Barracuda expands cloud-native SASE platform beyond Azure to protect hybrid cloud deployments

Barracuda is also announcing a series of new integrations with OT vendors around industrial IoT, as well as new capabilities for its Barracuda Cloud Application offering.

Today, at their Barracuda Discover.22 EMEA Partner Conference in Athens Greece, cybersecurity firm Barracuda is making a series of announcements. The company is expanding its cloud-native Secure Access Service Edge [SASE] platform so that it covers the private service edge as well as Microsoft Azure. They also announced scalable connectivity and security support for Industrial Internet-of-Things [IIoT] technology integrations with FireMon, Skybox, TTTech, and Nozomi. They have made Barracuda’s Zero Trust Access solution simpler to deploy. Finally, they have strengthened the Barracuda Cloud Application Protection web application and API security features, added account takeover protection, boosted client-side supply chain attack protection, and implemented a new technology integration with Venafi.

The expansion of the SASE Edge platform to a broader array of hybrid cloud environments came because some customers wanted to move beyond Microsoft Azure.

“What we offered at the beginning of cloud Gen One came with Azure being the main hub,” said Fleming Shi, Barracuda’s CTO. “To use it, you needed an Azure subscription. The nice thing with that initially was that we could plug into one virtual hub to make it native to Azure. However, we identified a lot of our customers who likely don’t have a Azure subscription. We didn’t want it to be a requirement. So now a hub is no longer necessary.”

Barracuda’s SASE platform provided secure connectivity to industrial IoT devices before. Now they have expanded these capabilities’ support for IIoT technology integrations with FireMon, Skybox, TTTech, and Nozomi to further expand the scope of security services. These integrations provide the ability for customers to enable secure data transfer, take advantage of automated incident response, and align with the latest IIoT security standards.

“These technology integrations will help us containerize main workloads,” Shi said. “We also created some integrations to allow the strategic partners to have strategic interactions and be able to interact with our secure connector, making it more portable and more integrated.”

Shi emphasized that at this stage, these relationships are strategic in nature rather than Go-to-Market oriented.

Fleming Shi, Barracuda’s CTO

“At this stage it is strategic and not Go-to-Market focused,” he said. “We want these relationships to be strategic because it is the beginning of our partnerships with them. We just passed the fifth anniversary of the WannaCry anniversary, which was devastating for major manufacturing outfitters, and the right strategic relationships can prevent something similar.”

That is also why this specific IIoT play is focused on manufacturing.

“Some of our biggest customers are in the industrial IoT space,” Shi said. “That’s why it’s so important for us to avoid another WannaCry, by stopping robotic attacks and ransomware. That’s why one of the foundations we built in was SD- WAN, for application awareness in the flow. It can complement proper health checks. We also worked with SCADA to allow critical infrastructure to function and build a proper shield. Because of that we are very good at handling the need for industrial IoT needs.”

Barracuda’s Zero Trust Access solution is now simpler to deploy, leveraging a new virtual deployment with integrated directory connectors.

“When we looked at our solution, we saw that a roadblock was that customers had to install too many things,” Shi said. “Now it is less templated and is easier with RPM and virtual images.”

The other major announcement featured Barracuda Cloud Application Protection’s web application and API security features.

“We are constantly trying to improve our ability to stay on journey with modernizing API security,” Shi indicated.  “GraphQL has a lot of advantages, and is more efficient so we wanted to make sure we have full protection for that. New GraphQL security capabilities include native parsing of requests and enforcement of security checks to protect against GraphQL specific attacks.

Barracuda Cloud Application Protection has also added protection from advanced account takeover and client-side supply chain attacks.

“This is especially important where privileged accounts can be identified by the attack,” Shi indicated.

The new technology integration with Venafi enables the secure, centralized, and automated management of certificates and keys across Barracuda Web Application Firewall. This integration adds security to the managed machine identities, and eliminates the anxiety and risk associated with certificate-related downtime and risks.

“It provides asset tracking, and makes sure that whatever services are available are kept in that space,” Shi noted. “It makes our protection better.

As part of Barracuda Cloud Application Protection updates, Barracuda WAF-as-a-Service now includes new control and visualization capabilities, provides easier configuration management, and enables seamless integration with automation tools.

“The big thing we added to WAF-as-a-Service is a snapshot feature adding import  and export capability,” Shi said. “It makes it easier for admins to go in and out, and easier to differentiate what changes have been made.”