Last week marked the inaugural release of Gartner’s Web Application Firewalls (WAF) Magic Quadrant. As the only Leader in this quadrant, a rarity in the world of Gartner Magic Quadrants, we at Imperva have recognized a larger trend that’s been emerging for some time from current and prospective customers. It’s great validation that now Gartner is recognizing the need for a WAF MQ to help customers identify corresponding trends and assist in making purchasing decisions.
One of the most frustrating things that happens to me is when an organization calls Imperva after they’ve been breached and when we go in to help out, we find out that they had been relying on a network security solution (either an Intrusion Prevention System or a Next Gen Firewall) to prevent web application attacks (almost always this is SQL Injection). We’ve even talked to organizations that have come to us only after their second breach to find out that their ‘solution’ the first time around was to buy more of the IPS solution that didn’t stop the first breach. Even worse, I think many security professionals disregarded our effort having been conditioned over time to be skeptical of vendor claims. The result has been that frustrating dynamic…getting called to come in after a breach that was easily preventable if the customer had just understood the difference between IPS or Next Gen Firewall and a Web Application Firewall.
I see this quadrant as a possible antidote as to why our WAF (and probably our competitor’s products, by the way) could have been able to stop the attacks with a default policy. Gartner is a third party and doesn’t have a vested interest in a WAF vs IPS and NGFW purchasing outcome, so their opinion is more easily accepted by security professionals. And Gartner has been consistent and clear on this point.
In a recent paper, Web Application Firewalls are Worth the Investment for Enterprises, (Jeremy D’Hoinne, Adam Hils. Gartner, Inc., 28 February 2014) Gartner wrote:
“Firewalls and intrusion prevention systems don’t provide sufficient protections for most public-facing websites or internal business-critical and custom Web applications. Here, we explain how Web application firewalls help security leaders to better protect Web applications in their organizations.”
And even in the 2014 Magic Quadrant for Enterprise Network Firewalls, (Greg Young, Adam Hils, and Jeremy D’Hoinne. Gartner, Inc., April 2014) the team shared:
“…Gartner does not see NGFW and WAF technologies converging because they are for different tasks at different placements.”
I’m hopeful that because of reports like these and the recently released WAF Magic Quadrant, security professionals will begin to realize that their existing network security products don’t protect them from web application attacks, and instead of getting called in after the breach, Imperva and other WAF providers will be given the chance to protect organizations before an attack.
By Mark Kraynak, SVP Worldwide Marketing at Imperva
About Imperva
Imperva is focused on closing the dangerous gap in today’s enterprise security that leaves organizations vulnerable to attack, theft, and fraud. It specializes in data center security and delivers a new layer of protection that keeps high-value applications and data assets in physical and virtual data centers safe, yet accessible. Imperva is pioneering is a third pillar of enterprise security designed specifically for the modern, hyperconnected world.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.