Web Application Firewall (WAF) – A Critical Defence for an “Information-Centric World”

5,982 views

Published on

Frost & Sullivan analysis reguarding Web Application Firewall (WAF).

Published in: Business
0 Comments
10 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
5,982
On SlideShare
0
From Embeds
0
Number of Embeds
728
Actions
Shares
0
Downloads
213
Comments
0
Likes
10
Embeds 0
No embeds

No notes for slide

Web Application Firewall (WAF) – A Critical Defence for an “Information-Centric World”

  1. 1. Web Application Firewall (WAF) – A Critical Defence for an “Information-Centric World” March 2010
  2. 2. Agenda Dispelling Some Common Misconceptions WAF : Market Overview (APAC) WAF : Market Opportunities WAF : Vendor Dynamics 2
  3. 3. Web Application Vulnerabilities SQL injection Content Spoofing Cross-Site Scripting Insert PIC Cross-Site Insufficient Request Forgery Authentication 3
  4. 4. What is WAF? Web Proxy IDS / IPS Network Firewall Vulnerability Scanning Tool What exactly Do I really is WAF? need WAF? 4
  5. 5. Common Market Confusion Towards WAF What is the first function that comes to mind when I mention the term ‘Web Application Firewall’? – Top 6 Responses Security in 36.7% gene ral Netw ork 19.3% security Inte grity of Web 19.3% application Access control 16.3% IDS/IPS 13.0% User authe ntication 11.7% Source: Frost & Sullivan 5
  6. 6. Common Market Confusion Towards WAF Agreement Towards Statements Concerning Web Application Firewall Agree Neutral Disagree Deploying a WAF is necessary in the current climate of application attacks 74.7% 14.0% 11.3% from the Web Even the best-designed web applications will require protection from a 69.0% 16.0% 15.0% WAF Having a powerful network firewall is sufficient to make up for the lack of a 55.0% 16.7% 28.3% WAF I will invest in a WAF to secure my Web 49.3% 31.7% 19.0% applications WAF is only required if a company wants 48.3% 29.0% 22.7% to be PCI-DSS compliant A WAF is only needed for custom 44.7% 18.3% 37.0% applications Source: Frost & Sullivan 0% 20% 40% 60% 80% 100% % of respondents 6
  7. 7. Market Definition of WAF Frost & Sullivan defines web application firewall (WAF) as a security technology, either hardware or software that sits before the web server and analyzes layer 7 traffic (a whole session, not packets) to protect applications from attacks aimed at exploiting vulnerabilities found in the applications. 7
  8. 8. Evolution of WAF First Generation Third Generation WAF would scan the WAF scans and maps web applications for a website or a web vulnerabilities and application to create generate a set of and allow everything rules that would except that which protect those has explicitly been vulnerabilities. disallowed by the rule set. This is a “negative security” model. 8
  9. 9. Dispelling Some Common Misconceptions WAF : Market Overview (APAC) WAF : Market Opportunities WAF : Vendor Dynamics 9
  10. 10. Business Drivers Increased ! adoption of Web-based Falling product price ! application ! Sophistication of threats Data breaches ! Regulatory ! compliance 10
  11. 11. Business Restraints Low priority in IT budget Limited Lack of executive awareness about WAF mandate on security High-level of static websites Substitute products 11
  12. 12. Dispelling Some Common Misconceptions WAF : Market Overview (APAC) WAF : Market Opportunities WAF : Vendor Dynamics 12
  13. 13. WAF: How Big Is It? Key Highlights: • CAGR of 47.6% in the APAC WAF market, during the forecast period 2009-2012. % .6 47 = • Internet is booming in APAC, especially R G CA China and India markets. • There’s a growing trend among corporations in the use of Web 2.0, which compounds the need for web application securities. Note: All figures are rounded. The base year is 2009. Revenue in US$ million. Source: Frost & Sullivan 13
  14. 14. WAF: APAC Markets Opportunity 2009 APAC revenue High $38.8 million Asean India India 10% 3% ASEAN Greater Japan China ANZ 33% 14% Japan ANZ South Korea Greater China S.Korea Low High 19% 21% Note: All figures are rounded. The base year is 2009. Revenue in US$ million. Source: Frost & Sullivan 14
  15. 15. Demand Analysis – By Verticals 2009 APAC revenue • BFSI faces strict regulatory compliance for its $38.8 million security measures, mainly because data loss incidents have happened in the past, and safeguarding reputation and restoring public confidence is a priority. MFG BFSI 9.6% Edu 18.7% • The nature of e-commerce indicates a high level 9.6% of usage and adoption of web & online applications. Risk of brand name and competitiveness damage. • Increase in e-government initiatives and SP services which create the demand for web E- 12.7% application security. Commerce Others 18.3% Gov't • Particularly, the concern of many governments 12.9% to prevent cyber-terrorism has become more 18.2% pertinent. Note: All figures are rounded. The base year is 2009. Revenue in US$ million. Source: Frost & Sullivan • Penetration of Web 2.0 into enterprises creates need to manage, control and secure traffic flow. 15
  16. 16. Dispelling Some Common Misconceptions WAF : Market Overview (APAC) WAF : Market Opportunities WAF : Vendor Dynamics 16
  17. 17. APAC Vendor Landscape Converged Product Vendors Stand-alone Vendors 17
  18. 18. Competitive Landscape – Points of Differentiation 18
  19. 19. Strategic Recommendations to WAF Vendors Compatibility Channel Strength & Support Awareness & Education Customer Engagement Localization 19
  20. 20. Next steps • Request a proposal for a Growth Partnership Service to support you and your team to accelerate the growth of your company. • Join us at a Growth, Innovation and Leadership 2010: A Frost & Sullivan Global Congress on Corporate Growth (www.frost.com/gilglobal) • Register for Frost & Sullivan’s Growth Opportunity Newsletter and keep abreast of innovative growth opportunities (www.frost.com/news) 20
  21. 21. Your Feedback is Important to Us What would you like to see from Frost & Sullivan? Growth Forecasts? Competitive Structure? Emerging Trends? Strategic Recommendations? Others? Please inform us by taking our survey 21
  22. 22. For Additional Information Name: Sarah Lourdes Name: Cathy Huang Corporate Communications (ICT) Industry Analyst (ICT) +603.6207.1030 +65.6890.0249 sarah.lourdes@frost.com cathy.huang@frost.com Name: Arun Chandrasekaran Name: Cedric Chong Industry Manager (ICT) Account Manager (ICT) +65.6890.0992 +65.6890.0227 arun.c@frost.com cedric.chong@frost.com 22

×