What needs improvement with Barracuda Web Application Firewall?

When we have multiple applications in Barracuda, everything is not managed in a single place. For example, Suppose I have four applications and want to make a common change across them. In the aforementioned case, it is not supported at the moment, and I have to go to individual applications and make changes. Suppose I have four applications in the product and want to make similar changes in all of them together. In the aforementioned case, it is not possible to do anything with Barracuda Web Application Firewall. I have to go to an individual obligation, make changes, and come out, and go to the next obligation and make the same changes. There is no grouping option.

The platform's pricing needs improvement.

There are some vulnerabilities that are reported across the tools offered by Barracuda for some devices, which need to be taken care of from an improvement perspective.

We encountered a few glitches while implementing API security features into the product. Secondly, they could provide transparency for different types of protection parameters available. It will be beneficial if there is some visibility for the same. We faced some downtime issues the last two times due to Barracuda infrastructure. Thus, we are searching for alternate WAF solutions.

Barracuda Web Application Firewall’s scalability needs improvement.

One of Barracuda's limitations is its user interface. The GUI for configuration is not intuitive and has remained largely unchanged for the past 10 to 12 years. This is something I've discussed with Barracuda representatives here in Italy as well. It needs more modernization.

We get false positives about phishing emails. The vendor must improve Barracuda Email Security Gateway.

In the Barracuda Web Application Firewall, there should be more affordable options for WAF as a service. These options should cater to smaller businesses, with a focus on single-size configurations for fewer users and cloud applications. We currently offer WAF as a service for cloud-deployed applications, but the pricing is somewhat on the higher side. To enhance the service, I suggest that they work on improving their pricing strategy. It's crucial to provide competitive pricing in comparison to other competitors in the market.

The policy updates could be improved.

I would like to see a native multi-cloud cover. Right now if I have applications that run both on Amazon and Google, I have to have two distinct licenses and two distinct implementations. But we are multi-cloud, so I do not want to have to deploy policies on essentially two apps that are essentially the same policies. I would prefer to have a multi-cloud console, in other words, one set of policies that apply to multiple implementations.

The Barracuda team just needs to improve their product as per their competitors, like F5 and Imperva. They should improve their features, so they easily compare to the competition. They could always continue to improve their security so that they maintain up-to-date on any current threats.

Ability to store logs for a longer time. Buying the Reporting server escalates costs and places solution above SMMs

An area for improvement in Barracuda Web Application Firewall is attack identification. Other banks identified attacks and tracked logs that the solution wasn't able to identify because of its ready-made rules pre-deployed by the vendor. My organization raised this issue with the technical support team. Another area to improve in Barracuda Web Application Firewall is its service desk. The team resorted to stonewalling because they couldn't accept that a feature was missing in the solution, and it was only after a lot of drilling down that the service desk team accepted that, and would be adding that feature in the future. My organization had to submit a report to the Reserve Bank of India with information on the logs identified and the attacks that happened, and that there was a failure on the part of the Barracuda Web Application Firewall. The Reserve Bank of India conducts a tri-monthly cyber risk audit in all Indian banks. Even smaller banks identified and caught attacks that my organization wasn't able to do, so I was looking into other solutions that competitor banks could be using because Barracuda Web Application Firewall failed to identify some of the attacks.

Barracuda Web Application Firewall's load balancing feature could be improved.

There should be some some simple case settings offered, as well as documentation and video. As most people are aware, the implementation is not easy.

Occasionally, upon installation of the Energize Updates, the plans will go off track, something which necessitates us calling up their support team for another update. The frequency of the release of the updates is also an issue. In the production environment, Firmware cannot be frequently updated. It would be better if their updates would be released annually.

While the UI is good, it can get a little bit complicated. It's not like Next-Gen Firewalls. I need to remember all of the tabs. The sub-tabs should be at the right as they are in the Next-Gen. Mostly, Next-Gen firewalls have everything on the left panel and it will reappear. It would be nice if there was a little more consistency. I only really have one year of experience with the solution. Therefore, it's hard to discuss missing features. I need more time to explore the product first.

I did not go in-depth with the solution just yet. I just reviewed the product for a short time period, and not in-depth. I did not review every function. However, it's difficult to discuss features that may be lacking. That said, I see a huge number of false-positive attacks in Barracuda, as it shows you some hundreds or thousands of attacks per day in cookies. They need to work on the false-positives so that you know when to worry. It's too overwhelming right now with what they are recording.

We've had some blocks of the application and some false positives. Barracuda needs to ensure there are fewer false positives in general. There also needs to be less of a learning curve on the application in general. That might help us eliminate false positives as well. Basically, they need to help new users better learn and understand the solution. I have an issue with the console currently. I cannot access the console from inside the network. When I access the entire network, it kicks me off all the time. I opened a case with technical support. We've checked the firewall the perimeter firewall, and we've tried to fix that problem, however, it's still the problem. I have to access the console from outside all the time to this day.

Sometimes when we put it in action, we have some blogs that appear as false positives. I think that it's improving. Barracuda should minimize false positives. They should make it easier to learn how to use applications.

Its interface can be better. It is not very friendly.

The deployment isn't very user-friendly. There are a lot of up and coming competitors in the space, and there's always new technology coming out. The solution needs to make sure that it keeps up with what's going on in the industry to make sure they don't get left behind. The documentation is lacking. It's not like what you'd get if you were using Juniper or Cisco. They need to expand on it and make it more useful.

The reporting aspect of the solution needs improvement. I don't find that it's very good. They could do some work on it to make it much better. It's not that the reporting isn't secure. It's just that I would prefer to store my reports for an extended period of time. Right now, that's not possible and I'd prefer it if that could change. I also would say that the reports themselves are expensive.

They could improve their performance, support, and their upgrades. Their updates used to be good. Their improvements were right on the money but nowadays, the updates are minor. I don't really like the product. They restricted the number of servers we can protect. They restrict how many servers you can protect based on appliance. They also don't support additional ATP. Customers also want ATP. They want something extra apart from the basic security package. Their appliances are very cheap. The quality is not that good. Their appliances should be more robust.

The incident reporting needs to be improved. The local technical support in Poland is not very reliable.

I think the main area for improvement in this product is learning it, as can be seen when comparing it to the F5 web application firewall. F5 has a very powerful learning phase when you start using your web application firewall against your site. The company at this time collects information and parameters about all requests, such as: file downloads, file uploads, authentication, authorization processes, etc. During this period, F5 provides you with the ability to collect most of the necessary information to make a security provision for your web application firewall. Barracuda has something like this, but not with the same functionality from my point of view. Barracuda is a little bit lower in comparison with other web application firewalls, so the best way to improve Barracuda is to develop and add new features in this area. A good point for developing this area is to describe some particular use cases. For example, the implementation demands configuration of the application in conjunction with Web Application Firewall to make it available and hosted on the internal web services of Azure. It would be great to have instructions for Barracuda with Azure infrastructure, so we could get a step-by-step manual starting from the creation of the application interface and finishing with the available site including Barracuda. We implemented Barracuda Web Application Firewall and we see who checks the whole process. Each part of this manual relates to a particular service, but it would still help those who implement it to be quicker. The bottom line is I would like to see an improved learning model to make the creation of the first policy easier and more transparent for an engineer.

The usability of the interface could be improved. The interface is not easy to use or to configure. A feature that could be very powerful would be the capability to provide the monitoring of the security analogies, and proactive alerts in case of potential issues. The firewall protects and logs, but does not provide you with an analogy on that data.

I would like to see an improved capacity to store logs so that they will be available for a longer time. From my experience, and over time, I have noticed that Barracuda appliances do not store logs for a very long time. What this means is that people have to buy the Barracuda Reporting Server. This is quite expensive, at three or four times the price of the equipment. So, if users have only one or two appliances then it doesn't make sense for them to buy a Reporting Server. If they decide to export those logs from the Barracuda appliance to a SIEM then the format of the report gets lost because Barracuda has custom reports. Where I used to work, our logs would last for about one week. However, where I am now, we do not have logs beyond one day.

The solution could use more reports.