda WAF-as-a-Service with other AWS services is seamless. Whatever services we are using with it, including non-related software, it integrates excellently. We have not faced any downtime, crashes, or lags while using this solution.

Barracuda WAF-as-a-Service has positively impacted our organization by reducing cyber threats like ransomware and phishing by ninety-five percent. This is a significant thing because we have seen a major drop in those numbers. Earlier, we faced many threats, but now I can say we see ninety to ninety-five percent fewer attacks. Additionally, centralized management has decreased by twenty-two to thirty percent, and costs related to avoiding breaches have decreased by at least seventy percent. On the ROI side, proactive blocking has led to efficiency gains and bandwidth optimization, boosting productivity and reliability for our distributed teams by thirty-three point eight percent.

The reduction in cyber threats and the increase in productivity I mentioned earlier are measured based on incident reports. Barracuda provides good data, and as I have said, it offers a clear dashboard where we can track progress. This data is a collective set from our admin and other teams closely working with engineering and other departments.

We have seen a return on investment of at least a million dollars, which could have been lost due to data breaches or attacks on the organization by effectively blocking threats. The downtime has decreased significantly, and our efficiency has improved by twenty-two point five percent thanks to real-time monitoring and traffic optimization. Additionally, we have reduced hardware costs by fifty percent by decommissioning on-premises firewalls during cloud migration with minimal disruption and a familiar UI for quick adoption. Productivity has increased as teams can focus more, leading to a rise of forty to fifty percent.

The metering and billing experience is really good because it operates on a pay-as-you-go model through hourly AWS billing, which includes features like the firewall and VPN. We also have a buy-your-own licensing option, which we do not utilize, sticking to AWS billing. This system allows us to pay only for what we use, saving a lot of money, so I give it a ten out of ten as it is both a money and time saver for the organization.

The pricing, setup cost, and licensing not only follow the same pay-as-you-go model but are also billed hourly by the AWS Marketplace. We select it based on our requirements, scaling up or down accordingly. This flexibility is how we have chosen this model.

Before selecting Barracuda WAF-as-a-Service, we evaluated other options, including AWS Network Firewall, Palo Alto Network VM-Series, Fortinet VM, a Force Firewall, and pfSense.

I rate Barracuda WAF-as-a-Service a five out of five overall. The reason I choose five out of five is that all the things I have mentioned earlier represent a great solution for our organization. It has effectively blocked malware and phishing attacks while optimizing bandwidth for our development environment. The deployment to our client network segmentation was really great, and the SD-WAN integration with on-premises and auto-scaling clusters for loads has been working well in our Agile ceremonies. Moreover, it leverages hybrid environments, helping to reduce unauthorized access during our CI/CD pipelines and ensuring compliant data flows.

I advise anyone looking for dedicated protection for their organization, aiding in threat prevention and unifying the threat management system with high performance at low cost, to go for Barracuda WAF-as-a-Service. They are a really good service.

Barracuda WAF-as-a-Service protects our web applications. When we publish a customer-facing web application on the internet, it helps us block common attacks such as SQL injection, cross-site scripting, and malicious bot traffic. This significantly reduces the risk of application compromise and data exposure. Additionally, the centralized management and detailed reporting make it much easier for our team to monitor security events, troubleshoot issues, and maintain compliance without requiring extensive manual effort.

Barracuda WAF-as-a-Service has become an important part of our overall security workflow because it provides a centralized platform for securing web applications, monitoring traffic, and responding to potential threats in real time. One of the biggest advantages is that it reduces the operational burden on our team because many security controls and updates are managed automatically. Overall, it allows us to focus more on application delivery and business requirements while maintaining a strong security posture for our web-facing services.

The best features of Barracuda WAF-as-a-Service include its comprehensive web application protection, ease of deployment, and centralized management. I particularly appreciate its ability to automatically detect and block common web attacks such as SQL injection, XSS, and bot-based threats without requiring manual intervention. The cloud-based service model also reduces infrastructure management overhead and ensures that security updates are applied quickly. Overall, the combination of strong security, ease of use, and operational efficiency is what I value most about the solution.

Barracuda WAF-as-a-Service is a strong solution overall, but if I could suggest improvements, I would want to see more advanced reporting and analytics, deeper integration with third-party security tools, and additional policy optimization recommendations. These enhancements would make day-to-day management and threat analysis even more efficient.

The solution works well overall, but I would want to see a more intuitive interface for advanced configuration, richer reporting and analytics, faster resolution for complex support cases, and more automated recommendations for policy optimization. These enhancements would improve both usability and operational efficiency. I would also appreciate easier troubleshooting, more customizable dashboards, and additional automation for policy tuning.

I have one year of experience using Barracuda WAF-as-a-Service.

Barracuda WAF-as-a-Service has been stable in our experience, and we have not faced any major downtime or service-impacting issues. Most of the challenges we have encountered were related to policy tuning or configuration rather than platform stability. Overall, it has been a reliable solution.

We have had a good experience with the scalability of Barracuda WAF-as-a-Service. As our needs have grown and we have added more applications, it has handled this expansion without creating extra management overhead. We have not run into any major scalability concerns, and the platform has kept up with our requirements.

We have reached out to customer support for Barracuda WAF-as-a-Service a few times, mostly for configuration and troubleshooting questions, and the overall experience has been positive. The engineers were helpful and knowledgeable, and we were able to get the guidance we needed. Some complex issues take longer to resolve, but overall, we have been satisfied with the support.

I am not personally aware of a dedicated WAF solution being used before Barracuda WAF-as-a-Service. By the time I became involved with the environment, Barracuda was already in place, but based on my experience, it has provided the visibility and protection needed for our web applications.

The zero-touch deployment experience with Barracuda WAF-as-a-Service was very helpful for our team because it reduces the amount of manual configuration required during implementation. We were able to onboard and protect applications quickly without spending significant time on complex setup procedures. Centralized management has also been very beneficial in our day-to-day operations because instead of managing security policy across multiple devices or locations, we can monitor application traffic, review security events, and update policies from a single dashboard. The centralized logging and reporting features are especially useful for troubleshooting and auditing, saving our team a considerable amount of time while maintaining strong application security.

We do not have exact ROI numbers for Barracuda WAF-as-a-Service, but we have definitely saved time on day-to-day security management and threat monitoring. The platform automates a lot of tasks that would otherwise require manual effort. For us, the biggest value comes from improved security and the reduced workload on the team, which makes the investment feel justified.

Our experience with pricing and licensing for Barracuda WAF-as-a-Service has been good overall. The setup was straightforward, and the cloud-based model reduces infrastructure and maintenance costs. While it may not be the cheapest solution available, we believe the security, ease of management, and operational benefits provide good value for the investment.

I am not completely certain if our organization evaluated other options before choosing Barracuda WAF-as-a-Service, so I do not want to speculate. I was not directly involved in the vendor selection process, and Barracuda was already the chosen solution when I started working with it.

My advice to others looking into using Barracuda WAF-as-a-Service would be to understand your application requirements, spend time tuning policies during the initial deployment, and make full use of the monitoring and reporting features. If you are looking for a cloud-based WAF that is easy to manage and provides strong web application protection, Barracuda WAF-as-a-Service is a solid option.

Barracuda takes governance and security seriously regarding Barracuda WAF-as-a-Service. The platform provides strong security controls, visibility into application traffic, and helps enforce security policies consistently. While I have not specifically evaluated all of its AI capabilities in depth, the overall approach appears focused on security control and risk reduction.

In our experience with Barracuda WAF-as-a-Service, the accuracy of its AI capabilities has been quite good. Most of the alerts and threat detections have been relevant, and we have seen the platform effectively identify and block suspicious traffic before it reaches our applications. Any security solution can occasionally have false positives, but overall, we have found the detection to be reliable and useful.

While we do not track every metric formally, we have observed several measurable improvements since implementing Barracuda WAF-as-a-Service. The number of web application security alerts requiring manual investigation has decreased because many common threats are automatically detected and blocked by the WAF. This has reduced the time our team spends on routine security monitoring and incident response. We have seen a noticeable reduction in manual security monitoring effort and fewer security incidents affecting our application. Centralized management and automated protection have saved time for our team while improving visibility, and reporting have supported compliance and security audits more effectively.

Overall, Barracuda WAF-as-a-Service has been a solid experience, as the platform has done a good job of protecting our application while remaining easy to manage. There are a few areas that could be improved, but overall, we have been satisfied with the solution and the value it provides. I would rate this product an 8 out of 10.

Our main use case for Barracuda WAF-as-a-Service with clients is to secure their environments, especially for DDoS attacks and security vulnerabilities that we have found. We implement those solutions, and for smaller clients, we also suggest they adopt Barracuda WAF-as-a-Service. It is cheaper compared to other products in the market, but at the same time, it provides sufficient capabilities so clients can get started.

A recent situation where I recommended Barracuda WAF-as-a-Service to a client involved a security breach because their firewall was a different model from a different vendor and was not able to handle the breach or address the security concerns. We then recommended they adopt Barracuda WAF-as-a-Service. After implementing that solution, we resolved many attacks. Attacks continued to occur, but this time Barracuda WAF-as-a-Service was able to stop them, scan them, and prevent DDoS and DLP attacks. It was a good addition to that environment.

The best features Barracuda WAF-as-a-Service offers, in my experience, include bot protection, DDoS, and DLP. DDoS and bot API features are good. DLP does the job, but I would say it is not very good, though it will do the job for you.

When I mention DDoS protection and DLP, I can tell you that these features protect our clients from active DDoS attacks because most of our clients are public companies and well-known companies. Regardless of what kind of firewall or solution is implemented, people keep trying to break in. We see active, almost constant bot and DDoS attacks happening on those environments. Barracuda WAF-as-a-Service has never failed us so far. It is good, and we have not seen any clients complaining that it is not doing its job, failing, freezing, or hanging. It is doing its job.

Barracuda WAF-as-a-Service has significantly improved security in our organization and for our clients because without it, it was always a challenge to see what is happening in the environment, protect against bot attacks, protect against DDoS and DLP attacks, and ensure web protection. After adding this solution, there was a significant improvement in security for that environment.

I think Barracuda WAF-as-a-Service can still do better on the DLP side. The DLP side is a little weak, and their SaaS-based model which they provide in Azure and AWS is not very good. If you compare the high availability and fault tolerance of these with other products, I think those other products have advantages. If Barracuda WAF-as-a-Service can improve on availability, especially in public cloud infrastructures, that would be beneficial.

They also need to improve their support. Their support team is not very technical and helpful, and they need to ensure they provide the right person for the right support, especially when a ticket is open. Technically, when someone opens a ticket, they have already completed basic troubleshooting. Barracuda WAF-as-a-Service needs to hire more skilled engineers.

I have been using Barracuda WAF-as-a-Service for a couple of years, and multiple clients use it. We are an MSP, so we provide that solution.

I did not previously use a different solution before Barracuda WAF-as-a-Service.

I have not seen a return on investment with Barracuda WAF-as-a-Service, but I can say it is good.

My experience with pricing, setup cost, and licensing for Barracuda WAF-as-a-Service is that it is good. The pricing is normal, and everything is normal, so it is good.

I do not have anything else to add about how I use Barracuda WAF-as-a-Service or any other interesting scenarios I have seen with my clients. Everything is good regarding the features or how they compare to other solutions. I would say that Barracuda WAF-as-a-Service's accuracy and reliability of output is between 50 and 60 percent. I give this product a rating of 7.

I deal with Barracuda WAF-as-a-Service and usually recommend it for private and government companies.

The automatic security updates are excellent. These updates help our customers transition smoothly between interface versions. We started with an old Barracuda interface, implemented everything there, and then moved to the new interface, which is very good and helpful.

Barracuda WAF-as-a-Service's real-time attack detection feature has improved our customers' threat response strategies significantly.

I have found value in the actionable analytics provided. Our customers have seen benefits such as access to a lot of data and the ability to analyze real-time threats through the actionable analytics.

I assess the impact of Barracuda WAF-as-a-Service on compliance efforts regarding security events as good in terms of compliance, although there are a few issues. There is one issue regarding local data storage, as they do not have that capability, and we are storing the data in another foreign country, which is against the law. Data is supposed to be within the South African border.

In my opinion, the main direction for improvement should be around the licensing part, as it should not be quite complex. The price of their licensing model is a bit steep. However, for other features such as web application threat detection and data compliance, they are very good, especially for application trafficking and caching. The pricing and SIEM integration sometimes create challenges, and we need to get professional help with those areas.

For the next release, Barracuda WAF-as-a-Service should include advanced APIs and perhaps AI-driven detections. They can improve the integration with SIEM and SOAR.

I have been working with Barracuda WAF-as-a-Service for quite a few years.

There are competitors to Barracuda WAF-as-a-Service. Depending on a client's requirement, I would recommend it, but there are competitors such as F5 and Cloudflare, and it depends on what the client wants. Sometimes, clients might want a firewall and choose something like Fortinet or Cisco secure firewall.

The price of their licensing model is a bit steep, but for other features such as web application threat detection and data compliance, they are very good, especially for application trafficking and caching. I am happy with it; it is just that the pricing and SIEM integration sometimes create challenges, and we need to get professional help with those areas.

Implementing Barracuda WAF-as-a-Service is quite complex, and you need to have substantial knowledge in this area. I rate Barracuda WAF-as-a-Service an overall score of six.

During the last week, I used Barracuda WAF-as-a-Service to protect my web applications when we notified suspicious traffic patterns targeting login forms, as attackers were trying to inject SQL commands to bypass authentication and extract user data.

Barracuda WAF-as-a-Service simplified my day-to-day operations while keeping application risk low. For compliance reporting for different audits or normative requirements, I need logs and reports, and this solution prepared these reports easily and faster.

Barracuda WAF-as-a-Service has turned what used to be reactive firefighting into a proactive defense, and I prefer this technology as a service.

Barracuda WAF-as-a-Service has a positive impact in my organization by strengthening security, improving resilience, and reducing operational overhead. For example, it reduced downtime, as DDoS defense absorbed traffic surges during campaigns, keeping customer-facing apps online without disruption.

With Barracuda WAF-as-a-Service, downtime has dropped to near zero, even during a 300% traffic spike from a seasonal campaign. I reduced between one or two hours of downtime per quarter.

I would rate Barracuda WAF-as-a-Service customer support as a nine on a scale of one to ten.

Regarding Barracuda WAF-as-a-Service's AI capabilities, governance and security are built with governance and security in mind, ensuring that automation is both trustworthy and compliant. Security safeguards exist because anomaly detection and AI monitor traffic patterns and flag suspicious behavior, helping catch credential stuffing and injection attempts early.

Barracuda WAF-as-a-Service's AI capabilities are generally accurate and reliable, especially in detecting OWASP Top 10 threats, bot attacks, and API misuse. Machine learning models continually retrain on the latest threat data, which helps maintain high detection accuracy and reduce false positives.

Barracuda WAF-as-a-Service is an excellent solution in the market. My overall review rating for Barracuda WAF-as-a-Service is eight out of ten.

My main use case for Barracuda WAF-as-a-Service is web application and API protection. A specific example of how I use Barracuda WAF-as-a-Service for web application and API protection is that, similar to Amazon or eBay, I am using it for our social platforms as well. I am using it primarily for web protection.

The best features Barracuda WAF-as-a-Service offers include security, which is the main thing. I appreciate that you do not need to have hardware or an application on-premises, as you have everything on the cloud.

Having everything on the cloud makes things easier because there is no hardware on-premises. It is managed and patched by someone else, and I do not need to worry about patching and vulnerabilities. I also appreciate that it has DLP and all the advanced features that are needed.

Barracuda WAF-as-a-Service stops hackers from accessing my sensitive data and protects it from being exploited. The DLP and advanced features specifically provide this protection.

Barracuda WAF-as-a-Service has impacted my organization positively as it provides peace of mind through DLP features. Everything is on the cloud, so I am not worried about on-premises issues, power issues, or hardware issues. I have noticed specific outcomes or metrics such as faster response times and no downtime because it is on the cloud.

I think pricing could be improved regarding Barracuda WAF-as-a-Service. Otherwise, I have no other concerns about improvement.

I have been using Barracuda WAF-as-a-Service for around three years.

The accuracy and reliability of output from Barracuda WAF-as-a-Service is consistent for me.

Barracuda WAF-as-a-Service is deployed in my organization on public cloud.

I rate Barracuda WAF-as-a-Service a nine out of ten. I chose nine out of ten because there is always space for improvement. I have no knowledge about Barracuda WAF-as-a-Service's governance and security regarding its AI capabilities. I purchased Barracuda WAF-as-a-Service through the AWS marketplace. My advice for others looking into using Barracuda WAF-as-a-Service is that it is easy to use and easy to deploy. I have no additional thoughts about Barracuda WAF-as-a-Service as it is all good from my end. I would rate this product a nine overall.

My main use case for Barracuda WAF-as-a-Service is protecting web applications and APIs from modern threats like OWASP Top 10 vulnerabilities, bot attacks, and DDoS, while simplifying compliance and reducing operational overhead.

One of our customer-facing portals was suddenly hit with a wave of suspicious traffic that appeared to be a bot-driven credential stuffing attack, and Barracuda WAF-as-a-Service immediately flagged the abnormal login patterns and blocked the malicious requests without requiring manual intervention. Legitimate users still had access, but the attack traffic was stopped completely, and the incident demonstrated how valuable it is for protecting web applications in real-time.

Another example involves a marketing microsite that suddenly started seeing a spike in traffic from overseas IPs. At first, it appeared to be normal interest, but Barracuda WAF-as-a-Service quickly identified it as a Layer 7 DDoS attempt. The service throttled and blocked the malicious requests, while legitimate visitors still had smooth access, and the protection meant we did not experience downtime during a campaign launch, which was critical for the business.

Some standout features that Barracuda WAF-as-a-Service offers make it a strong choice for protecting modern applications and APIs. The bot mitigation uses machine learning to distinguish between malicious bots and legitimate traffic, stopping credential stuffing and account takeover attempts, and another standout feature is DDoS protection.

In real situations, the bot mitigation has made a noticeable difference because before Barracuda WAF-as-a-Service, we used to see repeated credential stuffing attempts that slipped through and caused account lockouts for legitimate users. After enabling the bot defense, those attacks were automatically blocked, with the system distinguishing between malicious automated traffic and real customers.

Barracuda WAF-as-a-Service has had a very positive impact in my company, and the biggest change we have noticed is fewer disruptions from bot and DDoS attacks, with services staying available even during traffic spikes. It has also reduced the workload for our security teams.

We have seen measurable results since adopting Barracuda WAF-as-a-Service. For example, audit prep time dropped by approximately 30% because compliance reporting is automated. On the operational side, we used to average four or five bot-related incidents per quarter that required manual intervention, but now the number is down to one or even zero in some quarters.

From a governance and security perspective, Barracuda WAF-as-a-Service's AI capabilities have been reliable. For example, it automatically flagged unusual API call patterns that did not align with our access policies, helping us prevent potential misuse. On the security side, the AI-driven anomaly detection has reduced false positives compared to traditional rule-based systems.

In terms of accuracy and reliability, the AI outputs from Barracuda WAF-as-a-Service have been dependable because the system consistently identifies genuine threats like bot-driven login attempts or malformed API calls without flooding us with false positives.

One area for improvement with Barracuda WAF-as-a-Service is the alert tuning because sometimes the system generates too many notifications for minor issues, which can overwhelm the team. More granular control over severity levels would be helpful.

I have been using Barracuda WAF-as-a-Service for around two years.

I would rate Barracuda WAF-as-a-Service an eight out of ten because of the alerts. My overall rating for this product is eight out of ten.

My main use case for Barracuda WAF-as-a-Service is that its main services are the most secure and predictable when we configure any applications behind the WAF. Barracuda WAF-as-a-Service is a Web Application Firewall where we can put the applications securely behind the applications without any disturbance of the HTTP and HTTPS products or services.

A quick specific example of how I use Barracuda WAF-as-a-Service in my daily workflow is that we are migrating from on-premises services to the cloud side with Barracuda WAF-as-a-Service. Daily, I integrate many applications that are in the live production environment, and from that, I can configure many security policies and ASM security policies. Many of the things I configure on a daily basis are based on fine-tuning. Apart from the integrations, we are doing fine-tuning, URL whitelisting, bypassing, and masking the data.

Barracuda WAF-as-a-Service has impacted my organization positively by providing a much higher quality experience, where we can easily trust it.

Regarding specific outcomes or metrics that show how Barracuda WAF-as-a-Service has helped my organization, everything is good. I need to add one more point where on a daily basis or on the quarterly outcome, we have to know about more security alerts from the Barracuda technical support, where we can be hassle-free from firmware or any security breach levels.

The best features Barracuda WAF-as-a-Service offers are, first of all, that it is a SaaS service, and the second thing is that it has more security and more availability scenarios where we can perform any of the things technically and strategically.

Regarding the high availability feature, in our environment, we are using active-active availability. If any of the applications are onboarding on the cloud WAF, then we have it configured on both application appliances. We are using the active-active appliance high availability where we can flow the traffic on both firewalls, and it is easier for us to maintain and secure the traffic without hesitation.

There are many application features where we can be useful in the daily scenario, such as using the iRest control, iMapping control, and application control where we can configure easily with the help of the application teams.

Barracuda WAF-as-a-Service can be improved by adding much more security features on a daily basis. As with other WAFs, we see that many of the appliances are doing many hardening assessments or something like that. That would be improved by Barracuda WAF-as-a-Service, where we can get that support from the assessment.

If there are any assessment modules coming into the feature of Barracuda WAF-as-a-Service, that would be helpful for us on a daily, weekly, monthly, or quarterly basis, allowing us to do the assessment.

Regarding Barracuda WAF-as-a-Service's AI capabilities, I think its governance and security is fine; it is a good initiative because most WAFs or other firewalls provide AI capability, thus presenting a good approach.

Regarding Barracuda WAF-as-a-Service's AI capabilities, its accuracy and reliability of output is a good approach. If we can get the AI capability in Barracuda WAF-as-a-Service, and although I am not very much experienced in AI, that would be the more preferable way where we can get those things instantly.

I have been using Barracuda WAF-as-a-Service for more than five years.

Barracuda WAF-as-a-Service is stable, and I can say that it is 100% stable.

Barracuda WAF-as-a-Service's scalability is pretty much 100% availability.

Customer support with Barracuda WAF-as-a-Service is also immediate; I get support either from the console access, a call, or from a meeting.

I previously used a different solution, specifically F5 WAF and their hardware, which were on-site, on-premises solutions. I am now moving to Barracuda WAF-as-a-Service because the main thing driving this decision is the cost-cutting of the product, as we are not using a physical device; it will be purely based on the cloud. The second thing is for security reasons, as most organizations have moved to SaaS services, which is the best way to approach the cloud. I have the most experience and am very happy with Barracuda WAF-as-a-Service.

I have seen a return on investment with Barracuda WAF-as-a-Service, as it makes it easy for employees to save time and money; it is a most trustable thing.

My experience with pricing, setup cost, and licensing involves doing BYOD. Based on the requirement, we are just opening the shield or the VM, and during working hours, we are using those things. For non-business hours, for applications not used during those hours, we are shutting down those things. That is the main fundamental we are using in our environment, allowing us to cut costs regarding pricing, setup costs, and licensing.

Before choosing Barracuda WAF-as-a-Service, I evaluated other options, although I do not have much more experience with other firewalls. I worked hands-on with F5 and Fortinet, but now I am moving to Barracuda WAF-as-a-Service, which provides solutions and security, and I can immediately receive support from the Barracuda technical team.

The advice I would give to others looking into using Barracuda WAF-as-a-Service is that it has the most secure performance, scalability, time scalability, performance security, and integrated security. It is easily used, handled, and managed, being fully based on the GUI. Most command line interface commands are not a surprise, making it hassle-free to execute. Most of these aspects are preferable for me and for other users who can use it easily without hesitation.

I rate Barracuda WAF-as-a-Service a nine out of ten because, as I said, if any major assessment module can come into the features of Barracuda WAF-as-a-Service, it will be easier for us to do the assessment on a quarterly, daily, or weekly basis. That would be more preferable because other WAFs, like BIG-IP F5, also provide the assessment reports globally, which would be helpful for us to get those things from Barracuda WAF-as-a-Service as well.

I use the solution in our company to protect our website.

The product has improved my organization due to the protection it offers to our company's website.

The product's bot protection feature is valuable for our company. I cannot comment on anything else in the product that is valuable to our company since all its other features are common. With the product, our company doesn't face any issues. Our company's website had a contact form. Normally, my company used to face issues with bots that filled out the form and sent a masked email address to our information mailbox, which was one of our concerns because we were not getting genuine inquiries from our forms, but after the implementation of the product, we were okay.

My company had faced some downtime or an outage twice with Barracuda WAF-as-a-Service due to backend problems. The stability of the product is an area of concern where improvements are required.

I don't know much about what additional features are required in the product's future releases since I think it has almost all users. One feature I want in the solution stems from the fact that there are almost 17 applications protected in our company with the help of Barracuda WAF-as-a-Service. If I need to block one IP address for all 17 applications together, it is not possible, and I need to block the IP address on each application separately, making it a time-consuming process. It would be great if the product allows users to block an IP address for all the applications in an environment in one go rather than having to block the IP address separately for each application.

I have been using Barracuda WAF-as-a-Service for almost two years. My company is an end user of the solution.

My company had faced a downtime of four to five hours with the solution, after which we again faced a downtime of around three hours with the product because of the tool's backend issues. Stability-wise, I rate the solution a four out of ten.

The product's scalability is fine since my company initially had ten licenses for the product, and we could scale up to twenty. Scalability-wise, I rate the solution a seven out of ten.

It doesn't matter how many users use the product in our company since the solution is mainly meant to protect our company's 17 applications.

The solution's technical support is very good. I rate the technical support a seven out of ten.

Neutral

I rate the initial setup phase a five on a scale of one to ten, where one is a difficult setup phase, and ten is an easy setup process. The product's initial setup phase was not a nice process. As I was not an expert with the product during its setup phase, some time was required to ensure coordination between our company's website and product vendor.

The solution is deployed on the cloud.

The product's deployment process took almost three months to complete.

There is a need to deploy the DNS server addresses to Barracuda WAF-as-a-Service, and in each website, 301 and redirection should be configured, after which all the other policies are to be enabled manually for each application. In our company, we have 17 applications, and we need to manually enable the policies for each application separately.

I rate the product's price a five on a scale of one to ten, where one is low, and ten is high. There are no additional costs to be paid apart from the standard licensing fees attached to the solution.

Against Barracuda WAF-as-a-Service, I think my company had tried two products, one of which was Imperva, but I don't remember the name of the Other product. My company chose Barracuda WAF-as-a-Service over Imperva since the latter was too costly compared to the former solution.

I don't know what to say about the product after seeing the solution have a downtime twice in a span of two months. I cannot recommend the product to others.

If I consider the solution's downtime, because of which it is not possible for the product to offer its features to support backend processes, I rate the overall product a six out of ten.