Web application firewalls (WAFs) are designed to protect web applications. They achieve this via techniques such as filtering, monitoring, and blocking of malicious HTTP/S traffic that penetrates or attempts to penetrate web applications.
Web application firewall technology is a critical part of a company’s cybersecurity efforts. To help organizations keep up with this long-standing solution, here are some of the top trends in the web application firewall market:
1. WAF Growth Surge
Web application firewalls may not be the most cutting-edge technology around. Yet, they continue to play a vital role in enterprise storage and represent a high-growth segment of the security market. Market research numbers show demand for overall firewall solutions, including WAFs, with 14% annual growth, according to Dell’Oro Group.
“Firewalls are foundational to good enterprise network security hygiene, and we do not foresee any solution fully displacing them over the next five years,” said Mauricio Sanchez, an analyst at Dell’Oro Group.
Sanchez pointed out that web application firewall revenue surged by over 30% during 2022 and estimated annual revenue in excess of $2 billion for the year. Three top WAF vendors, Akamai, Cloudflare, and F5 Networks, now represent over half the market by revenue, according to Dell’Oro Group.
See more: 5 Top Firewall Trends
2. WAFs No Longer Enough
While a WAF remains an important security tool, it relies on signatures to identify and block suspicious activity, according to Pete Klimek, director of technology, office of the CTO, Imperva.
For most digital businesses, this is not enough to stop the growing number of automated and complex security threats. Automated fraud, business logic attacks, and other forms of API abuse don’t rely on known attack patterns, making them difficult for a web application firewall to identify and block.
Further, as businesses leverage the cloud, applications grow more complex and monolithic applications have decomposed into APIs, microservices, and serverless functions. In addition, many web application firewall offerings are challenging to deploy in hybrid or cloud-native environments.
As a result, organizations are now looking to invest in web application and API Protection (WAAP), said Klimek. With a unified, single-stack approach, a cloud-based WAAP provides multiple layers of security in the forms of WAF, API security, distributed denial of service (DDoS) protection, and advanced bot protection.
‘WAAP can be deployed in nearly any environment and equips security teams with a singular view of their attack landscape, giving them the ability to identify initial signs of malicious behavior and mitigate multi-vector attacks,” Klimek said.
3. Identity-Based Approach
Mike Kiser, director of strategy and standards at SailPoint, concurs that web application firewalls are no longer enough.
Kiser regards them as a barrier to entry for enterprises. Organizations have been combining web application firewalls with other protections that are edge-focused, such as bot mitigation and API security, he said. Ultimately, these capabilities can help protect applications, but he believes their impact is limited on their own. Design-level choices must be made to adequately protect the identity-centric security model of the application layer.
“This is most effectively accomplished through a consistent approach to identity: limiting the impact of a compromised account, being able to detect strange user behavior and lateral movement, and being able to govern the use of identity with an audit trail are key,” Kiser said.
4. WAF Sophistication
Michael Tremante, product manager at Cloudflare, has a slightly different take. He thinks web application firewalls are gradually becoming more sophisticated, and computationally expensive, anomaly detection systems.
His rationale? Traditional attacks are well understood and although still very much used by attackers, process flow anomalies both in end user and API-based interfaces are a recent focus point.
For example, automatically being able to detect and alert on whenever a user has performed an online banking currency transaction outside of normal expected steps/time taken. in real-time, not doing log post-processing. Doing this at scale is the next challenge being solved.
“More sophisticated attackers and bots are driving the barrier higher,” Tremante said.
“Traditional on-premise WAFs are not able to handle these detections. For large environments that have more data, it’s expensive. Native cloud-based WAFs are better suited, assuming they have the technology in place, to sustain this demand.”
5. Don’t Forget Patching
Application firewall attacks are very common to large and small businesses for a variety of reasons.
While a web application firewall acts as a proxy, which manages the traffic between an application server and its clients, attackers have become smarter and more proficient. They routinely look for vulnerabilities in this space.
Robert Anderson Jr., Chairman and CEO, Cyber Defense Labs, said that cybercriminals continue to exploit unpatched systems, including unpatched firewalls and web application firewall software.
“It is important to automate and customize patching for Windows, macOS, and Linux and everything else,” Anderson said.
“As companies still do not make sure all the patches have been taken and are fixed, they continue to suffer from large-scale ransomware and intellectual property (IP) theft.”