Color me excited.
Jeremy D’Hoinne, with co-authors Greg Young, Joseph Feiman (and me), has just put out Gartner’s first MQ for WAF.
It was a gargantuan effort to describe a space with several different delivery models: Standalone appliance/software, cloud-delivered, public cloud-resident, managed security service, and ADC-based. It’s a dynamic, fast-growing market (30%+ this year, 20% five year CAGR) that does much more these days for customers than merely supply a PCI DSS check mark.
This note follows one Jeremy and I authored earlier this year, entitled “Web Application Firewalls Are Worth the Investment for Enterprises”. In it we make the case that WAFs provide an important layer of protection – especially for public-facing web apps – that NGFWs and IPSs absolutely do not.
Look for more from Gartner on the subject of WAF in the coming months.
Comments are closed
3 Comments
Awesome. Really looking forward to getting my hands on this. More questions after I get to read it!
Ask away, Arian. WAF is an extremely dynamic area these days – generating growing amounts of questions from Gartner’s clients.
WAFs can also be used as externalised detection points for application-specific attack detection, or to perform some of the responses once an attack has been determined by the application. See OWASP AppSensor.