A few weeks ago, I reviewed some research from colleagues Jeremy D’Hoinne and Adam Hils on Web Application Firewalls (Hey, who said security and network folks don’t get along!). It was a really, really good read, and very much related to the ADC market (which I cover). So without further ado, here is a Guest Blog from Jeremy D’Hoinne (@jeremydhoinne ) on the topic…
Since network firewalls have evolved to include application visibility and control as a parameter for a filtering rule, there is some resulting confusion from security professionals. Some confuse WAFs with NGFW (and sometimes IPS). Web application firewalls (WAFs) are in fact the first line of defense for your web DMZ. They protect the web applications that your enterprise hosts and offer to its clients or partners. WAFs can also protect internal applications and web services.
One of the specific aspects of WAF is that it can be deployed in various ways: on-server module, software, hardware or virtual appliance, but also as a cloud service or embedded on an application delivery controller. This multitude of deployments scenarios gives plenty of opportunities for application and network security teams. Unfortunately, it might also add to the difficulty when it comes to selecting a solution for your organization.
For these reasons and many more, Adam Hils (@adamhils) and I have decided to write: “Web Application Firewalls Are Worth the Investment for Enterprises” in which we cover the basics, highlight the difference between WAF and other network security technologies (namely NG-Firewalls and IPS), but also dig into the comparative evaluation of WAF features, beyond the dreaded “check box”.
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.