Barracuda SecureEdge: Cloud First SASE Solution

Barracuda has recently announced a groundbreaking development in the field of cybersecurity with the introduction of their cloud-native Secure Access Service Edge (SASE) platform. This innovative platform empowers businesses to have complete control over access to their valuable data, regardless of the device, time, or location.

To provide you with a comprehensive understanding of the SASE release, let's delve deeper into the new capabilities it brings and the myriad of ways it will benefit customers. With Barracuda's SASE platform, businesses can now seamlessly manage and secure their data, ensuring that only authorized users can access it. This level of control is crucial in today's digital age, where data breaches and cyber threats are becoming increasingly prevalent.

What makes Barracuda’s approach to SASE unique?

Three noteworthy aspects are highlighted in Barracuda's strategy. Firstly, Barracuda stands out by offering most of the functional prerequisites for a SASE implementation within its product portfolio, an uncommon feat for a single vendor. This isn't a mere amalgamation of disparate components acquired through various means; rather, it's a well-thought-out, cohesive effort the company has been diligently building.

Secondly, as a vendor, Barracuda embraced the shift to public cloud environments more than seven years ago, giving them a substantial advantage in the SASE landscape. With both the essential elements and the expertise in cloud-based and on-premises implementations, they are well-positioned. When molding these components into a SaaS service, Barracuda has chosen to adopt a cloud-native approach.

The third distinctive facet lies in Barracuda's alignment with Gartner's expanded definition of SASE, which encompasses sites, people, and things. While some vendors cover sites and people, Barracuda additionally excels in the realms of industrial security and connectivity. This trifecta of capabilities is quite unusual, and Barracuda's dedication to cloud-based industrial connectivity solutions over several years underscores their unique contributions to the SASE landscape.

What is cloud-native and why does it matter?

Being cloud-native is a crucial aspect of Barracuda's SASE platform, and it makes a significant difference in terms of performance, security, and ease of implementation.

The term "cloud native" denotes the integration of cloud hub components within SASE solutions directly into the public cloud infrastructure, ensuring proximity to data and applications. These hub services leverage the security and connectivity technology stack of the provider but are managed and supported by the cloud service provider. Furthermore, the communication between these cloud-native hubs leverages the cloud's backbone, resulting in a highly performant network.

In contrast, a non-native approach involves creating these hubs outside of the cloud and routing traffic into the cloud infrastructure. Consequently, this approach eliminates the advantages of end-to-end SD-WAN connectivity and comprehensive management across all digital assets. Many other vendors follow a non-native approach, where they maintain a global infrastructure that users connect to, followed by another transition to the public cloud. The drawback here is the absence of an end-to-end solution, leading to suboptimal connectivity.

Barracuda's decision to embed its components directly into the cloud infrastructure, particularly in collaboration with Microsoft, ensures that the cloud provider operates and maintains the hubs. This approach guarantees comprehensive coverage and adherence to service level agreements (SLAs) as the solution is deeply integrated within the public cloud, as opposed to merely sitting atop it.

Barracuda's solutions enable SASE convergence for businesses

The central theme here is convergence, as SASE encompasses a wide array of components, not all of which hold equal importance for organizations. Given that SASE is a continually evolving concept, the focus is on practical SASE, which includes the functional elements that are essential for almost all customers.

At its core, the foundational components revolve around SD-WAN connectivity, facilitating reliable and high-performing access to data from various locations, including cloud and on-site resources. The solution for this is seamlessly deployable through a zero-touch deployment process, initiated via drop shipment. Once activated, it autonomously configures itself, eliminating the need for extensive expert adjustments. This user-friendly approach makes it particularly accessible for small teams and organizations.

Moreover, the same technology stack serves as a robust security framework, enabling comprehensive security inspections at both the on-premises site level and the cloud hub level. The flexibility is in the hands of the user, who can choose when and where to implement this security feature. Importantly, these security enhancements come at no additional cost and provide functionalities such as Firewall-as-a-Service (FWaaS) and Secure Web Gateway-as-a-Service (SWGaaS).

Lastly, the SASE framework addresses the crucial aspect of remote access. It incorporates Single Sign-On (SSO) and Multifactor Authentication (MFA) to ensure secure access to hybrid cloud environments and on-premises networks, with the added benefit of integrated security inspection. This new element is designed to meet the demands of flexible work-from-anywhere scenarios. Leveraging Single Sign-On with Azure Active Directory enables the utilization of conditional access rules, adding another layer of control to facilitate trusted access for organizations.

What are the key new capabilities in this release and how do they benefit customers?

One of the standout features in this release is the ability to fully leverage the CloudGen Firewall's security inspection stack at the hub service level. This capability holds significant importance as it empowers customers to thoroughly inspect and microsegment network traffic within cloud environments and internet breakout traffic originating from both sites and cloud networks. This effectively transforms a hub service into a Firewall-as-a-Service (FWaaS) or Secure Web Gateway-as-a-Service (SWGaaS) construct.

Furthermore, the release introduces Adaptive Forward Error Correction (FEC), a dynamic mechanism for mitigating packet loss in real-time. This enhancement significantly enhances the performance and quality of communication, even with a single Internet Service Provider (ISP). Additionally, the inclusion of TLS 1.3, a more efficient and increasingly popular TLS version, now offers compatibility with man-in-the-middle interception, providing an added layer of security for customers.

Another noteworthy addition is the ability for remote workers to connect back to either the cloud hub or the nearest on-site device, minimizing latency. Customers can also take advantage of Barracuda's Secure Connector appliances with integrated LTE modems, enabling them to connect to the same CloudGen Firewall gateway or hub service that spans an SD-WAN fabric. This integration streamlines deployments for Operational Technology (OT) and Internet of Things (IoT) applications, providing scalable connectivity and out-of-the-box security. The Barracuda Secure Connector can now seamlessly network with the CloudGen Firewall or a cloud hub.

 How does XDR fit into this?

Extended Detection and Response (XDR) stands as a pivotal component within contemporary security architecture. The company offers these crucial capabilities through various Open XDR ecosystem partnerships, including their collaboration with Stellar Cyber. The initial step in the XDR process is detection, where data aggregation and analysis are essential to identifying anomalous activities and promptly responding to them.

Within their SASE (Secure Access Service Edge) implementation, log analytics integrated through these partnerships yield valuable audit trail information. Notably, Azure Sentinel can be harnessed for extended detection capabilities. Furthermore, the company has strategic plans to achieve deeper integration with SKOUT, a managed XDR vendor recently acquired, enhancing their commitment to comprehensive security solutions.

Conclusion

Barracuda is integrating their Zero Trust Network Access (ZTNA) product, Barracuda CloudGen Access, with their cloud secure web gateway product, Barracuda Content Shield. This integration provides businesses with comprehensive endpoint protection connectivity, aligning perfectly with the evolving SASE landscape.

As SASE continues to evolve, Barracuda remains committed to enriching their solutions and providing businesses with the advanced tools they need to navigate the ever-changing cybersecurity landscape. With their cloud-native SASE platform, Barracuda empowers businesses to control access to their data from any device, anytime, anywhere, ensuring maximum security and peace of mind.