Blog post

Gartner’s First Ever Web App Firewall Magic Quadrant Just Published

By Adam Hils | June 17, 2014 | 3 Comments

Network security

Color me excited.

Jeremy D’Hoinne, with co-authors Greg Young, Joseph Feiman (and me), has just put out Gartner’s first MQ for WAF.

It was a gargantuan effort to describe a space with several different delivery models: Standalone appliance/software, cloud-delivered, public cloud-resident, managed security service, and ADC-based. It’s a dynamic, fast-growing market (30%+ this year, 20% five year CAGR) that does much more these days for customers than merely supply a PCI DSS check mark.

This note follows one Jeremy and I authored earlier this year, entitled “Web Application Firewalls Are Worth the Investment for Enterprises”. In it we make the case that WAFs provide an important layer of protection – especially for public-facing web apps – that NGFWs and IPSs absolutely do not.

Look for more from Gartner on the subject of WAF in the coming months.

Comments are closed


  • Arian Evans says:

    Awesome. Really looking forward to getting my hands on this. More questions after I get to read it!

  • Adam Hils says:

    Ask away, Arian. WAF is an extremely dynamic area these days – generating growing amounts of questions from Gartner’s clients.

  • Colin Watson says:

    WAFs can also be used as externalised detection points for application-specific attack detection, or to perform some of the responses once an attack has been determined by the application. See OWASP AppSensor.