Web applications have become a key part of how businesses of all sizes operate, particularly as more data and apps move to the cloud. But they’re also vulnerable targets.
According to WhiteHat Security’s 2017 Application Security Statistics Report, 75 percent of attacks target applications, and 25 percent attack the network perimeter. But for most companies, security spending doesn’t match up to that reality. The report shows that 90 percent of security investment is in perimeter security, and just 10 percent of security investment is in application security.
In part, this disconnect stems from challenges with traditional application security. Many solutions are too expensive and too complex for SMBs to handle themselves — if they’re even aware that web apps are a vulnerability they should be concerned about. As an MSP, you can help your customers address web app security in a way that improves their security posture and helps you build a stronger relationship and grow your business.
That’s why we’re excited to introduce Barracuda WAF-as-a-Service – MSP. To tell you more about this easy-to-set-up and easy-to-manage web application firewall that’s delivered through the cloud, we spoke with Chris Crellin, senior director of product management at Barracuda MSP.
What is WAF-as-a-Service?
Barracuda WAF-as-a-Service provides comprehensive protection for your customers’ web apps while simplifying setup, management, and reporting for you, the MSP. This web application firewall makes it possible for you to offer your customers the completeness of an on-premises solution with the simplicity of a software-as-a-service solution.
How does it compare to traditional on-premises web application firewalls?
With the simple five-step wizard for WAF-as-a-Service, you can start protecting your customers’ web apps in minutes. You also get complete control over every component — something that’s usually only available through an on-premises or public cloud solution — and you can easily fine-tune unique per-app policies for your customers.
What kinds of attacks does it protect against?
Barracuda WAF-as-a-Service protects against all security risks that are recognized by The Open Web Application Security Project (OWASP), distributed denial of service (DDoS) attacks, zero-day threats, automated and brute-force attacks. Barracuda Vulnerability Remediation Service is a built-in part of WAF-as-a-Service as well. On a schedule you specify, this service scans your customers’ applications for vulnerabilities and then imports the results of those scans into the web application firewall, which will automatically implement appropriate remediations to fix the vulnerabilities.
How will it help MSPs?
This solution makes it easy for you to provide ongoing web application protection to your customers without facing unnecessary complexity for you team in terms of deployment and management or struggling to stay up to date on the most recent threats. That means you can offer more complete protection to your customers and make life easier for you team. Barracuda WAF-as-a-Service complements your other managed security offerings, helping you build multi-layered protection for your customers. Plus, simple monthly per-web-app pricing makes the solution easy for MSPs to price and helps streamline the sales process by avoiding awkward conversations about complicated billing.
How can MSPs start conversations about web application security?
A good starting point is to ask your customers what they’re doing to protect their websites and web applications. Odds are most of them won’t know or won’t be sure. If you get that response, offer to run a scan of their websites and web applications using the Barracuda Vulnerability Manager to identify existing issues. Sharing the scan results with customers will help you prove that there are problems, and then you can start discussing how to address those vulnerabilities, such as adding a web application firewall.