Greg Young

A member of the Gartner Blog Network

Greg Young header image 2
The Absence of Enforcement, Accountability and Responsibility The Lighter Side of Security Company Names

New Magic Quadrant Upcoming: Web Application Firewalls

May 21st, 2009 · 11 Comments

The Gartner Senior Research Board gave me approval to research a Magic Quadrant on Web Application Firewalls (WAF).  The publishing target is Q4. 

The WAF market wasn’t ready for a MQ or MarketScope last year.  I published a research note "Introduction to Web Application Firewalls", whose title is a bit of an exonym as it includes information on each vendor and details on the multiple deployment modes (e.g. proxy, transparent proxy, out-of-band, etc) as a precursor to an MQ.

All my data indicates that the WAF market has solidified and grown sufficiently to warrant an MQ.  For a while, my WAF folders looked like a genealogy project from all the acquisitions.  I kept expecting vendors to start phone calls with me like when Vikings or Scots meet before battle: "I am Wafsoft, son of Firewall Inc., son of FAW, who was a result of the union of AppWall and XYZCo*, and I am here to slay application vulnerabilities..  HIYAAAAAAAA!!!". 

The WAF market has also reached the phase where there are categorical differences between offerings that can be assigned to the various quadrants: it isn’t helpful to our customers to have an MQ where all the dots are crowded in one corner, so Gartner is diligent about determining which markets get MQs so that they are of utility for our customers (and not just because some vendors are clamoring for one).

MQs are a lot of work, so I’ll be getting started on this one which will be running somewhat concurrently with my research for the network firewall MQ. 

*I made those names up but if any of those are real, I would not be surprised. More on security company names tomorrow.

Share:
  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • LinkedIn
  • Live
  • MySpace
  • NewsVine
  • Reddit
  • Slashdot
  • StumbleUpon
  • Technorati

Tags: Uncategorized

11 responses so far ↓

  • 1 Mark Kraynak // May 21, 2009 at 7:07 pm

    Greg,

    This is great news. I’m sure the process will be arduous (on both your side and the vendor side) but well worth it. I 100% agree that there are a lot of real points of differentiation in the WAF market and also that customers new to the market are in need of help in navigating the differences.

  • 2 Vic Wheatman // May 23, 2009 at 2:57 am

    It’s important to note that participation in MQs is solely based on Gartner’s definition of the market. Vendors cannot “buy in” to participation, nor can they declare they don’t want to be in the MQ because they don’t like their placement.

    We’ve always maintained that presense in all four quadrants, and not just the upper right one, is a validation of a company’s market participation, and that buyers may find value in a vendors approach no matter how they are ranked on the graphic.

    Vic Wheatman

  • 3 Knowing when an analyst is kicking off a research project – one of paybacks for monitoring social media « SageCircle Blog // May 23, 2009 at 1:12 pm

    [...] Young (Twitter), Gartner, in his post New Magic Quadrant Upcoming: Web Application Firewalls. “The Gartner Senior Research Board gave me approval to research a Magic Quadrant on Web [...]

  • 4 Scott // May 29, 2009 at 5:14 pm

    I have been waiting for a MQ on the topic for a while. I thought for a while that I would have to rely on Forrester and ITprocafe.com to offer their insight on application firewall products.

  • 5 Greg Young // May 31, 2009 at 11:14 am

    Hi Scott:

    Actually, we’ve had guidance in the form of research notes and inquiry on web application firewalls available for our Gartner customers for quite a few years. I personally speak via inquiry with hundreds of enterprises each year on web application firewalls: now we have assessed that the market is both large and mature enough to warrant the depth of work an MQ requires.

  • 6 walter Marocchini // Jun 15, 2009 at 10:39 am

    Greg,

    in France we have 2 WAF editor since many year….

    You research a MQ because F5 is present now?

    regards

  • 7 John Linehan // Jul 2, 2009 at 4:31 am

    Greg

    If possible we would like to have our WAF product included in your analysis.

    I can link you to the marketing information but could also facilitate access to more technical information and a product trial.

    http://www.armorize.com/index.php?link_id=smartwaf

    http://www.armorize.com/pdfs/resources/smartwaf.pdf

    Thanks

    John Linehan
    Armorize Technologies

  • 8 Your INNER WAF « Practical Tactics // Jul 10, 2009 at 8:51 am

    [...] Application Firewalls are interesting bits of technology. Depending on the product and deployment method you chose, they can transparently protect your web [...]

  • 9 Tom W. // Oct 20, 2009 at 6:45 pm

    Walter,

    Curious do you happen to have the links to the 2 WAF comparison sites you’re talking about?

    Thanks,
    Tom

  • 10 Tom W. // Oct 20, 2009 at 7:17 pm

    Greg,

    How do I sign up to be notified when the MQ has been released?

    Thanks,
    Tom

  • 11 Greg Young // Oct 20, 2009 at 7:19 pm

    Gartner customers can set up alerts on their home page, to receive email or other alerts either by topic, keyword or analyst name.

Leave a Comment