-
8/10/2019 Magic Quadrant for Web Application Firewalls June 2014
1/13
Magic Quadrant for Web Application Firewalls
17 June 2014ID:G00259365
Analyst(s): Jeremy D'Hoinne, Adam Hils, Greg Young, Josep !eiman
VIEW SUMMARY
"e #A! mar$e% is gro&ing ui($ly )rom a small *ase+ i% is (omposed o) pure players, appli(a%ion
deliery (on%roller endors, (loud seri(e proiders and ne%&or$ se(uri%y endors- .uyers sould
ealua%e o& #A!s (an proide ig se(uri%y, minimi/e )alse posi%ies and sus%ain per)orman(e-
Market Definition/Description
"e #e* appli(a%ion )ire&all #A!1 mar$e% is de)ined *y a (us%omer's need %o pro%e(% in%ernal and
pu*li( #e* appli(a%ions &en %ey are deployed lo(ally onpremises1 or remo%ely os%ed, (loud or
as a seri(e1- #A!s are deployed in )ron% o) #e* serers %o pro%e(% #e* appli(a%ions agains% a($ers'
a%%a($s, %o moni%or a((ess %o #e* appli(a%ions, and %o (olle(% a((ess logs )or (omplian(e4audi%ing and
analy%i(s- #A!s are mos% o)%en deployed inline, as a reerse proy, *e(ause is%ori(ally i% &as %e only
&ay %o per)orm some indep% inspe(%ions- %er deploymen% modes eis%, su( as %ransparen% proy,
*ridge mode, or %e #A! *eing posi%ioned ou% o) *and .1 and, %ere)ore, &or$ing on a (opy o) %e
ne%&or$ %ra))i(-
"e primary #A! *ene)i% is proiding pro%e(%ion )or (us%om #e* appli(a%ions %a% &ould o%er&ise go
unpro%e(%ed *y o%er %e(nologies %a% guard only agains% $no&n eploi%s and preen% ulnera*ili%ies in
o))%esel) #e* appli(a%ion so)%&are see #e* Appli(a%ion !ire&alls Are #or% %e Ines%men% )or
7n%erprises1-
#A!s also in%egra%e &i% o%er ne%&or$ se(uri%y %e(nology, su( as ulnera*ili%y s(anners, dis%ri*u%ed
denial o) seri(e DDo81 pro%e(%ion applian(es, #e* )raud de%e(%ion and da%a*ase se(uri%y solu%ions- In
addi%ion, #A!s some%imes in(lude per)orman(e a((elera%ion, in(luding (on%en% (a(ing, and mig% *e
pa($aged &i% #e* a((ess managemen% #A1 modules %o in(lude au%en%i(a%ion )ea%ures no%a*ly
%o proide single signon 881 )or lega(y or dis%ri*u%ed #e* appli(a%ions-
Gar%ner es%ima%es %a% %e #A! mar$e% gre& in 20;3 a% a ra%e o) approima%ely 30< )rom =259 million
%o =33> million, and mos% o) %e gro&% &as drien *y a and)ul o) endors- Demand in ?or% Ameri(a
as *een s%rong, &i% @5< o) %e %o%al mar$e%- 77A a((oun%s )or 29< o) %e mar$e%, &ile
Asia4a(i)i( a((oun%s )or 26
-
8/10/2019 Magic Quadrant for Web Application Firewalls June 2014
2/13
Source: Gartner (June 2014)
Return to Top
Vendor Strengths and Cautions
AdNovum
8&i%/erland*ased Ad?oumis a longes%a*lised proider o) appli(a%ion deelopmen%, I" and se(uri%y
seri(es- I% re(en%ly s%ar%ed i%s epansion *eyond %is ome mar$e%, and ad i%s )irs% su((esses in
8ingapore- Ad?oum's produ(% o))ering, under %e (oer name ?eis 8e(uri%y and Complian(e 8ui%e,
in(ludes #A! neisroy1, au%en%i(a%ion, iden%i%y managemen% and do(umen% signing, and &as )irs%
sipped in ;99>- "e neisroy #A! is deliered as a so)%&are applian(e and does no% ye% ae %irdpar%y ealua%ions, *u% proides some )ea%ures *eyond signa%ures &i% suppor% )or a posi%ie se(uri%y
model, E en(ryp%ion and pro%e(%ion agains% (rosssi%e reues% )orgery C8E!1-
8&iss en%erprise *uyers in need o) a (om*ined #A and #A! solu%ion %o pro%e(% (us%om appli(a%ion
sould (onsider Ad?oum in %eir (ompe%i%ie sor%lis%s-
!trengt*s
Ad?oum as proen eperien(e &i% large )inan(ial ins%i%u%ions in 8&i%/erland, and is a*le %o
ui($ly deelop %o spe(i)i( (us%omer reuiremen%s-
?eis 8ui%e in(ludes ro*us% au%en%i(a%ion and 88 )ea%ures- I%s (en%rali/ed managemen%
neisAdmin1 suppor%s a large num*er o) #A! ins%an(es, and is mul%i%enan(y(apa*le-
Ad?oum proides )ree li(ensing )or %es% serers and unlimi%ed )la%ra%e agreemen%s )or ery large
deals-
+autions
Ad?oum's #A! is one (omponen% o) a so)%&are sui%e %a% seres primarily #A purposes+
(onseuen%ly, %e ED ines%men% in pure #A! deelopmen% is more limi%ed-
Ad?oum does no% appear on Gar%ner (us%omer sor%lis%s )or #A! ou%side o) 8&i%/erland-
Ad?oum la($s ard&are applian(e o))erings %a% many o) i%s (ompe%i%ors proide-
ro%e(%ions agains% 8B ine(%ion and (rosssi%e s(rip%ing K881 are )o(used primarily on
od8e(uri%y opensour(e signa%ures, &i% no (omplemen%ary in%ernal or %irdpar%y %rea%
resear(-
neisroy does no% o))er ir%ual pa%(ing *ased on %e resul%s o) a ulnera*ili%y s(anner, or
dedi(a%ed se(uri%y and (omplian(e repor%s-
Return to Top
Akamai
A$amaiALA1 is *ased in Cam*ridge, assa(use%%s, and proides a leading (on%en% deliery ne%&or$
CD?1- I%s ne%&or$ and se(uri%y (loud seri(es, in(luding i%s #A! Lona 8i%e De)ender1, are *uil% on %op
o) %e A$amai In%elligen% la%)orm, i%s glo*al (loud in)ras%ru(%ure- "e Lona #A! as *een aaila*le
sin(e 2009, and re(eied signi)i(an% improemen% in 20;3- "e Lona #A! managemen% and moni%oring
(onsoles una Con%rol Cen%er and 8e(uri%y oni%or1 are also deliered as #e* por%als-
A$amai's #A! is deliered as a seri(e &i% a mon%ly )ee, *ased on per)orman(e reuiremen%s )or up
%o ;0 si%es- Addi%ional su*s(rip%ions are aaila*le %o limi% %e e%ra (os%s in (ase o) olume%ri( DDo8
a%%a($ DDo8 !ee ro%e(%ion1, %o ge% assis%an(e &i% #e* se(uri%y rule upda%es and %uning Eule pda%e
8eri(e1, or %o redu(e %e s(ope o) CI (omplian(e assessmen% &i% %o$eni/a%ion o) (lien% (redi%
(reden%ials 7dge "o$eni/a%ion1-
o) %e produ(%s, and es%a*lis a posi%ie iden%i)i(a%ion
&i% %e produ(%4*rand and organi/a%ion in %e minds
o) *uyers- "is mind sare (an *e drien *y a
(om*ina%ion o) pu*li(i%y, promo%ional ini%ia%ies,
%oug% leadersip, &ord o) mou% and sales a(%ii%ies-
+usto,er &'perience: Eela%ionsips, produ(%s and
seri(es4programs %a% ena*le (lien%s %o *e su((ess)ul
&i% %e produ(%s ealua%ed- 8pe(i)i(ally, %is in(ludes
%e &ays (us%omers re(eie %e(ni(al suppor% or
a((oun% suppor%- "is (an also in(lude an(illary %ools,
(us%omer suppor% programs and %e uali%y %ereo)1,
aaila*ili%y o) user groups, seri(eleel agreemen%s
and so on-
#perations: "e a*ili%y o) %e organi/a%ion %o mee% i%s
goals and (ommi%men%s- !a(%ors in(lude %e uali%y o)
%e organi/a%ional s%ru(%ure, in(luding s$ills,
eperien(es, programs, sys%ems and o%er ei(les
%a% ena*le %e organi/a%ion %o opera%e e))e(%iely and
e))i(ien%ly on an ongoing *asis-
Completeness of Vision
aret -nderstanding: A*ili%y o) %e endor %o
unders%and *uyers' &an%s and needs and %o %ransla%e
%ose in%o produ(%s and seri(es- Fendors %a% so&
%e iges% degree o) ision lis%en %o and unders%and
*uyers' &an%s and needs, and (an sape or enan(e
%ose &i% %eir added ision-
areting !trategy: A (lear, di))eren%ia%ed se% o)
messages (onsis%en%ly (ommuni(a%ed %rougou% %e
organi/a%ion and e%ernali/ed %roug %e &e*si%e,
ader%ising, (us%omer programs and posi%ioning
s%a%emen%s-
!ales !trategy: "e s%ra%egy )or selling produ(%s %a%
uses %e appropria%e ne%&or$ o) dire(% and indire(%
sales, mar$e%ing, seri(e, and (ommuni(a%ion a))ilia%es%a% e%end %e s(ope and dep% o) mar$e% rea(,
s$ills, eper%ise, %e(nologies, seri(es and %e
(us%omer *ase-
#ering (Product) !trategy: "e endor's approa(
%o produ(% deelopmen% and deliery %a% empasi/es
di))eren%ia%ion, )un(%ionali%y, me%odology and )ea%ure
se%s as %ey map %o (urren% and )u%ure reuiremen%s-
/usiness odel: "e soundness and logi( o) %e
endor's underlying *usiness proposi%ion-
$erticalndustry !trategy: "e endor's s%ra%egy
%o dire(% resour(es, s$ills and o))erings %o mee% %e
spe(i)i( needs o) indiidual mar$e% segmen%s, in(luding
er%i(al mar$e%s-
nno"ation: Dire(%, rela%ed, (omplemen%ary and
synergis%i( layou%s o) resour(es, eper%ise or (api%al )or
ines%men%, (onsolida%ion, de)ensie or preemp%ie
purposes-
eograp*ic !trategy: "e endor's s%ra%egy %o dire(%
resour(es, s$ills and o))erings %o mee% %e spe(i)i(
needs o) geograpies ou%side %e ome or na%iegeograpy, ei%er dire(%ly or %roug par%ners,
(annels and su*sidiaries as appropria%e )or %a%
geograpy and mar$e%-
Page 2 sur 13Magic Quadrant for Web Application Firewalls
23/06/2014ttp!//www"gartner"co#/tecnolog$/reprints"do%id&1'1()Q*FW+ct&14061,+st&sg"""
-
8/10/2019 Magic Quadrant for Web Application Firewalls June 2014
3/13
In %e )irs% uar%er o) 20;@, A$amai (omple%ed %e a(uisi%ion o) DDo8 pro%e(%ion seri(e rolei(
"e(nologies- Gar%ner analys%s epe(% )u%ure in%egra%ion *e%&een Lona and %e rolei( o))ering-
"e Lona #A! is a good (oi(e )or eis%ing A$amai (us%omers as an e%ension %o deployed A$amai
solu%ions, and )or large pu*li( &e*si%es loo$ing )or simple #A! deploymen%-
!trengt*s
Gar%ner (lien%s (i%e %e (om*ina%ion o) DDo8 pro%e(%ion and #e* appli(a%ion se(uri%y as a
di))eren%ia%or &en (omparing A$amai &i% mos% (ompe%i%ors-
A$amai leerages i%s isi*ili%y in%o a su*s%an%ial sare o) In%erne% %ra))i( %o %une se(uri%y signa%ures
in order %o aoid )alse aler%s and improe de%e(%ion, &i% mul%iple s%eps )or anomaly de%e(%ion %a%
)eed a s(oring me(anism-
A$amai's su*s(rip%ion model ma$es i% easy )or en%erprises %o pur(ase and ena*le #e* appli(a%ion
se(uri%y- "is is espe(ially %rue )or eis%ing A$amai CD? (lien%s, and )or o&ners o) ery large
os%ed #e* appli(a%ions-
"e %ransparen(y and pro)essionalism demons%ra%ed in A$amai's rea(%ion %o %e re(en% Hear%*leed
ulnera*ili%y inspires %rus% in i%s a*ili%y %o andle se(uri%yrela%ed (allenges-
+autions
A$amai's #A! is aaila*le as a (loud seri(e only- A$amai does no% proide an onpremises
applian(e op%ion %a% many o) i%s (ompe%i%ors o))er %o pro%e(% in%ernal appli(a%ions, or %o main%ain
8e(ure 8o($e%s ayer 881 se(re%s on %e (lien%'s (orpora%e ne%&or$-
A$amai la($s lo&erpri(e #A! su*s(rip%ions %o rea( smaller en%erprises and midsi/e
organi/a%ions-
Lona 8i%e De)ender se(uri%y s%ill relies primarily on signa%ures and repu%a%ion s(oring- I% lags
*eind (ompe%i%ors in o%er (apa*ili%ies, su( as an au%oma%i( learning engine and %e degree o)
(us%om (on)igura%ion o) #e* appli(a%ion *eaior-
A$amai is gro&ing %e (us%omer *ase )or i%s #A! o))ering mainly )rom eis%ing (lien%s o) o%er
(loud seri(es in %e -8-, *u% Gar%ner does no% see %e endor &inning deals on #e* appli(a%ion
se(uri%y needs-
Return to Top
Barracuda Networks
.arra(uda ?e%&or$sCDA1, &i( is *ased in Camp*ell, Cali)ornia, proides a &ide arie%y o)
in)orma%ion se(uri%y and s%orage produ(%s %a% are largely %arge%ed a% small or midsi/e *usinesses
8.s1- .arra(uda o))ers i%s #e* Appli(a%ion !ire&all line in a arie%y o) )orm )a(%ors, in(luding as a
pysi(al or ir%ual applian(e, and also as a (loud*ased seri(e %a% (an *e deployed on %e i(roso)%
A/ure and Ama/on #e* 8eri(es A#81 (loud pla%)orms-
8. *uyers and resour(es%rapped se(uri%y %eams %a% reuire a lo&(os% solu%ion and a%%en%ie endor
suppor% sould (onsider %is produ(%-
!trengt*s
.arra(uda's #A! proides s%rong I repu%a%ion, (oo$ie pro%e(%ion and (lien% )ingerprin%ing
(apa*ili%ies- I% also (om*ines em*edded au%en%i(a%ion )ea%ures and in%egra%ion &i% seeral %irdpar%y au%en%i(a%ion solu%ions-
.arra(uda as a *road range o) ard&are applian(es %o suppor% a &ide arie%y o) s(ala*ili%y and
per)orman(e reuiremen%s, espe(ially )or 8.s+ i% is also one o) %e only endors %o o))er a #A!
on %e i(roso)% A/ure pla%)orm-
.arra(uda (us%omers ra%e i%s geograpi(ally dis%ri*u%ed suppor% (apa*ili%ies ui%e igly-
.arra(uda o))ers a &ide range o) )oreign language suppor% in i%s managemen% in%er)a(e, in(luding
andarin, Can%onese and Lorean-
+autions
.arra(uda's #A! lags *eind i%s leading (ompe%i%ors in en%erpriseleel au%oma%ion- I% in%egra%es
&i% a lo& num*er o) es%a*lised ulnera*ili%y s(anners )or ir%ual pa%(ing, and %e s(anning
resul%s mus% *e impor%ed manually- Au%oma%i( learning (apa*ili%ies are disa*led *y de)aul%-
Cus%omers no%e %a% %e managemen% grapi(al user in%er)a(e GI1 loo$s a *i% da%ed, &i( (an
ma$e i% di))i(ul% %o use in some si%ua%ions-
.arra(uda eaily relies on a rela%iely small se% o) generi( signa%ures %o pro%e(% agains% K88 and
8B ine(%ion-
Return to Top
BeeWare
!ran(e*ased .ee#areas *een mar$e%ing i%s %e(nologies sin(e 2003- I%s produ(%s, &i( in(lude
#A!, #e* seri(es )ire&all and #A, ae *een in%egra%ed in%o i%s i8ui%e pla%)orm, &i( (an *e
deployed as a pysi(al or ir%ual applian(e- "e i8ui%e solu%ion also o))ers ADC )ea%ures, su( as load
*alan(ing, (on%en% (a(ing, (ompression and %ra))i( re&ri%ing- .ee#are is one o) %e smaller endors in
%e #A! spa(e, and predominan%ly sells i%s #A! %o %e !ren( mar$e%- In ay 20;@, i% &as a(uired *y
DenyAll-
idsi/e and large !ren( en%erprises in )inan(ial, goernmen% and manu)a(%uring se(%ors %a% ae #A!
and au%en%i(a%ion needs sould (onsider .ee#are on %eir sor%lis%s, *u% also %a$e in%o a((oun% %e
a(uisi%ion *y DenyAll-
!trengt*s
.ee#are o))ers an i8ui%e ersion )or %e pro%e(%ion o) appli(a%ions os%ed on A#8, i(roso)%
A/ure and o%er (louds al%oug deploymen% o) %is #A! (loud ersion is ery lo&1-
I%s i8ui%e as s%rong pro%e(%ion )or #e* seri(es and 88 )ea%ures-
.ee#are's #A! )lo&*ased poli(y managemen% in%er)a(e may *e a%%ra(%ie %o (us%omers %a% li$e
an een%*ased grapi(al represen%a%ion o) a se(uri%y poli(y-
+autions
Page 3 sur 13Magic Quadrant for Web Application Firewalls
23/06/2014ttp!//www"gartner"co#/tecnolog$/reprints"do%id&1'1()Q*FW+ct&14061,+st&sg"""
-
8/10/2019 Magic Quadrant for Web Application Firewalls June 2014
4/13
.ee#are's reenue and gro&% are lo& and lag *eind mos% players in %e #A! mar$e%-
I% as lo& isi*ili%y and does no% appear on Gar%ner (us%omer sor%lis%s ou%side !ran(e-
I%s %e(nology as limi%ed an%ieasion %e(niues- I% o))ers only generi( 8B ine(%ion 8Bi1 and
K88 pro%e(%ion (apa*ili%ies-
I%s non#e* Jaa (lien% GI, al%oug grapi(al and ri(, is no% inline &i% %e general %rend o)
#e**ased GIs-
I%s #A! as in%egra%ion &i% only one DA8" endor, Bualys, and &i% only %&o 8I7 endors,
8plun$ and E8A, "e 8e(uri%y Diision o) 7C-
Return to Top
Citrix
-8-*ased Ci%riC"K81 is a glo*al proider &i% a *road por%)olio o) ir%uali/a%ion, (loud in)ras%ru(%ure
and ADC solu%ions- Ci%ri as o))ered #A! )un(%ionali%y ?e%8(aler App!ire&all1 )or more %an a de(ade
as a so)%&are op%ion, or in(luded in %e remium *undle o) %e ?e%8(aler Appli(a%ion Deliery
Con%roller sui%e- "e Ci%ri ard&are applian(e produ(% line ?e%8(aler K1 (an also run a li(ense
res%ri(%ed ersion o) %e )ull ?e%8(aler so)%&are %o a(% as a s%andalone #A!- In addi%ion, Ci%ri proides
ir%ual applian(es ?e%8(aler FK1- "e ?e%8(aler 8DK pla%)orm allo&s seeral ins%an(es o) Ci%ri
solu%ions, in(luding ADC and ?e%8(aler App!ire&all so)%&are in a single ard&are applian(e- ?e%8(aler
(an also *e *undled in Ci%ri o*ile #or$spa(e o))erings-
Ci%ri ?e%8(aler App!ire&all is a good (oi(e )or large en%erprise (lien%s %a% are loo$ing )or an easy &ay
%o add #A! )un(%ionali%ies %o %eir eis%ing Ci%ri in)ras%ru(%ures-
!trengt*s
?e%8(aler App!ire&all in(ludes ma%ure )ea%ures )or #e* se(uri%y, and (an *e *undled &i% 88
F?s )or remo%e a((ess o) in%ernal appli(a%ions-
Ci%ri ?e%8(aler's a*ili%y %o s(ale appeals %o large organi/a%ions, espe(ially &en massie 88
o))loading is reuired-
Ci%ri as a (ompelling e(osys%em o) par%nersips &i% %irdpar%y solu%ions-
Ci%ri o))ers an e%ensie range o) ard&are K48DK1 and ir%ual FK1 applian(es-
+autions
i$e mos% ADC endors, Ci%ri primarily %arge%s en%erprise (lien%s &i% ADC solu%ions and does no%
)o(us i%s e))or%s on pureplay se(uri%y use (ases-
Despi%e good isi*ili%y is%ori(ally, Ci%ri re(en%ly as appeared less o)%en on (lien% sor%lis%s %an
i%s dire(% (ompe%i%ors ae-
Ci%ri ?e%8(aler's pysi(al applian(e pri(e %ag s%ar%s a% =;5,000 and la($s a pri(e(ompe%i%ie #A!
o))ering )or midsi/e organi/a%ions- Ci%ri's ir%ual applian(e and ?e%8(aler on A#8 mig% o))er less
epensie al%erna%ies-
Ci%ri does no% o))er or (olla*ora%e &i% (loud*ased DDo8 pro%e(%ion seri(es-
Gar%ner does no% see Ci%ri's #A! displa(ing %e (ompe%i%ion *ased on i%s se(uri%y (apa*ili%ies, *u%
ra%er sees i% as an a((ompanying sale )or ADC pla(emen%s-
Return to Top
DBAPPSecurity
D.A8e(uri%y,&i( is eaduar%ered in Hang/ou, Cina, is a endor o) #e* appli(a%ion and
da%a*ase se(uri%y solu%ions- I%s produ(% o))ering in(ludes a #A! DA8#A!1 %a% &as )irs% released in
200>- D.A8e(uri%y also proides a #e* appli(a%ion ulnera*ili%y s(anner DA8#e*8(an1 and
da%a*ase audi% pla%)orm DA8D.Audi%or1 %a% (an (olla*ora%e &i% i%s #A! produ(%-
D.A8e(uri%y is a good sor%lis% (andida%e in Cina )or 8.s and large en%erprises in )inan(ial and
goernmen% se(%ors-
!trengt*s
D.A8e(uri%y as a )irm *ase o) )ai%)ul (lien%s in Cina %a% praise %e *ene)i%s o) aing a
Cinese proider- "ose *ene)i%s in(lude good residen% suppor% and lo(al (er%i)i(a%ions-
DA8#A! in(ludes au%oma%i( poli(y learning and #e* appli(a%ion (a(ing, and i% (an opera%e in
%ransparen% proy or moni%oring mode-
) all %e endors ealua%ed in %is agi( Buadran%, D.A8e(uri%y o))ers %e lo&es% suppor% (os%
rela%ie %o %e #A! applian(e pri(e-
+autions
D.A8e(uri%y lags *eind seeral (ompe%i%ors' #A!s in areas su( as role*ased managemen%,
de%ailed a(%ii%y repor%s and au%en%i(a%ion )ea%ures-
D.A8e(uri%y as ery limi%ed mar$e% isi*ili%y and does no% appear on Gar%ner (us%omers' #A!
sor%lis%s ou%side o) Cina-
D.A8e(uri%y's re(en% s%ra%egi( )o(us moed %o&ard i%s se(uri%y s(anners, and %e DA8#A! is
no% promo%ed on %e in%erna%ional ersion o) %e endor's (orpora%e &e*si%e-
Return to Top
DenyAll
DenyAllis *ased in !ran(e and as mar$e%ed i%s #A! %e(nology r#e*1 sin(e 200;- a%er, i% added
sroy a plugin %o r#e* &i% prede)ined poli(ies )or email, 8areoin% and 8A1 and rK a #e*
seri(es )ire&all1- DenyAll's r#e* #A! produ(% &as deeloped %o se(ure H""s1, 8A and K %ra))i(,
and is (urren%ly aaila*le as a %ool %a% is predominan%ly ins%alled on en%erprise's premises- I%s
%e(nology (an *e deployed as so)%&are or applian(e pysi(al or ir%ual1- DenyAll is in %e pro(ess o)deeloping and %es%ing i%s #A! (loud o))ering, and r#e* is already aaila*le ia A#8 and i(roso)%
A/ure-
DenyAll mos%ly )o(uses on %e !ren( mar$e%, and %en on %e 7uropean mar$e%, &ere i% primarily
%arge%s midsi/e and large en%erprises in )inan(ial and goernmen% se(%ors- I% is a rela%iely small endor
Page 4 sur 13Magic Quadrant for Web Application Firewalls
23/06/2014ttp!//www"gartner"co#/tecnolog$/reprints"do%id&1'1()Q*FW+ct&14061,+st&sg"""
-
8/10/2019 Magic Quadrant for Web Application Firewalls June 2014
5/13
in %e #A! mar$e%, *u% is a*le %o sus%ain a )o(us on %e(nology innoa%ion- In ay 20;@, DenyAll
announ(ed %e a(uisi%ion o) #A! endor .ee#are-
7uropean organi/a%ions %a% are loo$ing )or ig se(uri%y )irs% sould (onsider adding DenyAll %o %eir
sor%lis%s-
!trengt*s
DenyAll's %e(nology in(ludes seeral adan(ed pro%e(%ion %e(niues, in(luding Jaa8(rip% *e(%
?o%a%ion J8?1 %ra))i( analysis4pro%e(%ion, (ode lea$age de%e(%ion and a *ro&ser lig%&eig%
agen%-
I% also o))ers a (ompreensie lis% o) an%ieasion %e(niues and a s(oring lis% )ea%ure a &eig%ed
s(oring approa( in addi%ion %o signa%ures1 )or pro%e(%ion agains% a%%a($s, su( as 8Bi and K88-
"e #A! %e(nology (om*ines se(uri%y de%e(%ion4pro%e(%ion )ea%ures &i% (a(ing, load *alan(ing
and ig aaila*ili%y &i% a(%iepassie and a(%iea(%ie modes1 )ea%ures-
DenyAll ena*les (orrela%ion *e%&een i%s #A! and DA8" %o in(rease %e a((ura(y o) de%e(%ion and
pro%e(%ion-
"e DenyAll r#e* o))ering is aaila*le ia A#8 %o suppor% #e* pro%e(%ion )or A#8spe(i)i(
in)ras%ru(%ureasaseri(e (us%omer deploymen%s-
+autions
DenyAll mainly )o(uses on !ren( and 7 mar$e%s, &i( limi% i%s isi*ili%y and adop%ion in o%er
geograpies-
"e a(uisi%ion o) .ee#are &ill *e a *ig (allenge )or DenyAll in %e ne% ;2 mon%s- I% (ould
dier% DenyAll )rom ee(u%ing on i%s road map, *u% main%aining %&o produ(% lines )or %oo long
&ould anniila%e mu( o) %e *ene)i%s )rom %e in(reased ED si/e-
I%s reenue and gro&% are lo& (ompared &i% %e eaders, Callengers and een some ?i(e
layers in %is agi( Buadran%-
I% as (er%i)ied in%egra%ion &i% only one 8I7 endor, 8plun$, and does no% ae in%egra%ion &i%
repu%a%ion endors' %e(nologies-
DenyAll's #A! (orrela%ion pro(ess *e%&een #A! and DA8" mainly )o(uses on #A! in%egra%ion &i%
i%s o&n DA8", *u% no% DA8" )rom o%er appli(a%ion se(uri%y %es%ing endors-
Return to Top
Ergon Informatik
7rgon In)orma%i$, &i( is eaduar%ered in MNri(, as *een sipping i%s #A! %e(nology Airlo($1 )or
more %an ;5 years- 7rgon also deelops o%er so)%&are solu%ions, in(luding an au%en%i(a%ion pla%)orm
edusa1 and mo*ile paymen% solu%ions- "e Airlo($ #A! (an *e deployed as a reerse proy, is
aaila*le as a so)%&are and ir%ual applian(e, and (an run on Ama/on 7las%i( Compu%e Cloud 7C21- I%s
pri(ing is primarily *ased on %e num*er o) pro%e(%ed #e* appli(a%ions and addi%ional modules, su( as
88 F?s, K se(uri%y or grapi(al repor%s, &i( are aaila*le )or an addi%ional one%ime )ee- Airlo($
5, &i( &as released in January 20;@, in%rodu(ed a maor opera%ing sys%em (ange and %e )ull
in%egra%ion o) an iden%i%y and a((ess managemen% IA1 solu%ion- 7rgon &ill (on%inue %o suppor% %e
preious ersions o) Airlo($ )or ; mon%s-
7rgon's Airlo($ is a good (on%ender )or 7uropean organi/a%ions' #A! proe(%s, espe(ially large *an$ingand insuran(e en%erprises )rom %e DACH (oun%ries Germany, Aus%ria and 8&i%/erland1 and %e iddle
7as% region %a% ae a((ess managemen% needs-
!trengt*s
Airlo($ in(ludes e%ensie %e(niues )or #e* appli(a%ion parame%ers, &i% E en(ryp%ion,
arious (oo$ie pro%e(%ions in(luding a (oo$ie s%ore1 and )orm parame%er in%egri%y (e($s-
Airlo($'s in%egra%ion o) a )ull IA solu%ion adds (ompreensie au%en%i(a%ion and 88 )ea%ures-
7rgon ge%s good mar$s )rom users )or i%s se(uri%y eper%ise, %e e))i(ien(y o) i%s suppor%, and i%s
unders%anding o) %e needs and (ons%rain%s o) large )inan(ial ins%i%u%ions-
+autions
Airlo($ does no% o))er (en%rali/ed managemen%, au%oma%i( #e* appli(a%ion *eaior learning or
au%oma%ed se(uri%y signa%ure upda%es, and i% does no% in%egra%e &i% ulnera*ili%y s(anners )or
ir%ual pa%(ing-
Airlo($ la($s ard&are applian(e models- Ins%ead, 7rgon proides mul%iple &ays %o )a(ili%a%e %e
ins%alla%ion o) %e so)%&are applian(e-
!or 8I7 in%egra%ion, Airlo($ proides only a 8plun$ App, *u% 7rgon repor%s %a% i%s (us%omersae in%egra%ed &i% o%er 8I7 %e(nologies-
Airlo($ as ery lo& isi*ili%y in Gar%ner's (us%omer *ase-
Return to Top
F5
8ea%%leeaduar%ered !5!!IF1 is an appli(a%ion in)ras%ru(%ure endor %a% is )o(used on ADCs- "e
primary #A! o))ering is a so)%&are module )or %e !5 .igI ADC: %e Appli(a%ion 8e(uri%y anager
A81- %er !5 se(uri%y modules in(lude %e ne%&or$ )ire&all Adan(ed !ire&all anager A!1 and
%e #A A((ess oli(y anager A1 module- A8 is also aaila*le on %e ir%ual edi%ion o) .igI-
"e !5 ard&are .igI applian(e produ(% line (an also run a li(enseres%ri(%ed ye% upgrada*le1 ersion
o) %e )ull so)%&are %o a(% as a s%andalone se(uri%y solu%ion su( as a s%andalone #A!1-
!5 is a good sor%lis% (andida%e, espe(ially )or large organi/a%ions %a% o&n or are (onsidering ADC
%e(nology-
!trengt*s
As a leading ADC endor &i% a large ins%alled *ase o) (lien%s, !5 leerages %e s(ala*ili%y o) i%s
ADC .igI pla%)orms and %e s%reng% o) i%s ADC sales as %e en%ry poin% )or addon #A! li(enses-
!5's #A! is an easy upgrade )or eis%ing !5 (lien%s-
!5's (orpora%e %eams and (annels proide logis%i( (apa*ili%ies and suppor% %a% are larger and
ae more geograpi( (oerage %an many #A! endors-
Page 5 sur 13Magic Quadrant for Web Application Firewalls
23/06/201!ttp"//www#gartner#co$/tec!nolog%/reprints#do&id'1(1)*Q+FW,ct'1061-,st'sg###
-
8/10/2019 Magic Quadrant for Web Application Firewalls June 2014
6/13
ASM utilizes the same management software that is familiar to F5 administrators. iRules scripting
enables the creation of custom policies that complement the predefined rule sets.
F5 has been active in adding new WAF features, and messaging well on overall securit.
Cautions
!i"e other A#$%based WAFs, F5&s WAF buers must also select or have selected the accompaning
A#$ in reverse pro' mode. (his might place F5 at a potential disadvantage versus pure%pla
WAFs.
F5 does not have an as%a%service option, and its on%premises appliance line lac"s low%end
appliances. )ts ac*uisition of #efense.+et in Ma -/ could lead to future integration.
Some 0artner clients have commented that ASM support can be challenging until escalated.
Return to Top
Fortinet
1ased in $alifornia, Fortinet2F(+(3 is a significant networ" securit and networ" infrastructure vendor.
)t started as a unified threat management vendor in ---. )t later e'panded its portfolio to include
multiple securit offerings, including a WAF 2FortiWeb, released in --43, an A#$ 2FortiA#$3 and a
database protection platform 2Forti#13. (he vendor remains most well%"nown for its Forti0ate firewall
product line, and it "eeps adding new products, such as the recent sandbo'ing appliance FortiSandbo'.
FortiWeb provides multiple deploment options with a phsical or virtual appliance 2FortiWeb%M3, and
acts as a reverse6transparent pro' or not in%line. )t is also available on AWS. FortiWeb can be
purchased with individual software options that can be bundled together for better overall costs.
Subscriptions include )7 reputation, antivirus and securit signature updates.
Fortinet&s e'isting customers and midsize organizations should include Fortinet&s WAF in their
competitive assessments.
Strengths
FortiWeb includes an integrated vulnerabilit scanner, 881 deploments and predefined reports
that clients see"ing 7$) compliance score positivel.
FortiWeb has a good set of features, including recentl released automatic polic learning, coo"ie
signing, SS! acceleration, Web application caching and bot detection.
(he securit e'pertise offered through Fortinet&s Forti0uard threat labs and the competitive
price6performance points are often cited as differentiators b Fortinet&s clients.
0artner sees FortiWeb doing best in selections from midsize businesses.
Cautions
Fortinet does not offer WAF functionalities on top of its A#$ and does not provide WAF as a cloud
service.
#espite a considerable sales channel, Fortinet&s revenue in the WAF mar"et is low compared with
most other vendors. 9nterprises should carefull assess the e'perience of its partners, because
FortiWeb ma be a new or un"nown solution.
FortiWeb has limited integration with other Fortinet solutions, thereb limiting the benefits for
e'isting Fortinet customers to a common log reporting solution 2FortiReporter3.
0artner does not see the Fortinet WAF appearing on enterprise shortlists where securit is highl
weighted.
Return to Top
Imperva
$alifornia%head*uartered )mperva2)M73 is a data center securit vendor with a long WAF legac.
8ther )mperva products are focused on data and securit, including products for database audit and
protection as well as file activit monitoring. 9arl on, )mperva positioned itself primaril as a
transparent bridge deploment. (his aligned )mperva with enterprises, because deploments could
more easil be made behind A#$s without introducing a second pro', and :tr before ou bu: was
easier with the transparent et in%line mode. As most pure%pla competitors were ac*uired or
disappeared, )mperva continued to grow its share of the WAF mar"et. )ncapsula is the )mperva%owned,
off%premises or as%a%service WAF that is bundled with other services, including ##oS mitigation.
0artner sees a good attach rate level for )mperva&s WAF with its database securit offering. )mperva
has a good third%part ecosstem, which includes data loss prevention, anti%fraud, S)9M and
vulnerabilit scanners.
)mperva is a good shortlist contender for organizations of all sizes, especiall those with high securit
re*uirements or those loo"ing for an eas%to%deplo, cloud%based WAF.
Strengths
0artner sees )mperva consistentl scoring ver high and6or winning competitive assessments
done b 0artner clients when securit, reporting and protection are the most weighted criteria.
7ostsale, 0artner client commentaries usuall are also ver positive.
)mperva has continuall led the WAF mar"et in new features that forced competitors to react; it
also includes several advanced techni*ues for better efficienc of protection that its competitors
lac". (hus, it is a good shortlist contender when protection is foremost and having a different
vendor for WAFs and A#$s is an acceptable scenario.
)mperva has consistentl and effectivel messaged on and delivered WAF features in response to
changes in the data center and the application threat landscape.
-
8/10/2019 Magic Quadrant for Web Application Firewalls June 2014
7/13
As a premium enterprise product, )mperva SecureSphere is usuall too advanced for SM1s, or for
pro=ects where the WAF is being deploed onl as a :chec" the bo': measure to meet compliance
re*uirements.
Some 0artner clients e'press concerns about )mperva&s abilit to maintain its securit leadership
because of the challenges it faces as a public compan that is focused on a narrow mar"et, but is
still not profitable > versus larger data center infrastructure plaers.
Return to Top
NSFOCUS
+SF8$?Sis a networ" securit vendor head*uartered in 1ei=ing. )t started in --- as a provider of ananti%##oS solution 2A#S Series3, and then introduced new product lines for intrusion prevention 2+)7S
Series3 and a vulnerabilit scanner 2RSAS Series3. +SF8$?S&s WAF 2WAF Series3 offering was first
released in --@. )t is delivered as a phsical appliance and can perform in reverse or transparent
pro' mode. +SF8$?S also offers centralized management software 29nterprise Securit Manager3
along with managed services for WAF. )n anuar -/, it announced an initial public offering 2)783 to
accelerate its internationalization and launch new products.
+SF8$?S&s WAF is a good shortlist candidate SM1s and larger organizations in $hina. 1uers from
other regions should first verif local channel and support presence.
Strengths
+SF8$?S has a larger RB# and support team dedicated to WAF than man other +iche 7laers.
$lients selecting +SF8$?S WAF often report competitive price6performance as being a decisive
factor.
(he WAF can redirect incoming Web traffic to +SF8$?S&s anti%##oS cloud service when
congestion is detected, and then switch bac" to normal.
(he WAF has a good mi' of local and global product certification, including )$SA WAF certification.
Cautions
+SF8$?S&s WAF lags in some enterprise%class features, such as limited role%based management,
active%active clusters restricted to two appliances, and no SS! acceleration or hardware securit
module 2
-
8/10/2019 Magic Quadrant for Web Application Firewalls June 2014
8/13
Among other deploment scenarios, AppWall can be deploed in transparent bridge mode while
providing reverse pro' capabilities to specific traffic. $ombined with automatic polic learning,
this enables AppWall to be deploed easil, with no configuration changes to the networ".
Radware has announced software%defined networ"ing partnerships with )1M, $isco and +9$.
Radware&s WAF console includes strong service%provider%focused multitenanc capabilities, and
integrates authentication and SS8 modules.
Radware has e'ecuted well on its road map for the past two ears.
AppWall is attractive to budget%constrained midsize organizations.
Cautions
+o reporting is available without the additional Radware A7Solute ision Reporter, which adds cost
and comple'it for organizations using a S)9M solution, or for those unwilling to invest specificall
in a full fledged reporting solution.
AppWall lac"s integration with third%part dnamic vulnerabilit scanners and database monitoring
solutions.
Radware has been slow to integrate AppWall as a module with Radware Alteon A#$ 2it was added
in une -/3, thereb putting the vendor at a competitive disadvantage with full integrated
A#$6WAF competitors.
Radware&s mar"et share is still lower than its direct competitors.
Return to Top
Trustwave
1ased in $hicago, (rustwave2(WA3 provides managed services around its comprehensive portfolio of
networ" securit solutions. (he (rustwave WAF 2formerl Web#efend3 was first available in --G as a
phsical appliance 2( Series3, and then in -H as a virtual appliances 2 Series3 for Mware
hpervisors. (rustwave also provides managed services for its WAF offering. (rustwave&s WAF wor"s
with other solutions from the vendor, including the S)9M and vulnerabilit scanner. (rustwave alsosupports the open%source ModSecurit WAF, and provides a commercial signature pac"age that is
maintained b Spider!abs, its threat research team.
(rustwave is a good choice for organizations in +orth America that are see"ing 7$) compliance.
Strengths
(rustwave&s support of ModSecurit gives its threat research team access to feedbac" from a large
communit, which is useful for improving the *ualit of its WAF.
)n addition to in%line deploment methods, (rustwave&s WAF offers a well%crafted 881 deploment
mode, with multiple tpes of bloc"ing capabilities and the abilit to decrpt SS! connections using
a cop of the networ" traffic.
(rustwave recentl ac*uired two companies that could contribute to tight integration with
(rustwave&s WAF in the futureI Application Securit, which provides database monitoring, and
$enzic 2with its
-
8/10/2019 Magic Quadrant for Web Application Firewalls June 2014
9/13
(he WAF does not provide integration with vulnerabilit scanners or S)9M, with the e'ception of a
Splun" App.
?nited Securit 7roviders does not appear on 0artner competitive shortlists for WAF, and it has
one of the smallest RB# teams dedicated to WAF development.
Return to Top
Vendors Added and Dropped
We review and ad=ust our inclusion criteria for Magic Euadrants and Mar"etScopes as mar"ets change.
As a result of these ad=ustments, the mi' of vendors in an Magic Euadrant or Mar"etScope ma
change over time. A vendor&s appearance in a Magic Euadrant or Mar"etScope one ear and not thene't does not necessaril indicate that we have changed our opinion of that vendor. )t ma be a
reflection of a change in the mar"et and, therefore, changed evaluation criteria, or of a change of focus
b that vendor.
Return to Top
Added
(his is the first Magic Euadrant for the WAF mar"et.
Return to Top
Dropped
(his is the first Magic Euadrant for the WAF mar"et.
Return to Top
Inclusion and Exclusion CriteriaWAF vendors that meet 0artner&s mar"et definition6description are considered for this Magic Euadrant
under the following conditionsI
(heir offerings can protect applications running on different tpes of Web servers.
(heir WAF technolog is "nown to be approved b Eualified Securit Assessors as a solution for
7$) #ata Securit Standard 2#SS3 Re*uirement G.G 2which covers 8pen Web Application Securit
7ro=ect J8WAS7K (op - threats, in addition to others3.
(he provide phsical, virtual or software appliances, or cloud instances.
(heir WAFs were generall available as of anuar -H.
(heir WAFs demonstrate features6scale that is relevant to enterprise%class organizations.
(he have achieved LH million in revenue from the sale of WAF technolog.
0artner has determined that the are significant plaers in the mar"et due to mar"et presence or
technolog innovation.
WAF companies that were not included in this report ma have been e'cluded for one or more of the
following reasonsI
(he compan primaril has a networ" firewall or )7S with a non%enterprise%class WAF.
(he compan has minimal or negligible apparent mar"et share among 0artner clients, or is not
activel shipping products.
(he compan is not the original manufacturer of the firewall product. (his includes hardware
89Ms, resellers that repac"age products that would *ualif from their original manufacturers, and
carriers and )nternet service providers that provide managed services. We assess the breadth of
89M partners as part of the WAF evaluation and do not rate platform providers separatel.
(he compan has a host%based WAF or A7) securit gatewa 2these are considered distinct
mar"ets3.
)n addition to the vendors included in this report, 0artner trac"s other vendors that did not meet our
inclusion criteria because of a specific vertical mar"et focus and6or WAF revenue and6or competitive
visibilit levels, includingI A- +etwor"s, Alert !ogic, $loudFlare, 7ositive (echnologies, Euals,
Riverbed, Sangfor, Sucuri, enustech and erizon.
(he different mar"ets focusing on Web application securit continue to be highl innovative. (he
vendors included in this Magic Euadrant participate, as do others that are not included. (hese vendorsta"e part in Web application securit, but often focus on specific mar"et needs, or ta"e an alternative
approach to Web application securit. 9'amples include uniper +etwor"s 2with its WebApp Secure
product3, Foresight Securit and Shape Securit.
Return to Top
Evaluation Criteria
Ability to Execute
Product or Service:(his includes the core WAF technolog offered b the technolog provider
that competes in6serves the defined mar"et. (his also includes current product or service
capabilities, *ualit, feature sets and s"ills, whether offered nativel or through 89M
agreements6partnerships, as defined in the Mar"et #efinition6#escription section. Strong
e'ecution means that a vendor has demonstrated to 0artner that its products or services are
successfull and continuall deploed in enterprises. 9'ecution is not primaril about compan
size or mar"et share, although these factors can considerabl affect a compan&s abilit to
e'ecute. Some "e features are weighted heavil, such as the abilit to support comple'
deploments for on%premises or cloud%hosted public and internal applications with real%timetransaction demands.
Overall Viability:(his includes an assessment of the overall organization&s financial health, the
financial and practical success of the business unit, and the li"elihood that the individual business
unit will continue to invest in WAF, offer WAF products, and advance the state of the art within the
organization&s portfolio of products.
Page 9 sur 13Magic Quadrant for Web Application Firewalls
23/06/201!ttp"//www#gartner#co$/tec!nolog%/reprints#do&id'1(1)*Q+FW,ct'1061-,st'sg###
-
8/10/2019 Magic Quadrant for Web Application Firewalls June 2014
10/13
Sales Execution/Pricing:(his is the technolog provider&s capabilities in all presales activities
and the structure that supports them. )t includes deal management, pricing and negotiation,
presales support, and the overall effectiveness of the sales channel. )t also includes deal size, as
well as the use of the product or service in large enterprises with critical public Web applications,
such as ban"ing applications or e%commerce. !ow pricing will not guarantee high e'ecution or
client interest. 1uers want good results more than the want bargains.
Market Responsiveness/Record:(his is the abilit to respond, change direction, be fle'ible,
and achieve competitive success as opportunities develop, competitors act, and securit trends
and customer needs evolve. A vendor&s responsiveness to new or updated Web application
framewor"s and standards, as well as its abilit to adapt to mar"et dnamics, changes 2such as
the relative importance of 7$) compliance3. (his criterion also considers the provider&s histor of
releases, but weights its responsiveness during the most recent product life ccle higher.
Marketing Execution:(his is the clarit, *ualit, creativit, and efficac of programs that are
designed to deliver the organization&s message in order to influence the mar"et, promote the
brand and business, increase awareness of the products, and establish a positive identification
with the product6brand and organization in buers& minds. (his mind share can be driven b a
combination of publicit, promotional activities, thought leadership, word of mouth and sales
activities.
Customer Experience:(his is the relationships, products and services6programs that enable
clients to be successful with the products that are evaluated. Specificall, this includes the was
customers receive technical support or account support. (his can also include ancillar tools,
customer support programs 2and the *ualit thereof3, availabilit of user groups, service%level
agreements and so on.
Operations:(his is the organization&s abilit to meet its goals and commitments. Factors include
the *ualit of the organizational structure, including s"ills, e'periences, programs, sstems, and
other vehicles that enable the organization to operate effectivel and efficientl on an ongoing
basis.
Table 1.Abilit to 9'ecute 9valuation$riteria
Evaluation Criteria Weighting
7roduct or Service
-
8/10/2019 Magic Quadrant for Web Application Firewalls June 2014
11/13
either directly or through partners, channels and subsidiaries as appropriate for those
geographies and markets.
Table 2.Completeness of Vision
Evaluation Criteria
Evaluation Criteria Weighting
Market Understanding High
Marketing trategy Medium
ales trategy !o"
#ffering $%roduct& trategy High
'usiness Model Medium
Vertical()ndustry trategy *ot rated
)nnovation High
+eographic trategy Medium
Source: Gartner (June 2014)
Return to Top
Quadrant Descriptions
Leaders
he !eaders -uadrant contains vendors that have the ability to shape the market by introducingadditional capabilities in their offerings, by raising a"areness of the importance of those features and
by being the first to do so. hey also meet the enterprise re-uirements for the different use cases of
eb application security.
e e/pect !eaders to have strong market share and steady gro"th. 0ey capabilities for !eaders in the
12 market are to ensure higher security and smooth integration in the eb application environment.
hey also include advanced eb application behavior learning3 a superior ability to block common
threats $such as 4!i, 5 and C62&, protect custom eb applications and avoid evasion techni-ues3
and also strong deployment, management, real7time monitoring, and e/tensive reporting. )n addition to
providing technology that is a good match to current customer re-uirements, !eaders also sho"
evidence of superior vision and e/ecution for anticipated re-uirements.
Return to Top
Challengers
Challengers in this market are vendors that have achieved a sound customer base, but they are not
leading on security features. Many Challengers leverage e/isting clients from other markets to sell their
12 technology, rather than competing on products to "in deals. 1 Challenger may also be "ell7
positioned and have good market share in a specific segment of the 12 market, but does not address$and may not be interested in addressing& the entire market.
Return to Top
Visionaries
he Visionaries -uadrant is composed of vendors that have provided key innovative elements to ans"er
eb application security concerns. Ho"ever, they lack the capability to influence a large portion of the
market3 they haven8t e/panded their sales and support capabilities on a global basis3 or they lack the
funding to e/ecute "ith the same capabilities as vendors in the !eaders and Challengers -uadrants.
Visionaries -uadrant vendors also have a smaller presence in the 12 market, as measured by installed
base, revenue si9e or gro"th, or by smaller overall company si9e or long7term viability.
Return to Top
Niche Players
he *iche %layers -uadrant is composed primarily of smaller vendors that provide 12 technology that
is a good match for specific 12 use cases $such as %C) compliance&, or that have a limited geographic
reach. he 12 market includes several European and 1sian vendors that serve clients in their regions
"ell "ith local support and an ability to -uickly adapt their road maps to specific needs3 ho"ever, they
do not sell outside their home countries or regions. Many *iche %layers, even "hen making large
products, offer features that "ould suit only M' and smaller enterprises8 needs.
Vendors in this -uadrant may also have a small installed base or be limited, according to +artner8s
criteria, by a number of factors. hese factors may include limited investments or capabilities, or other
inhibitors to providing a broader set of capabilities to enterprises no" and during the :;7month
planning hori9on. )nclusion in this -uadrant does not reflect negatively on a vendor8s value in the more
narro"ly focused service spectrum.
Return to Top
Context
+artner generally recommends that client organi9ations consider products from vendors in every
-uadrant of this Magic 4uadrant, based on their specific functional and operational re-uirements. his is
especially true for the 12 market, "hich includes a large number of relatively small vendors, or larger
vendors but "ith a small share of their revenue coming from their 12 offerings. %roduct selection
decisions should be driven by organi9ation7specific re-uirements in areas such as deployment
constraints and scale, the relative importance of compliance, the characteristics and risk e/posures of
business7critical and custom eb applications, and also the vendor8s local support and market
understanding.
Page 11 sur 13Magic Quadrant for Web Application Firewalls
23/06/2014ttp!//www"gartner"co#/tecnolog$/reprints"do%id&1'1()Q*FW+ct&14061,+st&sg"""
-
8/10/2019 Magic Quadrant for Web Application Firewalls June 2014
12/13
ecurity managers "ho are considering 12 deployments should first define their deployment
constraints, especially
Return to Top
Market Overview
=espite recent acceleration in adoption of the technology, many organi9ations have not yet deployed
12s. hat8s especially true outside the *orth 1merica region, "here a ma?ority of 12 sales target
ne" clients, even if this varies based on the vertical industry. !arge financial and e7commerce
organi9ations already have a high adoption rate. 12 technology is also strongly implemented in
government, especially in the 1sia(%acific region. #ther vertical industries and a large portion of the
European market often lack a"areness of their need for 12 technology, "hich leaves good potential
for future gro"th.
he 12 market includes different categories of vendors. )n ;@:A, dedicated 12 offerings from pure
players and net"ork security vendors dominated the market "ith more than B@ of the 12 revenue.
!arge 1=C vendors that "ere the first to add 12 capabilities have good market shares, leveraging
their e/isting client base. hey offer lo"er costs than dedicated technology, and emphasi9e easy
integration and high performance to "in 12 deals. Various C=* and anti7==o cloud providers no"
offer 12 subscriptions, gro"ing -uickly and from a small base.
#pen7source module Modecurity and the more recently released )ron'ee are also considered cost7
effective competition for commercial 12s.
Return to Top
Compliance Is Not the Primary Motivation for WAF Adoption, bt It !emainsPrevalent
)n ;@@D, the %C) ecurity tandards Council released the %C) = Version :.; "ith an updated
6e-uirement ., "hich allo"ed 12s as a viable alternative to eb application vulnerability
assessments, and marked the beginning of a second stage in the evolution of the 12 market.1he
%C) re-uirement "as the root cause of many ne" 12 pro?ects, thereby helping the 12 market to
e/pand beyond niche use cases, especially in financial and banking organi9ations. )t also convinced a
lot of ne" 1=C and net"ork security vendors to add 12s to their portfolios. oday, 12s often protect
more than public eb applications. 2or e/ample, they might also be deployed in front of a mi/ of
internal application and eb services. %C) and other compliance are still mentioned as the primary
reasons for 12 purchases in ;B to A@ of in-uiries "ith +artner clients, especially in midsi9e
organi9ations and smaller enterprises.
Return to Top
WAFs Will Contine to Inte"rate, Absorb and #e Inte"rated in Ad$acent%echnolo"ies
12s integrate "ith several other technologies, including vulnerability scanners, database monitoring,
eb fraud detection and ==o protection. +artner e/pects tighter integration or even inclusion for
some of these technologies. ome 12s already provide integrated vulnerability scanners in addition to
integration "ith third7party vendors. #ther 12s use code in?ection and fingerprinting to gain
kno"ledge about user behaviors that could lead them to include many of the features that currently fall
under the eb fraud detection category.
Conversely, other technologies $such as net"ork fire"alls, )%s, 1=Cs and cloud services for ==o
protection& integrate 12 modules in their offerings. hile the offer from net"ork fire"alls and )%s
doesn8t yet compare "ith 12s, 1=Cs and cloud services are serious competitors.
Historically, 12s have been leading in the protection against denial7of7service attacks, relying on
vulnerabilities in the net"ork and application stacks. )n enterprises, "ith the gro"ing presence of ne/t7
generation fire"alls that include protections against net"ork ==o, and "ith the availability of
dedicated appliances and services for ==o protection, the relevance of ==o features in 12s is
limited to ==o attacks at the application layer. Ho"ever, some net"ork security vendors that offer
==o protection and 12s highlight collaboration bet"een both technologies for better protection.
=edicated ==o protection, 12s and ne/t7generation fire"all technologies overlap for protocol
attacks, provide very limited synergies and are not fully efficient against volumetric attacks.
+artner believes that successful collaborations "ill happen bet"een 12s and cloud7based ==o
protection services, but that other partnerships "ill remain limited to niche use cases.
Return to Top
%he Ability to &cale Is the 'ey to WAF(s Market Ftre
+artner already sees ype 1 organi9ations $see *ote :& "ith mature risk evaluation methodologies
adopting 12s for their public and internal eb applications, even "hen there are no compliance
constraints.
*o", if 12 vendors "ant to sustain their gro"th in the future, they need to reach not only ype ' and
ype C enterprises, but also upper midsi9e organi9ations. he ability of 12 technologies to scale do"n
for these organi9ations and adapt their offerings to M' needs through ease of use, competitive pricing,
and good channel support is challenging. #rgani9ations that handle very large public eb applications
"ill also re-uire better automation during the staging as "ell as optimi9ed operational costs, "ith larger
appliances replacing comple/ cluster architectures. )n addition, security for mobile eb applications,
Page 12 sur 13Magic Quadrant for Web Application Firewalls
23/06/2014ttp!//www"gartner"co#/tecnolog$/reprints"do%id&1'1()Q*FW+ct&14061,+st&sg"""
-
8/10/2019 Magic Quadrant for Web Application Firewalls June 2014
13/13
cloud hosting and cloud services implies ne" security measures and an alternative deployment setup
that could impact ho" the 12 market evolves in the future.
he 12 market is in early mainstream phase, on the eve of the most critical period in its recent
history3 ho"ever, the overall dynamic is good, fed by steady gro"th of the number and si9e of eb
applications, as "ell as by ne", une/plored areas, such as the security of management servers for
industrial control systems $)Cs& and mobile eb applications. +artner estimates that the compound
annual gro"th rate through ;@:F "ill be in the range of ;@, but "ith increasing discrepancies
bet"een vendors and the gro"ing importance of 12 delivered as an off7premises $hosted& virtual
appliance, or as a cloud service.
uccessful 12 vendors "ill manage to