The Gartner Senior Research Board gave me approval to research a Magic Quadrant on Web Application Firewalls (WAF). The publishing target is Q4.
The WAF market wasn’t ready for a MQ or MarketScope last year. I published a research note "Introduction to Web Application Firewalls", whose title is a bit of an exonym as it includes information on each vendor and details on the multiple deployment modes (e.g. proxy, transparent proxy, out-of-band, etc) as a precursor to an MQ.
All my data indicates that the WAF market has solidified and grown sufficiently to warrant an MQ. For a while, my WAF folders looked like a genealogy project from all the acquisitions. I kept expecting vendors to start phone calls with me like when Vikings or Scots meet before battle: "I am Wafsoft, son of Firewall Inc., son of FAW, who was a result of the union of AppWall and XYZCo*, and I am here to slay application vulnerabilities.. HIYAAAAAAAA!!!".
The WAF market has also reached the phase where there are categorical differences between offerings that can be assigned to the various quadrants: it isn’t helpful to our customers to have an MQ where all the dots are crowded in one corner, so Gartner is diligent about determining which markets get MQs so that they are of utility for our customers (and not just because some vendors are clamoring for one).
MQs are a lot of work, so I’ll be getting started on this one which will be running somewhat concurrently with my research for the network firewall MQ.
*I made those names up but if any of those are real, I would not be surprised. More on security company names tomorrow.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.