How much does web application security cost (using Barracuda WAF-as-a-Service as an example)

    So, in choosing WAF software, a device or cloud services, you can be guided by product characteristics, ease of deployment, manufacturer ratings, quality of technical support, examples of implementations in other companies similar to yours, and customer reviews using WAF in practice. We tried to reveal this topic in our last post. Hackers are worse than painting, or how to protect web applications .

    But also an important factor when choosing an information security product, of course, is the price.

    The budget for information security, on the one hand, should correspond to the needs and capabilities of your organization, and on the other hand, take into account the real picture of the market supply. To set the direction of the search, we created a price calculator that will help you choose the right product model in accordance with the parameters of your company. In all the necessary details, we knew the configuration of the Barracuda Web Application Firewall product . Therefore, on his example, we will tell in more detail about the functions and parameters on which the price of the product depends.

    Before calculating the configuration, you need to choose a deployment model. This can be a hardware or virtual device, a virtual device for a particular service (Amazon Web Services, Microsoft Azure or Google Cloud Platform) or a cloud-based SaaS (for example, Barracuda WAF-as-a-Service ). It all depends on the needs of the organization.

    Hardware and virtual devices

    Typically, hardware devices are more powerful. In the case of Barracuda, hardware devices can protect up to 600 servers, while virtual devices can protect only 300.

    Technical support is necessarily included in each package of the hardware device. Barracuda also offers Instant Replacement service - replacement of damaged equipment on the next business day.

    Virtual devices for services depend on the level of service you use: You

    can order a protection service against DDoS attacks for all virtual and hardware devices. Because WAF monitors access violations for web applications and DDoS protection monitors privacy violations, combining them provides more reliable protection.

    For example, it looks like thisBarracuda WAF hardware device specification for 5-10 servers for 1 year with DDoS prevention service:

    You can try to calculate the cost of devices for your company yourself .


    The advantage of WAF-as-a-service is that it is more flexible: you can choose the exact number of web applications you want to protect and buy a monthly subscription, while the devices have the option to choose only 1, 3 or 5 years. Also, the price will depend on the bandwidth for your applications:

    Below is the calculation of the price of the Barracuda WAF-as-a-Service product to protect 25 applications with 50 Mb / s traffic for a period of 1 year of using the service.

    You can create a specification for your company using our Barracuda WAF-as-a-Service auto-configurator .
    We welcome any comments on the topic.

    Also popular now: