Sep 23, 2023

Who is Barracuda? Barracuda started in the early 2000s with an appliance to provide email security and filter out SPAM. Recognizing the evolution in both cybersecurity and customer needs, Barracuda began to develop new capabilities as well as acquire complementary companies to deliver technology solutions for application security, cloud backups, firewalls, and more. Barracuda once traded publicly on the NYSE under the ticker symbol CUDA, but as of 2018 has been taken private by Thoma Bravo. The Barracuda SecureEdge SASE Platform Barracuda’s SecureEdge platform integrates security capabilities with SD-WAN control to create a seamless SASE product controlled through a single software controller. As with all SASE solutions, the platform provides secure access to SaaS apps, internal apps, and on-device security that’s agnostic to network infrastructure. Most of the computation, logic, and protection is performed on the device, with the exception of packet inspection and advanced threat protection (ATP), which occurs in the cloud. SASE products require six key capabilities to be considered part of the category. Barracuda delivers most of these capabilities through the SecureEdge cloud-hosted software, but some aspects will be delivered on the device or through SecureEdge site appliances. Centralized control consolidates all security management and operations reporting through cloud-hosted control software. Monitored network status starts at the dashboard and details of operations and security status can be explored as needed; automated software-defined wide area network (SD-WAN) capabilities perform self-healing, application-based routing, and adaptive session balancing based on traffic intelligence. Monitored user activity allows for operations and security to detect anomalous behavior and either enable or block access to resources as needed. Inspected and decrypted traffic blocks malware and malicious URLs through centralized control and filtering based on Barracuda’s cloud-based next generation firewall (NGWF) technology. Controlled access to data and resources is based upon user, device, and permissions through zero trust network access (ZTNA), role-based access control (RBAC), and intent-based network and policy management. Secured cloud-based assets such as applications, websites, and Software-as-a-Service (SaaS) through through SD-WAN connectors, Microsoft Azure Virtual WAN, and SecureEdge virtual appliances. Barracuda’s solution consists of the following components: SecureEdge Access Agent: enroll up to 5 devices with support for Windows, macOS, iOS, Android, and Linux Secure Edge Manager: a consolidated, cloud-hosted management console to configure, monitor, and manage all users, devices, assets, and connections SD-WAN Connector: enables cloud or local servers running Windows (10, 11) or Linux Services (Ubuntu or Fedora desktop, server, or cloud editions) to directly access SecureEdge via agents, SD-WAN, or both Secure Edge Service: Private, SaaS, or Microsoft Azure Virtual WAN SecureEdge Site Devices: physical or virtual appliances that enable SD-WAN as well as local firewall, IPS, NGFW, and on-board threat protection SecureEdge Secure Connector: connects devices such as the internet of things (IoT), operations technology (OT), industrial control systems (ICS), and other connected devices that cannot use agents Pricing & Delivery Barracuda provides some of the best transparency into the components and licensing in the SASE market. While it does not publish explicit pricing, buyers can obtain a free quote by filling out Barracuda’s SASE Solution Build and Price questionnaire. Pricing for SecureEdge components is estimated to be: SecureEdge Access Agent: $15 to $20 per user Secure Edge Service: Private: Included via SecureEdge Site Devices with valid Energize Edge subscriptions Managed SaaS: provisioned in 50 Mb increments up to 1 Gb and estimated to cost under $300 / 50 Mbit / month Microsoft Azure Virtual WAN: delivered through the Microsoft Marketplace and priced between $0.067 and $4.66 per hour depending upon WAN bandwidth The SecureEdge Manager and SD-WAN Connectors are included in the price of other subscriptions. Barracuda also offers a free trial to set up and test SecureEdge for 30 days. SecureEdge Appliances SecureEdge Site Device and Secure Connector appliances are available as both physical and virtual appliances with an array of capabilities. Energize Updates are required for all appliances and are purchased as a monthly or annual subscription. Instant replacements, warranty extensions, and external power supply options are also available for physical appliances. SecureEdge Virtual Appliances Barracuda does not publish prices for the virtual appliances, which can be used for both Site Device and Secure Connectors: VT100: supports 50-100 users with up to 300 Mbps performance VT500: supports 150-300 users with up to 700 Mbps performance VT1500: supports 300-1,000 users with up to 1.5 Gbps performance VT3000: supports 1,000-4,000 users with up to 3.8 Gbps performance VT5000: supports 6,000-9,000 users with up to 9.3 Gbps performance Virtual appliances are available as a standard (under $80/month/appliance) or through the Managed SaaS subscription (pricing not publicly available). SecureEdge Site Device Appliances The dedicated Site Device hardware includes a variety of models with different deployment configurations: Desktop devices starts under $800 for 50-100 users with up to 300 Mbps and go up to 1.3 Gbps for 150-300 users (no price available) 1U rack-mounted devices range from $8,500 for 300-1,000 users with up to 3.0 Gbps performance and go up to $51,000 for 6,000-9,000 users with up to 9.3 Gbps performance DIN Rail Compatible SD-WAN-Only devices provide up to 30 Mbps in both standard and rugged configurations (no price available) DIN-Rail Compatible Rugged Devices start under $1,500 for 50-100 users with up to 200 Mbps performance and around $2,500 supports 150-300 users with up to 240 Mbps performance The annual cost of Energize Updates for these appliances is estimated to be roughly the equivalent of the purchase price of the hardware. SecureEdge Secure Connector Appliances Barracuda currently offers Secure Connector physical appliances (also known as firewall connectors) available in configurations based upon the type of network connection supported: Wired connections: $500 – $1,200/unit 3G/4G and, WiFi connections: $1,000 – $1,900/unit Energize Updates for Secure Connector physical appliances are priced between $120 and $130 per year and include basic support. SecureEdge Support For the appliances, the primary source of support will be the required Energize Updates subscriptions. These one, three, and five year subscriptions provide enhanced support for the hardware, firmware maintenance, security updates, and optional participation in early-release firmware updates. For other SecureEdge components, Barracuda offers two levels of support: enhanced and premium. Enhanced support is also included in the price for SaaS solutions and offers 24/7/365 phone, live chat, online portal, and email support. Premium support reduces response time for critical issues from 2 hours to 30 minutes, unlocks higher support specialist tiers, and many other advanced support options such as dedicated Premium Support Managers, root cause analysis, and configuration reviews. Features Full SASE Features: centralized control, monitored user activity, inspected and decrypted traffic, controlled access, secured cloud-based assets, and monitored network status and operations control Advanced and multi-layered security building off of the established CloudGen Firewall technology Advanced threat protection (ATP) using virtual sandboxes to study unknown file behavior Network intrusion detection and prevention systems ( IDPS ) to detect and block attacks and exploits on the network, application, and databases, such as distributed denial of service (DDoS), cross-site scripting (XSS), and SQL injection (SQLi) Full Azure security and visibility replacing security groups, Azure Firewall, and Azure Security Partners Self-healing traffic intelligence that detects the health of uplinks and encrypted tunnels across SD-WAN sites for adaptive optimization to reduce latency and maintain bandwidth Application-based routing based upon protocol, user, location, content, applications, and web content to maintain focus on business and mission-critical applications Broad OS Support for endpoints: Windows, macOS, iOS, Android and Linux Zero Trust Access with role-based access control (RBAC) across users, devices, and assets (cloud, SaaS, or locally hosted) and continuous evaluation for access Optional Microsoft Azure Backbone available for an SD-WAN that does not traverse the internet Pros SaaS, Private, and Azure deployment options Replaces clumsy virtual private network (VPN) connections that contribute to deployment and bandwidth issues Fast and easy self-enrollment of up to five devices Incorporates Barracuda Global Threat Intelligence to leverage Barracuda’s existing global firewall, email security, and other real-time threat information from millions of collection points Zero-touch site deployment for simple, quick installation Cons Newer SASE features don’t yet have an extended track record No private backbone for high-speed SD-WAN connections; customers use public backbone resources or contract with backbone providers Overwhelming alerts and challenging to set up global alerts cited by customers that lacked setup experience Requires an agent for remote endpoints Requires an appliance (physical or virtual) for IoT and SD-WAN connections Not yet global with availability based upon regions and countries No current data loss prevention ( DLP ) features Alternatives to Barracuda SecureEdge Customers attracted to Barracuda’s SecureEdge will likely be more concerned with protecting remote users than full-featured SD-WAN infrastructure or high-speed backbone connections between branch offices. Key competitors buyers should also consider are: Cloudflare One: Provides the best entry-level SASE tier that is free for up to 50 users and offers very easy setup. VMware SASE: Provides outstanding options for remote user security with potential bundles for VMware’s market-leading Workspace ONE virtual desktop instance (VDI) security for remote users and technology-agnostic connectors for third-party solutions. How We Evaluated Barracuda SecureEdge We rated and ranked Barracuda SecureEdge against seven other SASE competitors in our top SASE providers article . That article explains the overall ranking, and here we provide details specific to Barracuda SecureEdge: Overall Rating: 3.81/5 (#4) Monitoring and Managing: 4.9 out of 7 possible criteria Asset Control: 4 out of 4 possible criteria (tie for #1) Implementation and Administration: 3 out of 5 possible criteria Customer Support: 3.32 out of 4 possible criteria (#1) Of the top SASE solutions, Barracuda provides the most detailed information about the licenses required to launch their SASE solution and offers an option to bundle their market-leading email security with their SASE product. Barracuda SecureEdge does not have the simplicity of integration of leading cloud solutions or the SD-WAN options of more established networking giants; however, Barracuda offers a solution solidly in the middle. Bottom Line: Great for Remote User Protection Organizations will be attracted to Barracuda’s SASE solution for its strong integration of market-leading security products that can be unified and controlled through one platform. Barracuda SecureEdge can provide accelerated access and strong integrated security policies to protect against malware and secure access between remote users and their applications. Get the Free Cybersecurity Newsletter Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Email Address By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time. Subscribe