KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Web Application Firewalls (WAF) have been around for quite some time to protect web applications through the inspection of HTTP traffic. Traditionally WAFs were used within organizations on-premises to protect both internal intranets and externally facing internet web applications. Over time organizations have grown to depend on web applications for doing business with business partners and customers, making it business-critical to maintain and protect a web application.
Since the beginning, WAFs provided protection against a list of common types of web attacks such as SQL injection and cross-site scripting using pattern matching techniques against the HTTP traffic. As the list of attack types continued to grow, the Open Web Application Security Project (OWASP) provided some insight into the most critical security risks to web applications in an effort to give web developers guidance on minimizing these risks. WAFs also provide a level of protection against connection-based Distributed Denial-of-Service (DDoS) attacks that try to overwhelm or disrupt normal traffic to web-based services.
More commonly known as Bots, software robots perform repetitive tasks and can imitate human user behavior. What started as a means to perform useful automated tasks quickly became a tool for malicious web attacks. For example, it is reported that over 30% of all online traffic is due to web bots, in which roughly 25% of those bots among that website traffic are malicious. Some of these malicious bots even attempt to log into user accounts. Given these types of attacks, advanced WAF capabilities are needed to distinguish between automated bots and real users, as well as to detect other abnormal activity using AI Machine Learning, for example.
A focus on Application Programming Interface (API) have been steadily growing, and we are seeing the market covering the protection of APIs in multiple ways such as API gateways, Access Management solutions, and now WAFs are also filling the gap with its own API protection combining Web Application and API Protection (WAAP) capabilities.
This Leadership Compass covers solutions that protect web applications using a Web Application Firewall (WAF). These solutions provide the capability to protect web-based applications, their data, and APIs, which are commonly found in small to large organizations. These solutions must meet the most basic WAF requirements seen in the past and provide more advanced capabilities to meet the new emerging IT requirements that protect against the evolving landscape of attacks seen today on the internet.