Check Point® Software Technologies Ltd. has been recognized as a Leader in the 2024 Gartner® Magic Quadrant™ for Email Security Platforms (ESP).
Only 40% of organizations are satisfied with their WAF, according to a new Ponemon Institute report – The State of Web Application Firewalls.
"The research clearly reveals WAF dissatisfaction in three areas," said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. "First, organizations are frustrated that so many attacks are bypassing their WAFs and compromising business-critical applications. In addition, they're experiencing the pain of continuous, time-consuming WAF configuration and administration tasks. Lastly, they're dealing with significant annual costs associated with WAF ownership and staffing."
The underlying data from the research provided more insight into each of these three areas:
■ Security – While 66% of respondent organizations consider the WAF a critically important security tool, 43% use their WAFs only to generate alerts (not to block attacks). Perhaps not surprising, 86% experienced application-layer attacks that bypassed their WAF in the last 12 months.
■ Administration – Managing legacy WAF deployments is complex and time-consuming, requiring an average of 2.5 security administrators who spend 45 hours per week processing WAF alerts, plus an additional 16 hours per week writing new rules to enhance WAF security.
■ Cost – The CapEx and OpEx costs associated with WAF purchase and ongoing management are significant. In total, organizations spend an average of $620K annually. This includes $420K for WAF products, plus an additional $200K annually for the skilled staffing required to manage the WAF.
Despite the current frustrations of WAF users, they also indicated what specific improvements should be made to their WAF to improve overall effectiveness and satisfaction. Two important requirements emerged.
■ 72% of respondents would like to see more intelligence and automation integrated into their WAF.
■ 74% would like to see WAF functions integrated with other application security functions into an AI-powered software platform.
Intelligent automation and consolidation of application security functions are definitely two critical requirements we're seeing regularly with our hyper-connected customers, who rely on web, mobile and API-based applications to link customers, partners, and suppliers across their digital ecosystem. And they need an intelligent, integrated application security solution that can protect them against a broad range of sophisticated attacks.
Methodology: The State of Web Application Firewalls report was completed in April 2019. The report is based on data gathered from 595 organizations across the US. On average, they have each deployed 158 web, mobile, and API-based applications, on premises and in the cloud. Participating organizations span 16 vertical markets and the majority have offices globally; 100% of respondents are responsible for WAF deployments in their organization.
Industry News
Progress announced its partnership with the American Institute of CPAs (AICPA), the world’s largest member association representing the CPA profession.
Kurrent announced $12 million in funding, its rebrand from Event Store and the official launch of Kurrent Enterprise Edition, now commercially available.
Blitzy announced the launch of the Blitzy Platform, a category-defining agentic platform that accelerates software development for enterprises by autonomously batch building up to 80% of software applications.
Sonata Software launched IntellQA, a Harmoni.AI powered testing automation and acceleration platform designed to transform software delivery for global enterprises.
Sonar signed a definitive agreement to acquire Tidelift, a provider of software supply chain security solutions that help organizations manage the risk of open source software.
Kindo formally launched its channel partner program.
Red Hat announced the latest release of Red Hat Enterprise Linux AI (RHEL AI), Red Hat’s foundation model platform for more seamlessly developing, testing and running generative artificial intelligence (gen AI) models for enterprise applications.
Fastly announced the general availability of Fastly AI Accelerator.
Amazon Web Services (AWS) announced the launch and general availability of Amazon Q Developer plugins for Datadog and Wiz in the AWS Management Console.
vFunction released new capabilities that solve a major microservices headache for development teams – keeping documentation current as systems evolve – and make it simpler to manage and remediate tech debt.
Check Point® Software Technologies Ltd. announced that Infinity XDR/XPR achieved a 100% detection rate in the rigorous 2024 MITRE ATT&CK® Evaluations.
CyberArk announced the launch of FuzzyAI, an open-source framework that helps organizations identify and address AI model vulnerabilities, like guardrail bypassing and harmful output generation, in cloud-hosted and in-house AI models.
Grid Dynamics announced the launch of its developer portal.
LTIMindtree announced a strategic partnership with GitHub.