Web Application Firewall Software

Web Application Firewall Software (WAF) is an application layer firewall that applies a set of rules to a Hypertext Transfer Protocol (HTTP) conversation that covers application layer attacks, such as Cross-Site Scripting (XSS), Structured Query Language (SQL) injection attacks and application layer Distributed Denial of Service (DDoS), and protects application servers from security breach and loss of critical business information. WAF solutions are deployed ahead of web servers to defend web applications from internal and external threats, control and monitor web applications, and help organizations achieve the compliance requirements.

COMPETITIVE LEADERSHIP MAPPING TERMINOLOGY

The competitive landscape analyzes the growth strategies adopted by the key players in the WAF market. Imperva, Akamai, Barracuda, Citrix, Cloudflare, DenyAll, Ergon Informatik, F5 Networks, Fortinet, Penta Security Systems, Radware, Trustwave, Sophos, Positive Technologies, NSFOCUS, StackPath, Zenedge, Qualys, Instart Logic, United Security Providers, Applicure, Sucuri, Brocade, A10 Networks, and SiteLock are recognized as some of the top players in the WAF market. This chapter also includes the MicroQuadrant matrix, which provides information about the 25 major players who offer WAF solutions and services. The vendor evaluations are based on 2 broad categories: strength of product portfolio and business strategy excellence. Each category carries various criteria based on which the vendors have been evaluated. The evaluation criteria considered under strength of product portfolio include breadth and depth of product offering, product feature and functionality, focus on product innovation, product differentiation and impact on customer value, and product quality and reliability. The evaluation criteria considered under business strategy excellence include geographic footprint, breadth of applications/verticals served, channel strategy and fit, and mergers and acquisitions strategy. The products offered by these top players are loaded with many features and capabilities. Additionally, these players have adopted various business strategies to maintain a leading position in the WAF market.

VISIONARY LEADERS

Vendors who fall in this category generally receive high scores for most of the evaluation criteria. They have strong and established product portfolios and a very strong market presence. They provide mature and reputable WAF systems, solutions, and services. They also have strong business strategies. Imperva, Akamai, Citrix, and F5 Networks are the vendors in the visionary leaders category in the MicroQuadrant matrix.

INNOVATORS

Innovators are the vendors who have demonstrated substantial product innovations as compared to their competitors. They have a much focused product portfolio. However, they do not have very strong growth strategies for their overall business. Barracuda, Cloudflare, Fortinet, StackPath, Zenedge, Applicure, Instart Logic, DenyAll, Radware and SiteLock are the vendors in the innovators category.

DYNAMIC DIFFERENTIATORS

They are established vendors with very strong business strategies. However, they are low in product portfolio. They generally focus on a specific type of technology related to the product. Trustwave, Sophos, Positive Technologies, and Brocade are the vendors in the dynamic differentiators category.

EMERGING COMPANIES

They are vendors with niche product offerings and are starting to gain their position in the market. They do not have very strong business strategies as compared to other established vendors. They might be new entrants in the market and require some time before getting a significant traction. NSFOCUS, Ergon Informatik, Penta Security Systems, Qualys, United Security Providers, Sucuri, and A10 Networks are the vendors in this category.

Web Application Firewall Software Quadrant

Comparing 30 vendors in Web Application Firewall Software across 178 criteria.

Find the best Web Application Firewall Software solution for your business, using ratings and reviews from buyers, analysts, vendors and industry experts

EVALUATION CRITERIA

Below criteria are most commonly used for comparing Web Application Firewall Software tools.
  • Breadth and Depth of Product Offerings
    • Hardware Appliance Capabilties
    • Licenses
    • Product/systems
      • Hardware appliance
      • Virtual appliance
      • Cloud based solutions
  • Product Features and Functionality
    • Services
      • Professional Services
      • Managed Services
    • Professional services
      • Consulting Services
      • Support and Maintenance
      • Training and Education
  • Focus on Product Innovation
    • R&D Spend
    • New Product/Platform Launch
    • Channel of Delivery
      • Directly
      • Through Partners / Third-Party Vendors
  • Product Differentiation and Impact on Customer Value
    • USP
    • Brand Recognition
  • Product Quality and Reliability
    • Level of Support Services
    • Customer Redressal Mechanism/Program

TOP VENDORS

    • Enterprise
    • United States of America
    • Founded: 2004
    • $101MN to $500MN
    • 501 to 1,000
  • #

    WAP is a self-managing WAF that is easy to set up and maintain, and can work without customization. The integration of the WAP with the Akamai platform enables end-users to access the websites faster, due to the content caching feature. WAP further improves the website performance by optimizing HTML and image content for faster delivery. It solves application security problems by providing an intuitive administrator interface, preconfigured rule groupings, automatic rule updates, and self-serve installation. The product ensures application security for organizations. WAP also receives added benefits from the Akamai Intelligent Platform. These benefits include frequent automatic updates to application security rules, features and products that secure and accelerate website performance, and scalability without additional hardware requirements. These benefits assist customers in achieving PCI compliance.

    Read More
    • Enterprise
    • Massachusetts, US
    • Founded: 1998
    • $1BN to $5BN
    • 5,001 to 10,000
    • Enterprise
    • Ramat Gan, Israel
    • Founded: 2004
    • 51 to 100
  • #

    The Barracuda WAF offers various capabilities, such as adaptive profiling, which helps administrators build a positive security profile for the web applications by sampling web traffic. It also offers the vulnerability remediation service, which helps in deploying the WAF using an IP address, thereby reducing the costs and complexities involved in configuration and maintenance. Its server cloaking feature prevents server banners, error messages, HTTP headers, return codes, debug information, and backend IP addresses from leaking to the attackers. Barracuda WAF also provides the mobile application protection feature. Additionally, it offers protection against XML-based applications, web scraping protection, data loss prevention, and URL encryption. The Barracuda WAF works in conjunction with its Vulnerability Manager solution to identify vulnerabilities and remove blind spots while increasing visibility and end-to-end application security in a hybrid environment. The company is highly focusing on product innovations in its WAF offerings such as Sentinel, an AI solution; Next generation Firewall (NGFW); and Email Threat Scan for Office 365.

    Read More
    • SME
    • 1,001 to 5,000
    • Enterprise
    • 1 to 50
  • #

    NetScaler AppFirewall protects web infrastructure against vicious attacks, including DDoS, SQL injection, XSS, and SSL attacks. It aids corporate IT security teams in conforming to the governmental privacy regulations and industry mandates. Apart from providing comprehensive security, the firewall is quick and easy to deploy and manage. It creates reports using a simplified Graphical User Interface (GUI). NetScaler AppFirewall is available in various platforms, such as NetScaler SDX Appliances, NetScaler ADC Platinum Edition, NetScaler MPX Enterprise Edition, and NetScaler VPX Platinum Edition. Citrix solutions and services target customers of all sizes, from small businesses to large global enterprises.

    Read More
    • SME
    • 101 to 500
  • #

    Cloudflare receives about 2.9 million requests every second, and the Cloudflare WAF constantly recognizes and blocks new possible threats. Cloudflare WAF’s rulesets result in latency of less than 1 millisecond. Cloudflare WAF offers security control for websites, applications, and APIs hosted on multiple cloud environments. Cloudflare’s network shields internet assets across all cloud providers.

    Read More
    • Startup
    • San Francisco, California, US
    • Founded: 2009
    • $11MN to $50MN
    • 1 to 50
  • #

    it helps to optimize and accelerate corporate data streams to improve the team’s level of control over applications and how they are being used to access, create, and share information. The company’s WAF enables virtual patching, extensibility, log replay, and app learning. The DenyAll WAF can be deployed on hardware, software (virtual machine), or cloud. It has the capacity to reduce the traffic of malicious robots by 70%. DenyAll has maintained strong partnerships with High-Tech Bridge, Dimension Data, NTT Communications, and Prosodie-Capgemini. DenyAll’s partner program is focused on value-added distributors. The program has 3 certification levels (bronze, silver, and gold), according to the specific criteria (annual turnover, co-marketing actions, and technical support).

    Read More
    • Enterprise
    • Paris, Île-de-France, France
    • Founded: 2001
    • 101 to 500
  • #

    Airlock WAF’s key feature is that it provides superlative end-to-end protection for complex web environments. The company’s WAF offers various features, such as secure reverse proxy, central checkpoint, filtering, API security, dynamic whitelisting, and a central security hub. The Airlock team has about 55 engineers to monitor the security offerings of the company. The company has a large clientele and is trusted by more than 150 banking and insurance companies. Ergon’s Airlock suite generates its maximum revenue from the financial sector. There are several variants of the Airlock WAF, such as Airlock WAF 6.1, Airlock WAF 6, and Airlock WAF hardware. With the introduction of the Airlock Suite, Ergon has become the first vendor without an antimalware product in its product portfolio to receive the EICAR Minimum Standard Certificate.

    Read More
    • Enterprise
    • Zurich, Switzerland
    • Founded: 1984
    • $51MN to $100MN
    • 101 to 500
  • #

    F5’s WAF offers a range of deployment options, from on-premises to private and public cloud deployments. It also offers other additional functionalities, including visibility into HTTP and WebSocket traffic, integration with third-party Dynamic Application Security Testing (DAST) tools, dynamic learning and site-wide behavioral analysis, geolocation and IP intelligence, proactive bot defense and client-side integrity defense, security services, and Azure Security Center integration. F5 Networks’ WAF is a cloud-based service built on the BIG-IP Application Security Manager. It offers 2 service options. The first is a Security Operations Center with 24/7 all-year-round support, and the other is an express service option, which provides fast self-service deployment of expertly maintained policies across hybrid environments. The Silverline WAF is available in a flexible licensing model with 1–3 years of subscription. F5 Networks is focusing on introducing innovations in its Herculon family of security products to overcome the everyday emerging threats.

    Read More
    • Enterprise
    • Washington, US
    • Founded: 1996
    • $1BN to $5BN
    • 1,001 to 5,000
    • Enterprise
    • Texas, US
    • Founded: 1994
    • $500MN to $1BN
    • 1,001 to 5,000
  • #

    It uses advanced tools to minimize false positive detections and enhances the protection with FortiGate and FortiSandbox integrations. It also offers application protection from the top 10 OWASP listed application attacks, including XSS and SQL injection. FortiWeb can be configured on hardware, such as 100D, 400D, 600D, 1000E, 2000E, 3000E, 3010E, and 4000E, as well as on virtual machines. Additionally, the company offers FortiCare support services and training. FortiCare is available 24/7 for continuous support.

    Read More
    • Enterprise
    • California, US
    • Founded: 2000
    • $1BN to $5BN
    • 45,001 to 50,000
  • #

    It offers superior protection and is updated in the real time. The SecureSphere WAF patented “dynamic application profiling” technology analyzes all aspects of the web applications to deliver optimal accuracy and mitigate technical as well as non-technical attacks. SecureSphere WAF can be deployed as a physical or virtual appliance onpremises. Imperva ThreatRadar updates the SecureSphere WAF to provide better protection, improve WAF accuracy, and proactively filter traffic from recognized bad sources. SecureSphere WAF’s key capabilities include virtual patching of application vulnerabilities. It can be easily integrated with most of the leading Security Information and Event Management (SIEM) systems, such as Splunk, ArcSight, and RSA enVision. The company scores well in the breadth and depth of product offering parameter with excellent product features and functionalities.

    Read More
    • SME
    • Redwood Shores, Redwood City, California, US
    • Founded: 2002
    • $101MN to $500MN
    • 501 to 1,000
    • Enterprise
    • Palo Alto, California, US
    • Founded: 2010
    • $11MN to $50MN
    • 51 to 100
    • Enterprise
    • California, US
    • Founded: 1987
    • $1BN to $5BN
    • 5,001 to 10,000
    • Enterprise
    • Berkshire, England
    • Founded: 1976
    • $1BN to $5BN
    • 501 to 1,000
    • Enterprise
    • Washington, USA
    • Founded: 1975
    • More than $100 BN
    • 1,00,001 to 5,00,000
  • #

    It provides up to 1 Gbps of DDoS protection from other volumetric and application layer attacks, including TCP Flood and HTTP/S GET/POST Flood. The WAF employs access rate thresholding, IP reputation, and algorithm-based protection mechanisms. Some of the virtual WAFs include WAF V1000, WAF V600, and WAF V300. Some of the WAF hardware include WAF 2000, WAF 1600, WAF 1000, and WAF 600. The NSFOCUS WAF is the ideal solution for safeguarding critical servers, web applications, and data. It delivers high-quality application layer security to organizations of all sizes.

    Read More
    • Enterprise
    • Santa Clara, California, US
    • Founded: 2000
    • Below $10 MN
    • 1 to 50
    • Enterprise
    • California, USA
    • Founded: 1977
    • $10BN to $50BN
    • 1,00,001 to 5,00,000
  • #

    The company’s value class WAFs include WAPPLES-50, WAPPLES-100, and WAPPLES-500; performance class WAFs include WAPPLES-1200 and WAPPLES-2200; and the high-end class WAFs include WAPPLES-5200 and WAPPLES-10000. Penta Security also offers competitive product pricing for information security solutions, which include end-to-end data protection and web security. Penta Security provides application security systems by collaborating with specialized partners in various fields. It has a large clientele of about 5,000 customers across different nations. Its partner network includes companies such as Daiko, ISPConnect, and NSS Group.

    Read More
    • Enterprise
    • Seoul, Seoul Capital Area, South Korea
    • Founded: 1997
    • 1 to 50
  • #

    PT Application Firewall takes an advanced approach to addressing the problem, using true machine learning and behavioral analysis to defend against zero-day attacks, smart correlation to accurately detect major threats, unique P-Code technology for targeted real-time protection, continuous automated user profiling against level 7 DDoS and automated attacks and a WAF.js module to tackle client-side attacks. PT AF also features extensive integration capabilities for multilayer protection, data masking for maximum confidentiality of the end-user data and easy deployment and usability.

    Read More
    • Enterprise
    • Framingham, Massachusetts, US
    • Founded: 2000
    • $51MN to $100MN
    • 1 to 50
  • #

    It caters to a wide range of industry verticals, such as information technology, retail, biotechnology, chemical, BFSI, telecommunications, education, media, automobile, and food retail. Qualys has a global presence across 100 countries, including regions such as North America, Europe, APAC, and MEA. The Qualys WAF blocks attacks on web server vulnerabilities, controls application access, and prevents disclosure of sensitive information with the help of an automated, adaptive approach. The company’s WAF can easily identify and mitigate web app risks to thousands of apps.

    Read More
    • SME
    • Redwood City, California, US
    • Founded: 1999
    • $101MN to $500MN
    • 501 to 1,000
  • #

    The company’s AppWall WAF enables organizations to fully comply with PCI DSS. Radware has a dedicated emergency response team that serves 24/7 for configuring and updating security policies and detecting, alerting, and mitigating attacks. The Radware Cloud WAF service is available in 2 packages: enterprise and enterprise premium. DDoS protection capabilities up to 1 Gbps of attack traffic are available in both the packages. Radware’s Cloud WAF service also provides customers a reporting tool to gain visibility and insights into the security threats to their assets. The AppWall WAF ensures secure and reliable delivery of critical web applications. It provides protection against web application attacks and advanced HTTP attacks. AppWall is available with various deployment modes, including reverse proxy, transparent and non-transparent, and cluster deployments.

    Read More
    • SME
    • Tel Aviv, Israel
    • Founded: 1996
    • $101MN to $500MN
    • 501 to 1,000
    • Enterprise
    • Scottsdale, Arizona, US
    • Founded: 2008
    • Below $10 MN
    • 1 to 50
  • #

    It immediately identifies and isolates infected systems till they are cleaned up. Exposes hidden risks: The risks from unknown apps, top risk users, advanced threats, and suspicious payloads are identified. The XG Firewall cater to organizations of all sizes.

    Read More
    • Enterprise
    • Oxfordshire, UK
    • Founded: 1985
    • $500MN to $1BN
    • 1,001 to 5,000
  • #

    The company offers the same pricing to all customers across the globe, rather than offering customer contracts. StackPath has progressed in the field of cybersecurity, and it is now a prominent provider of secure network as a service. The company has managed to gather more than 30,000 customers in 3 years.

    Read More
    • Startup
    • 101 to 500
    • Startup
    • Menifee, California, US
    • Founded: 2010
    • Below $10 MN
    • 1 to 50
  • #

    The Trustwave WAF leverages its expertise in risk and compliance management with pre-built best practice controls and reports for compliance mandates, including PCI DSS. It is built on the Trustwave Architecture, which is highly scalable. It is available in multiple configurations to support the requirements of different businesses. Trustwave WAF can be configured on hardware and virtual appliances (VMware, AWS, and Microsoft Azure). These hardware and virtual appliances are deployed as sensors, managers, or standalone appliances. A few of Trustwave’s WAFs include TS151, TS250, VX15i, VX30i, AWS15i, and MA15i. Trustwave is available with 2 service options: standard support and premium support. Standard support includes email and phone support, plus maintenance updates. Premium support includes 24/7 all-year-round email and phone support, one-year hardware warranty, next-day replacement service for Trustwave WAF hardware appliance, and maintenance updates. Onsite installation, extended hardware coverage, and professional services are also available as additional standard support.

    Read More
    • SME
    • 501 to 1,000
    • Enterprise
    • Bern, Switzerland
    • Founded: 1994
    • 101 to 500
  • #

    Zenedge solutions are backed by 24/7 monitoring and protection from attacks with the help of distributed Security Operations Centers across the globe

    • Enterprise
    • Aventura, Florida, US
    • Founded: 2014
    • Below $10 MN
    • 51 to 100

TOP REVIEWS

Looking for Web Application Firewall Software? Get help

BE THE FIRST ONE TO REVIEW

Share your experience with potential buyers.