Category: WAF

Security, WAF

WAF: 2018 Gartner Magic Quadrant

skalex73

In this article we’re going to show where Gartner placed the vendors in 2018 Magic Quadrant for Web Application Firewalls (WAF).

  • Leaders: Imperva, Akamai
  • Challengers: F5, Cloudfare, Fortinet, Barracuda Networks, Citrix
  • Niche players: Amazon Web Service, Ergon Informatik, Microsoft, Instart and Rohde & Schwarz Cybersecurity
  • Visionaries: Oracle, Radware

At link https://www.consulthink.it/en/waf-solutions-in-comparison-2018-gartner-magic-quadrant-for-waf/ you can find an interesting comparison of the above-mentioned technologies relative to their strengths and weaknesses.

I tried to summarize them in the following table:

[table id=6 /]

Security, WAF

Web Application Firewall (WAF)

skalex73

WAF: what is it and what is it for?

A web application firewall (WAF) is an application firewall for HTTP applications. WAF can protect companies against web attacks such as SQLInjection , Cross-Site Scripting (XSS), session hijacking and buffer overflows, which traditional network devices (e.g. firewalls) and other intrusion detection systems (IDS) and intrusion prevention systems (IPS) may not be capable of doing.

How many types are there?

WAFs may come in the form of an appliance, server pluginor filterand may be customized to an application. The effort to perform this customization can be significant and needs to be maintained as the application is modified.

Network based

This kind of WAF is usually hardware-based and can reduce latency because they are installed on premise via a dedicated appliance, as close to the application as possible. The biggest drawback for this type of WAF product is cost as there’s both an up-front capital expenditure as well as ongoing operational costs for maintenance.

Host based

It may be fully integrated into the application code itself. The benefits of a host-based WAF implementation include lower cost and increased customization options. Host-based WAFs can be a challenge to manage because they require application libraries and depend upon local server resources to run effectively. Therefore, more staff resources, including that of developers, system analysts and devops, may be required.

Cloud-hosted

It offer a low-cost solution for organizations that want a turnkey product that requires minimal resources for implementation and management. Cloud WAFs are easy to deploy, are available on a subscription basis and often require only a simple DNS or proxy change to redirect application traffic. The drawback is that it can be challenging to place responsibility for filtering an organization’s web application traffic with a third-party provider: indeed the strategy allows applications to be protected across a broad spectrum of hosting locations using similar policies to protect against application layer attacks. Additionally, these third-parties have the latest threat intelligence and can help identify and block the latest application security threats.