Barracuda : Automation of Barracuda Web Application Firewall in AWS... (opens in new window)

A few months ago we made it possible IT professionals to automate application security testing by embedding security into the code building process for their Azure deployments. We are thrilled to announce that we have extended this Barracuda Web Application Firewall (WAF) functionality into AWS deployments as well. Move your business toward continuous delivery with continuous security using Barracuda WAF!

Why is this so revolutionary for the cloud?

Agility in developing, deploying, and updating applications is critical in today's fast-moving business environment. Organizations are increasingly adopting infrastructure as code (IaC) to be more agile to business requirements, and are hosting these production-like environments in the cloud for rapid and automated provisioning and tear down.

That same agility must extend to the deployment and configuration of application security solutions. Automating these security processes delivers that agility and makes it easier to pivot rapidly when business needs shift. Unfortunately, traditional firewalls have hindered this agility for several reasons, namely manual testing processes and conventional licensing options. Let's go over some these shortcomings.

From DevOps to DevSecOps

Many processes in the software development lifecycle have already been automated, but some critical functions like security remain largely manual. Standard security testing doesn't always catch vulnerabilities, and responding to a security issue can be a manual and tedious process, with labor costs and downtime involved. Security is often perceived as being behind the times - and more commonly blamed for stalling the pace of development. Teams feel that security is a barrier to continuous deployment because of the manual testing and configuration that prevent automated deployments.

As the Puppet State of DevOps report aptly states:

'All too often, we tack on security testing at the end of the delivery process. This typically means we discover significant problems, that are very expensive and painful to fix once development is complete, which could have been avoided altogether if security experts had worked with delivery teams throughout the delivery process'

This poses a challenge: How to accelerate proven security best practices so that they enhance - rather than impede - the agility of the application development lifecycle while continuing to support optimal security. Baracuda WAF was engineered from the beginning as a cloud-enabled security solution and now further enables IT professionals to adopt of the next iteration in development's evolution, DevSecOps.

Barracuda WAF far exceeds these requirements

Barracuda WAF not only provides optimal application security, it also offers powerful built-in security-automation features and leverages configuration automation solutions as those developed by Puppet. This advanced automation framework allows customers to integrate security directly into the code building process, removing manual testing and configuration and enabling continuous deployment. Developers can now simply incorporate security into their CI/CD chain and include security in the development lifecycle day one.
With Barracuda WAF, application security is automated, repeatable, and consistent, throughout the development lifecycle to help you boost productivity and stay ahead of the competition by accelerating your development cycles. As a result, it can serve as an important element of your strategy to bring security up to agile speed, especially when implemented in public-cloud deployments such as AWS.

A New Way to Buy Security for AWS Deployments

Barracuda now offers metered billing for WAF deployments on AWS, which means that pricing is based on usage, with a firewall instance on each application in the cloud. Traditional appliance-based licensing requires customers to pay for each instance of a web application firewall, regardless of how much traffic is secured. This makes it exceedingly costly to deploy a WAF with every application.

Barracuda WAF metered billing removes licensing friction allowing customers to deploy a WAF on every application much more easily and cost-effectively. Customers benefit from the lack of licenses to manage, and the use of true utility metering for their WAF deployments. Customers can build CI/CD pipelines that include their ISV partner solutions, and charges are based on the total bandwidth consumed across deployed firewalls and standard Amazon Elastic Compute Cloud (EC2) charges per instance. This frictionless licensing also makes it possible for customers to better leverage the benefits of cloud elasticity, without getting stuck with firewall licenses they don't need.

We are offering a 90-day risk-free trial of the Barracuda Web Application Firewall for all deployment options. For AWS deployments especially, please visit the AWS Marketplace for your risk-free trial and learn more about how the Barracuda Web Application Firewall is right tool and strategy for your cloud deployments.

Sanjay is VP, Security Products and Business Strategy, Barracuda. He's a 20 year veteran in technology and has a passion for cutting-edge technology and a desire to innovate at the intersection of technology trends. You can connect with him on LinkedIn here.