Blog post

Gartner’s First Ever Web App Firewall Magic Quadrant Just Published

By Adam Hils | June 17, 2014 | 3 Comments

Network security

Color me excited.

Jeremy D’Hoinne, with co-authors Greg Young, Joseph Feiman (and me), has just put out Gartner’s first MQ for WAF.

It was a gargantuan effort to describe a space with several different delivery models: Standalone appliance/software, cloud-delivered, public cloud-resident, managed security service, and ADC-based. It’s a dynamic, fast-growing market (30%+ this year, 20% five year CAGR) that does much more these days for customers than merely supply a PCI DSS check mark.

This note follows one Jeremy and I authored earlier this year, entitled “Web Application Firewalls Are Worth the Investment for Enterprises”. In it we make the case that WAFs provide an important layer of protection – especially for public-facing web apps – that NGFWs and IPSs absolutely do not.

Look for more from Gartner on the subject of WAF in the coming months.

The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed


  • Arian Evans says:

    Awesome. Really looking forward to getting my hands on this. More questions after I get to read it!

  • Adam Hils says:

    Ask away, Arian. WAF is an extremely dynamic area these days – generating growing amounts of questions from Gartner’s clients.

  • Colin Watson says:

    WAFs can also be used as externalised detection points for application-specific attack detection, or to perform some of the responses once an attack has been determined by the application. See OWASP AppSensor.