Websites and web applications are increasing in complexity and risk, with new vulnerabilities
discovered daily. This evolving threat landscape makes it increasingly difficult to protect your
customers, web applications, APIs, and data centers. On-premises web application firewalls
(WAFs) don’t provide the scale or flexibility needed to thwart today’s threats.
Increased demand for cloud-based WAFs is driving the overall market, according to Gartner’s 2018 Magic
Quadrant for Web Application Firewalls. In the report, Gartner notes that “by 2023, more than 30% of public-
facing web applications will be protected by cloud web application and API protection (WAAP) services that
combine distributed denial of service (DDoS) protection, bot mitigation, API protection and WAFs. This is an
increase from fewer than 10% today.” This increase is reflective of a movement away from stand-alone WAFs;
“By 2020, stand-alone web application firewall (WAF) hardware appliances will represent fewer than 20% of
new WAF deployments, which is a decrease from today’s 35%.”
In this report, Gartner analysts evaluated 14 vendors based on their ability to execute and completeness of
vision. Enterprise security teams can use this report to research how WAFs can provide improved security
that is easy to consume and manage, and addresses data privacy requirements.
We’re happy to report that Akamai was positioned as a Leader for the second year in a row.
Web Application Security a Growing Concern
As businesses increase the number of new digital business initiatives supported by public-facing applications,
such as API-driven mobile and IoT applications, web application security is becoming more of a concern. In our
Summer 2018 State of the Internet Security report, we reported that Akamai defended more than 400 million
web application attacks over a six-month period — a 38% increase over the prior period.
WAFs Headed to the Cloud
Increasingly, organizations are looking to cloud-based WAFs to protect public and internal web applications
and APIs with improved security that’s easy to consume and manage. WAFs protect web applications and APIs
against a variety of attacks, including bot attacks, injection attacks, and application-layer denial of service (DoS).
The best WAFs provide:
• Accurate protection, stopping more web attacks while minimizing false positives to allow legitimate
requests through
• Visibility into attacks, removing the guesswork from identifying and responding to attacks
• Adaptability to changing threats, with the ability to update protections as new attacks are discovered
• Adequate scale, to handle traffic without becoming a bottleneck
• Easy management, to minimize effort to deploy and manage over time
Executive Summary: Gartner Magic Quadrant for Web Application Firewalls
Executive Summary: Gartner Magic Quadrant for Web Application Firewalls
According to Gartner, they should provide signature-based protection, and should also support positive
security models (automated whitelisting) and/or anomaly detection.
Today, WAFs include a broad range of physical or virtual appliances. But increasingly, organizations are looking
to deploy cloud-based WAFs delivered in a subscription model that offers multiple bundled features, including
DDoS protection, bot management, and a content delivery network (CDN).
“In the long term, cloud WAF services, which were built from the beginning to be multitenant and cloud-centric,
avoid costly maintenance of legacy code. They also provide a competitive advantage, with faster release cycles
and rapid implementation of innovative features,” Gartner wrote.
Conclusion
Enterprise security teams considering WAFs should evaluate the pros and cons of stand-alone and cloud-based
WAFs for their specific environments. Organizations should look to this report from Gartner for guidance on
vendors and specific products in the WAF arena.
Get complimentary full access to the Gartner 2018 Magic Quadrant for Web Application Firewalls report.
Gartner, Magic Quadrant for Web Application Firewalls, Jeremy D’Hoinne, Adam Hils, Ayal Tirosh, Claudio Neiva, 29 August 2018
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to
select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s
research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with
respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Akamai secures and delivers digital experiences for the world’s largest companies. Akamai’s intelligent edge platform surrounds everything, from the enterprise
to the cloud, so customers and their businesses can be fast, smart, and secure. Top brands globally rely on Akamai to help them realize competitive advantage
through agile solutions that extend the power of their multi-cloud architectures. Akamai keeps decisions, apps and experiences closer to users than anyone —
and attacks and threats far away. Akamai’s portfolio of edge security, web and mobile performance, enterprise access and video delivery solutions is supported
by unmatched customer service, analytics and 24/7/365 monitoring. To learn why the world’s top brands trust Akamai, visit www.akamai.com, blogs.akamai.com,
or @Akamai on Twitter. You can find our global contact information at www.akamai.com/locations. Published 10/18.
Executive Summary: Gartner Magic Quadrant for Web Application Firewalls