Web Application Firewall (WAF) – A Critical Defence for an “Information-Centric World”
-
Upload
frost-sullivan -
Category
Business
-
view
4.630 -
download
1
Transcript of Web Application Firewall (WAF) – A Critical Defence for an “Information-Centric World”
2
WAF : Vendor Dynamics
WAF : Market Opportunities
Dispelling Some Common Misconceptions
WAF : Market Overview (APAC)
Agenda
3
Web Application Vulnerabilities
Insufficient Authentication
Cross-Site Request Forgery
Cross-Site Scripting
Content Spoofing
SQL injection
Insert PIC
4
What is WAF?
Do I really
need WAF?
What exactly
is WAF?
Network Firewall
IDS / IPSWeb Proxy
Vulnerability Scanning Tool
5
Common Market Confusion Towards WAF
19.3%
36.7%
11.7%
13.0%
16.3%
19.3%
User
authentication
IDS/IPS
Access control
Integrity of Web
application
Network
security
Security in
general
What is the first function that comes to mind when I mention theterm ‘Web Application Firewall’? – Top 6 Responses
Source: Frost & Sullivan
6
Common Market Confusion Towards WAF
44.7%
48.3%
49.3%
55.0%
69.0%
74.7%
18.3%
29.0%
31.7%
16.7%
16.0%
14.0%
37.0%
22.7%
19.0%
28.3%
15.0%
11.3%
0% 20% 40% 60% 80% 100%
A WAF is only needed for custom
applications
WAF is only required if a company wants
to be PCI-DSS compliant
I will invest in a WAF to secure my Web
applications
Having a powerful network firewall is
sufficient to make up for the lack of a
WAF
Even the best-designed web
applications will require protection from a
WAF
Deploying a WAF is necessary in the
current climate of application attacks
from the Web
% of respondents
Agree Neutral Disagree
Agreement Towards Statements Concerning Web Application Firewall
Source: Frost & Sullivan
7
Frost & Sullivan defines web application firewall (WAF) as a security
technology, either hardware or software that sits before the web server
and analyzes layer 7 traffic (a whole session, not packets) to protect
applications from attacks aimed at exploiting vulnerabilities found in the
applications.
Market Definition of WAF
8
Evolution of WAF
First Generation WAF would scan the web applications for vulnerabilities and generate a set of rules that would protect those vulnerabilities.
Third Generation WAF scans and maps a website or a web application to create and allow everything except that which has explicitly been disallowed by the rule set. This is a “negative security”model.
9
WAF : Vendor Dynamics
WAF : Market Opportunities
WAF : Market Overview (APAC)
Dispelling Some Common Misconceptions
10
Business Drivers
Increased adoption of Web-based application
!
Sophisticationof threats!
Regulatory compliance!
Data breaches !
Fallingproduct price !
11
Business Restraints
Limited awareness about WAF
High-level of static websites
Low priority in IT budget
Lack of executive mandate on security
Substitute products
12
WAF : Vendor Dynamics
WAF : Market Overview (APAC)
Dispelling Some Common Misconceptions
WAF : Market Opportunities
13
Key Highlights:
• CAGR of 47.6% in the APAC WAF market,
during the forecast period 2009-2012.
• Internet is booming in APAC, especially
China and India markets.
• There’s a growing trend among
corporations in the use of Web 2.0, which
compounds the need for web application
securities.
WAF: How Big Is It?
CAG
R =
47.
6%
CAG
R =
47.
6%
Note: All figures are rounded. The base year is 2009. Revenue in US$ million. Source: Frost & Sullivan
14
WAF: APAC Markets Opportunity
Note: All figures are rounded. The base year is 2009. Revenue in US$ million. Source: Frost & Sullivan
High
High
Low
Greater Greater
ChinaChina
South KoreaSouth Korea
JapanJapanANZANZ
ASEANASEANIndiaIndia
2009 APAC revenue
$38.8 million
Japan
33%
S.Korea
21%
Greater
China
19%
ANZ
14%
Asean
10%
India
3%
15
• BFSI faces strict regulatory compliance for its security measures, mainly because data loss incidents have happened in the past, and safeguarding reputation and restoring public confidence is a priority.
• The nature of e-commerce indicates a high level of usage and adoption of web & online applications. Risk of brand name and competitiveness damage.
• Increase in e-government initiatives and services which create the demand for web application security.
• Particularly, the concern of many governments to prevent cyber-terrorism has become more pertinent.
• Penetration of Web 2.0 into enterprises creates need to manage, control and secure traffic flow.
Demand Analysis – By Verticals
BFSI
18.7%
Others
12.9%
Edu
9.6%
MFG
9.6%
SP
12.7%E-
Commerce
18.3%
Gov't
18.2%
2009 APAC revenue$38.8 million
Note: All figures are rounded. The base year is 2009. Revenue in US$ million. Source: Frost & Sullivan
16
WAF : Market Opportunities
WAF : Market Overview (APAC)
Dispelling Some Common Misconceptions
WAF : Vendor Dynamics
19
Strategic Recommendations to WAF Vendors
Localization
Channel Strength & Support
Customer Engagement
Awareness & Education
Compatibility
20
Next steps
• Request a proposal for a Growth Partnership Service to support you and your team to accelerate the growth of your company.
• Join us at a Growth, Innovation and Leadership 2010: A Frost & Sullivan Global Congress on Corporate Growth (www.frost.com/gilglobal)
• Register for Frost & Sullivan’s Growth Opportunity Newsletter and keep abreast of innovative growth opportunities(www.frost.com/news)
21
Your Feedback is Important to Us
Growth Forecasts?
Competitive Structure?
Emerging Trends?
Strategic Recommendations?
Others?
Please inform us by taking our survey
What would you like to see from Frost & Sullivan?
22
For Additional Information
Name: Sarah Lourdes
Corporate Communications (ICT)
+603.6207.1030
Name: Cathy Huang
Industry Analyst (ICT)
+65.6890.0249
Name: Arun Chandrasekaran
Industry Manager (ICT)
+65.6890.0992
Name: Cedric Chong
Account Manager (ICT)
+65.6890.0227