By Aaron Morton, Field CTO, DataStax
If you ask Barracuda Networks CTO Fleming Shi about the state of enterprise security today, he’ll tell you it’s really about tomorrow.
“Being secure now is really about the future, and embracing innovation that’s coming from scientists, engineers, and researchers to make sure we’re staying on the journey with our customers,” Shi says.
The cutting-edge protection that Barracuda’s 200,000 customers rely on is a cloud-based threat intelligence network that ingests massive amounts of threat data from millions of global connection points. To help provide businesses with a view of relevant threats and enable them to stave off security issues in real-time around the globe with this kind of data volume, Barracuda is betting on the highly scalable, distributed open source database Apache Cassandra.
From MySQL to NoSQL
Barracuda’s journey to Cassandra started over a decade ago, when the company focused on selling virtual appliances for threat protection. Shi, who joined Barracuda in 2004 as director of engineering, says each machine was connected to a central nervous system for updates on the latest threats and behavior patterns; the underlying database technology was MySQL.
“When I joined Barracuda Networks, we loved using MySQL. It was the glory days of the LAMP stack,” he says. But as Shi and his team started building a cloud-based security service, they needed a data architecture that could support the company’s widening global remit. MySQL’s asynchronous approach to data replication created significant latencies when Barracuda needed to quickly synchronize threat information from one global region to another.
The NoSQL standard database Cassandra, with its distributed capabilities, solved the problem.
“When we detect a particular threat and determine the best response, that response is kept in the database,” he says. “And when it’s needed in another region, with Cassandra we can easily sync over that decision. That level of efficiency, leveraging accelerated operational logic, makes our threat protection solutions more effective with high volumes of data, because we are looking at billions of emails and handling millions of file scans every day.”
Shi points to Barracuda’s Advanced Threat Protection microservice as a good example of how his company takes advantage of Cassandra’s strengths. The service scans files and links for malware at very high speeds, and performs a host of dynamic analytics.
“When you have so much data coming in, you have a very small window to make a response determination. Once you make that determination, you want to make it available to other regions quickly,” he says. “That’s why we use Cassandra.
“It’s the most scalable, available database perfect for fast writes,” Shi adds. “Our database cannot go down. Email would stop. Threat detection would stop. Our business would stop.”
The hunt for multi-region
After Barracuda adopted Cassandra in 2013, Shi realized his team needed to dedicate manpower to update, maintain, and manage the database. He wanted his engineers to spend their time on what they do best, rather than updating Cassandra instances in data centers around the world. Cassandra is the world’s most scalable database, but it still requires expertise, purpose-built tools, and support.
“It became clearer to me, if I want to focus our engineers’ effort on what Barracuda is really good at—protecting customers with the cybersecurity solutions that we’re developing—it’s best to find a way to have someone else manage our Cassandra cluster.”
But the search was a challenge in and of itself. Shi says his team hunted for literally years for a managed Cassandra service provider that could support multi-region deployments. This was a critical capability that would enable Barracuda to reduce latency across its ever-expanding customer base.
When data traffic travels across global regions, it can also travel through several network routers, which slows the data flows. Multi-region databases enable enterprises to replicate data to users’ regions, enabling them to deliver responsive customer experiences—and, in Barracuda’s case, timely protection for its users.
“Imagine having hundreds of thousands of customers running physical appliances, virtual appliances, or SaaS solutions that we offer in their neighborhoods or local network environments,” Shi says. “All those devices and workloads require threat response decisions to be made, which shouldn’t be limited by replication capabilities. Making one decision quickly serviceable to millions of people throughout the overall Barracuda ecosystem is critical to how we protect our customers.”
DataStax’s introduction of its multi-region serverless database-as-a-service built on Cassandra earlier this year was good news to Shi and his team; Barracuda began its migration to DataStax Astra DB in July. The company is now fully in production with its Advanced Threat Detection service on Astra DB, Shi says.
“With the data backend supported by Astra DB, I can easily tell leadership, ‘If we need it, we can have it in minutes. And if we see growth, we will double down, we will expand in minutes’,” Shi says. “As a result, days and weeks of considering software upgrades, making sure the rest of the clusters are running the same version—all those questions go away, because I can entrust DataStax to help us with the data platform we need.”