Increased Need to Protect Online Business Applications Set to Fuel Growth of Untapped Web Application Firewall Market

London, UK 05th October, 2005 – With networks relatively well protected with a myriad of security technologies, hackers and other malicious third parties are directing their attacks on business applications on the Web. Enterprises are employing Web Application Firewall (WAF) technology to protect their Web applications, most of which contain multiple vulnerabilities due to a lack of proper attention to security factors by software developers.

“Traditional network security protects lower layers of the open system interconnection (OSI) reference model alone and hence, is incapable of protecting business Web applications, which run at layer seven of the OSI,” says Frost & Sullivan ( Senior Industry Analyst Jose Lopez. “This is where WAF technology comes into play as the only technology available that is capable of safeguarding the integrity of Web applications.”

Moreover, the introduction of specific legislations mandating database protection is likely to have a very positive effect on the penetration of the technology. The California Law SB 1386 Act and Japan’s Personal Information Protection Law oblige companies to inform their customers in the event their databases have been, or are suspected to be, compromised by a malicious third party. Due to the high focus of WAF technology vendors on the financial services market, existing legislations regulating financial services such as Basel II in Europe are also contributing to the uptake of this technology.

Despite such legislations and the solid message that most applications are vulnerable and need protection using adequate technology, many enterprises, distributors and value added resellers (VARs) are not fully aware of the existence and benefits of WAF. This is partly because vendors have focused mainly on selling the highly priced technology to financial services while ignoring the potential of other sectors.

“Vendors have realised the folly of such an approach and have started promoting WAF to a broader group of enterprises since late 2004. In addition, specialised media is publishing more information regarding the technology,” notes Mr. Lopez. “This growth is fuelled by the increased awareness among organisations regarding the futility of network firewalls and intrusion prevention systems in stopping Web attacks and ensuring Web applications security.”

However, vendors have to increase their efforts if this technology has to appeal to the mass audience. They have to keep in mind that the price of WAF products is also an important restraint for the penetration of the technology. While prices are affordable for larger enterprises, which understand that the value of their applications and the information they contain is much higher than the actual cost of the solution, there are plenty of medium-sized organisations that are left aside due to the cost of the solutions.

In Europe, many companies are addressing this challenge by providing lower-priced products that appeal to the pockets and needs of smaller businesses. They have also lowered the initial high operational costs since most vendors now understand that this is not a sustainable business model. Though the technology is still expensive, the reduction in operational costs makes the total cost of ownership (TCO) of today’s solutions considerably lower.

“Added to this, the current growth and successful uptake of identity and access management technologies by enterprises are likely to have a direct impact on the development of the WAF market,” says Mr. Lopez. “The ability to control the capabilities of a network’s end users, which could be a substantial threat to information security, is a prudent charge for the security administrator and can boost demand for internal database protection offered by WAF technology.”

If you are interested in further information about the World Web Application Firewall Market, please send an e-mail to Janina Hillgrub, Corporate Communications, at, with the following information: your full name, company name, title, telephone number, e-mail address, city, state and country. We will send you the information via e-mail upon receipt of the above information.


Frost & Sullivan, a global growth consulting company, has been partnering with clients to support the development of innovative strategies for more than 40 years. The company’s industry expertise integrates growth consulting, growth partnership services and corporate management training to identify and develop opportunities. Frost & Sullivan serves an extensive clientele that includes Global 1000 companies, emerging companies, and the investment community, by providing comprehensive industry coverage that reflects a unique global perspective and combines ongoing analysis of markets, technologies, econometrics, and demographics.

Don't miss