Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

In the wake of Shellshock, NSS Labs confirms Barracuda firewall effectiveness

AvantiKumar | Nov. 20, 2014
Thiban Darmalingam, Regional Manager for Barracuda in Malaysia, said Barracuda WAF blocked 99.97% of attacks and passed all stability and reliability checks.

Thiban Darmalingam, Regional Manager for Barracuda in Malaysia 

Photo - Thiban Darmalingam, Regional Manager for Barracuda in Malaysia.


Cloud and storage security specialist Barracuda Networks' Web Application Firewall (WAF) solution has been validated by NSS Labs in a product analysis test, which effectively blocked 99.97 percent of attacks and passed all stability and reliability tests with a low false positive rate of 0.715.

Thiban Darmalingam, Regional Manager for Barracuda in Malaysia, said: "The tests ranked it [WAF] as among the most powerful web application security solutions available."

"Barracuda has continuously ensured the Barracuda Web Application Firewall, which is available both as a hardware or virtual appliance, is enhanced and updated to ensure that our customers are protected against the latest DDoS and application layer attacks," Darmalingam said.

"Barracuda WAF, which is being used in thousands of applications either in on-premise or in the public cloud, has stopped more than 11 billion attacks since 2008," he said. "The underlying protocol inspection adds a strong layer of security to protect web applications from data breaches and defacement."

Independent testing specialist NSS Labs' chief executive officer, Vikram Phatak, said, "NSS Labs' test reports are designed to address the challenges faced by IT professionals in selecting and managing security products. The Barracuda Web Application Firewall performed well in all testing conducted by NSS Labs, achieving the highest block rate for security effectiveness, and offering good value for the cost."

Phatak said the Barracuda Web Application Firewall 960 v7.8.0.014 was subjected to detailed testing at the NSS facility in Austin, Texas, based on the Web Application Firewall Methodology v6.2 available at the NSS website. This test was conducted free of charge, and NSS has not received any compensation in return for Barracuda's participation.


Barracuda's Darmalingam also added that the recent 'CVE-2014-6271' or better known as 'Shellshock Vulnerability' could create serious risk issues among computing users.

The 'Shellshock Vulnerability' risk was recently discovered on the Bash command shell - which is basically software that allows Linux, Unix and OS X operating system users to issue computing commands. [Microsoft's Windows does not normally run on Bash unless the user runs programs such as Cygwin, Git or remote desktop applications.]

"The Bash command shell has been in use for more than two decades and it is only now that the vulnerability has been discovered. This shows how susceptible older operating systems are to the increasingly prevalent computing threats today," he said, adding that so far, Apache HTTP, OpenSSH, and CUPS are known to be affected.

"The Shellshock vulnerability allows hackers to easily insert malicious code into web servers, modems, desktops or the 'Internet of Things' devices, to carry out attacks and steal data," said Darmalingam. "It is extremely dangerous as many network services pass user supplied inputs to the bash shell. Attackers can manipulate the inputs and execute arbitrary commands via the bash shell."

Barracuda's security team rapidly developed security definitions that were rolled out to all Barracuda customers though our automated Energize Updates from Barracuda Central, he added.

"The Barracuda Web Application Firewall (WAF) provides customers with protection from this attack against the servers behind it, even while their instances of bash remain unpatched," said Darmalingam.

"As hackers continue to manipulate this vulnerability, we urge our customers to ensure your attack definition updates are turned on as well as your OS level auditing as such attacks are hard to detect without logs or trails," he said.


Sign up for Computerworld eNewsletters.