by Adam Hils | June 17, 2014 | 4 Comments
Color me excited.
Jeremy D’Hoinne, with co-authors Greg Young, Joseph Feiman (and me), has just put out Gartner’s first MQ for WAF.
It was a gargantuan effort to describe a space with several different delivery models: Standalone appliance/software, cloud-delivered, public cloud-resident, managed security service, and ADC-based. It’s a dynamic, fast-growing market (30%+ this year, 20% five year CAGR) that does much more these days for customers than merely supply a PCI DSS check mark.
This note follows one Jeremy and I authored earlier this year, entitled “Web Application Firewalls Are Worth the Investment for Enterprises”. In it we make the case that WAFs provide an important layer of protection – especially for public-facing web apps – that NGFWs and IPSs absolutely do not.
Look for more from Gartner on the subject of WAF in the coming months.
Category: Network security Tags: application security, CSRF, PC!, SQLi, WAF, XSRF, XSS
by Adam Hils | January 24, 2014 | 1 Comment
When I left Gartner early 2010 to work on security products, I had a perspective on macro and micro network security trends. Four years later, some trends have been turned on their heads, others are cast differently, and still others remain the same. Here are my network security snapshots, then and now:
- 2010: NGFWs were being considered as secondary tools by bleeding edge customers 2014: NGFWs are trustoworthy edge protection platforms for many mainstream customers
- 2010: Stand-alone network IPS growth showed no signs of slowing 2014: NGFW growth and sandboxing uptake limits discrete IPS opportunity at the perimeter
- 2010: WAF was a PCI checkbox that was hard to deploy and painful to maintain 2014: WAF is still a PCI checkbox for some. Usability has has improved, & it can now be useful
- 2010: Firewall rules management software was infrequently used 2014: Auditor demands & migration to NGFW drive demand. Vendors try adjacent functions
- 2010: Virtualization was going to change the nature of network security & kill the appliance 2014: SDN is going to change the nature of network security & kill the appliance
- 2010: Dominant attitude: “Segment everything!” 2014: Dominant attitude: “Segment logically.”
- 2010: Zero day threats were like UFO sightings: Often imagined, seldom seen 2014: Zero days and advanced threats have made our networks a real-life Area 51
- 2010: “Visionaries” said the perimeter was disappearing; realists said it would stay 2014: “Visionaries” tout borderless netorks; realists know the perimeter remains, but shifts
- 2010: DDoS attacks were uncommon and unsophisticated 2014: Complex DDoS attacks have become the “new normal” for financial services institutions and other targeted verticals.
- 2010: “‘Enterprise UTM’ was about to conquer the netsec universe. Really!” Umm…no. 2014: “‘Enterprise UTM’ is about to conquer the netsec universe. Really!” Umm…no.
Category: Uncategorized Tags:
by Adam Hils | January 14, 2014 | Comments Off
“Right now I’m having amnesia and deja vu at the same time.”
– Steven Wright
Hello, all. Back for my second stint as a Gartner network security analyst and blogger. I left in early 2010 to go off and build/run some cool application and network security product lines. When I got the opportunity to return to Gartner in mid-2013, I jumped at the chance to once again help organizations make the right strategic security technology decisions.
I’ve been busy since returning. I (working with Greg Young and Jeremy D’Hoinne) led Gartner’s analysis of Cisco’s acquisition of Sourcefire; I wrote with Mr. D’Hoinne about how to determine when an organization is ready for a next-gen firewall; and I am lead author for the 2013 “Magic Quadrant for Intrusion Prevention Systems“, published last December. In addition, I’ve also contributed to Jeremy’s fine note describing factors important to building a SSL traffic decryption strategy, and I helped Craig Lawson in an update to Gartner’s definition for next-gen intrusion prevention systems.
In 2014, I will continue covering such network security areas as firewalls, IPS, UTMs, WAFs, and associated technologies. I also plan to define Gartner’s approach to security (firewall) policy management, and hope to start dealing with issues within enterprise Security Operations Centers.
I’m answering many of the same client inquiries as I did four years ago – the buzzwords are different, the threat has changed a bit, but the core problems endure. My next blog will provide my take on how things have changed (yet remain uncannily the same) in network security between January 2010 and January 2014.
Category: Network security Tags: firewall, IPS, Network security, NGFW, WAF