Gartner 2018 Magic Quadrant for

Web Application Firewalls

E X E C U T I V E S U M M A R Y

Websites and web applications are increasing in complexity and risk, with new vulnerabilities

discovered daily. This evolving threat landscape makes it increasingly difficult to protect your

customers, web applications, APIs, and data centers. On-premises web application firewalls

(WAFs) don’t provide the scale or flexibility needed to thwart today’s threats.

Increased demand for cloud-based WAFs is driving the overall market, according to Gartner’s 2018 Magic

Quadrant for Web Application Firewalls. In the report, Gartner notes that “by 2023, more than 30% of public-

facing web applications will be protected by cloud web application and API protection (WAAP) services that

combine distributed denial of service (DDoS) protection, bot mitigation, API protection and WAFs. This is an

increase from fewer than 10% today.” This increase is reflective of a movement away from stand-alone WAFs;

“By 2020, stand-alone web application firewall (WAF) hardware appliances will represent fewer than 20% of

new WAF deployments, which is a decrease from today’s 35%.”

In this report, Gartner analysts evaluated 14 vendors based on their ability to execute and completeness of

vision. Enterprise security teams can use this report to research how WAFs can provide improved security

that is easy to consume and manage, and addresses data privacy requirements.

We’re happy to report that Akamai was positioned as a Leader for the second year in a row.

Web Application Security a Growing Concern

As businesses increase the number of new digital business initiatives supported by public-facing applications,

such as API-driven mobile and IoT applications, web application security is becoming more of a concern. In our

Summer 2018 State of the Internet Security report, we reported that Akamai defended more than 400 million

web application attacks over a six-month period — a 38% increase over the prior period.

WAFs Headed to the Cloud

Increasingly, organizations are looking to cloud-based WAFs to protect public and internal web applications

and APIs with improved security that’s easy to consume and manage. WAFs protect web applications and APIs

against a variety of attacks, including bot attacks, injection attacks, and application-layer denial of service (DoS).

The best WAFs provide:

• Accurate protection, stopping more web attacks while minimizing false positives to allow legitimate

requests through

• Visibility into attacks, removing the guesswork from identifying and responding to attacks

• Adaptability to changing threats, with the ability to update protections as new attacks are discovered

• Adequate scale, to handle traffic without becoming a bottleneck

• Easy management, to minimize effort to deploy and manage over time

Executive Summary: Gartner Magic Quadrant for Web Application Firewalls

Executive Summary: Gartner Magic Quadrant for Web Application Firewalls

According to Gartner, they should provide signature-based protection, and should also support positive

security models (automated whitelisting) and/or anomaly detection.

Today, WAFs include a broad range of physical or virtual appliances. But increasingly, organizations are looking

to deploy cloud-based WAFs delivered in a subscription model that offers multiple bundled features, including

DDoS protection, bot management, and a content delivery network (CDN).

“In the long term, cloud WAF services, which were built from the beginning to be multitenant and cloud-centric,

avoid costly maintenance of legacy code. They also provide a competitive advantage, with faster release cycles

and rapid implementation of innovative features,” Gartner wrote.

Conclusion

Enterprise security teams considering WAFs should evaluate the pros and cons of stand-alone and cloud-based

WAFs for their specific environments. Organizations should look to this report from Gartner for guidance on

vendors and specific products in the WAF arena.

Get complimentary full access to the Gartner 2018 Magic Quadrant for Web Application Firewalls report.

Gartner, Magic Quadrant for Web Application Firewalls, Jeremy D’Hoinne, Adam Hils, Ayal Tirosh, Claudio Neiva, 29 August 2018

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to

select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s

research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with

respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Akamai secures and delivers digital experiences for the world’s largest companies. Akamai’s intelligent edge platform surrounds everything, from the enterprise

to the cloud, so customers and their businesses can be fast, smart, and secure. Top brands globally rely on Akamai to help them realize competitive advantage

through agile solutions that extend the power of their multi-cloud architectures. Akamai keeps decisions, apps and experiences closer to users than anyone —

and attacks and threats far away. Akamai’s portfolio of edge security, web and mobile performance, enterprise access and video delivery solutions is supported

by unmatched customer service, analytics and 24/7/365 monitoring. To learn why the world’s top brands trust Akamai, visit www.akamai.com, blogs.akamai.com,

or @Akamai on Twitter. You can find our global contact information at www.akamai.com/locations. Published 10/18.

Executive Summary: Gartner Magic Quadrant for Web Application Firewalls