Barracuda Web Application Firewall’s most valuable features are real-time threat detection and automatic security updates.
IT Project Manager at Brilliant telecommunications
Has good technical support services, but the functionality is complicated to understand
Pros and Cons
- "It significantly improved our overall web security posture, addressing intrusions and enhancing control over web URLs in our environment."
- "The platform's pricing needs improvement."
What is most valuable?
What needs improvement?
The platform's pricing needs improvement.
How are customer service and support?
The technical support services are good.
How would you rate customer service and support?
Neutral
Buyer's Guide
Barracuda Web Application Firewall
November 2024
Learn what your peers think about Barracuda Web Application Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
Which solution did I use previously and why did I switch?
I have used Fortinet before. It has efficient AI capabilities compared to Barracuda.
What was our ROI?
The product has generated around 10% of return on investment.
What's my experience with pricing, setup cost, and licensing?
The product is expensive. It is overpriced.
What other advice do I have?
The product works effectively. However, it is complicated to understand and requires essential knowledge. It significantly improved our overall web security posture, addressing intrusions and enhancing control over web URLs in our environment. We can identify and block malicious URLs. With proper training, it is easy to manage templates and policies for this tool. They provide comprehensive documentation and training courses available for free on their website. It has good features for forensic analysis and reporting. It has a user-friendly interface and seamless integration with SQL.
I rate it a seven out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Last updated: Mar 4, 2024
Flag as inappropriateSr IT Manager at a financial services firm with 11-50 employees
Stable product with a simple setup process
Pros and Cons
- "The product has fantastic support services."
- "We encountered a few glitches while implementing API security features into the product."
What is most valuable?
The product has fantastic support services. It provides complex solutions, including block mode and other default protection features.
What needs improvement?
We encountered a few glitches while implementing API security features into the product. Secondly, they could provide transparency for different types of protection parameters available. It will be beneficial if there is some visibility for the same. We faced some downtime issues the last two times due to Barracuda infrastructure. Thus, we are searching for alternate WAF solutions.
For how long have I used the solution?
We have been using Barracuda Web Application Firewall for two years.
What do I think about the stability of the solution?
I rate the platform's stability a ten out of ten.
What do I think about the scalability of the solution?
I rate the product's scalability nine out of ten. It is suitable for enterprise businesses.
How are customer service and support?
The technical support services are fantastic. They share the knowledge transparently. This feature is more exceptional than that of other vendors.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup process is simple. We have deployed the product on the cloud.
What other advice do I have?
I rate Barracuda Web Application Firewall a nine out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Barracuda Web Application Firewall
November 2024
Learn what your peers think about Barracuda Web Application Firewall. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
Network Security and Infrastructure Engineer at a tech services company with 201-500 employees
Good security for layer seven but repeat issues with appliance failures and system crashes
Pros and Cons
- "The solution ensures layer seven is secure from attacks."
- "There are issues when upgrading firewalls and we experience different issues across customers."
What is our primary use case?
Our company uses the solution to provide customers with a proxy service that secures transcriptions as part of a seven-layer process. We currently provide this service to twenty customers.
What is most valuable?
The solution ensures layer seven is secure from attacks.
The scripting is good.
What needs improvement?
Layer four could be more secure like layer seven to prevent HTTP and HTTPS attacks.
There are issues when upgrading firewalls and we experience different issues across customers. The communication metrics, ports, traffic, source, destination, and service must be enabled to upgrade firmware but there is no documentation or article for opening the communication matrix to upgrade smoothly.
STM crashes are a repeat issue and they wipe out appliances. Each time, we have to open a ticket with support and get Apache to fix the issue. It is unclear why appliances have issues or fail and need to be recovered with Apache.
Firmware upgrades cause automatic configuration changes without providing notifications. Configurations such as ports should not be changed automatically because they negatively affect customers. One customer's configuration issue was within the third layer and took seven days to solve. Support mitigation and work describes policies created automatically after upgrading firewalls but we already created and want to retain our own policies.
For how long have I used the solution?
I have been using the solution for two years.
What do I think about the stability of the solution?
The solution is stable but ongoing issues with appliance failures, system crashes, and upgrading firmware affect its smooth operation.
How are customer service and support?
I opened a support ticket for resolving issues when upgrading firewalls. Support could not get to the issue and did not inform me to check traffic on the firewall. It is important to determine what is plugged in when a parameter is trying to communicate outside to download and upgrade firmware to the latest version. The issue was ongoing for three months until I accidently detected it myself.
Tickets are not solved in one day and sometimes I have to close tickets without any solution from support. Only tickets at the second or third escalation level receive support.
How was the initial setup?
The setup is straightforward and installation can be finished in one day.
What about the implementation team?
We implement the solution for customers.
What's my experience with pricing, setup cost, and licensing?
The solution is based on a licensing model and might be $360 for the hybrid version.
Which other solutions did I evaluate?
We have to migrate to another vendor because the solution no longer supports issues with the stack hub.
We are a partner with Barracuda so recommend the application firewall to our customers but we now have thirteen customers who use Azure stack hub and cannot receive support. We communicated this issue with Barracuda's Middle East management and they suggested using a container as a service. We tried this in our lab but had issues with the installation which we finally resolved. We have some concerns about data being exposed because it is in the cloud. Our customers are administrators and will not accept their data being exposed.
We would rather work with Barracuda because we have experience with their application firewalls and that makes it easier to support customers. We will have to go to another vendor and take classes to become experts.
What other advice do I have?
I rate the solution a seven out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Manager, Systems, Information Technology at Icddr, b
It's easy to set up but they should improve their performance, support, and their upgrades
Pros and Cons
- "You don't need help from Barracuda to help with the deployment. The deployment is easy."
- "They could improve their performance, support, and their upgrades. Their updates used to be good. Their improvements were right on the money but nowadays, the updates are minor."
What needs improvement?
They could improve their performance, support, and their upgrades. Their updates used to be good. Their improvements were right on the money but nowadays, the updates are minor.
I don't really like the product. They restricted the number of servers we can protect. They restrict how many servers you can protect based on appliance.
They also don't support additional ATP. Customers also want ATP. They want something extra apart from the basic security package.
Their appliances are very cheap. The quality is not that good. Their appliances should be more robust.
For how long have I used the solution?
I have been using this solution for a year.
What do I think about the stability of the solution?
The backend server capability is low. It's risky to put extra servers behind it because it may or may not protect it. The workload is not that high.
It has worked fine until now. We have some projects that are overloaded. In the next phase, I will remove some servers and add one or two servers from our project team.
What do I think about the scalability of the solution?
I have not tested out the scalability.
The software is running 24/7.
How are customer service and technical support?
I am not satisfied with the support. It used to be better.
How was the initial setup?
You don't need help from Barracuda to help with the deployment. The deployment is easy. We deployed them all by ourselves. It took some research through the manuals and documentation to find the best way to deploy for your infrastructure. The research took two to three days and then it took another two to three days to install it. By 7-8 days we were ready to do a soft launch. We did the rest within a month.
We only needed one team member to deploy it. I worked alongside him so that I could also understand it.
What's my experience with pricing, setup cost, and licensing?
There are costs in addition to the standard licensing.
What other advice do I have?
I would rate it a five out of ten.
My advice would be to explore the market. There are many good players. If a solution is on the higher side, it could be a better investment.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Systems & Security Administrator at a maritime company with 501-1,000 employees
Useful to offer protection to websites
Pros and Cons
- "The solution's most valuable feature is that it actually protects our website, and it provides all the required security functions."
- "I have to go to an individual obligation, make changes, and come out, and go to the next obligation and make the same changes. There is no grouping option."
What is our primary use case?
I use the solution in my company to protect our website.
What is most valuable?
The solution's most valuable feature is that it actually protects our website, and it provides all the required security functions.
What needs improvement?
When we have multiple applications in Barracuda, everything is not managed in a single place. For example, Suppose I have four applications and want to make a common change across them. In the aforementioned case, it is not supported at the moment, and I have to go to individual applications and make changes.
Suppose I have four applications in the product and want to make similar changes in all of them together. In the aforementioned case, it is not possible to do anything with Barracuda Web Application Firewall.
I have to go to an individual obligation, make changes, and come out, and go to the next obligation and make the same changes. There is no grouping option.
For how long have I used the solution?
I have been using Barracuda Web Application Firewall for six months. I am an end-user of the tool.
What do I think about the stability of the solution?
It is a mostly stable tool. I rate the stability as a nine out of ten.
What do I think about the scalability of the solution?
I rate the scalability as an eight out of ten.
The number of users depends on the public who are accessing our website. It all depends on the popularity, so I can't say the number here. Let us say that there are probably thousands of users.
How are customer service and support?
The solution's technical support is good. There is a delay in the response time when it comes to the support part. I rate the technical support a seven out of ten.
How would you rate customer service and support?
Neutral
How was the initial setup?
The product's initial setup phase is easy, but one needs some background knowledge. In terms of security products, one needs some background knowledge of the security practices. Nobody cannot configure the tool. Some certifications and technical knowledge is required to use the tool.
Depending on the person's knowledge of security, I can rate the setup phase as an eight on a one to ten scale, where ten means it is a very easy process.
The solution is deployed on the hybrid cloud.
The time required to deploy the solution depends on how many servers you want to set up in the hybrid environment. There are different components underneath it. There is no common time frame for the deployment. It all varies on a case-to-case basis, depending on how many deployments you are running in a hybrid environment and what services are offered to the user in the hybrid environment. We can't tell you the specific time for the deployment.
What's my experience with pricing, setup cost, and licensing?
Cost is a bit on the higher side. Big companies can afford it.
What other advice do I have?
The product offers protection against web exploitation. With code injection and SQL injection, everything is covered in the tool.
My company has around four applications on Barracuda Web Application Firewall. Everything has been working smoothly with the tool.
Speaking about AI-driven security measures, I would say that the solution has its own in-built machine learning techniques, so we are not using any other solution or AI solution, as it is all integrated with Barracuda Web Application Firewall itself.
Though it is a costly tool, it is a good product that is stable, secure and offers good protection.
I rate the tool an eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Jun 27, 2024
Flag as inappropriateIT Administrator at SPSP
A scalable solution that protects internal applications from cybersecurity threats and provides fantastic technical support
Pros and Cons
- "Parameter Protection is a valuable feature."
- "We get false positives about phishing emails."
What is our primary use case?
We use the solution to protect our internal applications from cybersecurity threats.
What is most valuable?
Parameter Protection is a valuable feature. Most of the features are quite useful. It is a helpful tool. It helped us with penetration testing.
What needs improvement?
We get false positives about phishing emails. The vendor must improve Barracuda Email Security Gateway.
For how long have I used the solution?
I am using the solution currently.
What do I think about the stability of the solution?
The tool is quite stable. I have no issues with it. It depends on the fine-tuning of customized applications based on our requirements.
What do I think about the scalability of the solution?
The solution is scalable.
How are customer service and support?
The technical support is fantastic.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup was easy. However, we needed to do some fine-tuning in the applications. It was not difficult.
What other advice do I have?
Overall, I rate the tool a ten out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CTO at GCET
Fantastic backend support and is easy to deploy
Pros and Cons
- "The stability of the solution is good. I don't think we've experienced bugs, crashes, or glitches."
- "The reporting aspect of the solution needs improvement. I don't find that it's very good. They could do some work on it to make it much better. It's not that the reporting isn't secure. It's just that I would prefer to store my reports for an extended period of time. Right now, that's not possible and I'd prefer it if that could change. I also would say that the reports themselves are expensive."
What is most valuable?
One of the best aspects of the solution is the support provided. Their backend support is fantastic. I've found it's superior to other products, including Cisco. The way the support team treats its customers is great. They really walk you through everything and show you how easy it is to mend issues.
I find the solution to be easy to deploy. You don't need too much technical skill, so you don't need an expert level of understanding.
What needs improvement?
The reporting aspect of the solution needs improvement. I don't find that it's very good. They could do some work on it to make it much better. It's not that the reporting isn't secure. It's just that I would prefer to store my reports for an extended period of time. Right now, that's not possible and I'd prefer it if that could change. I also would say that the reports themselves are expensive.
For how long have I used the solution?
I've been using the solution since 2009. It's been just over ten years now.
What do I think about the stability of the solution?
The stability of the solution is good. I don't think we've experienced bugs, crashes, or glitches.
What do I think about the scalability of the solution?
Scalability with the solution is good. It just requires more licenses, like every other product. If you only apply for the environment, it's scalable with the licenses you have. If you're on the physical appliance, you just have to scale it up by pressing the appliance. It probably won't be just deployed on Azure, because we would need to add more licenses.
We've been adding to our system for a while ago, and we haven't run into any issues with continuing to scale.
How are customer service and technical support?
The technical support offered by Barracuda is excellent. It's one of the greatest selling points of the solution, They are very supportive and help answer any questions we have.
Which solution did I use previously and why did I switch?
I have previous experience using Cisco.
How was the initial setup?
The solution doesn't require a user to be too technical. I would say the initial setup is very straightforward. The deployment is easy. It's not what I would call complex in any way.
What's my experience with pricing, setup cost, and licensing?
Overall, I would say that I'm satisfied with the pricing. It's got a good range of pricing, and the cost matches the quality level you get out of the solution.
What other advice do I have?
I used to be a customer before, however, now I am partners with Barracuda.
We use both on-premises and public cloud deployment models.
Overall, I'd give the solution a nine out of ten. I'd give it full marks, but it does have issues on the reporting side. The reports are a lot more expensive, even more so than the work itself. That's why I did not give it a 10.
That said, I would recommend Barracuda Firewalls to anybody, any day of the week. They're fantastic.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Security Engineer at a tech services company
Gives an understanding of what is happening on your site and any attempts on your source
Pros and Cons
- "It's very simple and predictable, because Barracuda provides a vision of the current state of your application. It gives you an understanding of what is happening on your site and any attempts against you at your source. This is the main value that Web Application Firewall provides our company. These aspects are also the main reason for this documentation process."
- "I think the main area for improvement in this product is learning it, as can be seen when comparing it to the F5 web application firewall. F5 has a very powerful learning phase when you start using your web application firewall against your site. Barracuda has something like this, but not with the same functionality from my point of view."
What is our primary use case?
We use this as public cloud and a virtual appliance based on Azure Cloud.
How has it helped my organization?
It's very simple and predictable because Barracuda provides a vision of the current state of your application. It gives you an understanding of what is happening on your site and any attempts against you at your source. This is the main value that Web Application Firewall provides our company. These aspects are also the main reason for this documentation process.
What is most valuable?
I think the biggest value comes from the ability of Web Application Firewall to perform analysis of attacks that are registered by it, as well as its ability to analyze source code of those attacks and all traffic that is captured by Web Application Firewall.
The basic functionality of the Web Application Firewall is pretty good. Therefore in comparison with CloudFlare, Barracuda has significant powerful instruments for analysis of main traffic of requests that we get on the application. If however, we try to compare Barracuda and F5, F5 is more powerful than Barracuda. In any case, it's very hard to make these comparisons, because one product has more powerful features from one point of view, while the other product is better from another point of view.
I can say that it's good only in comparison with some products. All products have approximately the same functionality, but some products are more powerful in certain aspects.
What needs improvement?
I think the main area for improvement in this product is learning it, as can be seen when comparing it to the F5 web application firewall. F5 has a very powerful learning phase when you start using your web application firewall against your site. The company at this time collects information and parameters about all requests, such as: file downloads, file uploads, authentication, authorization processes, etc. During this period, F5 provides you with the ability to collect most of the necessary information to make a security provision for your web application firewall.
Barracuda has something like this, but not with the same functionality from my point of view. Barracuda is a little bit lower in comparison with other web application firewalls, so the best way to improve Barracuda is to develop and add new features in this area.
A good point for developing this area is to describe some particular use cases. For example, the implementation demands configuration of the application in conjunction with Web Application Firewall to make it available and hosted on the internal web services of Azure. It would be great to have instructions for Barracuda with Azure infrastructure, so we could get a step-by-step manual starting from the creation of the application interface and finishing with the available site including Barracuda. We implemented Barracuda Web Application Firewall and we see who checks the whole process. Each part of this manual relates to a particular service, but it would still help those who implement it to be quicker.
The bottom line is I would like to see an improved learning model to make the creation of the first policy easier and more transparent for an engineer.
For how long have I used the solution?
I've been using Barracuda for two months.
What do I think about the stability of the solution?
If I remember correctly, when applying changes to a policy, the system tries to reward the current system. I didn't check if the site is available, but it seems that certain views could be unavailable during this process. Any changes or configurations submitted demand voiding. This can be a surprise because when you try only to save the configuration but don't commit it, you might think this doesn't take effect. If you don't want to commit this policy exactly at this time the appliance will still start to change it. This might be a quirk of this appliance.
What do I think about the scalability of the solution?
I read that you can scale this system by building redundant schemes and using special appliances to manage certificates, but I didn't try it. Therefore, as a manager I don't know, because I didn't try to make a redundant scheme.
Only a few users at our company implement this, but all visitors to our site are affected by this implementation.
How are customer service and technical support?
I didn't fight with them because all features and implementations that I tried didn't demand any help from technical support.
Which solution did I use previously and why did I switch?
We actually switched to Barracuda because it's cheaper than F5. This might not be the case for others, because there are several solutions that are cloud based. It is a service of a service and in some cases this kind of product would be cheaper than Barracuda. It depends on the implementation scheme and business needs. In some cases, Barracuda is cheaper, in some cases Barracuda is more expensive. In our case it was cheaper.
How was the initial setup?
The initial setup was very easy and straightforward. I don't remember how long deployment took, but it was very quick. If I remember, you just need to assign the address management interface and add additional IP addresses to other interfaces, enable them, etc. After that, your site is available already. It's much easier than F5, for example.
What about the implementation team?
We didn't use a vendor for implementation. I just used standard documentation from their resources and it was enough to roll out this appliance in our infrastructure. It's very easy. I didn't request them, because the documents provided by their site was enough to roll out this product by ourselves without additional help.
What's my experience with pricing, setup cost, and licensing?
Barracuda costs us $8,000 per year. Barracuda costs $20,000 for a full subscription, when you try to protect multi-site infrastructure, in different geographical zones and for different data centers. If you have only one site, Barracuda will be cheaper.
Which other solutions did I evaluate?
We chose Barracuda because in our case it was cheaper.
What other advice do I have?
The biggest lesson I learned is that our site is attacked every day.
I would recommend Barracuda, but this recommendation is based on our particular case. For some cases this solution is good, but for some cases it's not. It's very hard to answer directly because of all the aspects that should be taken into account when you try to answer this question.
I would rate it as eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Barracuda Web Application Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Web Application Firewall (WAF)Popular Comparisons
Prisma Cloud by Palo Alto Networks
Microsoft Azure Application Gateway
Azure Front Door
F5 Advanced WAF
Fortinet FortiWeb
Imperva Web Application Firewall
Radware Alteon
NGINX App Protect
Reblaze - part of Link11
Buyer's Guide
Download our free Barracuda Web Application Firewall Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- Imperva WAF vs. Barracuda: Which One is Better?
- Which is better, Barracuda Web Application Firewall or F5 Advanced WAF?
- Which WAF solution would you recommend to cater to 100 to 125 concurrent sessions?
- What do you recommend for a securing Web Application?
- Fortinet vs Sophos? Help choose a NGFW solution that can replace Microsoft TMG.
- Imperva WAF vs. Barracuda: Which One is Better?
- F5 vs. Imperva WAF?
- When should companies use SSL Inspection?
- NGFW with URL Filtering vs Web Proxy
- How does a WAF help to protect against DDoS attacks?