Though not a brand new know-how by any stretch, WAF options proceed their evolution. Right now, WAF options are cloud-based and shield purposes and APIs in hybrid and multicloud environments. WAF resolution distributors have expanded their remit to deal with API assaults and layer 7 DDoS and are working to combine WAFs with bot administration, API safety, and client-side safety instruments to supply full utility safety platforms. That is excellent news for safety execs, who proceed to face an onslaught of application-based assaults. To execute efficiently, safety groups should function extra effectively than ever and depend on a WAF resolution that may restrict/remove false positives, keep away from efficiency lags, stop outages, and extra fully block assaults that may threaten their credibility with the product crew and the enterprise as an entire. Prospects buying new WAFs or trying to improve their present WAF should contemplate:
The very best vary of options to guard business-critical apps. WAF resolution deployments battle when false positives and false negatives threaten an utility’s effectiveness and enterprise worth — and trigger product leaders and builders to distrust the safety crew. An efficient WAF protects the appliance, whereas permitting it to serve clients as meant, with minimal friction. This requires strong detection, safety of apps and APIs from a spread of assaults, automated coverage updates, the power to successfully create and take a look at new guidelines, and easy administration and configuration options that don’t disrupt the appliance’s efficiency and efficacy.
The breadth and depth of automation and integrations. All distributors provide infrastructure-as-code (IaC) integrations and APIs to assist clients scale WAF deployments and administration features. However safety execs will wish to verify that distributors absolutely help APIs and IaC templates and preserve them updated with new options and features. Additionally, verify that integrations with safety operations (SecOps), improvement and operations (DevOps), utility scanning, and vulnerability administration instruments are simple to implement. For SecOps instruments like safety incident and occasion administration (SIEM) and safety orchestration, automation, and response (SOAR), ask about granular information feed choices, which assist reduce information storage prices, and supported preconfigured dashboards.
The seller’s utility safety platform technique. Just a few years in the past, most WAF resolution distributors had acquired or constructed out adjoining options like API safety, bot administration, and client-side code safety and provided clients a portfolio of loosely coupled options. Right now, many of those distributors are shifting to show these portfolios into true platforms with a unified administration UI, shared context, and simplified pricing mannequin. Safety leaders ought to have a look at their WAF vendor’s platform technique to see the way it can develop with them and streamline their efforts in a number of adjoining classes.
The Forrester Wave™: Internet Utility Firewall Options, Q1 2025 evaluates ten of the highest WAF distributors’ present providing and technique and is on the market now! Forrester clients on the lookout for a deeper dive can even arrange an inquiry or steerage session.
