KuppingerCole Report
Market Compass
By Richard Hill

Web Application Firewalls

The KuppingerCole Market Compass provides an overview of the product or service offerings in a specific market segment. This Market Compass covers Web Application Firewall (WAF) solutions that span the spectrum of on-premises, cloud, and hybrid IT delivery models.

1 Management Summary

The KuppingerCole Market Compass provides an overview of a market segment and the vendors in that segment. It covers the trends that are influencing t ...

Login Get full Access

2 Market Segment

This Market Compass covers solutions that protect web applications using a Web Application Firewall (WAF). These solutions provide the capability to p ...

Login Get full Access

2.1 Market Description

WAFs have been around for quite some time and used to protect web applications through inspection of HTTP traffic. WAFs often act as a reverse proxy t ...

When evaluating a WAF, an organization must consider not only the types of web attacks seen in the past but also the new and evolving types of attacks ...

Login Get full Access

2.2 Market Direction

Tradition on-premises IT environments often rely on appliance-based WAF solutions, whether it’s hardware or virtual appliance. With the advent of th ...

The market direction observed through this market analysis of the WAF market segment is that the WAF market trend is moving towards WAF as a service i ...

Login Get full Access

2.3 Capabilities

Although the WAF market is rather mature, there are some key differentiators between the different WAF solutions. At a minimum, a WAF solution will pr ...

Login Get full Access

2.3.1 Basic Functionality

Many capabilities can fall under the category of basic functionality, but some of the key capabilities to consider are as follows:

Capability Description Relevance
DDoS Protection Distributed Denial-of-Service (DDoS) is the type of attack that attempts to ma ...
Login Get full Access

2.3.2 Advanced Functionality

Basic WAF capabilities are only the beginning. To keep up with more sophisticated types of web attacks, more advanced WAF capabilities should be consi ...

Capability Description Relevance
Bot Management Bots are real-time automated scripts or programs used to accomplish tasks such ...
Login Get full Access

3 Vendors and Products

The vendors in this market report are those with products that provided web application firewall solutions deployed on-premises, as a cloud service, o ...

Login Get full Access

3.1 Vendors covered

These vendors covered in this report are:

  • Akamai Technologies is a content delivery network and cloud service provider headquartered in Cambridge, ...
Login Get full Access

3.2 Featured Vendors

All vendors evaluated in this Market Compass have their different strengths and can meet both general and some narrow use cases. Still, we have identi ...

Login Get full Access

3.2.1 Featured for Comprehensiveness: Imperva

Imperva is featured for its overall comprehensive WAF solution. Imperva is a veteran Web Application Firewall vendor with a strong presence in the app ...

Login Get full Access

3.2.2 Featured for Capabilities: AWS

AWS is featured for its overall breadth and depth of WAF capabilities. AWS provides a layered WAF architecture that leverages their many different cap ...

Login Get full Access

3.2.3 Featured for Innovation: Radware

Radware provides both capable core and advanced features of their WAF offering. Also, Radware also provides some more innovative features that should ...

Login Get full Access

3.2.4 Featured as Newcomer: ThreatX

Founded in 2014, ThreatX is one of the newcomers on the WAF market scene. Although ThreatX provides all of the core capabilities of traditional WAF so ...

Login Get full Access

3.3 Vendors to watch

Besides the vendors covered in detail in this document, we observe some other vendors in the market that have credible WAF capabilities in the market. ...

Login Get full Access

4 Ratings at a glance

Based on our evaluation, a comparative overview of the ratings of all the products covered in this document is shown in table 1.

Login Get full Access

5 Product Details

In addition to the ratings for our standard categories we add a spider chart for every vendor we rate, looking at specific capabilities for the market ...

Login Get full Access

5.1 Akamai

Akamai Technologies is an edge service provider headquartered in Cambridge, Massachusetts, USA. Founded in 1998, the company is one of the veteran pla ...

Login Get full Access

5.2 Amazon Web Services

Amazon Web Services, Inc. (AWS) is a multinational cloud service provider headquartered in Seattle, USA. A subsidiary of the American retail giant Ama ...

Login Get full Access

5.3 Citrix

Founded in 1989 and headquartered in Fort Lauderdale, FL, Citrix Systems (Citrix) is a well-established IT vendor with a strong customer base. Citrix ...

Login Get full Access

5.4 Cloudflare

Cloudflare was founded in 2009 with headquarters in San Francisco, CA, USA. Their Cloud platform hosts a wide range of capabilities under three main a ...

Login Get full Access

5.5 Airlock by Ergon

Ergon is a Swiss-based company established in 1984 with customers, and their partner ecosystem primarily focused in DACH, although growing across the ...

Login Get full Access

5.6 F5 Networks

Established in 1996, F5 Networks has a strong presence with large companies in North America as well as a presence in other countries. F5 Networks is ...

Login Get full Access

5.7 Imperva (was acquired by Thoma Bravo)

Imperva is a U.S. based cybersecurity solution company headquartered in Redwood Shores, California. Founded in 2002, Imperva's first product was a web ...

Login Get full Access

5.8 NEVIS Security AG

NEVIS Security AG is a Swiss-based enterprise providing software solutions, application management, and professional services in the area of IT securi ...

Login Get full Access

5.9 Oracle

Based in California, Oracle, the leading provider of database management and enterprise resource planning software, now also provides cloud infrastruc ...

Login Get full Access

5.10 Radware

Headquartered in North America, with additional offices across Europe, Middle East, and APAC, Radware specializes in application delivery and cybersec ...

Login Get full Access

5.11 ThreatX

Founded in 2014 and headquartered in Colorado in the U.S., ThreatX is a small but growing company focused on providing web application and API protect ...

Login Get full Access

5.12 United Security Providers

Founded in 1994, United Security Providers (USP) is a Swiss software vendor and service provider with offices in Bern (headquarters), Zurich, London, ...

Login Get full Access



© 2021 Kuppinger Analysts AG. All rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice.

KuppingerCole supports IT professionals with outstanding expertise in defining IT strategies and in relevant decision making processes. As a leading analyst company KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole, founded in 2004, is a global, independent analyst organization headquartered in Europe. We specialize in providing vendor-neutral advice, expertise, thought leadership, and practical relevance in Cybersecurity, Digital Identity & IAM (Identity and Access Management), Cloud Risk and Security, and Artificial Intelligence, as well as for all technologies fostering Digital Transformation. We support companies, corporate users, integrators and software manufacturers in meeting both tactical and strategic challenges and make better decisions for the success of their business. Maintaining a balance between immediate implementation and long-term viability is at the heart of our philosophy.

For further information, please contact clients@kuppingercole.com.