Innovation drivers for the global web application firewall market

Web applications are vital technologies used by every online company to communicate with employees, partners, customers, and potential customers. The exposed nature of these applications provides hackers with many opportunities to test defences.

Constantly changing technologies open up new opportunities for hackers to find vulnerabilities to exploit. Organisations of all sizes require comprehensive web application firewall (WAF) solutions to protect exposed threat vectors.

Growth of the WAF market

Frost & Sullivan’s new research forecast to 2021, finds that the WAF market is set to grow at a compound annual growth rate of 13.7 per cent from 2016 to 2021, reaching over $1.1 billion by 2021. Top players include: Akamai, Citrix, Cloudflare, F5 Networks, Fortinet, Imperva, Penta Security, Qualys, Radware, Sophos, and Wallarm.

“Web technologies are changing rapidly to support the global digital transformation trend, including proliferation of mobile devices, the Internet of Things and cloud computing. This rapid rate of change can present challenges for traditional WAF solutions,” said Frost & Sullivan Network Security Senior Industry Analyst Chris Rodriguez. “WAF vendors must continue to innovate to address these new threats and add customer value by improving their product offering through innovative features such as API security, bot detection and controlled technology.”

Advice for WAF vendors

To grow in a fast-paced environment, WAF vendors should:

• Support the application development lifecycle through deep integration with DAST/SAST tools
• Enable APT and threat hunting through adding complementary technologies such as SIEMs to help identify notable security events
• Protect applications with consistent policies, regardless of where they are deployed, including public and private cloud environments
• Address emerging trends such as IoT risk
• Deliver solutions for emerging verticals such as manufacturing.

“Demand for web security will increase, but WAF will not be considered a cure-all,” noted Rodriguez. “WAF will be one of many web security technologies competing for security budget allocations in coming years.”