SECURITY STARTS
WITH
ACCESS

Modernize the way you secure access to apps and infrastructure.
CloudGen Access provides conditional and contextual access to corporate applications and data. It strengthens your security posture, and it is easy to deploy and manage.

Modernize the way you secure access to apps and infrastructure.
CloudGen Access provides conditional and contextual access to corporate applications and data. It strengthens your security posture, and it is easy to deploy and manage.

Quick to deploy, easy to manage

The CloudGen Access Zero Trust model establishes unparalleled access control across users and devices without the performance pitfalls of a traditional VPN.

It provides remote, conditional, and contextual access to resources and reduces over-privileged access and associated third-party risks.

With CloudGen Access, employees and partners can access corporate apps and cloud workloads without creating additional attack surfaces.

Ensure business continuity

Securely manage your remote workforce with instant provisioning of company or employee-owned devices and unmanaged contractor endpoints.

Mitigate risk with remote access

Mitigate breach risks with Zero Trust secure access. Deliver continuous verification of user and device identity and trust to reduce attack surface.

Mitigate risk with remote access

Mitigate breach risks with Zero Trust secure access. Deliver continuous verification of user and device identity and trust to reduce attack surface.

Enable remote work productivity

Empower employees with streamlined access, increased security and upgraded performance compared to traditional VPN technology.

"By 2022, 80% of new digital business applications opened up to ecosystem partners will be accessed through Zero Trust Network Access (ZTNA)."

Gartner, 2019

Modern enterprises need more than just another VPN

Let’s face facts. VPNs don’t work in the modern enterprise ecosystem. Distributed users, servers, and devices create challenges that VPNs were not meant to solve. Exposed networks, unmonitored user identities, unknown device security status, and complex switching between VPNs are just the tip of the iceberg. No company can accept the level of risk inherent in VPNs.

CloudGen Access is the modern VPN replacement.
Secure access and empower employees.

Validate that mobile devices trying to access your infrastructure are authorized to do so. 
Ensure that devices meet your baseline security and compliance requirements before granting access. All in real time.

Barracuda CloudGen AccessVPN
Native support for trusted devicesNo native support for trusted devices
Generates and stores device certificate on hardware keystore Relies only on user credentials for infrastructure access
Sends a CSR to Management Console to register device and establish trust Depends on 3rd-party tools like MDM to establish a native version of trusted devices
Validates every access request against current security and compliance policy Requires enrollment to corporate MDM to determine trusted devices
Deploys conditional and contextual trust Static trust architecture
Certificate management is built-in for both device and infrastructure components Certificate management is difficult and requires 3rd-party tools

Know who has access to your network and resources at all times.
Barracuda CloudGen Access segments apps and VMs based on user roles to limit exposure. Delight corporate users with hassle-free access to multiple VPN sites from a single profile.

Barracuda CloudGen AccessVPN
Access resources not the entire network. Direct trusted users to the information they need, whether in a VPC, data center or on-premises without increasing risk VPN clients can act as patient zero on your network, increasing the potential attack surface exponentially. A compromised VPN client, residing on a VLAN with complete network access, can launch attacks on other clients on the same VLAN, ultimately exposing every routable VM/workload
Connect to multiple infrastructure sites without switching access profiles Requires user to switch between VPN configurations to access multi-site environments
Confirm or deny access based on user role and device attributes: RBAC+ABAC. Example: User A in Group B with Device C that complies with policy D can access resource Implements network segmentation, a painful and error-prone approach that requires 3rd party or custom tools. Limits ability to access dynamic, modern resources like Kubernetes workloads

Be confident that no compromised devices are on your network.

Barracuda CloudGen AccessVPN
Continuously monitors device and logs network metadata at the device level (network DVR) Lacks visibility into device security status before starting active VPN session
Enforces policy that requires searching for a comprehensive IOC (indicators of compromise) list in network history before granting access Cannot integrate with a local security agent as part of an access policy
Conducts retrospective search for IOC Provides only single point in time access to device security state. Any change to the device security state is not reflected in the active session.

Detects if the device has ever exchanged information with a phishing site: e.g. mycompany.oktaa.com
Detects if the device has ever generated APT x C&C traffic

Guarantee access to the right resources. Anywhere. Anytime.
Global, remote, nomadic work is here. Let an EU resource travelling in the US access EU resources. Make sure an employee on hotel Wi-Fi in China can get work done.
Role-based access alone cannot support new regulatory compliance requirements. Barracuda CloudGen Access adds a new layer of attribute-based access control to ensure access for traveling employees and partners.

Barracuda CloudGen AccessVPN
Role-based access control enhanced with attribute-based access controlRole-based access control (RBAC) only. Access tokens can be permanent or long-lived, creating additional risk as VPNs do not natively support re-auths and step-up auths
Rich attribute support:

• Permissions: verify user/resource
• Device: type, model, OS, end-of-life
• Jailbreak
• Authentication: configured touch/face ID & passcode
• Wi-Fi SSID and location
Minimal contextual, actionable information about location, network, and device

High quality, high fidelity mobile access.
Barracuda CloudGen Access enhances connectivity quality with a built-in defense and local proxy on a device.

Barracuda CloudGen AccessVPN
Built-in defense for intermittent connectivity Sustained disconnects force application layer timeouts
Consistent session stability unaffected by change in source IP Frustrating, painful experience for users, especially mobile workers such as utility field workers, insurance adjusters, law enforcement

Local proxy on device side and access proxy on infrastructure side can maintain session during dropped connections Time wasted on repetitive VPN reconnects and app reloads, costing organization valuable employee productivity

Web-based attacks such as identity theft, phishing, drive-by downloads, and malvertising are the largest cybersecurity challenges facing corporations today.
Barracuda CloudGen Access protects resources from these threats and delivers real-time alerts.

Barracuda CloudGen AccessVPN
Intercepts and blocks Internet-borne threats on the device with patent-pending technology Requires integration with a costly point solution like Bluecoat, Websense, or Zscaler, to address threats in real-time
Preserves corporate network bandwidth and speed Lacks capability to provide protection from Internet-borne threats due to split-tunnel configuration

Eliminates latency that can negatively impact user experience Adds significant congestion to corporate network; degrades bandwidth utilization

Protects employee privacy, increasing adoption Creates significant latency for users and increases battery consumption
Evaluates security state and posture of trusted devices in real-time. First-of-its-kind continuously updated content-filtering to identify new threats Generates employee privacy concerns that may slow adoption

Network Access Control (NAC) works to secure corporate wired and wireless networks within the organizational perimeter. Today’s enterprises must secure roaming devices and laptops from coffee shops to hotels to co-working spaces.
Barracuda CloudGen Access’s built-in remediation engine lets users fix access and increases awareness of device security.

Barracuda CloudGen AccessVPN
Delivers a built-in policy remediation agent that operates directly on the edge Requires additional point solution to offer any form of NAC functionality
Works everywhere, on the corporate network or on the go
Provides autonomy to users to solve their own access issues. Barracuda CloudGen Access offers a step-by-step guide to fix issues and regain access. For example: If access is denied to Gitlab due to FileVault being disabled, Barracuda CloudGen Access will share the steps to enable disk encryption