Barracuda’s WAAP platform offers increased protection on multiple fronts.

This week, Barracuda announced the expansion of Barracuda Cloud Application Protection, its platform for Web Application and API Protection (WAAP). The new release adds automated API Discovery and GraphQL security capabilities, Account Takeover Protection and enhanced client-side protection. Additionally, the integration of the Barracuda Web Application Firewall and the Venafi Trust Protection Platform adds the ability to continually automate machine identity management for TLS certificates. The latter prevents outages and scale web application firewall usage.

Nitzan Miron, Vice President of Product Management, Application Security at Barracuda, offered his insights on the new version of Cloud Application Protection in a Q&A blog post.

“To start with, Cloud Application Protection is Barracuda’s WAAP platform. The idea behind it is that application security has become really complex, with many disparate solutions and threats that businesses need to be protected from. With Barracuda Cloud Application Protection, we’re trying to make it easy and create one platform that gives you everything you need to protect your applications in an easy-to-use package.”

Enabling ‘continuous compliance’ with security standards

Miron goes on to explain what makes this latest offering so special. “With this release, we’re introducing powerful new capabilities that address complex threats from each of these threat vectors. These new capabilities are also built to be easy to use and enable continuous security and compliance with security standards like the upcoming PCI-DSS“, he says.

“In terms of API Protection, we are introducing API Discovery backed by machine learning (ML) and security for GraphQL-based APIs. For Bot Protection, we are introducing Privileged Account Protection, which uses machine learning to perform risk-based identification of account takeover attacks and new ML models to detect advanced bots. For client-side security, we are providing more automation and visibility into the configurations required to secure applications against website supply chain attacks.”