Barracuda Web Application Firewall Reviews

I am not using the API protection feature right now because I don't host any APIs through Barracuda Web Application Firewall. I use a second procedure for API, which is point-to-point VPN connectivity with the banks. I'm using their API, and they are using my APIs, so our connectivity is over point-to-point VPN. Therefore, that traffic does not go through Barracuda Web Application Firewall, which is why I'm not using API protection at this moment.

The detailed analytics provided by Barracuda Web Application Firewall help in understanding application traffic patterns, although I find the built-in reports to be basic and not of a very advanced level. They are normal reports, not extraordinary analytics.

Real-time traffic monitoring is a time-consuming activity for my organization, and it often results in a lot of false positive events. When I go to check the real-time logs, it is difficult to find a valid attack among the false positives.

I have seen a return on investment because my application behind Barracuda Web Application Firewall is becoming obsolete technology-wise. My development team is working on the latest language tools or applications, so until then, this web application firewall is essential in my network to protect my existing online assets or software. It is definitely a good choice, providing a good ROI. I can imagine the consequences if I did not have it. During the COVID pandemic, we received plenty of attacks on our application, and at that time, I didn't have a web application firewall. Since implementing Barracuda, I sleep smoothly knowing I have protection.

I find the basic features of Barracuda Web Application Firewall plus advanced bot protection to be very valuable features, along with backup subscriptions.

I assess the effectiveness of the machine learning-driven threat detection in Barracuda Web Application Firewall as sometimes behaving abnormally, often showing me false positive attacks, so I have to fix these attacks from time to time.

From a stability point of view, I would definitely rate Barracuda Web Application Firewall a seven out of ten. There is definitely some room for improvement; nothing is perfect in the world.

I am not satisfied with the technical support from Barracuda. I am somewhat disappointed with the technical support that I have received so far. Whenever I generate a ticket for my problem, it goes to the Indian support team, and they all the time start with the most junior team member, consuming all my precious time. At the end, I have to close that ticket without any satisfactory solution. I have complained that they should shift my support to any other region because I don't need Indian support; they are simply pathetic and not up to mark.

To improve Barracuda Web Application Firewall, customers should be given ongoing training opportunities regarding the product and its features. I am not familiar with many features that are available, only using those which are necessary for my applications. I believe Barracuda must provide clearer product information or training sessions to make it more user-friendly, as sometimes its interface can be rigid and lacking in helpful resources or user tutorials about its features.

For it to get closer to a ten, I think advanced reporting is missing because, as I mentioned earlier, there are many false positive events being recorded. Often, when I analyze these attacks, they turn out to be genuine customers or users interacting with my product, but Barracuda tags them as attackers. Reducing false positives must be a priority.

I'm using Barracuda Web Application Firewall, and this is my fourth year using this product.

From a stability point of view, I would definitely rate Barracuda Web Application Firewall a seven out of ten.

I am not satisfied with the technical support from Barracuda. I am somewhat disappointed with the technical support that I have received so far. Whenever I generate a ticket for my problem, it goes to the Indian support team, and they all the time start with the most junior team member, consuming all my precious time. At the end, I have to close that ticket without any satisfactory solution. I have complained that they should shift my support to any other region because I don't need Indian support; they are simply pathetic and not up to mark.

I would rate the technical support a two out of ten.

Negative

Before Barracuda, I worked with other web application firewalls such as FortiWeb and F5, and I also explored a few demo versions of additional products. Compared to those, Barracuda is a very good product.

I have seen a return on investment because my application behind Barracuda Web Application Firewall is becoming obsolete technology-wise. My development team is working on the latest language tools or applications, so until then, this web application firewall is essential in my network to protect my existing online assets or software. It is definitely a good choice, providing a good ROI. I can imagine the consequences if I did not have it. During the COVID pandemic, we received plenty of attacks on our application, and at that time, I didn't have a web application firewall. Since implementing Barracuda, I sleep smoothly knowing I have protection.

At the time I was acquiring Barracuda Web Application Firewall, I found it costly compared to other products. To overcome that price factor, I excluded some features or subscriptions to align with the pricing of other products. Now, cost is okay because last April, I renewed Barracuda Web Application Firewall for the next three years. Interestingly, I received a local quotation from a partner, and then, because we have an office in the UK, I requested a quote from Barracuda's UK team, which was half the price I was quoted in Pakistan. Thus, I renewed through the UK office, making it definitely 50% cheaper than the Pakistan offer, so the price is good.

I do not think it is the best one on the market. I have seen other products offering additional features as next-generation firewalls, but as a dedicated web application firewall, Barracuda performs well among the basic features. However, I know there are more advanced products available, though I have not seen those to make a direct comparison. Therefore, I can't fully evaluate against them, but Barracuda has been a good product for me so far.

I rate Barracuda Web Application Firewall as a seven out of ten overall.

Interestingly, I received a local quotation from a partner, and then, because we have an office in the UK, I requested a quote from Barracuda's UK team, which was half the price I was quoted in Pakistan. Thus, I renewed through the UK office, making it definitely 50% cheaper than the Pakistan offer, so the price is good.

I have only been working with Barracuda Web Application Firewall. No local partner has introduced me to any other product lines. It was purely by chance that Barracuda Web Application Firewall came to me through a local partner; otherwise, local partners rarely bother introducing other products to customers.

I have been working with Barracuda Web Application Firewall for more than almost three and a half years.

Its main use case is to provide security to applications, to strengthen their security policies, to protect the applications from cyber attacks and to make them compliant against OWASP Top 10. Moreover, it allows only legitimate traffic, reduces false positives, makes application access easy, filters out non-legitimate traffic, verifies what exactly comes within the payload of the request, inspects everything that comes with a request, and fine-tunes according to the application logic based on the contents the application serves to their clients.

For example, if we consider a company that has an application with a payment gateway configured, which provides services including money transactions, we deploy Barracuda Web Application Firewall for that application. We host the service in Barracuda Web Application Firewall. When a client requests access to the application, the request goes to Barracuda Web Application Firewall first, which will verify the request contents and create a separate TCP connection to the backend server if the request is legitimate. This process protects against attacks including SQL injection or cross-site scripting, where Barracuda Web Application Firewall will block any request that matches attack signatures.

We have seen a return on investment as the manual work for monitoring attacks and generating reports is reduced significantly, saving money. Barracuda Web Application Firewall's features fulfill our requirements well, preventing us from needing to switch to more expensive vendors while still meeting our needs effectively.

For example, if we consider a company that has an application with a payment gateway configured, which provides services including money transactions, we deploy Barracuda Web Application Firewall for that application. We host the service in Barracuda Web Application Firewall. When a client requests access to the application, the request goes to Barracuda Web Application Firewall first, which will verify the request contents and create a separate TCP connection to the backend server if the request is legitimate. This process protects against attacks including SQL injection or cross-site scripting, where Barracuda Web Application Firewall will block any request that matches attack signatures.

The reporting features are quite good as they have reporting charts and dashboards that provide lists of attacks and real-time verification of those attacks, helping in better reporting by tracking requests based on time and unique endpoints.

I believe URL Profiles and Website Profiles are the most unique features offered. They create separate endpoints for each request integrated with the application, providing different security profiles based on the requirements. Moreover, the learning feature is very comprehensive, allowing us to monitor the applications before switching to protect mode, creating automatic profiles based on learned traffic, which helps to fine-tune security policy.

Barracuda Web Application Firewall's user interface automates the blocking of malicious IP addresses, reducing the manual burden. Additionally, enabling the learning feature allows for quick preparation of security profiles, creating URL profiles automatically, which significantly reduces manual intervention and false positives.

The areas where it could be better are in security profiles, where a single service can have only one policy. There is no feature to add multiple security policies for separate endpoints within the same application, and the traffic manager is not flexible enough to handle unusual traffic patterns, sometimes leading to crashes.

I believe there are improvements needed in API security and bot protection within Barracuda Web Application Firewall. Additionally, enhancing the traffic handling capabilities for unusual patterns is necessary to avoid simply relying on failovers to manage traffic efficiently.

Barracuda Web Application Firewall is stable in my experience, although as our resources grow, we might need to upgrade to different hardware solutions to maintain seamless traffic management.

The scalability of Barracuda Web Application Firewall is fine. We tend to go for higher versions to ensure we have enough resources as needed, and the VMSS feature allows for easy upgrades or scaling of virtual editions.

The support is excellent. However, regarding integrations, there are limitations with AWS, where bugs occur during integration that need fixing in order to enhance overall sales.

I believe the customer support for Barracuda Web Application Firewall is excellent, with knowledgeable and experienced technical assistance that surpasses other vendors including F5, Imperva, and Cloudflare.

I would rate customer support a solid ten, as they are consistently on top of every issue, addressing them without delays and providing excellent support twenty-four hours a day, seven days a week.

Barracuda Web Application Firewall was our first choice, and we did not deploy any other Web Application Firewall prior to using it.

We have seen a return on investment as the manual work for monitoring attacks and generating reports is reduced significantly, saving money. Barracuda Web Application Firewall's features fulfill our requirements well, preventing us from needing to switch to more expensive vendors while still meeting our needs effectively.

The pricing, setup cost, and licensing for Barracuda Web Application Firewall are reasonable. They are competitive when compared to other vendors including F5 and Imperva, who tend to have higher prices.

Before choosing Barracuda Web Application Firewall, we evaluated F5, Imperva, and Cloudflare.

If budget is a constraint and security is a priority, I advise others to consider Barracuda Web Application Firewall without hesitation. They would get the best return on investment by starting with Barracuda Web Application Firewall instead of jumping to higher-end vendors. I have provided this review with an overall rating of eight.

My main use case for Barracuda Web Application Firewall is utilizing it in the areas of perimeter security, load balancing, and deploying it on the cloud, hybrid, and on-premises environments, which helps us focus very much in terms of pricing.

A specific example of how I use Barracuda Web Application Firewall in my environment is through automated rules updates to help with shadow AI. Those updates help me on a daily basis as we work seamlessly based on there and being able to take it on with a lot of information as opposed to human deciphering logs.

Additionally, the seamless integrations for existing templates and workflows have also been helpful.

The best features Barracuda Web Application Firewall offers are effortless management and the ability to perform rule updates with just one click.

Regarding effortless management, there is a very simple maintenance without much overhead needed. We also utilize an alerting system with a SIEM platform that can help with the work that goes alongside Edge WAF.

Barracuda Web Application Firewall has positively impacted my organization by improving mean time to value, which was quickly improved, and by serving as both the first and last point of defense.

I think Barracuda Web Application Firewall can be improved by providing more information around data integrity control, which would be interesting to see.

Regarding Barracuda Web Application Firewall's AI capabilities, its governance and security work very well and continue with new features. Its accuracy and reliability of output are very accurate, and the dashboards are a very good benefit, with other things being automatically driven by cloud updates.

My advice to others looking into using Barracuda Web Application Firewall is to focus on the new releases and updates, as that in turn is going to drive the market share and competition. I would rate this product a 9 out of 10.

I use Barracuda Web Application Firewall mainly for web application protection. I have worked with Barracuda for six years, focusing on this specific product, which aligns with my company's and clients' security needs.

The most valuable features of Barracuda Web Application Firewall include advanced bot protection, DDoS protection, and addressing the top ten vulnerabilities. The solution provides robust support, which I particularly appreciate for its ability to address my inquiries and technical challenges effectively.

There are false positives that I am receiving when compared to other WAFs. The issues with false positives affect client transactions, leading to complaints about blocked transactions. Barracuda needs to improve its API security to address my evolving needs.

I have used the Barracuda solution for six years.

I face stability issues due to false positives. These result in clients complaining about blocked transactions on a daily basis. If these were reduced, Barracuda's stability would greatly improve.

The customer service and support from Barracuda have been excellent. I have a very supportive team that addresses my concerns. I have premium support as well.

Neutral

Before Barracuda Web Application Firewall, I did not work with any other vendors or products.

The initial setup of Barracuda Web Application Firewall is straightforward and does not take more than half an hour. The installation is very easy.

My team manages the setup and requires one person for installation and three people for ongoing maintenance.

The pricing for Barracuda is quite high compared to other OEMs. Each transaction requires my purchase team to negotiate with Barracuda. Software licenses, premium support, and advanced bot protection all have different costs.

I would rate the overall solution as a seven out of ten, primarily due to issues with false positives. 

I recommend Barracuda because of the strong support team I have.

Positive

Our clients primarily use Barracuda Web Application Firewall to filter their web traffic and ensure they are secure enough to protect their cybersecurity workloads.

We have sold these solutions to academic clients like universities. They appreciated the ease of use and the signature base.

The most valuable feature is the ease of use and the signature base.

As a service, Barracuda needs to host in Saudi Arabia, as they currently don't have this functionality. They need to enhance technical support to allow hosting within the region.

I have been working with Barracuda Web Application Firewall for a couple of years across different companies.

Barracuda Web Application Firewall is stable. We have had no issues, and there haven't been any specific comments about this.

I rate the scalability of Barracuda seven and a half due to some complexities and the inability to host as a service in Saudi Arabia.

I would compare Barracuda Web Application Firewall to Fortinet or Palo Alto.

The initial setup is simple. However, clients often require help as they may be more familiar with another OEM.

Clients require help as they might not have the core competency to implement the Barracuda technology.

The pricing is slightly expensive when compared to other OEMs.

I can 100% recommend Barracuda Web Application Firewall to other users.

I'd rate the solution eight out of ten.

Our customers use it to enhance the security parameters of their web applications. Web Application Firewalls serve this exact purpose.

One of the strongest points is its robust issue discovery capabilities. Barracuda invests significant efforts in identifying and resolving issues. They have multiple products that work in tandem to perform these checks, which is beneficial because it automates security updates. This is the primary reason I recommend it to my customers.

One of Barracuda's limitations is its user interface. The GUI for configuration is not intuitive and has remained largely unchanged for the past 10 to 12 years. This is something I've discussed with Barracuda representatives here in Italy as well. It needs more modernization.

I have been working with this solution for 15 years.

I would rate the stability a nine out of ten. The solution has been fairly stable. Normally, there is a built-in kernel and an application. Some modules may crash, for example, the graphical user interface. But in another way, the engine continues to work fine. So from my point of view, the stability is very high.

I would rate the scalability of the solution an eight out of ten. 

We have around six to seven customers using this solution. 

The Barracuda support depends. Sometimes, they solve the issue promptly, but normally, they are not so fast and are not entirely focused on the problem. For example, sometimes I write many requests on the tickets, asking for one, two, three, or four steps and asking for one to three resolutions. Often, they respond with only one or two. So, I need to push again and again.

In other cases, I ask questions and get positive feedback immediately, depending on who the technician is. Barracuda has engineers in the USA, UK, and other countries, so it depends on the technician's location and expertise. So, I am not completely satisfied, but sometimes it is okay, and sometimes it is not okay.

So, depending on the region and depending on the person who actually receives these tickets, the technical support could be more knowledgeable. So they may need some training or education for the entire staff to respond immediately without any delays.

Often, it happens that they respond because they need to, not because they understand the technology I'm using. So they respond just because it's required by the service level agreement, which specifies a response time within four hours. But this is just a response, not a resolution of the case. Sometimes, the response is within the agreed time, but the solution takes much longer.

Neutral

I have customers using it in both on-premises and cloud environments. The deployment is  a straightforward procedure.

I act as a deployer, configuring the solution based on our customers' needs, whether they are big or small companies and whether they prefer on-premises or cloud deployment.

The deployment takes a couple of days. This application requires precise configuration to protect specific parts of a company's web application. Therefore, it typically takes me two or three days to deploy and fine-tune the solution before it's up and running.

We also handle the maintenance of the solution. We are a team of five technicians who work with the help desk. We do the first contact for the Italian customers. They call me, asking me, and then I escalate it to the Barracuda IT support in case.

The customers are using it and see an ROI. The biggest benefit is the increased security in the internal environment. It automatically enhances their security posture for the applications that should be protected by the WAF.

In Italy, we have a majority of small companies, around 95%. These are companies with 20 employees or fewer. The remaining 5% are what UK and USA define as medium companies, which can have up to 2,000 employees. For large companies and enterprise level, the pricing is right.

For small companies, the price is very expensive because the WAF is an enterprise-level application, not intended for smaller businesses. In my opinion, the price is right for enterprise-level use.

In Italy, the market is different; most companies are small, and the few larger companies with an enterprise approach tend to buy directly from companies like HP, F5, or others rather than through an engineering company like mine.

I've worked with many other vendors. Currently, we also use WatchGuard firewall and systems for protection. But I've also worked with vendors from various regions. For the WAF (Web Application Firewall).

In general, I would rate this solution an eight out of ten. It is not a ten because it works well, but there is room for optimization in a few areas. These include the kind of support, the graphical user interface, and the speed of the graphical interface. A better product that achieves these goals exists. In my 40 years of activity, I've never found a perfect one because all applications grow and change over time, and a new version is always an improvement in IT. So these are the reasons why there are two or three points that could be better optimized by Barracuda. The graphical interface, its speed, and the immediate support in case of issues. These aspects limit my evaluation.

My company uses the tool for HTTP protection and the protection of HTTP for a particular application that is exposed to the internet. The product offers both the deployment models, which include the cloud and Barracuda WAF-as-a-Service.

There are some vulnerabilities that are reported across the tools offered by Barracuda for some devices, which need to be taken care of from an improvement perspective.

I have experience with Barracuda Web Application Firewall. I am a system integrator, and my company takes care of the deployment process for our customers.

The stability of the product is good. Stability-wise, I rate the solution a ten out of ten. I have never seen any downtime while using the solution.

It is a scalable product. In my company, we have been able to scale up from level one to level five using Barracuda Web Application Firewall.

My company deals with five or six customers of the product. One customer of my company who uses the product may have around 1,000 users in their environment.

The technical support offered by Barracuda is marvelous. When it comes to the technical support of the product, areas like responsiveness, resolutions, and reachability are unmatchable with any of the other products in the market.

The product's initial setup phase was very straightforward and easy.

The product's deployment process was pretty simple since you just select the instance, after which it can be deployed in ten minutes.

Barracuda Web Application Firewall is deployed on the cloud.

With all the prerequisites in place, one application can be deployed or onboarded in an hour.

In my opinion, the product is fairly priced. There is a need to make payments towards the licensing cause of the product on the basis of per application a user uses. Depending on the requirements, a user can make payments on a yearly, two-year, or three-year basis.

The solution has successfully helped meet the compliance requirement, considering the HTTP protection that the product offers along with the DDoS feature, making it a pretty good tool. The tool also offers protection against the OWASP Top 10 attacks, a default feature available in the product.

In terms of the effectiveness of the solution offered in our company, I would say that we are able to see the logs and get alerts. The actual effectiveness of the solution can only be witnessed when a company gets attacked, and to date, my company has never experienced such a scenario. I would say that the solution is working effectively.

The product is pretty straightforward when it comes to areas like configuration management and monitoring.

The policy management is very easy in the product.

If you have applications in the cloud, like AWS, then Barracuda Web Application Firewall-as-a-Service or Barracuda Web Application Firewall deployed on the cloud can be a good option.

The product has had no impact on the user experience front. Barracuda asks for the captures of DDoS attacks and asks the users about their challenges.

I rate the overall tool a seven to eight out of ten.

Barracuda Web Application Firewall is an easy-to-use WAF.

I have issues with the load balancing of the solution which is slow. The connection pooling in Barracuda also doesn't work. There is an issue when someone needs access to a site quickly. The issue is with HTTPS services. I am not sure if they have changed all these in the solution’s latest version.

I have been using the solution for six years

I would rate an eight out of ten for the stability of the solution. The solution is stable but the load balancing issue makes it difficult to handle the jump in traffic. Some of the parameter values just hang in Barracuda WAF.

The solution is scalable.

I have contacted the support and they are very supportive and quick.

Positive

I have used F5 and find it to be more stable.

The initial setup is not a big task and is easy. You need to have the IP addresses and other required aspects after which you can configure the solution. The general configuration without any instability issues takes about 30-45 minutes which includes any type of scaling as well.

I would rate the solution a nine out of ten. I use both Barracuda WAF and F5 but Barracuda is easy to use. F5 offers more control at another level. You can control your ship like a user. In Barracuda WAF, you can add or modify anything only with the help of support.

Most of the features in Barracuda WAF are available in GUI mode. In the second version of F5, you can write iRules and apply them easily on the device. If you need something in the parameter level, you need to scan and then enable and disable the metacharacter for that particular parameter. There are some profilings available in Barracuda but they are not like F5. F5 has more general and applicable heuristics than Barracuda.

However, there are good things about Barracuda too. If an attack is coming continuously, you can ask the device to block it temporarily for two to three minutes. F5 has not provided us with an option to block certain IPs for some time. Barracuda can help you block someone if the source is from a different IP. You can apply the rule to the device and block it for whatsoever time you want. The solution will unblock the IP after the prescribed time as well. This feature is not available in F5.

F5 handles the implementation of single parameters and environmental parameters for financial applications easily. The profiling aspect is slower in Barracuda.

Barracuda is easy for new people since everything that you need to implement the solution is available through the UI. You need little guidance for the solution. Anyone with knowledge of the HTTP header and signatures can use it very easily. It is more like Cisco in networking.

I use the solution in my company to protect our website.

The solution's most valuable feature is that it actually protects our website, and it provides all the required security functions.

When we have multiple applications in Barracuda, everything is not managed in a single place. For example, Suppose I have four applications and want to make a common change across them. In the aforementioned case, it is not supported at the moment, and I have to go to individual applications and make changes.

Suppose I have four applications in the product and want to make similar changes in all of them together. In the aforementioned case, it is not possible to do anything with Barracuda Web Application Firewall.

I have to go to an individual obligation, make changes, and come out, and go to the next obligation and make the same changes. There is no grouping option.

I have been using Barracuda Web Application Firewall for six months. I am an end-user of the tool.

It is a mostly stable tool. I rate the stability as a nine out of ten.

I rate the scalability as an eight out of ten.

The number of users depends on the public who are accessing our website. It all depends on the popularity, so I can't say the number here. Let us say that there are probably thousands of users.

The solution's technical support is good. There is a delay in the response time when it comes to the support part. I rate the technical support a seven out of ten.

Neutral

The product's initial setup phase is easy, but one needs some background knowledge. In terms of security products, one needs some background knowledge of the security practices. Nobody cannot configure the tool. Some certifications and technical knowledge is required to use the tool.

Depending on the person's knowledge of security, I can rate the setup phase as an eight on a one to ten scale, where ten means it is a very easy process.

The solution is deployed on the hybrid cloud.

The time required to deploy the solution depends on how many servers you want to set up in the hybrid environment. There are different components underneath it. There is no common time frame for the deployment. It all varies on a case-to-case basis, depending on how many deployments you are running in a hybrid environment and what services are offered to the user in the hybrid environment. We can't tell you the specific time for the deployment.

Cost is a bit on the higher side. Big companies can afford it.

The product offers protection against web exploitation. With code injection and SQL injection, everything is covered in the tool.

My company has around four applications on Barracuda Web Application Firewall. Everything has been working smoothly with the tool.

Speaking about AI-driven security measures, I would say that the solution has its own in-built machine learning techniques, so we are not using any other solution or AI solution, as it is all integrated with Barracuda Web Application Firewall itself.

Though it is a costly tool, it is a good product that is stable, secure and offers good protection.

I rate the tool an eight out of ten.