Barracuda CloudGen WAF for AWS - PAYG

My main use case for Barracuda WAF-as-a-Service is protecting web applications and APIs from modern threats like OWASP Top 10 vulnerabilities, bot attacks, and DDoS, while simplifying compliance and reducing operational overhead.

One of our customer-facing portals was suddenly hit with a wave of suspicious traffic that appeared to be a bot-driven credential stuffing attack, and Barracuda WAF-as-a-Service immediately flagged the abnormal login patterns and blocked the malicious requests without requiring manual intervention. Legitimate users still had access, but the attack traffic was stopped completely, and the incident demonstrated how valuable it is for protecting web applications in real-time.

Another example involves a marketing microsite that suddenly started seeing a spike in traffic from overseas IPs. At first, it appeared to be normal interest, but Barracuda WAF-as-a-Service quickly identified it as a Layer 7 DDoS attempt. The service throttled and blocked the malicious requests, while legitimate visitors still had smooth access, and the protection meant we did not experience downtime during a campaign launch, which was critical for the business.

Some standout features that Barracuda WAF-as-a-Service offers make it a strong choice for protecting modern applications and APIs. The bot mitigation uses machine learning to distinguish between malicious bots and legitimate traffic, stopping credential stuffing and account takeover attempts, and another standout feature is DDoS protection.

In real situations, the bot mitigation has made a noticeable difference because before Barracuda WAF-as-a-Service, we used to see repeated credential stuffing attempts that slipped through and caused account lockouts for legitimate users. After enabling the bot defense, those attacks were automatically blocked, with the system distinguishing between malicious automated traffic and real customers.

Barracuda WAF-as-a-Service has had a very positive impact in my company, and the biggest change we have noticed is fewer disruptions from bot and DDoS attacks, with services staying available even during traffic spikes. It has also reduced the workload for our security teams.

We have seen measurable results since adopting Barracuda WAF-as-a-Service. For example, audit prep time dropped by approximately 30% because compliance reporting is automated. On the operational side, we used to average four or five bot-related incidents per quarter that required manual intervention, but now the number is down to one or even zero in some quarters.

From a governance and security perspective, Barracuda WAF-as-a-Service's AI capabilities have been reliable. For example, it automatically flagged unusual API call patterns that did not align with our access policies, helping us prevent potential misuse. On the security side, the AI-driven anomaly detection has reduced false positives compared to traditional rule-based systems.

In terms of accuracy and reliability, the AI outputs from Barracuda WAF-as-a-Service have been dependable because the system consistently identifies genuine threats like bot-driven login attempts or malformed API calls without flooding us with false positives.

One area for improvement with Barracuda WAF-as-a-Service is the alert tuning because sometimes the system generates too many notifications for minor issues, which can overwhelm the team. More granular control over severity levels would be helpful.

I have been using Barracuda WAF-as-a-Service for around two years.

I would rate Barracuda WAF-as-a-Service an eight out of ten because of the alerts. My overall rating for this product is eight out of ten.

During the last week, I used Barracuda WAF-as-a-Service to protect my web applications when we notified suspicious traffic patterns targeting login forms, as attackers were trying to inject SQL commands to bypass authentication and extract user data.

Barracuda WAF-as-a-Service simplified my day-to-day operations while keeping application risk low. For compliance reporting for different audits or normative requirements, I need logs and reports, and this solution prepared these reports easily and faster.

Barracuda WAF-as-a-Service has turned what used to be reactive firefighting into a proactive defense, and I prefer this technology as a service.

Barracuda WAF-as-a-Service has a positive impact in my organization by strengthening security, improving resilience, and reducing operational overhead. For example, it reduced downtime, as DDoS defense absorbed traffic surges during campaigns, keeping customer-facing apps online without disruption.

With Barracuda WAF-as-a-Service, downtime has dropped to near zero, even during a 300% traffic spike from a seasonal campaign. I reduced between one or two hours of downtime per quarter.

I would rate Barracuda WAF-as-a-Service customer support as a nine on a scale of one to ten.

Regarding Barracuda WAF-as-a-Service's AI capabilities, governance and security are built with governance and security in mind, ensuring that automation is both trustworthy and compliant. Security safeguards exist because anomaly detection and AI monitor traffic patterns and flag suspicious behavior, helping catch credential stuffing and injection attempts early.

Barracuda WAF-as-a-Service's AI capabilities are generally accurate and reliable, especially in detecting OWASP Top 10 threats, bot attacks, and API misuse. Machine learning models continually retrain on the latest threat data, which helps maintain high detection accuracy and reduce false positives.

Barracuda WAF-as-a-Service is an excellent solution in the market. My overall review rating for Barracuda WAF-as-a-Service is eight out of ten.

Barracuda WAF-as-a-Service protects our web applications. When we publish a customer-facing web application on the internet, it helps us block common attacks such as SQL injection, cross-site scripting, and malicious bot traffic. This significantly reduces the risk of application compromise and data exposure. Additionally, the centralized management and detailed reporting make it much easier for our team to monitor security events, troubleshoot issues, and maintain compliance without requiring extensive manual effort.

Barracuda WAF-as-a-Service has become an important part of our overall security workflow because it provides a centralized platform for securing web applications, monitoring traffic, and responding to potential threats in real time. One of the biggest advantages is that it reduces the operational burden on our team because many security controls and updates are managed automatically. Overall, it allows us to focus more on application delivery and business requirements while maintaining a strong security posture for our web-facing services.

The best features of Barracuda WAF-as-a-Service include its comprehensive web application protection, ease of deployment, and centralized management. I particularly appreciate its ability to automatically detect and block common web attacks such as SQL injection, XSS, and bot-based threats without requiring manual intervention. The cloud-based service model also reduces infrastructure management overhead and ensures that security updates are applied quickly. Overall, the combination of strong security, ease of use, and operational efficiency is what I value most about the solution.

Barracuda WAF-as-a-Service is a strong solution overall, but if I could suggest improvements, I would want to see more advanced reporting and analytics, deeper integration with third-party security tools, and additional policy optimization recommendations. These enhancements would make day-to-day management and threat analysis even more efficient.

The solution works well overall, but I would want to see a more intuitive interface for advanced configuration, richer reporting and analytics, faster resolution for complex support cases, and more automated recommendations for policy optimization. These enhancements would improve both usability and operational efficiency. I would also appreciate easier troubleshooting, more customizable dashboards, and additional automation for policy tuning.

I have one year of experience using Barracuda WAF-as-a-Service.

Barracuda WAF-as-a-Service has been stable in our experience, and we have not faced any major downtime or service-impacting issues. Most of the challenges we have encountered were related to policy tuning or configuration rather than platform stability. Overall, it has been a reliable solution.

We have had a good experience with the scalability of Barracuda WAF-as-a-Service. As our needs have grown and we have added more applications, it has handled this expansion without creating extra management overhead. We have not run into any major scalability concerns, and the platform has kept up with our requirements.

We have reached out to customer support for Barracuda WAF-as-a-Service a few times, mostly for configuration and troubleshooting questions, and the overall experience has been positive. The engineers were helpful and knowledgeable, and we were able to get the guidance we needed. Some complex issues take longer to resolve, but overall, we have been satisfied with the support.

I am not personally aware of a dedicated WAF solution being used before Barracuda WAF-as-a-Service. By the time I became involved with the environment, Barracuda was already in place, but based on my experience, it has provided the visibility and protection needed for our web applications.

The zero-touch deployment experience with Barracuda WAF-as-a-Service was very helpful for our team because it reduces the amount of manual configuration required during implementation. We were able to onboard and protect applications quickly without spending significant time on complex setup procedures. Centralized management has also been very beneficial in our day-to-day operations because instead of managing security policy across multiple devices or locations, we can monitor application traffic, review security events, and update policies from a single dashboard. The centralized logging and reporting features are especially useful for troubleshooting and auditing, saving our team a considerable amount of time while maintaining strong application security.

We do not have exact ROI numbers for Barracuda WAF-as-a-Service, but we have definitely saved time on day-to-day security management and threat monitoring. The platform automates a lot of tasks that would otherwise require manual effort. For us, the biggest value comes from improved security and the reduced workload on the team, which makes the investment feel justified.

Our experience with pricing and licensing for Barracuda WAF-as-a-Service has been good overall. The setup was straightforward, and the cloud-based model reduces infrastructure and maintenance costs. While it may not be the cheapest solution available, we believe the security, ease of management, and operational benefits provide good value for the investment.

I am not completely certain if our organization evaluated other options before choosing Barracuda WAF-as-a-Service, so I do not want to speculate. I was not directly involved in the vendor selection process, and Barracuda was already the chosen solution when I started working with it.

My advice to others looking into using Barracuda WAF-as-a-Service would be to understand your application requirements, spend time tuning policies during the initial deployment, and make full use of the monitoring and reporting features. If you are looking for a cloud-based WAF that is easy to manage and provides strong web application protection, Barracuda WAF-as-a-Service is a solid option.

Barracuda takes governance and security seriously regarding Barracuda WAF-as-a-Service. The platform provides strong security controls, visibility into application traffic, and helps enforce security policies consistently. While I have not specifically evaluated all of its AI capabilities in depth, the overall approach appears focused on security control and risk reduction.

In our experience with Barracuda WAF-as-a-Service, the accuracy of its AI capabilities has been quite good. Most of the alerts and threat detections have been relevant, and we have seen the platform effectively identify and block suspicious traffic before it reaches our applications. Any security solution can occasionally have false positives, but overall, we have found the detection to be reliable and useful.

While we do not track every metric formally, we have observed several measurable improvements since implementing Barracuda WAF-as-a-Service. The number of web application security alerts requiring manual investigation has decreased because many common threats are automatically detected and blocked by the WAF. This has reduced the time our team spends on routine security monitoring and incident response. We have seen a noticeable reduction in manual security monitoring effort and fewer security incidents affecting our application. Centralized management and automated protection have saved time for our team while improving visibility, and reporting have supported compliance and security audits more effectively.

Overall, Barracuda WAF-as-a-Service has been a solid experience, as the platform has done a good job of protecting our application while remaining easy to manage. There are a few areas that could be improved, but overall, we have been satisfied with the solution and the value it provides. I would rate this product an 8 out of 10.

My main use case for Barracuda WAF-as-a-Service is that its main services are the most secure and predictable when we configure any applications behind the WAF. Barracuda WAF-as-a-Service is a Web Application Firewall where we can put the applications securely behind the applications without any disturbance of the HTTP and HTTPS products or services.

A quick specific example of how I use Barracuda WAF-as-a-Service in my daily workflow is that we are migrating from on-premises services to the cloud side with Barracuda WAF-as-a-Service. Daily, I integrate many applications that are in the live production environment, and from that, I can configure many security policies and ASM security policies. Many of the things I configure on a daily basis are based on fine-tuning. Apart from the integrations, we are doing fine-tuning, URL whitelisting, bypassing, and masking the data.

Barracuda WAF-as-a-Service has impacted my organization positively by providing a much higher quality experience, where we can easily trust it.

Regarding specific outcomes or metrics that show how Barracuda WAF-as-a-Service has helped my organization, everything is good. I need to add one more point where on a daily basis or on the quarterly outcome, we have to know about more security alerts from the Barracuda technical support, where we can be hassle-free from firmware or any security breach levels.

The best features Barracuda WAF-as-a-Service offers are, first of all, that it is a SaaS service, and the second thing is that it has more security and more availability scenarios where we can perform any of the things technically and strategically.

Regarding the high availability feature, in our environment, we are using active-active availability. If any of the applications are onboarding on the cloud WAF, then we have it configured on both application appliances. We are using the active-active appliance high availability where we can flow the traffic on both firewalls, and it is easier for us to maintain and secure the traffic without hesitation.

There are many application features where we can be useful in the daily scenario, such as using the iRest control, iMapping control, and application control where we can configure easily with the help of the application teams.

Barracuda WAF-as-a-Service can be improved by adding much more security features on a daily basis. As with other WAFs, we see that many of the appliances are doing many hardening assessments or something like that. That would be improved by Barracuda WAF-as-a-Service, where we can get that support from the assessment.

If there are any assessment modules coming into the feature of Barracuda WAF-as-a-Service, that would be helpful for us on a daily, weekly, monthly, or quarterly basis, allowing us to do the assessment.

Regarding Barracuda WAF-as-a-Service's AI capabilities, I think its governance and security is fine; it is a good initiative because most WAFs or other firewalls provide AI capability, thus presenting a good approach.

Regarding Barracuda WAF-as-a-Service's AI capabilities, its accuracy and reliability of output is a good approach. If we can get the AI capability in Barracuda WAF-as-a-Service, and although I am not very much experienced in AI, that would be the more preferable way where we can get those things instantly.

I have been using Barracuda WAF-as-a-Service for more than five years.

Barracuda WAF-as-a-Service is stable, and I can say that it is 100% stable.

Barracuda WAF-as-a-Service's scalability is pretty much 100% availability.

Customer support with Barracuda WAF-as-a-Service is also immediate; I get support either from the console access, a call, or from a meeting.

I previously used a different solution, specifically F5 WAF and their hardware, which were on-site, on-premises solutions. I am now moving to Barracuda WAF-as-a-Service because the main thing driving this decision is the cost-cutting of the product, as we are not using a physical device; it will be purely based on the cloud. The second thing is for security reasons, as most organizations have moved to SaaS services, which is the best way to approach the cloud. I have the most experience and am very happy with Barracuda WAF-as-a-Service.

I have seen a return on investment with Barracuda WAF-as-a-Service, as it makes it easy for employees to save time and money; it is a most trustable thing.

My experience with pricing, setup cost, and licensing involves doing BYOD. Based on the requirement, we are just opening the shield or the VM, and during working hours, we are using those things. For non-business hours, for applications not used during those hours, we are shutting down those things. That is the main fundamental we are using in our environment, allowing us to cut costs regarding pricing, setup costs, and licensing.

Before choosing Barracuda WAF-as-a-Service, I evaluated other options, although I do not have much more experience with other firewalls. I worked hands-on with F5 and Fortinet, but now I am moving to Barracuda WAF-as-a-Service, which provides solutions and security, and I can immediately receive support from the Barracuda technical team.

The advice I would give to others looking into using Barracuda WAF-as-a-Service is that it has the most secure performance, scalability, time scalability, performance security, and integrated security. It is easily used, handled, and managed, being fully based on the GUI. Most command line interface commands are not a surprise, making it hassle-free to execute. Most of these aspects are preferable for me and for other users who can use it easily without hesitation.

I rate Barracuda WAF-as-a-Service a nine out of ten because, as I said, if any major assessment module can come into the features of Barracuda WAF-as-a-Service, it will be easier for us to do the assessment on a quarterly, daily, or weekly basis. That would be more preferable because other WAFs, like BIG-IP F5, also provide the assessment reports globally, which would be helpful for us to get those things from Barracuda WAF-as-a-Service as well.

I deal with Barracuda WAF-as-a-Service and usually recommend it for private and government companies.

The automatic security updates are excellent. These updates help our customers transition smoothly between interface versions. We started with an old Barracuda interface, implemented everything there, and then moved to the new interface, which is very good and helpful.

Barracuda WAF-as-a-Service's real-time attack detection feature has improved our customers' threat response strategies significantly.

I have found value in the actionable analytics provided. Our customers have seen benefits such as access to a lot of data and the ability to analyze real-time threats through the actionable analytics.

I assess the impact of Barracuda WAF-as-a-Service on compliance efforts regarding security events as good in terms of compliance, although there are a few issues. There is one issue regarding local data storage, as they do not have that capability, and we are storing the data in another foreign country, which is against the law. Data is supposed to be within the South African border.

In my opinion, the main direction for improvement should be around the licensing part, as it should not be quite complex. The price of their licensing model is a bit steep. However, for other features such as web application threat detection and data compliance, they are very good, especially for application trafficking and caching. The pricing and SIEM integration sometimes create challenges, and we need to get professional help with those areas.

For the next release, Barracuda WAF-as-a-Service should include advanced APIs and perhaps AI-driven detections. They can improve the integration with SIEM and SOAR.

I have been working with Barracuda WAF-as-a-Service for quite a few years.

There are competitors to Barracuda WAF-as-a-Service. Depending on a client's requirement, I would recommend it, but there are competitors such as F5 and Cloudflare, and it depends on what the client wants. Sometimes, clients might want a firewall and choose something like Fortinet or Cisco secure firewall.

The price of their licensing model is a bit steep, but for other features such as web application threat detection and data compliance, they are very good, especially for application trafficking and caching. I am happy with it; it is just that the pricing and SIEM integration sometimes create challenges, and we need to get professional help with those areas.

Implementing Barracuda WAF-as-a-Service is quite complex, and you need to have substantial knowledge in this area. I rate Barracuda WAF-as-a-Service an overall score of six.