Though not a brand new expertise by any stretch, WAF options proceed their evolution. Right now, WAF options are cloud-based and shield functions and APIs in hybrid and multicloud environments. WAF resolution distributors have expanded their remit to deal with API assaults and layer 7 DDoS and are working to combine WAFs with bot administration, API safety, and client-side safety instruments to supply full software safety platforms. That is excellent news for safety professionals, who proceed to face an onslaught of application-based assaults. To execute efficiently, safety groups should function extra effectively than ever and depend on a WAF resolution that can restrict/get rid of false positives, keep away from efficiency lags, forestall outages, and extra utterly block assaults that might threaten their credibility with the product group and the enterprise as a complete. Clients buying new WAFs or seeking to improve their present WAF should contemplate:
- The very best vary of options to guard business-critical apps. WAF resolution deployments battle when false positives and false negatives threaten an software’s effectiveness and enterprise worth — and trigger product leaders and builders to distrust the safety group. An efficient WAF protects the applying, whereas permitting it to serve prospects as meant, with minimal friction. This requires strong detection, safety of apps and APIs from a spread of assaults, automated coverage updates, the power to successfully create and check new guidelines, and easy administration and configuration options that don’t disrupt the applying’s efficiency and efficacy.
- The breadth and depth of automation and integrations. All distributors provide infrastructure-as-code (IaC) integrations and APIs to assist prospects scale WAF deployments and administration capabilities. However safety professionals will need to verify that distributors absolutely help APIs and IaC templates and preserve them updated with new options and capabilities. Additionally, verify that integrations with safety operations (SecOps), improvement and operations (DevOps), software scanning, and vulnerability administration instruments are simple to implement. For SecOps instruments like safety incident and occasion administration (SIEM) and safety orchestration, automation, and response (SOAR), ask about granular information feed choices, which assist decrease information storage prices, and supported preconfigured dashboards.
- The seller’s software safety platform technique. Just a few years in the past, most WAF resolution distributors had acquired or constructed out adjoining options like API safety, bot administration, and client-side code safety and supplied prospects a portfolio of loosely coupled options. Right now, many of those distributors are transferring to show these portfolios into true platforms with a unified administration UI, shared context, and simplified pricing mannequin. Safety leaders ought to take a look at their WAF vendor’s platform technique to see the way it can develop with them and streamline their efforts in a number of adjoining classes.
The Forrester Wave™: Internet Software Firewall Options, Q1 2025 evaluates ten of the highest WAF distributors’ present providing and technique and is offered now! Forrester prospects in search of a deeper dive also can arrange an inquiry or steerage session.
