Live in the Azure Marketplace: Quickstart – Azure Virtual Data Center with Barracuda CloudGen WAF
Ira Bell: Today we talk with Hatem Naguib, Chief Operating Officer and Senior Vice President at Barracuda, and Jason Rook, Vice President of Market Development at 10th Magnitude. In this discussion, we talk about Barracuda’s accelerated innovation, rapid embrace of public cloud, and growing importance for some of the largest cloud deployments in the world. We’ll also discuss 10th Magnitude’s partnership with Barracuda and how our two firms are working together to help customers make the shift to public cloud quickly but securely.
Ira Bell: I’m Ira Bell, CTO at 10th Magnitude, and with me today I have Hatem Naguib, Chief Operating Officer and Senior Vice President at Barracuda. I also have Jason Rook, VP of Market Development at 10th Magnitude. So gentlemen, welcome to the call. I’m so glad that we can be getting together today. We have great respect for Barracuda at 10th Magnitude and I’m really looking forward to this conversation.
Jason Rook: Thanks for having us, Ira. This should be fun.
Hatem Naguib: Thank you, Ira. It’s a pleasure to be here.
Ira Bell: So Hatem, you’ve had the opportunity to be a part of several leading technology firms throughout your career. Can you tell us a bit about your journey and sort of your role at Barracuda?
Hatem Naguib: Sure, I’d be happy to. So, I’ve been in the business for a while. I started my career almost 30 years ago as a consultant at Accenture, in many ways doing early level work to what 10th Magnitude does today for many companies. So I have had the opportunity to do consulting work in corporate IT. I’ve done several startups and then the last part of my career was at VMware for 10 years where I had the pleasure of watching the virtualization revolution happen within data centers, and then my last role there was as the head of NSX for network virtualization.
Hatem Naguib: I came to Barracuda three years ago. I joined as a Senior Vice President for the security business. Very excited about what Barracuda was doing and transforming. I think from the vantage point that I was at at VMware, I saw the public cloud revolution hit very hard and very quickly, and there were a lot of companies who were struggling with how to position themselves and make that transformation. I wanted it to be part of a company that I felt like was at the leading edge of moving off of the older types of technology to the more digital and public cloud based the architectures, and Barracuda was at the forefront of that.
Hatem Naguib: I joined there in 2016. I spent two years as the head of the security business, running all the security products, and then most recently became the Chief Operating Officer running products, manufacturing, support, and our cloud operations, as we have a very large cloud footprint now that we’ve established over the last five years.
Ira Bell: That’s really incredible. What a great story. I mean, just kind of as you talk through that, all of your exposure to networking, virtualization, security, processes, and products, it just really makes a lot of sense as how you came to lead at Barracuda. Really wonderful.
Ira Bell: So Hatem, I’ve noticed over the past 18 months or so that Barracuda comes up in more and more of our conversations with significantly large enterprises. The conversation seems like it’s, you know, about far more than email. So I was wondering if you could help us to understand the Barracuda portfolio and your vision for your future customers.
Hatem Naguib: Sure. So as you probably know, Barracuda started its legacy really with email. We were early to the email protection space and built a very robust business around providing what originally was spam and virus protection for many of our customers early on, and then over the years grew to being one of the leading companies to provide for mid marketed enterprises a holistic security portfolio to protect from multiple threat vectors.
Hatem Naguib: You know, what we’ve seen over the last few years is that the approach that we’ve taken with our portfolio, which includes, as you know, full email protection, archiving, etc., etc., but also data protection and backup. A firewall portfolio that has a next gen firewall and a web application firewall, and then also, you know, web security capabilities to protect customers on the web front. All of these combined capabilities have been really provided to our customers over the years to, as I said earlier, kind of protect from specific types of threat vectors.
Hatem Naguib: What we found, though, is that some of the critical architectural decisions that we made early on and that the approach that we were taking lent itself very well to the nature of the changes that were occurring for many of our customers, especially enterprises. So because we had built our architecture predominantly as an x86 architecture and that our solutions were designed really for distributed enterprises. So we were not really in the business of building the big bad box in the middle of the data center to stop everything from going in and out, but more around having companies that had multiple different locations and needed to optimize connectivity, and also be able to provide ease of use, ease of deployment, and ease of management for those solutions.
Hatem Naguib: As customers started going through their personal digital transformation and started to expand their networks to include multiple sites, access to public cloud, our products and solutions became very well tuned towards that. As they began to look at using a public cloud for data and for web properties, etc., they looked to our solutions which were deeply integrated into the public cloud fabric from the beginning as very viable solutions to help them solve their critical problems, and so we found over and over again that… Whereas if you looked at Barracuda 10 years ago, you’d say, “Great, this is a great, you know, mid market company.”
Hatem Naguib: We’ve over the last several years, as the customer base migrated more effectively to leverage cloud and distributed architectures, our solutions have become at the forefront of the solutions that they’re looking to leverage, which is where I think you’re seeing many more conversations at the enterprise level. Global financial services, global oil and gas have been using our products and deploying it into Azure and other public cloud services now for the last several years with extreme success.
Ira Bell: Thanks for that, Hatem, that’s really a great story. So Jason, as you think about the vision that Hatem just laid out, where do you see 10th Magnitude participating with and on behalf of our customers?
Jason Rook: Yeah, Ira, that’s a great question. So I think what we see with our Azure customers today parallels much of what Hatem just laid out, in that we see customers that as they make this move to public cloud infrastructure, they want and need kind of a deeper level of threat protection. If you think about our customer base, it’s very broad, right? So we serve a number of different horizontals and verticals, all in the, you know, Fortune 1000ish space, plus a number of software makers as well. So a diverse set of customers that we have, but they all have similar issues around security and similar concerns.
Jason Rook: One of the common themes, though, is that as they move to public cloud infrastructure, they’re looking for proven products that they know have worked in what we might call a legacy sometimes, but in an on-prem world, and our job is to help our customers fill those gaps and then to design and architect and implement and even go as far as support the right architectures and the right solutions. So I think that’s what’s interesting for us is that we have this broad set of customers that all have this need, and Barracuda has the ability to provide our services need for them.
Jason Rook: And we also know the innovation that Barracuda is bringing in the markets. We know that longer term is those customers adopt more and more public cloud infrastructure, we’ve got a great solution set and we can deliver together with Barracuda on top of the Azure platform. So it’s a really good place for us. It aligns well with all of our infrastructure skills. What Barracuda’s doing today aligns well with our Site Reliability Engineering teams, and also dovetails very nicely into what we’re able to do for customers from a long term managed support perspective as well. So I think these two roads that we’re on lining up so well, just great for our customers and for our two firms.
Ira Bell: Jason, I would totally agree with what you said there, and I feel like it really aligns with what our solution architects and engineers at 10th Magnitude are seeing as well in terms of just overall digital transformation. We’re seeing more and more that customers want us to help guide them on the entire flow of data, and so our alignment with Barracuda is becoming a meaningful one. So thank you for that.
Ira Bell: Pivoting over to Hatem, Barracuda web application firewall, we’ll call it WAF from now on so that we don’t stutter, is consistently one of the most used solutions in the Azure Marketplace. Why do you think that is, and what are those customers who choose Barracuda accomplishing?
Hatem Naguib: That’s a great question. So I think one of the things that a lot of customers begin to appreciate when they move critical assets to public cloud, and even if they don’t actually move to public cloud, is the importance of the web application’s specific firewall versus the traditional classic kind of NG firewall.
Hatem Naguib: For many years I think customers thought, “Well I just have a regular firewall, I should be good enough to protect.” But the reality is, the complexity of the applications that sit facing the web, and the ease by which changes to those applications can open up gaps so that people with nefarious intent can actually gain access to back end infrastructure data and so forth through those websites, has exponentially increased over the last several years.
Hatem Naguib: I think you’ve got two levels of challenges that are going on simultaneously. Business wants to move fast. They’re accessing their customers more aggressively through the internet and through interactions that allow for B2B or B2C level of engagement. And so the website becomes the storefront for everything that goes on for a given company.
Hatem Naguib: Changes happen to those websites on a very regular basis. Sometimes multiple times a day. Mistakes can occur when those changes occur. So you’ve got that one side of it, and you’ve got to be able to really optimize security and protection for that. But on the other side, you know, we’ve got a lot of technology being used by hackers and those who are interested in gaining access to that information. Much of it now automated and bot based, so that you know, I’ve got the stories of customers who inadvertently leave ports open for access onto the internet and within seconds tens of thousands of bots have read and opened up that port and are now able to begin the process of extricating information.
Hatem Naguib: So you have to really be able to make sure that the solution that you have kind of manages to those two are a very highly automated and weaponized threat vector and a highly dynamic web storefront type of mechanism for your customers. A web application firewall is the perfect solution for that. Optimized around HTTP and HTTPS traffic, optimized around the types of problems that can occur on websites with cross site scripting and other types of sequel injections attacks, and then add to it that the Barracuda solution really purpose built to be very easy to set up, very easy to deploy and kind of overcoming one of the biggest challenges that web application firewalls have. Which is by and large a lot of customers struggle with keeping a web application firewall optimized. Because the level of changes that are going on tends to create more problems as they keep the web application firewall managed towards the changing either threat vector or environment.
Hatem Naguib: So many of them just leave it on monitor and not on stopping threat vectors. We have really spent a lot of time kind of innovating the ease by which you can automatically detect changes in your infrastructure and then be able to automatically provide updates to that web application firewall. So it’s far easier to manage and to use in your environment, which makes it very attractive for developers to set up their infrastructure, run some APIs against it, and then have a web application firewall automatically be part of their deployment architecture as they send it out, integrating that security as part of their overall DevOps process. And so for our largest customers who’ve been using the WAF, they’ve seen that as kind of a cornerstone of their security architecture because of its ease of use, ease of deployment, and the full featured capabilities that allows them to maintain the security at the highest levels.
Ira Bell: Hatem, I absolutely love that. You know, if you’re not in the business of security, it totally makes sense it to let a company like Barracuda who lives and breathes it every day handle that for you. So Jason, we recently launched the solution offering in the Azure Marketplace with Barracuda. What should our joint customers expect with that offering?
Jason Rook: Yeah Ira, the solution offered in the Azure Marketplace is really all about helping customers to get started not only quickly but correctly. So if you think about marketplaces in general, I think the audience for marketplaces are people that are interested in doing something in public cloud infrastructure self service rather quickly, and with sound products and architecture that’s been proven in some type of a production hardened environment. And so in the Azure Marketplace, there are a large number of those solutions.
Jason Rook: What we bring together with our solution offering, though, is the ability to fill in all the gaps that someone may have. So, I think the Barracuda WAF is really interesting because the product is quite easy to use and quite easy to implement, but there are a lot of questions that need to be answered before it gets to the point where it’s easy, right? Most of those questions aren’t really about Barracuda. There are about Azure and public cloud infrastructure in general.
Jason Rook: So, what we’re doing with our solution offering is we’re bringing a proven set of best practices, scripts, and guidance that have all come out of a large number of deployments that we’ve done for customers, that we’re bringing to table to help the customer with key questions that will then funnel back into the security decisions that they’re going to make. So, things like access, authorization, ingress, egress, data storage, how do I configure the right governance model within Azure? We help the customer to get all of that built very, very rapidly. And then what we do is we plug the Barracuda WAF into that.
Jason Rook: So, not only do we kick the customer to the point where they now they have a solid sound Azure infrastructure, from the minute we turn it on, they don’t have to worry about thousands of bots. Some of those threat vectors that Hatem laid out, right? We’re ready to go. When we fire that solution offering up in the customer’s Azure tenant, they’re entirely protected and they’ve got a sound architecture in a world class WAF offering from Barracuda to protect them. It’s really about getting there quickly, efficiently, and with kind of an architecture and a deployment model that’s been proven.
Ira Bell: That’s really great. Jason, thank you for that. So Hatem, we’ve talked about things like SQL injection attacks and cross scripting attacks and you know, various malicious exploits from a technical perspective. But I was wondering if we could maybe pivot a little bit for our nontechnical listeners and ask you if you could provide a couple of use cases that might help anyone wanting to better understand Barracuda as it applies today?
Hatem Naguib: Sure. Specifically for the WAF, I can give you a couple of use cases and maybe even expand on some other use cases for other Barracuda products. I think what we find is that, you know, in in almost all industries, right? So I’ll give two examples. One, in any retail industry, and we’ve got a lot of retail customers, their primary web interface becomes the mechanism by which customers gain access to ordering products and being able to put credit card information and interacting both from a purchasing perspective, but many times also from a customer service perspective.
Hatem Naguib: Many of the front end systems that you’ve got here are by and large attached to back end infrastructure whereby if you gain access through those front end systems, you’ll be able to actually then go through the environment, and basically through multiple levels of engagement you’ll be able to access very, very difficult and important information, personal information that you as a company don’t want released out to the public. And so a web application firewall becomes the perfect solution to sit in front of that environment doing two primary activities. One, watching all traffic coming in and out to make sure that it’s complying with the security policies that you would like to have. And two, making sure that any nefarious or bad types of traffic that comes in is actually being stopped and ensuring that, you know, bots and any other types of malware and any types of activity that looks suspicious is actually being prevented from gaining access to the back end infrastructure. So that’s a great retail use case.
Hatem Naguib: Same can be said, for example, on healthcare. Many healthcare companies now as they try and do their own digital transformation are providing access to their customers for patient access and patient information and getting updates on what’s going on. So, we’ve had several customers in that space come to us and say, “We’d like to protect that infrastructure with web application firewall capabilities,” so that they can ensure that they’re maintaining their HIPAA compliance, but also make sure that bad actors are not getting access to information which can have value if sold, you know, in the dark web, etc. So those are two, I think, primary use cases where we see that web application firewall being used.
Ira Bell: Thanks for that detail. That was really helpful. So, in terms of other Barracuda products, did you want to go over a use case or two there?
Hatem Naguib: Sure, that’d be great. I think the other primary products from a security perspective that really helped our customers … I would say we get an enormous amount of interest on email protection. And for many people, I think over the last several years it’s become very apparent that as we as individuals have become more digital and more socially engaged in social media and so forth. It’s become a very effective threat vector to leverage email as a mechanism by which to do spear phishing, phishing attacks, and gain access to credentials which then have the same impact as if I had gone through the website through the web application firewall. So, our email portfolio becomes a really important part of a protecting scenario for customers.
Hatem Naguib: I think the third one that comes up a lot from a security perspective is our CloudGen firewall, which is as I mentioned before, really purpose built and designed for customers to be using in distributed enterprises. And so, if you’ve got a large number of offices, or for many of our customers, retail outlets want to be able to have firewalls at every location to protect and make sure that the security that occurs at the data center is the same level of security that can happen at the remote sites.
Hatem Naguib: Well, because we’ve architected the solution very effectively for that type of architecture, it is a fantastic solution for customers who want to then expand that to public cloud and public cloud just becomes another endpoint. Being able to put a firewall out there that manages the connectivity and optimizes the traffic capabilities to what you’re looking for, the CloudGen firewall is perfect for that.
Hatem Naguib: And then add to it, we’ve had a lot more interest in things like IOT, which is again another use case of the distributed scenario whereby customers want to protect manufacturing sites, remote utility capabilities, factories, gas, ATM machines, all using Barracuda and next gen firewalls as a capability that sits at those sites and then being able to optimize the traffic and security policies across those capabilities.
Ira Bell: So, that was a really great outline of how Barracuda is just showing that you’re definitely a leader in this space. Security is definitely a hot topic with all of our customers, and I think over time it’s going to become even more so the case. I was wondering, Hatem, if you would be able to provide our listeners with a glimpse of of Barracuda’s roadmap.
Hatem Naguib: Sure. I’d be happy to. It’s one of the things that I get the pleasure of talking to a lot of customers, and there’s a lot of excitement about kind of where we’re going and where we see specifically the security industry and our roadmap tying very effectively to that.
Hatem Naguib: I would say that over the past several years, the industry has spent a lot of time focusing on what I would call kind of the core prevention capabilities. Which you know, across all of the threat vectors, be that email, firewalls, etc., we’ve built technologies that can basically gate keep and stop bad things from coming in and just make sure the right things go in and out. From our perspective, we’ve built a very large and robust portfolio of capabilities that operate at that level. We have invested a lot over the last several years to improving that prevention capability to be much more detection based.
Hatem Naguib: And so, now that we have, you know, over 150,000 customers at Barracuda processing a billion emails a day and protecting thousands of customers websites, we actually have access to an enormous amount of threat intelligence that we leverage and use in our products to allow us to be able to intelligently determine when something bad is going on and help customers. Especially customers who feel like there’s far too much alerts and information coming in for them to be able to process, to detect the right levels of challenges that are going on and give them that information that they need. So, on the email front, we now do full detection of spear phishing attacks real time and can stop them from coming in. On firewalls, we do in indications of compromise and automatically detect those. On the WAF, we have advanced bot detection to tell when something’s acting like a bot versus being able to just block all of them.
Hatem Naguib: As we move further into the roadmap, our investment profile has now focused much more on being able to now automate and orchestrate a response associated with that. So for many of our customers, they don’t have enough resources. They don’t have enough time in the day and they don’t react fast enough to the levels of attack to be able to get some level of signal and then process a new policy associated with it. So, we have integrated into our product portfolio two key products that are now part of our roadmap and are being released out to allow for our customers to detect and then automate the remediation associated with attacks that come in.
Hatem Naguib: One of the products that we’ve been working with 10th Magnitude on, which we’ve shared, is a product that’s really designed for customers moving to public cloud. So if you’re moving to Azure for example, you’ve started to put assets out on Azure, we will automatically detect which assets you have and then assign based upon the policies that you set the ability to detect whether you’re violating any of those policies. And then remediate immediately with cloud native capabilities or the Barracuda WAF or CloudGen firewalls any security compromises that have occurred, allowing you to have a full life cycle of consistent and clear and automated policy detection and enforcement.
Hatem Naguib: And so this is part of where our roadmap is going. A lot of customers are very excited about that automation and capabilities. I think the industry is moving much more towards that. I know in our conversations with a lot of customers, what they’re looking for is to be able to make sure that they can set certain policies up front and then have the systems intelligently detect and remediate the problems that they’re seeing to avoid ongoing compromise.
Ira Bell: Those are some staggering numbers you mentioned. It’s hard for me to get my mind around the vast amount of the traffic Barracuda protects. So, I have one more question for you. What are two nuggets of information, sort of two key takeaways that every listener should take from this conversation?
Hatem Naguib: Sure. I’d be happy to share that. So, I think the first one is, I think every single customer is having some level of conversation today related to digital transformation. By and large that includes any level of IaaS, PaaS, or SaaS level engagement. So ,software as a service, platform as a service, infrastructure as a service. If that is part of the conversation, cloud being part of that conversation, I think that Barracuda brings a lot to the table to help customers protect their assets in public cloud, optimize the traffic that’s going to public cloud, optimize the applications that are being used by their customers to leverage within their environments. So, if cloud is part of the conversation, Barracuda should be part of that conversation.
Hatem Naguib: I think the second one that would be important is, recognize the human element of what needs to happen for a lot of the customers. I think the transformation that’s occurring in a lot of customers creates a tension from a security perspective that’s important to be able to recognize. I think we’ve got developers now and business units really driving innovation and driving a lot of transformation and change for businesses. But the responsibility and accountability still sits with the security team, and our products and solutions really are purpose built to bridge together those two personalities and capabilities to give customers the ability to move fast, build fast, but build securely. And so those are the second components, that we can provide solutions that have security as a native component of what we deliver to help our customers move at the speed of cloud.
Ira Bell: That’s great info, thanks Hatem. So Jason, Hatem provided some great advice. How would you build upon that given your view of the Market, particularly as it relates to Microsoft and Microsoft Azure?
Jason Rook: So Ira, I think that what we see today mirrors very much what Hatem articulated. I think the two pieces of advice I would give are one, that don’t be myopic about security, right? And what I mean by that is, we have so many customer conversations where the customer is laser focused on one particular component of public cloud infrastructure. It’s, “Hey, I got to get out of my data center,” or, “Hey, I’ve got to cut my feature release time from two months to two weeks,” or, “I’ve got all this data and I need to be able to make decisions based off of that data.” And they’re very myopic about the solution that they’re trying to solve with public cloud infrastructure, which is great. That’s what we come in and help them do. But there’s an underlying theme around all of those.
Jason Rook: I think Hatem laid it out really well when he talked about the number of IOT devices and some of the use cases you walk through, that security is going to be an underlying theme across all of these solutions. You may end up in a position where you’re using the same kind of suite, right? So you’re using Barracuda CloudGen firewall and Barracuda WAF, but you’re using it very differently throughout your varying architecture that you’ve got running in public cloud. So, I think that’s the kind of the first component. Obviously, the answer there is that, hey, 10th Magnitude’s been through this several times and that we’re a great source to help kind of sherpa customers through that, those architecture decisions, and then through the implementation as well.
Jason Rook: The other kind of really piece that I grab onto is the part that Hatem kind of covered in the forward looking innovation piece that he was talking about, around the ability to make decisions and then act on them based on the data you see coming from your security tool set, right? And I think from 10th Magnitude’s perspective, we grew up in a DevOps world, right? We are really, really in the DevOps game. DevOps is a core part of our DNA. It’s how we run our business. It’s how we talk to our customers. But I think the DevOps component of what we do with customers and security and the ability to see things happen, know they happened, and then know what the rightest response is and do that.
Jason Rook: You know, we run around here a lot and say infrastructure is code. That’s how we kind of view the security world going forward. So, I think what our vision of what our customers can do, where their security portfolio across their entire public cloud infrastructure, and then what we can do when we layer automation and intelligence on top of that, I think is right in line with where Barracuda is going. And that’s why I think we’re so excited about this relationship and some of the opportunities that we have together jointly. And you know, Ira, I’d just like to thank you for having us today on the call and I’m happy to come back and do one of these again. It was a lot of fun.
Ira Bell: Well, thanks very much Jason. And Hatem, thank you very much for your time. It’s a pleasure to work with you and for us to partner with Barracuda, and I can’t wait to see what the future holds for our firms and our joint customers.
Hatem Naguib: Thank you very much Ira and Jason. Truly a pleasure sitting and discussing with you. Really, really proud of the relationship we have with 10th Magnitude and the work that we’re doing together, both for our customers and our partnership. So, thank you very much and look forward to continue sucesst with us.
Ira Bell: Thanks for listening to the Art of Digital Disruption. At 10th Magnitude, we’re proud to create the path for organizations to stay competitive and disrupt their industries. To learn more about how you can get started with your Quickstart – Azure Virtual Data Center with Barracuda CloudGen WAF, contact firstname.lastname@example.org today.